Commit 64c1a2c2 authored by Brian Cameron's avatar Brian Cameron Committed by Brian Cameron

Make polkit-gnome an optional dependency. Also support RBAC for

2008-01-28  Brian Cameron  <brian.cameron@sun.com>

        * acconfig.h, configure.ac, gui/simple-greeter/Makefile.am,
          gui/simple-greeter/gdm-greeter-login-window.c:  Make
          polkit-gnome an optional dependency.  Also support
          RBAC for shutdown/reboot if the --enable-rbac-shutdown
          configure option is provided.
        * configure.ac: Remove old RBAC configuration options that
          were used in the GDM 2.20 branch.
        * gui/simple-greeter/gdm-chooser-widget.c: Fix a null string
          argument problem causing core dumping on Solaris.

svn path=/trunk/; revision=5640
parent e8c48d69
2008-01-28 Brian Cameron <brian.cameron@sun.com>
* acconfig.h, configure.ac, gui/simple-greeter/Makefile.am,
gui/simple-greeter/gdm-greeter-login-window.c: Make
polkit-gnome an optional dependency. Also support
RBAC for shutdown/reboot if the --enable-rbac-shutdown
configure option is provided.
* configure.ac: Remove old RBAC configuration options that
were used in the GDM 2.20 branch.
* gui/simple-greeter/gdm-chooser-widget.c: Fix a null string
argument problem causing core dumping on Solaris.
2008-01-28 William Jon McCann <mccann@jhu.edu>
* daemon/gdm-display.c: (gdm_display_get_seat_id),
......
......@@ -9,7 +9,6 @@
#undef ENABLE_NLS
#undef ALWAYS_RESTART_SERVER
#undef GDM_USER_PATH
#undef GDM_RBAC_SYSCMD_KEYS
#undef HAVE_ADT
#undef HAVE_CATGETS
#undef HAVE_CHKAUTHATTR
......
......@@ -87,11 +87,20 @@ PKG_CHECK_MODULES(SIMPLE_GREETER,
gtk+-2.0 >= $GTK_REQUIRED_VERSION
libglade-2.0 >= $LIBGLADE_REQUIRED_VERSION
gnome-vfs-2.0 >= $GNOME_VFS_REQUIRED_VERSION
polkit-gnome >= $POLICYKIT_REQUIRED_VERSION
)
AC_SUBST(SIMPLE_GREETER_CFLAGS)
AC_SUBST(SIMPLE_GREETER_LIBS)
PKG_CHECK_MODULES(POLKIT_GNOME,
polkit >= $POLICYKIT_REQUIRED_VERSION,
have_polkit=yes,
have_polkit=no)
if test "x$have_polkit" = "xyes" ; then
AC_DEFINE(HAVE_POLKIT_GNOME, [], [Define if we have polkit])
fi
AM_CONDITIONAL(HAVE_POLKIT_GNOME, test x$have_polkit = xyes)
AC_SUBST(HAVE_POLKIT_GNOME)
PKG_CHECK_MODULES(SIMPLE_CHOOSER,
dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
gtk+-2.0 >= $GTK_REQUIRED_VERSION
......@@ -861,6 +870,24 @@ AC_DEFINE_UNQUOTED([ISO_CODES_PREFIX],["`$PKG_CONFIG --variable=prefix iso-codes
ISO_CODES=iso-codes
dnl ---------------------------------------------------------------------------
dnl check for RBAC
dnl ---------------------------------------------------------------------------
msg_rbac_shutdown=no
AC_ARG_ENABLE(rbac-shutdown,
[AC_HELP_STRING([--enable-rbac-shutdown=<key>],
[Build with RBAC support specifying shutdown/reboot RBAC authentication key])],
enable_rbac_shutdown=$enableval,enable_rbac_shutdown=no)
if test "x$enable_rbac_shutdown" != "xno"; then
RBAC_LIBS="-lsecdb -lsocket -lnsl"
AC_DEFINE(ENABLE_RBAC_SHUTDOWN, [], [Set if we build with RBAC support])
AC_DEFINE_UNQUOTED(RBAC_SHUTDOWN_KEY, "$enable_rbac_shutdown", [Set if we build with RBAC support])
msg_rbac_shutdown="yes, using key $enable_rbac_shutdown"
fi
AC_SUBST(RBAC_LIBS)
dnl ---------------------------------------------------------------------------
dnl - Define some variables to represent the directories we use.
dnl ---------------------------------------------------------------------------
......@@ -977,15 +1004,6 @@ AC_CHECK_LIB(devinfo, di_devperm_login, [
AC_DEFINE(HAVE_LOGINDEVPERM)
EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -ldevinfo" ])
# Check for RBAC support (chkauthattr
#
AC_MSG_CHECKING(for RBAC support - chkauthattr)
AC_CHECK_LIB(secdb, chkauthattr, [
AC_DEFINE(HAVE_CHKAUTHATTR)
EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lsecdb"
EXTRA_GREETER_LIBS="$EXTRA_GREETER_LIBS -lsecdb"])
dnl ---------------------------------------------------------------------------
dnl - Check for Halt, and Reboot commands
dnl ---------------------------------------------------------------------------
......@@ -995,7 +1013,6 @@ dnl ---------------------------------------------------------------------------
# On Solaris/bin is a symlink to /usr/bin, so don't include it in
# GDM_USER_PATH.
GDM_USER_PATH=""
GDM_RBAC_SYSCMD_KEYS=""
case "$host" in
*solaris*)
......@@ -1006,7 +1023,6 @@ case "$host" in
SUSPEND_COMMAND="/usr/openwin/bin/sys-suspend -n"
XSESSION_SHELL=/bin/ksh
SOUND_PROGRAM=/usr/bin/audioplay
GDM_RBAC_SYSCMD_KEYS="HALT:solaris.system.shutdown;REBOOT:solaris.system.shutdown"
;;
*freebsd*)
GDM_USER_PATH="/bin:/usr/bin"
......@@ -1200,16 +1216,6 @@ fi
AC_SUBST(GDM_WORKING_DIR)
dnl ---------------------------------------------------------------------------
dnl - Allow configure to specify RBAC keys.
dnl ---------------------------------------------------------------------------
AC_ARG_WITH(rbac-system-command-keys, [ --with-rbac-system-command-keys=<keys> RBAC system command keys])
if ! test -z "$with_system_command_keys"; then
GDM_RBAC_SYSCMD_KEYS=$with_system_command_keys
fi
dnl ---------------------------------------------------------------------------
dnl - Finish
dnl ---------------------------------------------------------------------------
......@@ -1288,8 +1294,6 @@ AC_SUBST(GDM_USER_PATH)
AC_DEFINE_UNQUOTED(GDM_USER_PATH,"$GDM_USER_PATH")
AC_SUBST(SOUND_PROGRAM)
AC_DEFINE_UNQUOTED(SOUND_PROGRAM,"$SOUND_PROGRAM")
AC_SUBST(GDM_RBAC_SYSCMD_KEYS)
AC_DEFINE_UNQUOTED(GDM_RBAC_SYSCMD_KEYS,"$GDM_RBAC_SYSCMD_KEYS")
AC_SUBST(X_PATH)
AC_SUBST(X_SERVER)
......@@ -1371,6 +1375,7 @@ if test x"$LIBWRAP_PATH" = x ; then
echo \
" TCP Wrappers support: no"
else
echo \
" TCP Wrappers support: yes"
fi
......@@ -1379,4 +1384,5 @@ echo \
XDMCP support: ${XDMCP_SUPPORT}
SELinux support: ${with_selinux}
ConsoleKit support: ${use_console_kit}
Build with RBAC: ${msg_rbac_shutdown}
"
......@@ -19,6 +19,7 @@ INCLUDES = \
-DAT_SPI_REGISTRYD_DIR="\"$(AT_SPI_REGISTRYD_DIR)\"" \
$(GTK_CFLAGS) \
$(SIMPLE_GREETER_CFLAGS) \
$(POLKIT_GNOME_CFLAGS) \
$(NULL)
@INTLTOOL_SCHEMAS_RULE@
......@@ -58,6 +59,9 @@ test_greeter_login_window_SOURCES = \
test_greeter_login_window_LDADD = \
$(SIMPLE_GREETER_LIBS) \
$(POLKIT_GNOME_LIBS) \
$(RBAC_LIBS) \
$(top_builddir)/common/libgdmcommon.la \
$(NULL)
test_greeter_panel_SOURCES = \
......@@ -125,6 +129,7 @@ test_user_chooser_SOURCES = \
test_user_chooser_LDADD = \
$(SIMPLE_GREETER_LIBS) \
$(POLKIT_GNOME_LIBS) \
$(NULL)
test_user_manager_SOURCES = \
......@@ -138,6 +143,7 @@ test_user_manager_SOURCES = \
test_user_manager_LDADD = \
$(SIMPLE_GREETER_LIBS) \
$(POLKIT_GNOME_LIBS) \
$(NULL)
libexec_PROGRAMS = \
......@@ -177,6 +183,9 @@ gdm_simple_greeter_LDADD = \
$(top_builddir)/common/libgdmcommon.la \
$(top_builddir)/gui/simple-greeter/libnotificationarea/libnotificationarea.la \
$(SIMPLE_GREETER_LIBS) \
$(POLKIT_GNOME_LIBS) \
$(RBAC_LIBS) \
$(top_builddir)/common/libgdmcommon.la \
$(NULL)
gladedir = $(pkgdatadir)
......
......@@ -1321,9 +1321,9 @@ name_cell_data_func (GtkTreeViewColumn *tree_column,
if (is_in_use) {
markup = g_strdup_printf ("<b>%s</b>\n"
"<i><span size=\"x-small\">%s</span></i>",
name, widget->priv->in_use_message);
name ? name : "(null)", widget->priv->in_use_message);
} else {
markup = g_strdup_printf ("<b>%s</b>", name);
markup = g_strdup_printf ("<b>%s</b>", name ? name : "(null)");
}
g_free (name);
......
......@@ -33,6 +33,11 @@
#include <errno.h>
#include <pwd.h>
#ifdef ENABLE_RBAC_SHUTDOWN
#include <auth_attr.h>
#include <secdb.h>
#endif
#include <glib.h>
#include <glib/gi18n.h>
#include <glib/gstdio.h>
......@@ -49,7 +54,9 @@
#include <dbus/dbus-glib.h>
#include <dbus/dbus-glib-lowlevel.h>
#if HAVE_POLKIT_GNOME
#include <polkit-gnome/polkit-gnome.h>
#endif
#include "gdm-greeter-login-window.h"
#include "gdm-user-chooser-widget.h"
......@@ -196,6 +203,25 @@ show_widget (GdmGreeterLoginWindow *login_window,
}
}
#ifdef ENABLE_RBAC_SHUTDOWN
static char *
get_user_name (uid_t uid)
{
struct passwd *pwent;
char *name;
name = NULL;
pwent = getpwuid (uid);
if (pwent != NULL) {
name = g_strdup (pwent->pw_name);
}
return name;
}
#endif
static void
switch_mode (GdmGreeterLoginWindow *login_window,
int number)
......@@ -203,16 +229,35 @@ switch_mode (GdmGreeterLoginWindow *login_window,
const char *default_name;
GtkWidget *user_chooser;
GtkWidget *box;
gchar *username;
gboolean show_restart_shutdown = TRUE;
uid_t uid;
/* FIXME: do animation */
default_name = NULL;
#ifdef ENABLE_RBAC_SHUTDOWN
uid = getuid ();
username = get_user_name (uid);
if (username == NULL || !chkauthattr (RBAC_SHUTDOWN_KEY, username)) {
show_restart_shutdown = FALSE;
g_debug ("Not showing stop/restart buttons for user %s due to RBAC key %s",
username, RBAC_SHUTDOWN_KEY);
} else {
g_debug ("Showing stop/restart buttons for user %s due to RBAC key %s",
username, RBAC_SHUTDOWN_KEY);
}
#endif
switch (number) {
case MODE_SELECTION:
show_widget (login_window, "log-in-button", FALSE);
show_widget (login_window, "cancel-button", FALSE);
show_widget (login_window, "shutdown-button", login_window->priv->display_is_local);
show_widget (login_window, "restart-button", login_window->priv->display_is_local);
show_widget (login_window, "shutdown-button",
login_window->priv->display_is_local && show_restart_shutdown);
show_widget (login_window, "restart-button",
login_window->priv->display_is_local && show_restart_shutdown);
show_widget (login_window, "suspend-button", login_window->priv->display_is_local);
show_widget (login_window, "disconnect-button", ! login_window->priv->display_is_local);
show_widget (login_window, "auth-input-box", FALSE);
......@@ -525,6 +570,7 @@ try_system_restart (DBusGConnection *connection,
return res;
}
#ifdef HAVE_POLKIT_GNOME
static void
system_restart_auth_cb (PolKitAction *action,
gboolean gained_privilege,
......@@ -613,6 +659,7 @@ get_action_from_error (GError *error)
return action;
}
#endif
static void
do_system_restart (GdmGreeterLoginWindow *login_window)
......@@ -630,6 +677,7 @@ do_system_restart (GdmGreeterLoginWindow *login_window)
}
res = try_system_restart (connection, &error);
#ifdef HAVE_POLKIT_GNOME
if (! res) {
g_debug ("GdmGreeterLoginWindow: unable to restart system: %s: %s",
dbus_g_error_get_name (error),
......@@ -662,7 +710,7 @@ do_system_restart (GdmGreeterLoginWindow *login_window)
}
}
#endif
}
static void
......@@ -681,6 +729,7 @@ do_system_stop (GdmGreeterLoginWindow *login_window)
}
res = try_system_stop (connection, &error);
#ifdef HAVE_POLKIT_GNOME
if (! res) {
g_debug ("GdmGreeterLoginWindow: unable to stop system: %s: %s",
dbus_g_error_get_name (error),
......@@ -713,7 +762,7 @@ do_system_stop (GdmGreeterLoginWindow *login_window)
}
}
#endif
}
static void
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment