# # Description: Add PolicyKit support to GDM settings D-Bus interface # Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/395299 # Upstream: http://bugzilla.gnome.org/show_bug.cgi?id=587750 # diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/common/gdm-settings.c gdm-2.29.5.new/common/gdm-settings.c --- gdm-2.29.5/common/gdm-settings.c 2009-12-08 16:20:18.000000000 +0100 +++ gdm-2.29.5.new/common/gdm-settings.c 2010-01-14 16:26:19.625490187 +0100 @@ -36,6 +36,7 @@ #define DBUS_API_SUBJECT_TO_CHANGE #include #include +#include #include "gdm-settings.h" #include "gdm-settings-glue.h" @@ -110,6 +111,90 @@ return res; } +static void +unlock_auth_cb (PolkitAuthority *authority, + GAsyncResult *result, + DBusGMethodInvocation *context) +{ + PolkitAuthorizationResult *auth_result; + GError *error = NULL; + + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); + + if (!auth_result) + dbus_g_method_return_error (context, error); + else { + dbus_g_method_return (context, + polkit_authorization_result_get_is_authorized (auth_result)); + } + + if (auth_result) + g_object_unref (auth_result); + if (error) + g_error_free (error); +} + +gboolean +gdm_settings_unlock (GdmSettings *settings, + DBusGMethodInvocation *context) +{ + polkit_authority_check_authorization (polkit_authority_get (), + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), + "org.gnome.displaymanager.settings.write", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + NULL, + (GAsyncReadyCallback) unlock_auth_cb, + context); +} + +typedef struct +{ + GdmSettings *settings; + DBusGMethodInvocation *context; + gchar *key, *value; +} SetValueData; + +static void +set_value_auth_cb (PolkitAuthority *authority, + GAsyncResult *result, + SetValueData *data) +{ + PolkitAuthorizationResult *auth_result; + GError *error = NULL; + + auth_result = polkit_authority_check_authorization_finish (authority, result, &error); + + if (!auth_result) + dbus_g_method_return_error (data->context, error); + else { + if (polkit_authorization_result_get_is_authorized (auth_result)) { + gboolean result; + + result = gdm_settings_backend_set_value (data->settings->priv->backend, + data->key, + data->value, + &error); + if (result) + dbus_g_method_return (data->context); + else + dbus_g_method_return_error (data->context, error); + } + else { + error = g_error_new (DBUS_GERROR_REMOTE_EXCEPTION, 0, "Not authorized"); + dbus_g_method_return_error (data->context, error); + } + } + + if (auth_result) + g_object_unref (auth_result); + if (error) + g_error_free (error); + g_free (data->key); + g_free (data->value); + g_free (data); +} + /* dbus-send --system --print-reply --dest=org.gnome.DisplayManager /org/gnome/DisplayManager/Settings org.gnome.DisplayManager.Settings.SetValue string:"xdmcp/Enable" string:"false" */ @@ -118,26 +203,30 @@ gdm_settings_set_value (GdmSettings *settings, const char *key, const char *value, - GError **error) + DBusGMethodInvocation *context) { - GError *local_error; - gboolean res; - + SetValueData *data; + g_return_val_if_fail (GDM_IS_SETTINGS (settings), FALSE); g_return_val_if_fail (key != NULL, FALSE); g_debug ("Setting value %s", key); - - local_error = NULL; - res = gdm_settings_backend_set_value (settings->priv->backend, - key, - value, - &local_error); - if (! res) { - g_propagate_error (error, local_error); - } - - return res; + + /* Authorize with PolicyKit */ + data = g_malloc (sizeof(SetValueData)); + data->settings = settings; + data->context = context; + data->key = g_strdup(key); + data->value = g_strdup(value); + polkit_authority_check_authorization (polkit_authority_get (), + polkit_system_bus_name_new (dbus_g_method_get_sender (context)), + "org.gnome.displaymanager.settings.write", + NULL, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + NULL, + (GAsyncReadyCallback) set_value_auth_cb, + data); + return TRUE; } static gboolean diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/common/gdm-settings.h gdm-2.29.5.new/common/gdm-settings.h --- gdm-2.29.5/common/gdm-settings.h 2009-12-08 16:20:18.000000000 +0100 +++ gdm-2.29.5.new/common/gdm-settings.h 2010-01-14 16:26:19.625490187 +0100 @@ -23,6 +23,7 @@ #define __GDM_SETTINGS_H #include +#include G_BEGIN_DECLS @@ -70,10 +71,12 @@ const char *key, char **value, GError **error); +gboolean gdm_settings_unlock (GdmSettings *settings, + DBusGMethodInvocation *context); gboolean gdm_settings_set_value (GdmSettings *settings, const char *key, const char *value, - GError **error); + DBusGMethodInvocation *context); G_END_DECLS diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/common/gdm-settings.xml gdm-2.29.5.new/common/gdm-settings.xml --- gdm-2.29.5/common/gdm-settings.xml 2009-12-08 16:20:18.000000000 +0100 +++ gdm-2.29.5.new/common/gdm-settings.xml 2010-01-14 16:26:19.625490187 +0100 @@ -5,7 +5,12 @@ + + + + + diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/configure.ac gdm-2.29.5.new/configure.ac --- gdm-2.29.5/configure.ac 2010-01-14 16:26:18.292954354 +0100 +++ gdm-2.29.5.new/configure.ac 2010-01-14 16:26:19.635453674 +0100 @@ -40,6 +40,7 @@ dnl --------------------------------------------------------------------------- DBUS_GLIB_REQUIRED_VERSION=0.74 +POLKIT_GOBJECT_REQUIRED_VERSION=0.92 GLIB_REQUIRED_VERSION=2.22.0 GTK_REQUIRED_VERSION=2.12.0 PANGO_REQUIRED_VERSION=1.3.0 @@ -60,6 +61,7 @@ PKG_CHECK_MODULES(COMMON, dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION gobject-2.0 >= $GLIB_REQUIRED_VERSION gio-2.0 >= $GLIB_REQUIRED_VERSION ) @@ -68,6 +70,7 @@ PKG_CHECK_MODULES(DAEMON, dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION + polkit-gobject-1 >= $POLKIT_GOBJECT_REQUIRED_VERSION gobject-2.0 >= $GLIB_REQUIRED_VERSION gio-2.0 >= $GLIB_REQUIRED_VERSION ) diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/data/gdm.conf.in gdm-2.29.5.new/data/gdm.conf.in --- gdm-2.29.5/data/gdm.conf.in 2009-12-08 16:20:18.000000000 +0100 +++ gdm-2.29.5.new/data/gdm.conf.in 2010-01-14 16:26:19.635453674 +0100 @@ -34,8 +34,6 @@ - @@ -44,6 +42,10 @@ + + + diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/data/gdm.policy.in gdm-2.29.5.new/data/gdm.policy.in --- gdm-2.29.5/data/gdm.policy.in 1970-01-01 01:00:00.000000000 +0100 +++ gdm-2.29.5.new/data/gdm.policy.in 2010-01-14 16:26:19.635453674 +0100 @@ -0,0 +1,18 @@ + + + + The GNOME Project + http://www.gnome.org/ + gdm + + + <_description>Change login screen configuration + <_message>Privileges are required to change the login screen configuration. + + no + auth_admin_keep + + + diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/data/Makefile.am gdm-2.29.5.new/data/Makefile.am --- gdm-2.29.5/data/Makefile.am 2010-01-13 15:44:40.000000000 +0100 +++ gdm-2.29.5.new/data/Makefile.am 2010-01-14 16:27:04.215485635 +0100 @@ -46,6 +46,8 @@ schemas_in_files = gdm.schemas.in schemas_DATA = $(schemas_in_files:.schemas.in=.schemas) +@INTLTOOL_POLICY_RULE@ + gdm.schemas.in: $(srcdir)/gdm.schemas.in.in sed -e 's,[@]GDMPREFETCHCMD[@],$(GDMPREFETCHCMD),g' \ -e 's,[@]GDM_CUSTOM_CONF[@],$(GDM_CUSTOM_CONF),g' \ @@ -78,11 +80,18 @@ localealiasdir = $(datadir)/gdm localealias_DATA = locale.alias +polkitdir = $(datadir)/polkit-1/actions +polkit_in_files = gdm.policy.in +polkit_DATA = $(polkit_in_files:.policy.in=.policy) +check: + $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA) + EXTRA_DIST = \ $(schemas_in_files) \ $(schemas_DATA) \ $(dbusconf_in_files) \ $(localealias_DATA) \ + $(polkit_in_files) \ gdm.schemas.in.in \ gdm.conf-custom.in \ Xsession.in \ @@ -105,7 +114,8 @@ $(NULL) DISTCLEANFILES = \ - $(dbusconf_DATA) \ + $(dbusconf_DATA) \ + $(polkit_DATA) \ gdm.schemas \ $(NULL) diff -Nur -x '*.orig' -x '*~' gdm-2.29.5/po/POTFILES.in gdm-2.29.5.new/po/POTFILES.in --- gdm-2.29.5/po/POTFILES.in 2010-01-12 23:49:09.000000000 +0100 +++ gdm-2.29.5.new/po/POTFILES.in 2010-01-14 16:26:19.635453674 +0100 @@ -49,6 +49,7 @@ daemon/simple-slave-main.c daemon/test-session.c daemon/xdmcp-chooser-slave-main.c +data/gdm.policy.in data/gdm.schemas.in.in data/greeter-autostart/at-spi-registryd-wrapper.desktop.in.in data/greeter-autostart/gdm-simple-greeter.desktop.in.in