--- a/patches/SUNWtgnome-xagent-01-trusted-extensions.diff Mon Jul 21 15:59:36 2008 +0000
+++ b/patches/SUNWtgnome-xagent-01-trusted-extensions.diff Mon Jul 21 16:06:58 2008 +0000
@@ -1,285 +1,226 @@
-diff -urN -x '*.orig' gnome-session-2.22.2/gnome-session/Makefile.am ../SUNWtgnome-xagent-2.21.4.hacked/gnome-session-2.22.2/gnome-session/Makefile.am
---- gnome-session-2.22.2/gnome-session/Makefile.am 2008-01-11 17:50:08.036684000 +0000
-+++ ../SUNWtgnome-xagent-2.22.2.hacked/gnome-session-2.20.3/gnome-session/Makefile.am 2008-01-11 17:49:03.375239000 +0000
-@@ -4,6 +4,7 @@
+diff -urN xagent.orig/gnome-session/Makefile.am xagent.new/gnome-session/Makefile.am
+--- xagent.orig/gnome-session/Makefile.am 2008-07-14 17:46:08.660910000 +0100
++++ xagent.new/gnome-session/Makefile.am 2008-07-14 19:35:52.590734000 +0100
+@@ -1,4 +1,4 @@
+-bin_PROGRAMS = gnome-session
++bin_PROGRAMS = tsoljds-xagent
+
+ noinst_LTLIBRARIES = libgsmutil.la
+
+@@ -16,7 +16,7 @@
+ -DGCONF_SANITY_CHECK=\""$(GCONF_SANITY_CHECK)"\" \
+ -DGCONFTOOL_CMD=\"$(GCONFTOOL)\"
+
+-gnome_session_LDADD = \
++tsoljds_xagent_LDADD = \
+ -lSM -lICE -lsecdb \
+ libgsmutil.la \
+ $(top_builddir)/egg/libeggdesktopfile.la \
+@@ -25,7 +25,7 @@
+ $(GCONF_LIBS) \
+ $(POLKIT_GNOME_LIBS)
- INCLUDES = \
- $(GNOME_SESSION_CFLAGS) \
-+ $(LIBWNCK_CFLAGS) \
- $(STANDARD_PROPERTIES_CFLAGS) \
- $(WARN_CFLAGS) \
- $(DISABLE_DEPRECATED_CFLAGS) \
-@@ -35,6 +36,14 @@
- gnome_session_properties_LDADD = $(GNOME_SESSION_LIBS)
- splash_test_LDADD = $(X_LIBS) $(GNOME_SESSION_LIBS)
- logout_test_LDADD = $(X_LIBS) $(GNOME_SESSION_LIBS)
-+if XTSOL_DEFINED
-+tsoljds_xagent_LDADD = $(XTSOL_LIBS) $(GNOME_SESSION_LIBS)
-+endif
-+
-+if XTSOL_DEFINED
-+TSOLJDS_bin = \
-+ tsoljds-xagent
-+endif
-
- if SESSION
- noinst_PROGRAMS = \
-@@ -45,7 +54,8 @@
- gnome-session \
- gnome-session-save \
- gnome-session-remove \
-- gnome-session-properties
-+ gnome-session-properties\
-+ $(TSOLJDS_bin)
- endif
-
- splash_test_SOURCES = \
-@@ -125,6 +135,47 @@
- migrate-trash.c \
- migrate-trash.h
+-gnome_session_SOURCES = \
++tsoljds_xagent_SOURCES = \
+ app-autostart.c \
+ app-autostart.h \
+ app-resumed.c \
+@@ -47,11 +47,9 @@
+ gsm.h \
+ logout-dialog.h \
+ logout-dialog.c \
+- main.c \
++ xagent.c \
+ power-manager.h \
+ power-manager.c \
+- trusted.h \
+- trusted.c \
+ session.c \
+ session.h \
+ xsmp.c \
+diff -urN xagent.orig/gnome-session/session.c xagent.new/gnome-session/session.c
+--- xagent.orig/gnome-session/session.c 2008-07-14 17:46:08.661992000 +0100
++++ xagent.new/gnome-session/session.c 2008-07-21 16:22:09.831012000 +0100
+@@ -171,6 +171,20 @@
+ session->name = g_strdup (name);
+ }
-+if XTSOL_DEFINED
-+tsoljds_xagent_SOURCES = \
-+ tsoljds-xagent.c \
-+ save.c \
-+ save.h \
-+ manager.c \
-+ manager.h \
-+ remote.c \
-+ remote.h \
-+ ice.c \
-+ ice.h \
-+ gsm-dbus.c \
-+ gsm-dbus.h \
-+ gsm-keyring.c \
-+ gsm-keyring.h \
-+ splash-widget.c \
-+ splash-widget.h \
-+ logout.c \
-+ logout.h \
-+ prop.c \
-+ command.c \
-+ command.h \
-+ gsm-protocol.c \
-+ gsm-protocol.h \
-+ gsm-typebuiltins.c \
-+ gsm-typebuiltins.h \
-+ headers.h \
-+ util.c \
-+ util.h \
-+ gsm-multiscreen.c \
-+ gsm-multiscreen.h \
-+ gdm-logout-action.c \
-+ gdm-logout-action.h \
-+ gsm-autostart.c \
-+ gsm-autostart.h \
-+ gsm-keyfile.c \
-+ gsm-keyfile.h \
-+ tsoljds-misc.c \
-+ tsoljds-misc.h
-+endif
++static gboolean
++app_is_in_xagent_blacklist (char *name)
++{
++ char **app;
++ char *xagent_blacklist[] = {"metacity", "gnome-panel", "tsoljdsselmgr",
++ "tsoljds-tstripe", "gnome-session-splash", NULL};
++
++ for (app = xagent_blacklist; *app != NULL; app++) {
++ if (strncmp (name, *app, strlen (*app)) == 0) return TRUE;
++ }
++
++ return FALSE;
++}
+
- gnome_session_save_SOURCES = \
- gnome-session-save.c \
- gsm-typebuiltins.c \
-diff -urN -x '*.orig' gnome-session-2.20.3/gnome-session/tsoljds-xagent.c ../SUNWtgnome-xagent-2.21.4.hacked/gnome-session-2.20.3/gnome-session/tsoljds-xagent.c
---- gnome-session-2.20.3/gnome-session/tsoljds-xagent.c 1970-01-01 00:00:00.000000000 +0000
-+++ ../SUNWtgnome-xagent-2.21.4.hacked/gnome-session-2.20.3/gnome-session/tsoljds-xagent.c 2008-01-11 17:56:14.079640000 +0000
-@@ -0,0 +1,522 @@
+ static void
+ append_app (GsmSession *session, GsmApp *app)
+ {
+@@ -178,7 +192,7 @@
+ GsmApp *dup;
+
+ basename = gsm_app_get_basename (app);
+- if (basename == NULL)
++ if (basename == NULL || app_is_in_xagent_blacklist (basename))
+ {
+ g_object_unref (app);
+ return;
+diff -urN xagent.orig/gnome-session/xagent.c xagent.new/gnome-session/xagent.c
+--- xagent.orig/gnome-session/xagent.c 1970-01-01 01:00:00.000000000 +0100
++++ xagent.new/gnome-session/xagent.c 2008-07-21 16:54:05.363806000 +0100
+@@ -0,0 +1,288 @@
++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
++/*
++ * xagent.c: gnome-session startup
++ *
++ * Copyright (C) 2006 Novel, Inc.
++ * Copyright (C) 2008 SUN Microsystems, Inc.
++ */
++
++#ifdef HAVE_CONFIG_H
+#include <config.h>
-+#ifdef HAVE_XTSOL
++#endif
+
-+#include <glib.h>
-+#include <gtk/gtk.h>
-+#include <gdk/gdkx.h>
-+
++#include <libintl.h>
++#include <signal.h>
++#include <stdlib.h>
++#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <stdlib.h>
-+#include <pwd.h>
-+
-+#include <X11/Xlib.h>
-+#include <X11/Xutil.h>
-+#include <X11/Xos.h>
-+#include <X11/Xatom.h>
++#include <fcntl.h>
+
-+#include <stdio.h>
-+#include <fcntl.h>
-+#include <signal.h>
-+#include <zone.h>
-+
-+#include <priv.h>
-+#include <sys/tsol/priv.h>
-+#include <tsol/label.h>
-+#include <sys/tsol/label.h>
-+#include <sys/tsol/label_macro.h>
-+#include <X11/extensions/Xtsol.h>
-+#include <prof_attr.h>
-+#include <secdb.h>
-+#include <libgnome/gnome-config.h>
-+#include <libgnome/gnome-program.h>
-+#include <libgnomeui/gnome-ui-init.h>
-+#include <libgnomeui/gnome-client.h>
++#include <glib/gi18n.h>
++#include <glib/goption.h>
++#include <gdk/gdkx.h>
++#include <gtk/gtklabel.h>
++#include <gtk/gtkvbox.h>
++#include <gtk/gtkprogressbar.h>
++#include <gtk/gtkmain.h>
++#include <gtk/gtkmessagedialog.h>
+
-+#include "ice.h"
-+#include "headers.h"
-+#include "save.h"
-+#include "gsm-dbus.h"
-+#include "gsm-keyring.h"
++#include "dbus.h"
++#include "gconf.h"
++#include "gsm.h"
++#include "session.h"
++#include "util.h"
++#include "xsmp.h"
++
++#define TSOLJDS_MIGRATION_SCRIPT "/usr/dt/config/tsoljds-migration"
++GsmSession *global_session;
+
-+gint purge_delay = 30000;
-+gint warn_delay = 30000;
-+gint suicide_delay = 10000;
-+gboolean failsafe = FALSE;
-+gboolean autosave = FALSE;
-+gboolean save_selected = FALSE;
-+gboolean logout_prompt = TRUE;
-+gboolean session_save = FALSE;
-+gchar *session_name = NULL;
-+gboolean managesession = TRUE;
-+gboolean trusted_session = FALSE;
-+gboolean default_session = FALSE;
++gboolean defaultsession;
++gboolean nosession;
+
-+typedef struct tcb_component {
-+ char *name;
-+} tcb_component;
-+
-+const tcb_component tcb[] = {
-+ {"metacity" },
-+ {"gnome-volcheck" }, /* This is not a tcb component, but it is not zone aware so remove */
-+ {"gnome-panel"},
-+ {"gnome-smproxy"},
-+ {"gnome-wm"},
-+ {"tsoljdsselmgr"},
-+ {"tsoljds-tstripe"}
++static GOptionEntry entries[] = {
++ { "defaultsession", '\0', 0, G_OPTION_ARG_NONE, &defaultsession,
++ N_("Do not load user-specified applications"),
++ NULL },
++ { "nosession", '\0', 0, G_OPTION_ARG_NONE, &nosession,
++ N_("Do not startup any applications"),
++ NULL },
++ { NULL, 0, 0, 0, NULL, NULL, NULL }
+};
+
-+
-+#define _XA_MOTIF_WINDOW "_MOTIF_DRAG_WINDOW"
-+#define _XA_MOTIF_PROXY_WINDOW "_MOTIF_DRAG_PROXY_WINDOW"
-+#define TSOLJDS_MIGRATION_SCRIPT "/usr/dt/config/tsoljds-migration"
-+
-+static void trim_tcb (Session* session);
-+static Window GetPropertyWindow(Display *dpy, Window in_win, Atom atom);
-+static Window CreateMotifDragWindow(Display *dpy);
-+static void WriteMotifDragWindow(Display *dpy, Window *motifWindow);
-+static void SetUpPolyprop (Display *x_dpy);
-+static gboolean setPrivForTsol (void);
-+int TsolErrorHandler(Display *dpy, XErrorEvent *error);
++/**
++ * gsm_initialization_error:
++ * @fatal: whether or not the error is fatal to the login session
++ * @format: printf-style error message format
++ * @...: error message args
++ *
++ * Displays the error message to the user. If @fatal is %TRUE, gsm
++ * will exit after displaying the message.
++ *
++ * This should be called for major errors that occur before the
++ * session is up and running. (Notably, it positions the dialog box
++ * itself, since no window manager will be running yet.)
++ **/
++void
++gsm_initialization_error (gboolean fatal, const char *format, ...)
++{
++ GtkWidget *dialog;
++ char *msg;
++ va_list args;
+
-+struct passwd *pwent = NULL; /* Password entry for this user */
-+int pipe_fd; /* Pipe read from dtwm */
-+
-+void trim_tcb (Session* session)
-+{
-+ GSList* list;
-+ int i;
-+ gboolean found = FALSE;
-+ list = session->client_list;
-+
-+ for (; list; list = list->next)
-+ {
-+ Client* client = (Client*)list->data;
-+ GSList* prop_list = client->properties;
-+
-+ found = FALSE;
++ va_start (args, format);
++ msg = g_strdup_vprintf (format, args);
++ va_end (args);
+
-+ for (; prop_list; prop_list = prop_list->next) {
-+ SmProp* prop = (SmProp*)prop_list->data;
++ /* If option parsing failed, Gtk won't have been initialized... */
++ if (!gdk_display_get_default ())
++ {
++ if (!gtk_init_check (NULL, NULL))
++ {
++ /* Oh well, no X for you! */
++ g_printerr (_("Unable to start login session (and unable connect to the X server)"));
++ g_printerr (msg);
++ exit (1);
++ }
++ }
+
-+ /* Go through the TCB list, if it is found, remove it */
-+ for (i = 0; i < G_N_ELEMENTS(tcb); i++) {
-+ if (strcmp (prop->vals->value, tcb[i].name)==0) {
-+ REMOVE ( client->properties, prop);
-+ found = TRUE;
-+ break;
-+ }
-+ }
-+ /* Since the prop for the client has been removed, go on to next */
-+ if (found) break;
-+ }
-+ }
-+}
++ dialog = gtk_message_dialog_new (NULL, 0, GTK_MESSAGE_ERROR,
++ GTK_BUTTONS_CLOSE, "%s", msg);
+
-+char *get_desktop_window_atom_name (void)
-+{
-+ static char *atom_name = NULL;
-+ uid_t uid;
-+ zoneid_t zid;
++ g_free (msg);
++
++ gtk_window_set_position (GTK_WINDOW (dialog), GTK_WIN_POS_CENTER);
++ gtk_dialog_run (GTK_DIALOG (dialog));
+
-+ if (!atom_name) {
-+ uid = geteuid ();
-+ zid = getzoneid ();
-+ atom_name = g_strdup_printf ("NAUTILUS_DESKTOP_WINDOW_%d_%d",
-+ uid, zid);
-+ }
-+ return atom_name;
++ gtk_widget_destroy (dialog);
++
++ gtk_main_quit ();
+}
+
+int
-+get_screen_number (char *exec_cmd)
++XAgentXErrorHandler (Display *dpy, XErrorEvent *error)
+{
-+ gchar **token;
-+ int scrnum;
-+
-+ token = g_strsplit (exec_cmd, ":", 2);
-+ if (token[0]) {
-+ scrnum = atoi (token[0]);
-+ return scrnum;
-+ }
-+ else return 0;
-+}
-+
-+gchar *
-+get_real_command (char *exec_cmd)
-+{
-+ gchar **token;
-+
-+ token = g_strsplit (exec_cmd, ":", 2);
-+ if (token[1])
-+ return (token[1]);
-+ else return exec_cmd;
-+}
++ char err_msg[132];
++
++ XGetErrorText (dpy, error->error_code, err_msg, sizeof (err_msg));
+
-+static char * cond( GIOCondition condition)
-+{
-+ char value[50];
-+
-+ switch (condition)
-+ {
-+ case 1: strcpy (value, "GLIB_SYSDEF_POLLIN");
-+ break;
-+ case 2: strcpy (value, "GLIB_SYSDEF_POLLPRI");
-+ break;
-+ case 4: strcpy (value, "GLIB_SYSDEF_POLLOUT");
-+ break;
-+ case 8: strcpy (value, "GLIB_SYSDEF_POLLERR");
-+ break;
-+ case 16: strcpy (value, "GLIB_SYSDEF_POLLHUP");
-+ break;
-+ case 32: strcpy (value, "GLIB_SYSDEF_POLLNVAL");
-+ break;
-+ default: strcpy (value, "Unknown condition");
-+ break;
-+ }
-+
-+ return(value);
++ return 0;
+}
+
+static void
+so_long_pipe (gpointer data)
+{
-+ /*
-+ * The pipe is bust which probably means the stripe
-+ * has died. So there's nothing to do but die.
-+ */
-+ exit (2);
++ /*
++ * The pipe is bust which probably means the stripe
++ * has died. So there's nothing to do but die.
++ */
++ exit (2);
+}
+
-+static gboolean handle_pipe_input (GIOChannel *source,
-+ GIOCondition condition,
-+ gpointer data)
++static void
++parse_exec_string (char *exec, int *screen, char **command)
++{
++ gchar **tokens = g_strsplit (exec, ":", 2);
++
++ if (tokens[0]) {
++ *screen = atoi (tokens[0]);
++ } else {
++ *screen = 0;
++ }
++
++ if (tokens[1]) {
++ *command = g_strdup (tokens[1]);
++ } else {
++ *command = g_strdup (exec);
++ }
++
++ g_strfreev (tokens);
++
++}
++
++static gboolean
++handle_pipe_input (GIOChannel *source,
++ GIOCondition condition,
++ gpointer data)
+{
+#define BUFSIZE 1024
+ gsize byteread, pos;
@@ -288,323 +229,137 @@
+ GIOStatus status=0;
+ int screen_num;
+ gchar *real_cmd;
++ GdkDisplay *gdk_dpy;
+
-+ if (condition & G_IO_ERR)
-+ return FALSE;
++ if (condition & G_IO_ERR) return FALSE;
+
-+ if (condition & G_IO_HUP)
-+ /* Seems like another good cue to get out of here */
-+ return FALSE;
++ if (condition & G_IO_HUP) return FALSE;
+
-+ if (condition & G_IO_IN) {
-+ status = g_io_channel_read_line (source, &str, &byteread, &pos, &error);
++ if (condition & G_IO_IN) {
++ status = g_io_channel_read_line (source, &str, &byteread, &pos, &error);
+
+ switch (status)
-+ {
-+ case G_IO_STATUS_NORMAL: str[pos] = '\0';
-+ screen_num = get_screen_number (str);
-+ real_cmd = get_real_command (str);
-+ if ((strncmp (real_cmd, "save_yourself", 13) == 0) && (managesession == TRUE))
-+ {
-+ write_session ();
-+ }
-+ else {
-+ GdkDisplay *gdk_dpy;
-+ gdk_dpy = gdk_display_get_default ();
-+ gdk_spawn_command_line_on_screen (gdk_display_get_screen (gdk_dpy, screen_num), real_cmd, &error);
-+ }
-+ return TRUE;
++ {
++ case G_IO_STATUS_NORMAL:
++ str[pos] = '\0';
++ parse_exec_string (str, &screen_num, &real_cmd);
++ gdk_dpy = gdk_display_get_default ();
++ gdk_spawn_command_line_on_screen (gdk_display_get_screen (gdk_dpy,
++ screen_num), real_cmd, &error);
++ g_free (real_cmd);
++ return TRUE;
+
-+ case G_IO_STATUS_AGAIN: fprintf (stderr, "G_IO_STATUS_AGAIN\n");
-+ return FALSE;
++ case G_IO_STATUS_AGAIN:
++ return FALSE;
++
++ case G_IO_STATUS_EOF:
++ sleep(1);
++ return FALSE;
+
-+ case G_IO_STATUS_EOF:
-+ fprintf (stderr, "G_IO_STATUS_EOF\n");
-+ sleep(1);
-+ return FALSE;
++ case G_IO_STATUS_ERROR:
++ return FALSE;
+
-+ case G_IO_STATUS_ERROR:
-+ fprintf (stderr, "G_IO_STATUS_ERROR: %s\n", error->message);
-+ return FALSE;
-+
-+ default: g_assert_not_reached ();
-+ return FALSE;
++ default:
++ g_assert_not_reached ();
++ return FALSE;
+ }
+ }
+}
+
-+static void
-+AtExit (void)
-+{
-+ gsm_keyring_daemon_stop ();
-+}
-+
-+int main (int argc, char *argv[])
++int
++main (int argc, char **argv)
+{
-+ GtkWidget *window, **windows;
-+
-+ GdkDisplay *gdk_dpy;
-+ Display *x_dpy;
-+ Window win;
-+ gchar *displayname = NULL;
-+ gint screen_count;
-+ GdkScreen **screen_list;
-+ gint i;
-+ long myid;
++ struct sigaction sa;
++ GError *err = NULL;
++ char *display_str;
++ Display *xdisp;
++ GdkDisplay *gdisp;
++ int dummy_fd, pipe_fd;
+ GIOChannel *channel;
+ guint result;
-+ Session *session;
-+ gboolean dbus_daemon_owner;
-+ static gboolean first_startup= TRUE;
+
-+ /* redirect stdout and stderr to /dev/null */
-+ int fd = open ("/dev/null", O_RDWR);
-+ dup2 (fd, 1);
-+ dup2 (fd, 2);
++ bindtextdomain (GETTEXT_PACKAGE, LOCALE_DIR);
++ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
++ textdomain (GETTEXT_PACKAGE);
+
-+ /* See if session management is needed */
-+ if ((argc > 1) && !(strcmp (argv[1], "--nosession"))) {
-+ managesession = FALSE;
-+ } else {
-+ gsm_keyring_daemon_start ();
-+ atexit (AtExit);
-+ }
++ int fd = open ("/dev/null", O_RDWR);
++ dup2 (fd, 1);
++ dup2 (fd, 2);
+
-+ dbus_daemon_owner = gsm_dbus_daemon_start ();
-+
-+ if ((argc > 1) && !(strcmp (argv[1], "--defaultsession")))
-+ default_session = TRUE;
++ sa.sa_handler = SIG_IGN;
++ sa.sa_flags = 0;
++ sigemptyset (&sa.sa_mask);
++ sigaction (SIGPIPE, &sa, 0);
+
-+ /* This is required such that the ~/.gnome2 are setup */
-+ if (managesession) {
-+ /* unset the environment variable that was defined in gnome-session */
-+ g_unsetenv ("SESSION_MANAGER");
-+ gnome_program_init ("tsoljds-xagent", "0.1", LIBGNOMEUI_MODULE,
-+ argc, argv,
-+ NULL);
-+ initialize_ice ();
-+ }
-+
-+ /* Ignore all child deaths */
-+ signal(SIGCHLD, SIG_IGN);
++ if ((pipe_fd = dup (fileno(stdin))) != -1) {
++ close (fileno(stdin));
++ dummy_fd = open ("/dev/null", O_RDONLY);
++ fcntl (pipe_fd, F_SETFD, 1);
++ } else {
++ pipe_fd = fileno (stdin);
++ }
+
-+ /* Get password entry to use the pw_shell entry later */
-+ pwent = getpwuid(getuid());
-+
-+ if ((pipe_fd = dup(fileno(stdin))) != -1) {
-+ int dummy_fd;
-+
-+ close(fileno(stdin));
-+ /* Open /dev/null as stdin */
-+ dummy_fd = open("/dev/null", O_RDONLY);
-+ /* Set close_on_exec */
-+ fcntl(pipe_fd, F_SETFD, 1);
-+ } else
-+ pipe_fd = fileno(stdin);
-+
-+ gtk_init (&argc, &argv);
++ gtk_init_with_args (&argc, &argv,
++ (char *) _(" - the GNOME session manager"),
++ entries, GETTEXT_PACKAGE,
++ &err);
++ if (err)
++ gsm_initialization_error (TRUE, "%s", err->message);
+
-+ /* Get GdkDisplay and number of screens */
-+ gdk_dpy = gdk_display_get_default ();
-+ x_dpy = GDK_DISPLAY_XDISPLAY (gdk_dpy);
-+ screen_count = gdk_display_get_n_screens (gdk_dpy);
-+
-+ displayname = g_strdup (gdk_display_get_name (gdk_dpy));
++ /* Set DISPLAY explicitly for all our children, in case --display
++ * was specified on the command line.
++ */
++ display_str = gdk_get_display ();
++ g_setenv ("DISPLAY", display_str, TRUE);
++ g_free (display_str);
+
-+ if (screen_count <= 0) {
-+ screen_count = 1; /* at least one screen */
-+ }
++ gdisp = gdk_display_get_default ();
++ xdisp = gdk_x11_display_get_xdisplay (gdisp);
++ XInternAtom (xdisp, "GNOME_SM_DESKTOP", FALSE);
+
-+ /* allocation memory for the number of screens */
-+ screen_list = g_new (GdkScreen *, screen_count);
-+ windows = g_new (GtkWidget *, screen_count);
-+
-+ for (i = 0; i < screen_count; i++) {
-+ windows[i] = gtk_window_new (GTK_WINDOW_TOPLEVEL);
-+ gtk_widget_realize (windows[i]);
-+ }
++ XSetErrorHandler (XAgentXErrorHandler);
+
-+ /* Trap the Xserver error as this is an essential hack to make the program
-+ * to start up in the local zone.
-+ */
-+ XSetErrorHandler(TsolErrorHandler);
-+
-+ /* Set to Polyinstantiated properties for selection manager */
-+ SetUpPolyprop (x_dpy);
-+
-+ if (managesession == TRUE) {
-+ /*
-+ * This script is needed to enable input method per zones and roles.
-+ * start_session () is shared between gnome-session and tsoljds-xagent
-+ * so putting this out of start_session () here.
-+ */
-+ if (g_file_test (TSOLJDS_MIGRATION_SCRIPT, G_FILE_TEST_IS_EXECUTABLE)) {
-+ system (TSOLJDS_MIGRATION_SCRIPT);
-+ }
++ /* Start up gconfd and dbus-daemon (in parallel) if they're not
++ * already running. This requires us to initialize XSMP too, because
++ * we want $SESSION_MANAGER to be set before launching dbus-daemon.
++ */
++ gsm_gconf_init ();
++ gsm_xsmp_init ();
++ gsm_dbus_init ();
+
-+ if (session_name == NULL &&
-+ g_getenv ("GDM_GNOME_SESSION") != NULL) {
-+ session_name = g_strdup (g_getenv ("GDM_GNOME_SESSION"));
-+ }
++ /* Now make sure they succeeded. (They'll call
++ * gsm_initialization_error() if they failed.)
++ */
++ gsm_gconf_check ();
++ gsm_dbus_check ();
+
-+ /* If the session name hasn't been specified from the command line */
-+ if(session_name == NULL) {
-+ /* If there is no key specified, fall back to the default session */
-+ session_name = gnome_config_get_string (CURRENT_SESSION_KEY "=" DEFAULT_SESSION);
-+ /* if key was specified but is blank, just use the default */
-+ if (!*session_name) {
-+ g_free (session_name);
-+ session_name = g_strdup (DEFAULT_SESSION);
-+ }
-+ }
++ global_session = gsm_session_new (defaultsession);
+
-+ session = read_session (session_name);
-+ trim_tcb (session);
-+ start_session (session);
++ gsm_xsmp_run ();
++ gsm_dbus_run ();
++
++ if (!nosession) {
++ if (g_file_test (TSOLJDS_MIGRATION_SCRIPT, G_FILE_TEST_IS_EXECUTABLE)) {
++ system (TSOLJDS_MIGRATION_SCRIPT);
+ }
+
-+ if (first_startup) {
-+ GError *err=NULL;
-+ /* FIXME: need to get the screen info some how, but default to 0 for now */
-+ gdk_spawn_command_line_on_screen (gdk_display_get_screen (gdk_dpy, 0), g_getenv("LABEL_EXEC_COMMAND"), &err);
-+
-+ if (err)
-+ g_print ("error is %s\n", err->message);
-+
-+ first_startup = FALSE;
-+ }
-+
-+ channel = g_io_channel_unix_new (pipe_fd);
-+ result = g_io_add_watch_full (channel, G_PRIORITY_HIGH,
-+ G_IO_IN | G_IO_PRI | G_IO_ERR | G_IO_HUP,
-+ (GIOFunc)handle_pipe_input, NULL, so_long_pipe);
-+ gtk_main ();
-+
-+ if (dbus_daemon_owner) {
-+ gsm_dbus_daemon_stop ();
-+ }
-+
-+ return 0;
-+}
-+
-+static void SetUpPolyprop (Display *x_dpy)
-+{
-+ /* copy motif_proxy_win from user's clearance to current label */
-+#define ROOT_UID 0
-+ XTsolResAttributes resattr;
-+ Atom ATOM_MOTIF_DRAG_WIN;
-+ Atom ATOM_MOTIF_PROXY_WIN;
-+ m_label_t *slabel;
-+ Window motif_drag_win = None;
-+ Window proxy_win = None;
-+ XWindowAttributes wattr;
-+
-+ /* Set up to look up the polyprop used by the sel_mgr */
-+ slabel = blabel_alloc();
-+ bsllow(slabel);
-+ resattr.sl = slabel;
-+ resattr.uid = ROOT_UID;
-+ XTSOLsetPolyInstInfo(x_dpy, resattr.sl, (uid_t *)(&resattr.uid), True);
-+ ATOM_MOTIF_DRAG_WIN = XInternAtom(x_dpy, _XA_MOTIF_WINDOW, False);
-+ ATOM_MOTIF_PROXY_WIN = XInternAtom(x_dpy, _XA_MOTIF_PROXY_WINDOW, False);
-+ motif_drag_win = GetPropertyWindow(x_dpy, DefaultRootWindow(x_dpy),
-+ ATOM_MOTIF_DRAG_WIN);
-+ if (motif_drag_win != None) {
-+ proxy_win = GetPropertyWindow(x_dpy, motif_drag_win,
-+ ATOM_MOTIF_PROXY_WIN);
-+ }
-+
-+ /* put back our original polyprop settings */
-+ getplabel(slabel);
-+ resattr.uid = getuid();
-+ XTSOLsetPolyInstInfo(x_dpy, resattr.sl, (uid_t *)(&resattr.uid), False);
-+ blabel_free(slabel);
-+
-+ motif_drag_win = GetPropertyWindow(x_dpy, DefaultRootWindow(x_dpy),
-+ ATOM_MOTIF_DRAG_WIN);
-+
-+ /* Validate motif_drag_win */
-+ if (XGetWindowAttributes(x_dpy, motif_drag_win, &wattr) == 0) {
-+ /* if window is invalid, create a new one */
-+ motif_drag_win = CreateMotifDragWindow(x_dpy);
-+ }
++ gsm_session_start (global_session);
++ }
+
-+ if (motif_drag_win != None) {
-+ XChangeProperty(x_dpy, motif_drag_win, ATOM_MOTIF_PROXY_WIN,
-+ XA_WINDOW, 32, PropModeReplace,
-+ (unsigned char *) &proxy_win, 1);
-+ }
-+}
-+
-+Window
-+GetPropertyWindow(Display *dpy, Window in_win, Atom atom)
-+{
-+ Atom type;
-+ int format;
-+ unsigned long lengthRtn;
-+ unsigned long bytesafter;
-+ Window *property = NULL;
-+ Window win = None;
-+
-+ if ((XGetWindowProperty (dpy, in_win, atom, 0L, 1, False, AnyPropertyType,
-+ &type, &format, &lengthRtn, &bytesafter,
-+ (unsigned char **) &property) == Success) &&
-+ (type == XA_WINDOW) && (format == 32) && (lengthRtn == 1)) {
-+ win = *property;
-+ }
-+
-+ if (property) {
-+ XFree ((char *)property);
-+ }
-+
-+ return (win);
-+}
-+
-+
-+static Window
-+CreateMotifDragWindow(Display *dpy)
-+{
-+ XSetWindowAttributes sAttributes;
-+ Window motifWindow;
++ /* we may have to spawn an exec immediately */
++ gdk_spawn_command_line_on_screen (gdk_display_get_screen (gdisp, 0),
++ g_getenv ("LABEL_EXEC_COMMAND"), &err);
++
++ channel = g_io_channel_unix_new (pipe_fd);
++ result = g_io_add_watch_full (channel, G_PRIORITY_HIGH,
++ G_IO_IN | G_IO_PRI | G_IO_ERR | G_IO_HUP,
++ (GIOFunc)handle_pipe_input, NULL, so_long_pipe);
+
-+ XSetCloseDownMode (dpy, RetainPermanent);
-+
-+ sAttributes.override_redirect = True;
-+ sAttributes.event_mask = PropertyChangeMask;
-+ motifWindow = XCreateWindow (dpy, DefaultRootWindow (dpy), -100, -100,
-+ 10, 10, 0, 0, InputOnly, CopyFromParent,
-+ (CWOverrideRedirect |CWEventMask),
-+ &sAttributes);
-+ XMapWindow (dpy, motifWindow);
-+ WriteMotifDragWindow (dpy, &motifWindow);
-+
-+ return (motifWindow);
-+}
-+
-+static void
-+WriteMotifDragWindow(Display *dpy, Window *motifWindow)
-+{
-+ Atom motifWindowAtom;
++ gtk_main ();
+
-+ motifWindowAtom = XInternAtom (dpy, _XA_MOTIF_WINDOW, False);
-+
-+ XChangeProperty (dpy, RootWindow (dpy, 0), motifWindowAtom,
-+ XA_WINDOW, 32, PropModeReplace,
-+ (unsigned char *) motifWindow, 1);
-+}
-+
-+/*
-+ * Ignore X protocol errors
-+ */
-+int
-+TsolErrorHandler(Display *dpy, XErrorEvent *error)
-+{
-+ char err_msg[132];
-+
-+ /* ignore all errors */
-+
-+ XGetErrorText(dpy, error->error_code, err_msg, sizeof(err_msg));
++ gsm_xsmp_shutdown ();
++ gsm_gconf_shutdown ();
++ gsm_dbus_shutdown ();
+
+ return 0;
+}
-+#endif
--- a/patches/gnome-session-11-trusted-extensions.diff Mon Jul 21 15:59:36 2008 +0000
+++ b/patches/gnome-session-11-trusted-extensions.diff Mon Jul 21 16:06:58 2008 +0000
@@ -1,906 +1,229 @@
-diff -urN -x '*~' -x '*.rej*' session.orig/config.h.in session.new/config.h.in
---- session.orig/config.h.in 2007-09-19 20:30:07.713028000 +0100
-+++ session.new/config.h.in 2007-09-19 20:30:43.041319000 +0100
-@@ -116,3 +116,9 @@
-
- /* Define to 1 if the X Window System is missing or not being used. */
- #undef X_DISPLAY_MISSING
-+
-+/* for GNOME TSOL build on solaris */
-+#undef HAVE_GNOMETSOL
-+
-+/* for X TSOL build on solaris */
-+#undef HAVE_XTSOL
-diff -urN -x '*~' -x '*.rej*' session.orig/configure.in session.new/configure.in
---- session.orig/configure.in 2007-09-19 20:30:07.711866000 +0100
-+++ session.new/configure.in 2007-09-19 20:30:43.378896000 +0100
-@@ -190,6 +190,38 @@
-
- AC_SUBST(X_LIBS)
-
-+
-+### tsol and Xtsol headers
-+
-+found_xtsol=no
-+case "$host" in
-+ *-*-solaris*)
-+ AC_CHECK_HEADERS(X11/extensions/Xtsol.h sys/tsol/label_macro.h,
-+ AC_DEFINE(HAVE_XTSOL, ,[Building with XTSOL support]) found_xtsol=yes,)
-+ ;;
-+ *)
-+ ;;
-+esac
-+
-+AM_CONDITIONAL(XTSOL_DEFINED, test x$found_xtsol = xyes)
-+
-+### tsol and xtsol libraries
-+
-+XTSOL_LIBS=
-+case "$host" in
-+ *-*-solaris*)
-+ old_LDFLAGS="$LDFLAGS"
-+ LDFLAGS="$LDFLAGS -L/usr/openwin/lib -R/usr/openwin/lib"
-+ AC_CHECK_LIB(Xtsol, XTSOLIsWindowTrusted,
-+ XTSOL_LIBS="-L/usr/openwin/lib -R/usr/openwin/lib $X_LIBS -lXtsol -ltsol"; AC_DEFINE(HAVE_XTSOL), ,$X_LIBS -ltsol)
-+ LDFLAGS="$old_LDFLAGS"
-+ ;;
-+ *)
-+ ;;
-+esac
-+
-+AC_SUBST(XTSOL_LIBS)
-+
- dnl -----------------------------------------------------------
-
- dnl ------------------
-diff -urN -x '*~' -x '*.rej*' session.orig/data/Makefile.am session.new/data/Makefile.am
---- session.orig/data/Makefile.am 2007-09-19 20:30:07.596455000 +0100
-+++ session.new/data/Makefile.am 2007-09-19 20:30:43.379289000 +0100
-@@ -2,8 +2,11 @@
-
- defaultdir = $(datadir)/gnome
-
-+if XTSOL_DEFINED
-+TSOL_SESSION_FILE = mandatory.tsolsession
-+endif
- default_in_files = default.session.in
--default_DATA = $(default_in_files:.session.in=.session)
-+default_DATA = $(default_in_files:.session.in=.session) $(TSOL_SESSION_FILE)
-
- default.session: default.session.in ../config.status
- sed -e 's,\@WINDOW_MANAGER\@,$(WINDOW_MANAGER),g' \
-diff -urN -x '*~' -x '*.rej*' session.orig/data/mandatory.tsolsession session.new/data/mandatory.tsolsession
---- session.orig/data/mandatory.tsolsession 1970-01-01 01:00:00.000000000 +0100
-+++ session.new/data/mandatory.tsolsession 2007-09-19 20:33:13.563942000 +0100
-@@ -0,0 +1,29 @@
-+# This is the mandatory tsol session components that are launched for all TSOL
-+# gnome sessions.
-+# The RestartCommand specifies the command to run from the $PATH.
-+# The Priority determines the order in which the commands are started
-+# (with Priority = 0 first) and defaults to 50.
-+# The id provides a name that is unique within this file and passed to the
-+# app as the client id which it must use to register with gnome-session.
-+# The clients must be numbered from 0 to the value of num_clients - 1.
-+
-+[Default]
-+num_clients=6
-+0,id=mandatory0
-+0,Priority=0
-+0,RestartCommand=tsoljds-setssheight --sm-client-id mandatory0
-+1,id=mandatory1
-+1,Priority=5
-+1,RestartCommand=metacity --sm-client-id mandatory1
-+2,id=mandatory2
-+2,Priority=10
-+2,RestartCommand=tsoljdsselmgr --sm-client-id mandatory2
-+3,id=mandatory3
-+3,Priority=40
-+3,RestartCommand=tsoljds-tstripe --sm-client-id mandatory3
-+4,id=mandatory4
-+4,Priority=50
-+4,RestartCommand=gnome-panel --sm-client-id mandatory4
-+5,id=mandatory5
-+5,Priority=50
-+5,RestartCommand=/usr/lib/wnck-applet --sm-client-id mandatory5
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/Makefile.am session.new/gnome-session/Makefile.am
---- session.orig/gnome-session/Makefile.am 2007-09-19 20:30:08.545137000 +0100
-+++ session.new/gnome-session/Makefile.am 2007-09-19 20:30:43.434430000 +0100
-@@ -16,6 +16,8 @@
- -DDEFAULTDIR="\"$(defaultdir)\"" \
- -DAT_SPI_REGISTRYD_DIR="\"$(AT_SPI_REGISTRYD_DIR)\"" \
- -DTIME_UTILITY="\"$(TIME_UTILITY)\"" \
-+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
-+ -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
- -DSYSCONFDIR=\""$(sysconfdir)"\"
+diff -urN session.orig/gnome-session/Makefile.am session.new/gnome-session/Makefile.am
+--- session.orig/gnome-session/Makefile.am 2008-07-03 16:15:37.374116000 +0100
++++ session.new/gnome-session/Makefile.am 2008-07-14 16:57:17.460528000 +0100
+@@ -17,7 +17,7 @@
+ -DGCONFTOOL_CMD=\"$(GCONFTOOL)\"
- # Used by the GNOME_PROGRAM_STANDARD_PROPERTIES macros
-@@ -57,6 +59,10 @@
- gsm-multiscreen.c \
- gsm-multiscreen.h \
- gdm-logout-action.c \
-+if XTSOL_DEFINED \
-+ tsoljds-misc.c \
-+ tsoljds-misc.h \
-+endif
- gdm-logout-action.h
-
- gnome_session_SOURCES = \
-@@ -110,6 +110,10 @@
- headers.h \
- util.c \
- util.h \
-+if XTSOL_DEFINED \
-+ tsoljds-misc.c \
-+ tsoljds-misc.h \
-+endif \
- migrate-trash.c \
- migrate-trash.h
-
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/headers.h session.new/gnome-session/headers.h
---- session.orig/gnome-session/headers.h 2007-09-19 20:30:08.554116000 +0100
-+++ session.new/gnome-session/headers.h 2007-09-19 20:30:43.434939000 +0100
-@@ -18,6 +18,11 @@
- #ifndef HEADER_H
- #define HEADER_H
-
-+#ifdef HAVE_XTSOL
-+#include <tsol/label.h>
-+#include <sys/tsol/label_macro.h>
-+#endif
-+
- #include <X11/SM/SMlib.h>
- #include <time.h>
-
-@@ -25,6 +30,9 @@
-
-
- /* Config prefix used to store the sysadmin's default sessions. */
-+#ifdef HAVE_XTSOL
-+#define TSOL_CONFIG_PREFIX "=" DEFAULTDIR "/mandatory.tsolsession=/"
-+#endif
- #define DEFAULT_CONFIG_PREFIX "=" DEFAULTDIR "/default.session=/"
-
- /* Config prefix used to store the users' sessions. */
-@@ -200,6 +208,12 @@
- /* Ignoring ~/.gnome/session as it is deemed to be unreliable. */
- extern gboolean failsafe;
+ gnome_session_LDADD = \
+- -lSM -lICE \
++ -lSM -lICE -lsecdb \
+ libgsmutil.la \
+ $(top_builddir)/egg/libeggdesktopfile.la \
+ $(GNOME_SESSION_LIBS) \
+@@ -50,6 +50,8 @@
+ main.c \
+ power-manager.h \
+ power-manager.c \
++ trusted.h \
++ trusted.c \
+ session.c \
+ session.h \
+ xsmp.c \
+diff -urN session.orig/gnome-session/main.c session.new/gnome-session/main.c
+--- session.orig/gnome-session/main.c 2008-07-03 16:15:37.380305000 +0100
++++ session.new/gnome-session/main.c 2008-07-14 16:21:40.818798000 +0100
+@@ -28,15 +28,20 @@
+ #include "session.h"
+ #include "util.h"
+ #include "xsmp.h"
++#include "trusted.h"
-+/* Flag to denote running in Trusted Session */
-+extern gboolean trusted_session;
-+
-+/* Flag to specify loading of system default session file only*/
-+extern gboolean default_session;
-+
- /* List of auth entries. */
- extern GSList *auth_entries;
+ GsmSession *global_session;
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/logout.c session.new/gnome-session/logout.c
---- session.orig/gnome-session/logout.c 2007-09-19 20:30:08.547582000 +0100
-+++ session.new/gnome-session/logout.c 2007-09-19 20:30:43.450883000 +0100
-@@ -32,6 +32,7 @@
-
- #include <libgnomeui/gnome-help.h>
+ static gboolean failsafe;
++static gboolean trusted_session;
-+#include "tsoljds-misc.h"
- #include "ice.h"
- #include "logout.h"
- #include "command.h"
-@@ -626,8 +627,10 @@
- case GTK_RESPONSE_OK:
- /* We want to know if we should trash changes (and lose forever)
- * or save them */
-- if(save_active)
-+ if (save_active) {
- save_selected = save_active;
-+ set_local_session (save_selected);
-+ }
- if (halt_active)
- logout_action = GDM_LOGOUT_ACTION_SHUTDOWN;
- else if (reboot_active)
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/main.c session.new/gnome-session/main.c
---- session.orig/gnome-session/main.c 2007-09-19 20:30:08.546599000 +0100
-+++ session.new/gnome-session/main.c 2007-09-19 20:30:43.486329000 +0100
-@@ -42,6 +42,10 @@
- #include <libgnomeui/gnome-ui-init.h>
- #include <libgnome/gnome-config.h>
-
-+#ifdef HAVE_XTSOL
-+#include "tsoljds-misc.h"
-+#endif
-+
- #include "manager.h"
- #include "ice.h"
- #include "save.h"
-@@ -82,6 +86,9 @@
- /* Wait period for clients to die during shutdown. */
- gint suicide_delay = 10000;
-
-+gboolean trusted_session = FALSE;
-+gboolean default_session = FALSE;
-+
- gchar *session_name = NULL;
- Display *xdisp;
- GdkDisplay *gdisp;
-@@ -92,6 +99,8 @@
- {"purge-delay", '\0', 0, G_OPTION_ARG_INT, &purge_delay, N_("Millisecond period spent waiting for clients to register (0=forever)"), N_("DELAY")},
- {"warn-delay", '\0', 0, G_OPTION_ARG_INT, &warn_delay, N_("Millisecond period spent waiting for clients to respond (0=forever)"), N_("DELAY")},
- {"suicide-delay", '\0', 0, G_OPTION_ARG_INT, &suicide_delay, N_("Millisecond period spent waiting for clients to die (0=forever)"), N_("DELAY")},
-+ /* SUN_BRANDING */
-+ {"trusted-session", '\0', 0, G_OPTION_ARG_NONE, &trusted_session, N_("Used for Trusted Multi-Label Session"), NULL},
- {NULL}
+ static GOptionEntry entries[] = {
+ { "failsafe", 'f', 0, G_OPTION_ARG_NONE, &failsafe,
+ N_("Do not load user-specified applications"),
+ NULL },
++ { "trusted-session", '\0', 0, G_OPTION_ARG_NONE, &trusted_session,
++ N_("Used for Trusted Multi-Label Session"),
++ NULL},
+ { NULL, 0, 0, 0, NULL, NULL, NULL }
};
-@@ -679,6 +688,28 @@
- g_free (command);
- }
+@@ -205,6 +210,12 @@
+ xdisp = gdk_x11_display_get_xdisplay (gdisp);
+ XInternAtom (xdisp, "GNOME_SM_DESKTOP", FALSE);
-+#ifdef HAVE_XTSOL
-+/* Due to complexity of how the new at-spi-registerd is being started.
-+ * One cannot call gnome_program_init () at the start of gnome-session.
-+ * The checking of the --trusted-session option has to be done earliest so
-+ * that all the Trusted Component Base is given the right inherited privileges.
-+ * Hence this little function to check for this flag. But can't remove
-+ * the entry from the GOptionEntry above because gnome_program_init ()
-+ * without this little function start absorbing the --trusted-session option.
-+ */
-+static void
-+check_trusted_session_option (int argc, char *argv[])
-+{
-+ int i;
-+
-+ for(i=0; i< argc; i++)
-+ if (strncmp (argv[i], "--trusted-session", 17)==0) {
-+ trusted_session = TRUE;
-+ break;
-+ }
-+}
-+#endif
-+
- int
- main (int argc, char *argv[])
- {
-@@ -723,6 +724,9 @@
- GOptionContext *goption_context;
- gboolean dbus_daemon_owner;
- GnomeProgram *program;
-+#ifdef HAVE_XTSOL
-+ gboolean saved_a11y = FALSE;
-+#endif
-
- if (g_getenv ("GSM_VERBOSE_DEBUG"))
- gsm_set_verbose (TRUE);
-@@ -760,6 +764,36 @@
- if (gsm_check_for_root ())
- return 0;
-
-+#ifdef HAVE_XTSOL
-+ check_trusted_session_option (argc, argv);
+ if (trusted_session) {
-+ if (tsol_is_available ()) {
-+ if (putenv ("TRUSTED_SESSION=TRUE") == 0) {
-+ if (gnome_session_use_trusted_extensions ())
-+ set_inheritable_to_default ();
-+ }
-+ }
-+ else
-+ {
-+ GtkWidget *dialog;
-+
-+ dialog = gtk_message_dialog_new (NULL,
-+ 0,
-+ GTK_MESSAGE_ERROR,
-+ GTK_BUTTONS_OK,
-+ /* SUN_BRANDING */
-+ _("Your X Server has not been set up with SUN_TSOL extension to login to Trusted JDS. Select ordinary JDS to login.\n"));
-+ g_signal_connect (dialog, "response",
-+ G_CALLBACK (gtk_widget_destroy),
-+ NULL);
-+
-+ gtk_widget_show (dialog);
-+ gtk_dialog_run (GTK_DIALOG (dialog));
-+ exit(1);
++ if (!trusted_session_init (xdisp)) {
++ exit (1);
+ }
+ }
-+#endif
+
gsm_wait_for_unfinished_postrun ();
- if (ORBit_proto_use ("IPv4") || ORBit_proto_use ("IPv6"))
-@@ -762,6 +826,18 @@
- gconf_client = gsm_get_conf_client ();
- gconf_client_add_dir (gconf_client, GSM_GCONF_CONFIG_PREFIX, GCONF_CLIENT_PRELOAD_ONELEVEL, NULL);
+ /* Start up gconfd and dbus-daemon (in parallel) if they're not
+@@ -226,19 +237,17 @@
+ gsm_xsmp_run ();
+ gsm_dbus_run ();
-+#ifdef HAVE_XTSOL
-+ /* A11Y is not supported in Multi-level desktop session. Check if A11Y is on
-+ * could be set by user from Single Label session. Save this value if true.
-+ */
-+ if (trusted_session)
-+ {
-+ saved_a11y = gconf_client_get_bool (gconf_client, ACCESSIBILITY_KEY, NULL);
-+ if (saved_a11y)
-+ gconf_client_set_bool (gconf_client, ACCESSIBILITY_KEY, FALSE, NULL);
-+ }
-+#endif
-+
- env_a_t_support = g_getenv (ACCESSIBILITY_ENV);
- if (env_a_t_support)
- a_t_support = atoi (env_a_t_support);
-@@ -878,6 +955,12 @@
+- gsm_session_start (global_session);
++ if (trusted_session) {
++ gsm_trusted_session_start ();
++ } else {
++ gsm_session_start (global_session);
++
++ gconf_client = gconf_client_get_default ();
++ show_about = gconf_client_get_bool (gconf_client, ABOUT_PROMPT_KEY, NULL);
+
+- gconf_client = gconf_client_get_default ();
+- show_about = gconf_client_get_bool (gconf_client, ABOUT_PROMPT_KEY, NULL);
+-
+-#ifndef HAVE_XTSOL
+- if (! show_about)
+- gtk_timeout_add (4000, show_gnome_about, NULL);
+-#else
+- if (! trusted_session)
+ if (! show_about)
+ gtk_timeout_add (4000, show_gnome_about, NULL);
+-#endif
++ }
gtk_main ();
-+#ifdef HAVE_XTSOL
-+ /* reverted back to a11y on if saved_a11y is true */
-+ if (trusted_session && saved_a11y)
-+ gconf_client_set_bool (gconf_client, ACCESSIBILITY_KEY, TRUE, NULL);
-+#endif
-+
- gsm_remote_desktop_cleanup ();
-
- gsm_sound_logout ();
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/remote.c session.new/gnome-session/remote.c
---- session.orig/gnome-session/remote.c 2007-09-19 20:30:08.547341000 +0100
-+++ session.new/gnome-session/remote.c 2007-09-19 20:30:43.504114000 +0100
-@@ -37,6 +37,11 @@
-
- #include <X11/ICE/ICElib.h>
- #include <X11/ICE/ICEutil.h>
-+#include <priv.h>
+diff -urN session.orig/gnome-session/trusted.c session.new/gnome-session/trusted.c
+--- session.orig/gnome-session/trusted.c 1970-01-01 01:00:00.000000000 +0100
++++ session.new/gnome-session/trusted.c 2008-07-21 16:58:07.125554000 +0100
+@@ -0,0 +1,107 @@
++/* trusted.c
++ * Copyright (C) 2008 SUN Microsystems, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
++ * 02111-1307, USA.
++ */
+
-+#ifdef HAVE_XTSOL
-+#include "tsoljds-misc.h"
-+#endif
-
- #include "remote.h"
- #include "util.h"
-@@ -44,6 +49,41 @@
- static char *format_rstart_env (char *);
- static void close_child (GPid pid, gint status, gpointer ignore);
-
-+#ifdef HAVE_XTSOL
-+static gboolean is_win_priv_app (char *progname)
++#include <priv.h>
++#include <user_attr.h>
++#include <secdb.h>
++#include <gtk/gtk.h>
++#include <X11/Xlib.h>
++#include <sys/types.h>
++#include <unistd.h>
++#include <glib/gi18n.h>
++#include "trusted.h"
++
++void
++escalate_privs (void)
+{
-+ gchar *program;
-+
-+ if ((program = g_find_program_in_path (progname)) != NULL) {
-+ if (strcmp ("/usr/lib/wnck-applet", program)== 0)
-+ {
-+ return TRUE;
-+ }
-+ }
-+ return FALSE;
++ priv_set_t *pset;
++
++ pset = priv_allocset ();
++ getppriv (PRIV_PERMITTED, pset);
++ setppriv (PRIV_SET, PRIV_INHERITABLE, pset);
+}
+
-+static gboolean is_all_priv_app (char *progname)
++void
++drop_privs (void)
+{
-+ gchar *program;
-+
-+ if ((program = g_find_program_in_path (progname)) != NULL) {
-+ if (strcmp ("/usr/bin/tsoljds-tstripe", program)==0 ||
-+ strcmp ("/bin/tsoljds-tstripe", program)==0 ||
-+ strcmp ("/usr/bin/gnome-panel", program)==0 ||
-+ strcmp ("/bin/gnome-panel", program)==0 ||
-+ strcmp ("/usr/bin/metacity", program)==0 ||
-+ strcmp ("/bin/metacity", program)==0 ||
-+ strcmp ("/usr/bin/tsoljdsselmgr", program)==0 ||
-+ strcmp ("/bin/tsoljdsselmgr", program)==0)
-+ {
-+ return TRUE;
-+ }
-+ }
-+ return FALSE;
-+}
-+#endif
-+
- static void
- close_child (GPid pid, gint status, gpointer ignore)
- {
-@@ -62,6 +102,17 @@
- GSList *list;
- gchar *rargv[4];
-
-+#ifdef HAVE_XTSOL
-+ if (gnome_session_use_trusted_extensions()) {
-+ if (is_all_priv_app (argv[0]))
-+ set_inheritable_to_all ();
-+ else if (is_win_priv_app (argv[0]))
-+ set_inheritable_to_default_win ();
-+ else
-+ set_inheritable_to_default ();
-+ }
-+#endif
-+
- if (! restart_info)
- {
- return gsm_exec_async (cwd, argv, envp, child_pid, error);
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/save.c session.new/gnome-session/save.c
---- session.orig/gnome-session/save.c 2007-09-19 20:30:08.546910000 +0100
-+++ session.new/gnome-session/save.c 2007-09-19 20:30:43.519226000 +0100
-@@ -32,6 +32,10 @@
-
- #include <libgnome/gnome-config.h>
-
-+#ifdef HAVE_XTSOL
-+#include "tsoljds-misc.h"
-+#endif
++ priv_set_t *pset;
++ userattr_t *uattr = NULL;
++ char *value = NULL;
+
- #include "gsm-keyfile.h"
- #include "gsm-autostart.h"
- #include "save.h"
-@@ -330,7 +334,30 @@
- }
- }
-
-+#ifdef HAVE_XTSOL
-+static gboolean
-+client_remove_duplicate_cbe (Client *client)
-+{
-+ int argc;
-+ char **argv;
-+ gboolean duplicated = FALSE;
-+
-+ find_vector_property (client, SmRestartCommand, &argc, &argv);
-+
-+ if (strcmp (argv[0], "tsoljdsselmgr") == 0 ||
-+ strcmp (argv[0], "tsoljds-tstripe") == 0 ||
-+ strcmp (argv[0], "metacity") == 0 ||
-+ strcmp (argv[0], "gnome-wm") == 0 ||
-+ strcmp (argv[0], "gnome-panel") == 0
-+ )
-+ duplicated = TRUE;
-+
-+ g_strfreev (argv);
++ pset = priv_allocset ();
++ if ((uattr = getuseruid (getuid())) &&
++ (value = kva_match (uattr->attr, USERATTR_DFLTPRIV_KW))) {
++ pset = priv_str_to_set (value, ",", NULL);
++ } else {
++ pset = priv_str_to_set ("basic", ",", NULL);
++ }
+
-+ return duplicated;
-+}
-
-+#endif
-
- /* Read the session clients recorded in a config file section */
- static GSList *
-@@ -357,6 +384,16 @@
- gnome_config_pop_prefix ();
- client->match_rule = match_rule;
- client->session_saved = TRUE;
-+#ifdef HAVE_XTSOL
-+ if (gnome_session_use_trusted_extensions ()) {
-+ if (strcmp (file, TSOL_CONFIG_PREFIX) != 0 &&
-+ client_remove_duplicate_cbe (client))
-+ {
-+ free_client (client);
-+ continue;
-+ }
-+ }
-+#endif
- APPEND (list, client);
- }
- return list;
-@@ -535,31 +573,61 @@
- return clients;
- }
-
-+static GSList*
-+fetch_session_list (const char *name)
-+{
-+ GSList *list = NULL;
-+
-+ if (name) {
-+ if (!strcmp (name, FAILSAFE_SESSION))
-+ list = read_clients (DEFAULT_CONFIG_PREFIX, DEFAULT_SESSION, MATCH_FAKE_ID);
-+ else
-+ list = read_clients (CONFIG_PREFIX, name, MATCH_ID);
-+
-+ if (!list)
-+ list = read_clients (DEFAULT_CONFIG_PREFIX,name,MATCH_FAKE_ID);
-+ }
-+ if (!list)
-+ list = read_clients (DEFAULT_CONFIG_PREFIX, DEFAULT_SESSION, MATCH_FAKE_ID);
-+
-+ return (list);
++ setppriv (PRIV_SET, PRIV_INHERITABLE, pset);
++ priv_freeset (pset);
+}
+
- /* Load a session from the config file by name. */
- Session*
- read_session (const char *name)
- {
- GSList *list = NULL;
-+#ifdef HAVE_XTSOL
-+ GSList *tsollist = NULL;
-+#endif
- Session *session = g_new0 (Session, 1);
-
- session->name = g_strdup (name);
- session->handle = command_handle_new ((gpointer)session);
-
-- if (name) {
-- if (!strcmp (name, FAILSAFE_SESSION))
-- list = read_clients (
-- DEFAULT_CONFIG_PREFIX, DEFAULT_SESSION, MATCH_FAKE_ID);
-- else
-- list = read_clients (CONFIG_PREFIX, name, MATCH_ID);
--
-- if (!list)
-- list = read_clients (DEFAULT_CONFIG_PREFIX,name,MATCH_FAKE_ID);
-
-- }
-+#ifdef HAVE_XTSOL
-+ /* trusted_session is set in gnome-session only, always FALSE in xagent */
-+ if (trusted_session) {
-+ tsollist = read_clients (TSOL_CONFIG_PREFIX, DEFAULT_SESSION, MATCH_FAKE_ID);
-+ if (is_trusted_path ()) {
-+ list = fetch_session_list (name);
-+ }
-+ }
-+ /* xagent part and it can ask for default.session or user's own session */
-+ else if (default_session) {
-+ list = read_clients (DEFAULT_CONFIG_PREFIX, DEFAULT_SESSION, MATCH_FAKE_ID);
-+ }
-+ else {
-+#endif
-+ list = fetch_session_list (name);
-
-- if (!list)
-- list = read_clients (
-- DEFAULT_CONFIG_PREFIX, DEFAULT_SESSION, MATCH_FAKE_ID);
-+#ifdef HAVE_XTSOL
-+ }
-+ if (gnome_session_use_trusted_extensions ())
-+ list = g_slist_concat (tsollist, list);
-+#endif
-
- session->client_list = list;
-
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/splash-widget.c session.new/gnome-session/splash-widget.c
---- session.orig/gnome-session/splash-widget.c 2007-09-19 20:30:08.547758000 +0100
-+++ session.new/gnome-session/splash-widget.c 2007-09-19 20:30:43.542823000 +0100
-@@ -45,6 +45,8 @@
- { N_("Metacity Window Manager"), "metacity", "gnome-window-manager" },
- { N_("Window Manager"), "gnome-wm", "gnome-window-manager" },
- { N_("The Panel"), "gnome-panel", "gnome-panel" },
-+ /* SUN_BRANDING */
-+ { N_("Trusted Stripe"), "tsoljds-tstripe", "gnome-panel" },
- { N_("Nautilus"), "nautilus", "gnome-fs-desktop" },
- { N_("Desktop Settings"), "gnome-settings-daemon", "gnome-settings" }
- };
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/tsoljds-misc.c session.new/gnome-session/tsoljds-misc.c
---- session.orig/gnome-session/tsoljds-misc.c 1970-01-01 01:00:00.000000000 +0100
-+++ session.new/gnome-session/tsoljds-misc.c 2007-09-19 20:30:43.543411000 +0100
-@@ -0,0 +1,294 @@
-+#include <glib.h>
-+#include <gdk/gdkx.h>
-+#include <gtk/gtk.h>
-+#include <X11/Xlib.h>
-+#include <X11/Xutil.h>
-+#include <X11/Xos.h>
-+#include <X11/Xatom.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <strings.h>
-+#include <secdb.h>
-+#include <user_attr.h>
-+#include "tsoljds-misc.h"
-+#include "headers.h"
++static void
++start_trusted_apps (void)
++{
++ char **app_path = NULL;
++ static char *trusted_apps[] = {
++ "/usr/bin/tsoljds-setssheight",
++ "/usr/bin/metacity",
++ "/usr/bin/tsoljdsselmgr",
++ "/usr/bin/tsoljds-tstripe",
++ "/usr/lib/wnck_applet",
++ "/usr/bin/gnome-panel",
++ "/usr/bin/nautilus",
++ NULL};
+
-+static gboolean
-+tsol_use_xtsol_extension ()
-+{
-+ static int foundxtsol = -1;
-+ int major_code, first_event, first_error;
-+
-+ if (foundxtsol < 0) {
-+ foundxtsol = XQueryExtension (gdk_display, "SUN_TSOL", &major_code,
-+ &first_event, &first_error);
-+ }
-+ return foundxtsol;
++ for (app_path = trusted_apps; *app_path != NULL; app_path++) {
++ g_spawn_command_line_async (*app_path, NULL);
++ }
+}
+
-+gboolean tsol_is_available ()
++void
++gsm_trusted_session_start (void)
+{
-+ if (tsol_use_xtsol_extension ())
-+ return TRUE;
-+ return FALSE;
++ escalate_privs ();
++ start_trusted_apps ();
++ drop_privs ();
+}
+
+gboolean
-+set_inheritable_to_all (void)
-+{
-+ priv_set_t *pset;
-+
-+ pset = priv_str_to_set ("all", ",", NULL);
-+
-+ if (setppriv (PRIV_SET, PRIV_INHERITABLE, pset) != 0) {
-+ fprintf(stderr, "gnome-session: setppriv(inheritable) failed\n");
-+ return FALSE;
-+ }
-+
-+ priv_freeset (pset);
-+ return TRUE;
-+}
-+
-+gboolean
-+set_inheritable_to_default_win (void)
++trusted_session_init (Display *display)
+{
-+ priv_set_t *pset;
-+ userattr_t *uattr = NULL;
-+ char *value = NULL;;
-+
-+ pset = priv_allocset ();
-+ uattr = libsecdb_getuseruid(getuid());
-+
-+ if (uattr) {
-+ value = libsecdb_kva_match (uattr->attr, USERATTR_DFLTPRIV_KW);
-+
-+ if (value)
-+ pset = priv_str_to_set (value, ",", NULL);
-+ else
-+ pset = priv_str_to_set ("basic", ",", NULL);
-+ }
-+ else {
-+ pset = priv_str_to_set ("basic", ",", NULL);
-+ }
-+ priv_addset (pset, PRIV_WIN_MAC_READ);
-+ priv_addset (pset, PRIV_WIN_MAC_WRITE);
-+ priv_addset (pset, PRIV_WIN_DAC_READ);
-+ priv_addset (pset, PRIV_WIN_DAC_WRITE);
-+
-+ if (setppriv (PRIV_SET, PRIV_INHERITABLE, pset) != 0) {
-+ fprintf(stderr, "gnome-session: setppriv(inheritable) failed\n");
-+ return FALSE;
-+ }
-+
-+ priv_freeset (pset);
-+ return TRUE;
-+}
-+
-+gboolean
-+set_inheritable_to_default (void)
-+{
-+ priv_set_t *pset;
-+ userattr_t *uattr = NULL;
-+ char *value = NULL;;
-+
-+ pset = priv_allocset ();
-+ uattr = libsecdb_getuseruid(getuid());
-+ if (uattr) {
-+ value = libsecdb_kva_match (uattr->attr, USERATTR_DFLTPRIV_KW);
++ int major_code, first_event, first_error;
++ GtkWidget *dialog;
+
-+ if (value)
-+ pset = priv_str_to_set (value, ",", NULL);
-+ else
-+ pset = priv_str_to_set ("basic", ",", NULL);
-+ }
-+ else {
-+ pset = priv_str_to_set ("basic", ",", NULL);
-+ }
-+
-+ if (setppriv (PRIV_SET, PRIV_INHERITABLE, pset) != 0) {
-+ fprintf(stderr, "gnome-session: setppriv(inheritable) failed\n");
-+ return FALSE;
-+ }
-+
-+ priv_freeset (pset);
-+ return TRUE;
-+}
-+
-+
-+static const char *
-+tsol_get_min_label ()
-+{
-+ static char *min_label = NULL;
-+
-+ if (!min_label) {
-+ min_label = (char *) getenv ("USER_MIN_SL");
-+ }
-+ return min_label;
-+}
-+
-+static const char*
-+tsol_get_max_label()
-+{
-+ static char *max_label = NULL;
-+
-+ if (!max_label) {
-+ max_label = (char *) getenv ("USER_MAX_SL");
-+ }
-+ return max_label;
-+}
-+
-+
-+static
-+void * dlopen_secdb (void)
-+{
-+ void *handle = NULL;
-+
-+ if ((handle = dlopen ("libsecdb.so.1", RTLD_LAZY)) != NULL)
-+ return handle;
-+}
-+
-+
-+static
-+void * dlopen_tsol (void)
-+{
-+ void *handle = NULL;
-+
-+ /*
-+ * No 64-bit version of libwnck so we can get away with hardcoding
-+ * to a single path on this occasion
-+ */
-+ if ((handle = dlopen ("/usr/lib/libtsol.so.2", RTLD_LAZY)) != NULL)
-+ return handle;
-+
-+ return handle;
++ if (XQueryExtension (display, "SUN_TSOL", &major_code, &first_event,
++ &first_error)) {
++ g_setenv ("TRUSTED_SESSION", "TRUE", TRUE);
++ drop_privs ();
++ return TRUE;
++ } else {
++ dialog = gtk_message_dialog_new (NULL, 0, GTK_MESSAGE_ERROR,
++ GTK_BUTTONS_OK, _("Unable to login to Trusted Session. Required X server security extension ot loaded."));
++ g_signal_connect (dialog, "response",
++ G_CALLBACK (gtk_widget_destroy), NULL);
++ gtk_widget_show (dialog);
++ gtk_dialog_run (GTK_DIALOG (dialog));
++ return FALSE;
++ }
+}
+
-+gboolean
-+gnome_session_use_trusted_extensions (void)
-+{
-+ static gboolean _trusted_extensions_initialised=FALSE;
-+ static gpointer tsol_handle=NULL;
-+ static gpointer secdb_handle=NULL;
-+
-+ if (!_trusted_extensions_initialised) {
-+ const char *label=NULL;
-+ _trusted_extensions_initialised = TRUE;
-+
-+ if ((label = tsol_get_min_label ()) == NULL)
-+ return FALSE;
-+ if ((label = tsol_get_max_label ()) == NULL)
-+ return FALSE;
-+
-+ tsol_handle = dlopen_tsol();
-+
-+ if (tsol_handle) {
-+ libtsol_str_to_label = (tsol_str_to_label) dlsym (tsol_handle, "str_to_label");
-+ libtsol_m_label_free = (tsol_m_label_free) dlsym (tsol_handle, "m_label_free");
-+ libtsol_blequal = (tsol_blequal) dlsym (tsol_handle, "blequal");
-+ }
-+
-+ if (libtsol_str_to_label == NULL ||
-+ libtsol_m_label_free == NULL ||
-+ libtsol_blequal == NULL) {
-+ dlclose (tsol_handle);
-+ tsol_handle = NULL;
-+ }
-+
-+ secdb_handle = dlopen_secdb ();
-+
-+ if (secdb_handle) {
-+ libsecdb_getuseruid = (secdb_getuseruid) dlsym (secdb_handle, "getuseruid");
-+ libsecdb_kva_match = (secdb_kva_match) dlsym (secdb_handle, "kva_match");
-+ }
-+
-+ if (libsecdb_getuseruid == NULL || libsecdb_kva_match == NULL) {
-+ dlclose (secdb_handle);
-+ secdb_handle = NULL;
-+ }
-+ }
-+ return (tsol_handle != NULL && secdb_handle != NULL);
-+}
-+
-+gboolean
-+is_trusted_path (void)
-+{
-+ static int is_trusted_path = -1;
-+ char *max_label;
-+ char *min_label;
-+
-+ if (is_trusted_path < 0) {
-+ max_label = tsol_get_max_label();
-+ min_label = tsol_get_min_label();
-+ if (max_label && min_label) {
-+ if (strcmp(max_label, "ADMIN_HIGH")==0 || strcmp (min_label, "ADMIN_LOW")==0)
-+ is_trusted_path = 1;
-+ else
-+ is_trusted_path = 0;
-+ }
-+ else
-+ is_trusted_path = 0;
-+ }
-+ return is_trusted_path? 1 : 0;
-+}
-+
-+gboolean
-+is_single_label_session (void)
-+{
-+ char *max_label, *min_label;
-+
-+ min_label = tsol_get_min_label ();
-+ max_label = tsol_get_max_label ();
-+
-+ if (!min_label || !max_label || strcmp (min_label, max_label)==0)
-+ return TRUE;
-+ else
-+ return FALSE;
-+}
+diff -urN session.orig/gnome-session/trusted.h session.new/gnome-session/trusted.h
+--- session.orig/gnome-session/trusted.h 1970-01-01 01:00:00.000000000 +0100
++++ session.new/gnome-session/trusted.h 2008-07-14 15:35:16.413466000 +0100
+@@ -0,0 +1,28 @@
++/* trusted.h
++ * Copyright (C) 2008 SUN Microsystems, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
++ * 02111-1307, USA.
++ */
+
-+gboolean
-+is_multi_label_session (void)
-+{
-+ char *max_label, *min_label;
-+
-+ min_label = tsol_get_min_label ();
-+ max_label = tsol_get_max_label ();
-+
-+ if (!min_label || !max_label || strcmp (min_label, max_label)==0)
-+ return FALSE;
-+ else
-+ return TRUE;
-+}
-+
-+void
-+set_local_session (gboolean status)
-+{
-+ int error;
-+ char *value;
-+ GdkDisplay *gdk_dpy;
-+ Display *x_dpy;
-+ Window root_win=None;
-+ Atom utf8_string, ls_atom;
-+
-+ if (status)
-+ value = g_strdup ("TRUE");
-+ else
-+ value = g_strdup ("FALSE");
-+
-+ gdk_dpy = gdk_display_get_default ();
-+ x_dpy = GDK_DISPLAY_XDISPLAY (gdk_dpy);
-+ root_win = DefaultRootWindow (x_dpy);
-+
-+ utf8_string = XInternAtom (x_dpy, "UTF8_STRING", False);
-+
-+ ls_atom = XInternAtom (x_dpy, "_SAVE_LOCAL_ZONE_SESSION", False);
-+
-+ gdk_error_trap_push ();
-+ XChangeProperty (x_dpy, root_win, ls_atom, utf8_string, 8, PropModeReplace,
-+ (guchar*) value, strlen (value));
-+
-+ XSync (x_dpy, False);
-+ gdk_error_trap_pop ();
++#ifndef __TRUSTED_H__
++#define __TRUSTED_H__
+
-+ g_free (value);
-+}
-+
-diff -urN -x '*~' -x '*.rej*' session.orig/gnome-session/tsoljds-misc.h session.new/gnome-session/tsoljds-misc.h
---- session.orig/gnome-session/tsoljds-misc.h 1970-01-01 01:00:00.000000000 +0100
-+++ session.new/gnome-session/tsoljds-misc.h 2007-09-19 20:30:43.543660000 +0100
-@@ -0,0 +1,40 @@
-+#include <config.h>
-+
-+#ifdef HAVE_XTSOL
-+#include <priv.h>
-+#include <sys/tsol/priv.h>
-+#include <dlfcn.h>
-+#include <user_attr.h>
-+#include <tsol/label.h>
-+#include <sys/tsol/label_macro.h>
-+#include <glib/gtypes.h>
-+
-+typedef int (*tsol_str_to_label) (const char *string, m_label_t **label,
-+ const m_label_type_t label_type, uint_t flags,
-+ int *error);
-+typedef void (*tsol_m_label_free) (m_label_t *label);
++#include <glib.h>
+
-+typedef int (*tsol_blequal) (const m_label_t *label1,
-+ const m_label_t *label2);
-+
-+typedef userattr_t* (*secdb_getuseruid) (uid_t uid);
-+typedef char* (*secdb_kva_match) (kva_t *kva, char *key);
-+
-+tsol_str_to_label libtsol_str_to_label;
-+tsol_m_label_free libtsol_m_label_free;
-+tsol_blequal libtsol_blequal;
-+
-+secdb_getuseruid libsecdb_getuseruid;
-+secdb_kva_match libsecdb_kva_match;
-+
-+gboolean tsol_is_available (void);
-+gboolean gnome_session_use_trusted_extensions (void);
-+gboolean set_inheritable_to_all (void);
-+gboolean set_inheritable_to_default_win (void);
-+gboolean set_inheritable_to_default (void);
-+gboolean is_trusted_path (void);
-+gboolean is_single_label_session (void);
-+gboolean is_multi_label_session (void);
-+void set_local_session (gboolean status);
++gboolean trusted_session_init ();
++void gsm_trusted_session_start (void);
+
+#endif