2
- Do not create an Unlock method.
3
- Do a sync non-user-interactive authorization check for SetValue only.
4
- More checks and memory management.
5
- Call action org.gnome.displaymanager.settings.set instead of .write, .set
6
is more used in other actions.
8
--- a/common/gdm-settings.c
9
+++ b/common/gdm-settings.c
11
#define DBUS_API_SUBJECT_TO_CHANGE
12
#include <dbus/dbus-glib.h>
13
#include <dbus/dbus-glib-lowlevel.h>
14
+#include <polkit/polkit.h>
16
#include "gdm-settings.h"
17
#include "gdm-settings-glue.h"
19
gdm_settings_set_value (GdmSettings *settings,
23
+ DBusGMethodInvocation *context)
25
- GError *local_error;
26
+ PolkitAuthority *authority;
27
+ PolkitSubject *subject;
28
+ PolkitAuthorizationResult *result;
33
g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE);
34
g_return_val_if_fail (key != NULL, FALSE);
41
g_debug ("Setting value %s", key);
44
+ authority = polkit_authority_get ();
45
+ sender = dbus_g_method_get_sender (context);
47
+ g_debug ("GdmSettings: Can't determinate sender");
51
+ subject = polkit_system_bus_name_new (sender);
52
+ result = polkit_authority_check_authorization_sync (authority, subject, "org.gnome.displaymanager.settings.set",
54
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
58
+ g_debug ("GdmSettings: Error occurred during authorization: %s", error->message);
63
+ res = polkit_authorization_result_get_is_authorized (result);
65
+ g_debug ("GdmSettings: Client unauthorized, bailing out");
69
res = gdm_settings_backend_set_value (settings->priv->backend,
74
- g_propagate_error (error, local_error);
78
+ g_object_unref (authority);
79
+ g_object_unref (subject);
80
+ g_object_unref (result);
84
+ dbus_g_method_return (context);
86
+ dbus_g_method_return_error (context, error);
87
+ g_error_free (error);
91
--- a/common/gdm-settings.h
92
+++ b/common/gdm-settings.h
94
#define __GDM_SETTINGS_H
96
#include <glib-object.h>
97
+#include <dbus/dbus-glib.h>
102
gboolean gdm_settings_set_value (GdmSettings *settings,
106
+ DBusGMethodInvocation *context);
110
--- a/common/gdm-settings.xml
111
+++ b/common/gdm-settings.xml
113
<arg name="value" direction="out" type="s"/>
115
<method name="SetValue">
116
+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
117
<arg name="key" direction="in" type="s"/>
118
<arg name="value" direction="in" type="s"/>
123
dnl ---------------------------------------------------------------------------
125
DBUS_GLIB_REQUIRED_VERSION=0.74
126
+POLKIT_GOBJECT_REQUIRED_VERSION=0.92
127
GLIB_REQUIRED_VERSION=2.22.0
128
GTK_REQUIRED_VERSION=2.12.0
129
PANGO_REQUIRED_VERSION=1.3.0
132
PKG_CHECK_MODULES(COMMON,
133
dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
134
+ polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
135
gobject-2.0 >= $GLIB_REQUIRED_VERSION
136
gio-2.0 >= $GLIB_REQUIRED_VERSION
140
PKG_CHECK_MODULES(DAEMON,
141
dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
142
+ polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION
143
gobject-2.0 >= $GLIB_REQUIRED_VERSION
144
gio-2.0 >= $GLIB_REQUIRED_VERSION
146
@@ -1392,6 +1395,7 @@
147
gui/user-switch-applet/Makefile
153
data/greeter-autostart/Makefile
154
--- a/data/Makefile.am
155
+++ b/data/Makefile.am
157
schemas_in_files = gdm.schemas.in
158
schemas_DATA = $(schemas_in_files:.schemas.in=.schemas)
160
+@INTLTOOL_POLICY_RULE@
162
gdm.schemas.in: $(srcdir)/gdm.schemas.in.in
163
sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \
164
-e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \
166
localealiasdir = $(datadir)/gdm
167
localealias_DATA = locale.alias
169
+polkitdir = $(datadir)/polkit-1/actions
170
+polkit_in_files = gdm.policy.in
171
+polkit_DATA = $(polkit_in_files:.policy.in=.policy)
173
+ $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA)
176
$(schemas_in_files) \
178
$(dbusconf_in_files) \
179
$(localealias_DATA) \
180
+ $(polkit_in_files) \
194
--- a/data/gdm.conf.in
195
+++ b/data/gdm.conf.in
197
<deny send_destination="org.gnome.DisplayManager"
198
send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/>
199
<deny send_destination="org.gnome.DisplayManager"
200
- send_interface="org.gnome.DisplayManager.Settings"/>
201
- <deny send_destination="org.gnome.DisplayManager"
202
send_interface="org.gnome.DisplayManager.Slave"/>
203
<deny send_destination="org.gnome.DisplayManager"
204
send_interface="org.gnome.DisplayManager.Session"/>
206
<allow send_destination="org.gnome.DisplayManager"
207
send_interface="org.freedesktop.DBus.Introspectable"/>
209
+ <!-- Controlled by Policykit -->
210
+ <allow send_destination="org.gnome.DisplayManager"
211
+ send_interface="org.gnome.DisplayManager.Settings"/>
213
<allow send_destination="org.gnome.DisplayManager"
214
send_interface="org.gnome.DisplayManager.Display"
215
send_member="GetId"/>
219
daemon/simple-slave-main.c
220
daemon/test-session.c
221
daemon/xdmcp-chooser-slave-main.c
223
data/gdm.schemas.in.in
224
data/greeter-autostart/at-spi-registryd-wrapper.desktop.in.in
225
data/greeter-autostart/gdm-simple-greeter.desktop.in.in
227
+++ b/data/gdm.policy.in
229
+<?xml version="1.0" encoding="UTF-8"?>
230
+<!DOCTYPE policyconfig PUBLIC
231
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
232
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
234
+ <vendor>The GNOME Project</vendor>
235
+ <vendor_url>http://www.gnome.org/</vendor_url>
236
+ <icon_name>gdm</icon_name>
238
+ <action id="org.gnome.displaymanager.settings.set">
239
+ <_description>Change login screen configuration</_description>
240
+ <_message>Privileges are required to change the login screen configuration.</_message>
242
+ <allow_inactive>no</allow_inactive>
243
+ <allow_active>auth_admin_keep</allow_active>