← Back to branch summary

~ubuntu-branches/ubuntu/precise/gdm3/precise

« back to all changes in this revision

Viewing changes to debian/patches/12_polkit_settings.patch

  • Committer: Bazaar Package Importer
  • Author(s): Josselin Mouette
  • Date: 2010-05-08 14:59:06 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20100508145906-ofy3s7qoxzexmi66
Tags: 2.30.2-3
http://bugs.debian.org/578736
* Pass -novtswitch to the X server options, so that it doesn’t switch 
  back to the original tty when being killed. This fixes a corner case 
  of user switching which is the original upstream reason for 
  introducing the broken behavior we fixed with 
  18_switch_kill_greeter.patch.
* 19_configure_xserver.patch: patch by Hans Petter Jansson to allow to 
  set the local X server options in the configuration file.
  Also make it use the default options the configure script sets.
* 20_endsession_respawn.patch: new patch. Respawn transient displays 
  when the user session is finished. In combination with 
  -novtswitch, it allows a unified interface where exiting a session 
  will always bring back to a login manager, without leaving unused 
  displays either.
* 08_frequent-users_greeter.patch: updated with an improved logic, to 
  not use the same session type for the login window and the user 
  session.
* 21_schemas_usr.patch: new patch. Move gdm.schemas to /usr, it should 
  certainly not be editable.
* 90_relibtoolize.patch: refreshed accordingly.
* 22_noconsole.patch: patch from Patrick Monnerat to allow GDM to work 
  as a standalone XDMCP server.
* 23_autologin_once.patch: patch from Vincent Untz. Do not autologin 
  again after the session has been closed. Closes: #578736.
* gdm3.preinst: remove the old gdm.schemas upon upgrade.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/12_polkit_settings.patch
 
1
Update in Debian:
 
2
- Do not create an Unlock method.
 
3
- Do a sync non-user-interactive authorization check for SetValue only.
 
4
- More checks and memory management.
 
5
- Call action org.gnome.displaymanager.settings.set instead of .write, .set
 
6
  is more used in other actions.
 
7
 
 
8
--- a/common/gdm-settings.c
 
9
+++ b/common/gdm-settings.c
 
10
@@ -36,6 +36,7 @@
 
11
 #define DBUS_API_SUBJECT_TO_CHANGE
 
12
 #include <dbus/dbus-glib.h>
 
13
 #include <dbus/dbus-glib-lowlevel.h>
 
14
+#include <polkit/polkit.h>
 
15
 
 
16
 #include "gdm-settings.h"
 
17
 #include "gdm-settings-glue.h"
 
18
@@ -118,23 +119,66 @@
 
19
 gdm_settings_set_value (GdmSettings *settings,
 
20
                         const char  *key,
 
21
                         const char  *value,
 
22
-                        GError     **error)
 
23
+                        DBusGMethodInvocation *context)
 
24
 {
 
25
-        GError  *local_error;
 
26
+        PolkitAuthority *authority;
 
27
+        PolkitSubject *subject;
 
28
+        PolkitAuthorizationResult *result;
 
29
+        char *sender;
 
30
+        GError  *error;
 
31
         gboolean res;
 
32
 
 
33
         g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
 
34
         g_return_val_if_fail (key != NULL, FALSE);
 
35
 
 
36
+        authority = NULL;
 
37
+        sender = NULL;
 
38
+        result = NULL;
 
39
+        error = NULL;
 
40
+
 
41
         g_debug ("Setting value %s", key);
 
42
 
 
43
-        local_error = NULL;
 
44
+        authority = polkit_authority_get ();
 
45
+        sender = dbus_g_method_get_sender (context);
 
46
+        if (!sender) {
 
47
+                g_debug ("GdmSettings: Can't determinate sender");
 
48
+                goto out;
 
49
+        }
 
50
+
 
51
+        subject = polkit_system_bus_name_new (sender);
 
52
+        result = polkit_authority_check_authorization_sync (authority, subject, "org.gnome.displaymanager.settings.set",
 
53
+                                                            NULL,
 
54
+                                                            POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
 
55
+                                                            NULL, &error);
 
56
+        if (!result) {
 
57
+                if (error) {
 
58
+                        g_debug ("GdmSettings: Error occurred during authorization: %s", error->message);
 
59
+                }
 
60
+                goto out;
 
61
+        }
 
62
+
 
63
+        res = polkit_authorization_result_get_is_authorized (result);
 
64
+        if (!res) {
 
65
+                g_debug ("GdmSettings: Client unauthorized, bailing out");
 
66
+                goto out;
 
67
+        }
 
68
+
 
69
         res = gdm_settings_backend_set_value (settings->priv->backend,
 
70
                                               key,
 
71
                                               value,
 
72
-                                              &local_error);
 
73
-        if (! res) {
 
74
-                g_propagate_error (error, local_error);
 
75
+                                              &error);
 
76
+
 
77
+ out:
 
78
+        g_object_unref (authority);
 
79
+        g_object_unref (subject);
 
80
+        g_object_unref (result);
 
81
+        g_free (sender);
 
82
+
 
83
+        if (res) {
 
84
+                dbus_g_method_return (context);
 
85
+        } else {
 
86
+                dbus_g_method_return_error (context, error);
 
87
+                g_error_free (error);
 
88
         }
 
89
 
 
90
         return res;
 
91
--- a/common/gdm-settings.h
 
92
+++ b/common/gdm-settings.h
 
93
@@ -23,6 +23,7 @@
 
94
 #define __GDM_SETTINGS_H
 
95
 
 
96
 #include <glib-object.h>
 
97
+#include <dbus/dbus-glib.h>
 
98
 
 
99
 G_BEGIN_DECLS
 
100
 
 
101
@@ -73,7 +74,7 @@
 
102
 gboolean            gdm_settings_set_value                      (GdmSettings *settings,
 
103
                                                                  const char  *key,
 
104
                                                                  const char  *value,
 
105
-                                                                 GError     **error);
 
106
+                                                                 DBusGMethodInvocation *context);
 
107
 
 
108
 G_END_DECLS
 
109
 
 
110
--- a/common/gdm-settings.xml
 
111
+++ b/common/gdm-settings.xml
 
112
@@ -6,6 +6,7 @@
 
113
       <arg name="value" direction="out" type="s"/>
 
114
     </method>
 
115
     <method name="SetValue">
 
116
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
 
117
       <arg name="key" direction="in" type="s"/>
 
118
       <arg name="value" direction="in" type="s"/>
 
119
     </method>
 
120
--- a/configure.ac
 
121
+++ b/configure.ac
 
122
@@ -40,6 +40,7 @@
 
123
 dnl ---------------------------------------------------------------------------
 
124
 
 
125
 DBUS_GLIB_REQUIRED_VERSION=0.74
 
126
+POLKIT_GOBJECT_REQUIRED_VERSION=0.92
 
127
 GLIB_REQUIRED_VERSION=2.22.0
 
128
 GTK_REQUIRED_VERSION=2.12.0
 
129
 PANGO_REQUIRED_VERSION=1.3.0
 
130
@@ -60,6 +61,7 @@
 
131
 
 
132
 PKG_CHECK_MODULES(COMMON,
 
133
         dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
 
134
+        polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
 
135
         gobject-2.0 >= $GLIB_REQUIRED_VERSION
 
136
         gio-2.0 >= $GLIB_REQUIRED_VERSION
 
137
 )
 
138
@@ -68,6 +70,7 @@
 
139
 
 
140
 PKG_CHECK_MODULES(DAEMON,
 
141
         dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
 
142
+        polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
 
143
         gobject-2.0 >= $GLIB_REQUIRED_VERSION
 
144
         gio-2.0 >= $GLIB_REQUIRED_VERSION
 
145
 )
 
146
@@ -1392,6 +1395,7 @@
 
147
 gui/user-switch-applet/Makefile
 
148
 utils/Makefile
 
149
 data/gdm.conf
 
150
+data/gdm.policy
 
151
 data/Makefile
 
152
 data/faces/Makefile
 
153
 data/greeter-autostart/Makefile
 
154
--- a/data/Makefile.am
 
155
+++ b/data/Makefile.am
 
156
@@ -46,6 +46,8 @@
 
157
 schemas_in_files = gdm.schemas.in
 
158
 schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
 
159
 
 
160
+@INTLTOOL_POLICY_RULE@
 
161
+
 
162
 gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
 
163
        sed     -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
 
164
                -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
 
165
@@ -78,11 +80,18 @@
 
166
 localealiasdir = $(datadir)/gdm
 
167
 localealias_DATA = locale.alias
 
168
 
 
169
+polkitdir = $(datadir)/polkit-1/actions
 
170
+polkit_in_files = gdm.policy.in
 
171
+polkit_DATA = $(polkit_in_files:.policy.in=.policy)
 
172
+check:
 
173
+       $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
 
174
+
 
175
 EXTRA_DIST =                   \
 
176
        $(schemas_in_files)     \
 
177
        $(schemas_DATA)         \
 
178
        $(dbusconf_in_files)    \
 
179
        $(localealias_DATA)     \
 
180
+       $(polkit_in_files)      \
 
181
        gdm.schemas.in.in       \
 
182
        gdm.conf-custom.in      \
 
183
        Xsession.in             \
 
184
@@ -105,7 +114,8 @@
 
185
        $(NULL)
 
186
 
 
187
 DISTCLEANFILES =                       \
 
188
-       $(dbusconf_DATA)                        \
 
189
+       $(dbusconf_DATA)                \
 
190
+       $(polkit_DATA)                  \
 
191
        gdm.schemas                     \
 
192
        $(NULL)
 
193
 
 
194
--- a/data/gdm.conf.in
 
195
+++ b/data/gdm.conf.in
 
196
@@ -34,8 +34,6 @@
 
197
     <deny send_destination="org.gnome.DisplayManager"
 
198
           send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
 
199
     <deny send_destination="org.gnome.DisplayManager"
 
200
-          send_interface="org.gnome.DisplayManager.Settings"/>
 
201
-    <deny send_destination="org.gnome.DisplayManager"
 
202
           send_interface="org.gnome.DisplayManager.Slave"/>
 
203
     <deny send_destination="org.gnome.DisplayManager"
 
204
           send_interface="org.gnome.DisplayManager.Session"/>
 
205
@@ -44,6 +42,10 @@
 
206
     <allow send_destination="org.gnome.DisplayManager"
 
207
            send_interface="org.freedesktop.DBus.Introspectable"/>
 
208
 
 
209
+    <!-- Controlled by Policykit -->
 
210
+    <allow send_destination="org.gnome.DisplayManager"
 
211
+           send_interface="org.gnome.DisplayManager.Settings"/>
 
212
+
 
213
     <allow send_destination="org.gnome.DisplayManager"
 
214
            send_interface="org.gnome.DisplayManager.Display"
 
215
            send_member="GetId"/>
 
216
--- a/po/POTFILES.in
 
217
+++ b/po/POTFILES.in
 
218
@@ -49,6 +49,7 @@
 
219
 daemon/simple-slave-main.c
 
220
 daemon/test-session.c
 
221
 daemon/xdmcp-chooser-slave-main.c
 
222
+data/gdm.policy.in
 
223
 data/gdm.schemas.in.in
 
224
 data/greeter-autostart/at-spi-registryd-wrapper.desktop.in.in
 
225
 data/greeter-autostart/gdm-simple-greeter.desktop.in.in
 
226
--- /dev/null
 
227
+++ b/data/gdm.policy.in
 
228
@@ -0,0 +1,18 @@
 
229
+<?xml version="1.0" encoding="UTF-8"?>
 
230
+<!DOCTYPE policyconfig PUBLIC
 
231
+          "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 
232
+          "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
 
233
+<policyconfig>
 
234
+  <vendor>The GNOME Project</vendor>
 
235
+  <vendor_url>http://www.gnome.org/</vendor_url>
 
236
+  <icon_name>gdm</icon_name>
 
237
+
 
238
+  <action id="org.gnome.displaymanager.settings.set">
 
239
+    <_description>Change login screen configuration</_description>
 
240
+    <_message>Privileges are required to change the login screen configuration.</_message>
 
241
+    <defaults>
 
242
+      <allow_inactive>no</allow_inactive>
 
243
+      <allow_active>auth_admin_keep</allow_active>
 
244
+    </defaults>
 
245
+  </action>
 
246
+</policyconfig>