15330
|
1 |
diff -urN -x'*.orig' -x'*.rej' gnome-session-2.25.92/gnome-session/Makefile.am ../SUNWgnome-session-2.25.91.p10/gnome-session-2.25.92/gnome-session/Makefile.am
|
|
2 |
--- gnome-session-2.25.92/gnome-session/Makefile.am 2009-03-03 16:58:00.000000000 +0000
|
|
3 |
+++ ../SUNWgnome-session-2.25.91.p10/gnome-session-2.25.92/gnome-session/Makefile.am 2009-03-09 15:44:15.916519000 +0000
|
|
4 |
@@ -98,6 +99,8 @@
|
|
5 |
gsm-session-save.h \
|
13117
|
6 |
gsm-xsmp-server.c \
|
|
7 |
gsm-xsmp-server.h \
|
15330
|
8 |
+ trusted.h \
|
|
9 |
+ trusted.c \
|
13117
|
10 |
$(NULL)
|
|
11 |
|
|
12 |
libgsmutil_la_LIBADD = \
|
15330
|
13 |
diff -urN -x'*.orig' -x'*.rej' gnome-session-2.25.92/gnome-session/trusted.c ../SUNWgnome-session-2.25.91.p10/gnome-session-2.25.92/gnome-session/trusted.c
|
|
14 |
--- gnome-session-2.25.92/gnome-session/trusted.c 1970-01-01 01:00:00.000000000 +0100
|
|
15 |
+++ ../SUNWgnome-session-2.25.91.p10/gnome-session-2.25.92/gnome-session/trusted.c 2009-03-09 15:41:33.527439000 +0000
|
14919
|
16 |
@@ -0,0 +1,116 @@
|
13117
|
17 |
+/* trusted.c
|
|
18 |
+ * Copyright (C) 2008 SUN Microsystems, Inc.
|
|
19 |
+ *
|
|
20 |
+ * This program is free software; you can redistribute it and/or
|
|
21 |
+ * modify it under the terms of the GNU General Public License as
|
|
22 |
+ * published by the Free Software Foundation; either version 2 of the
|
|
23 |
+ * License, or (at your option) any later version.
|
|
24 |
+ *
|
|
25 |
+ * This program is distributed in the hope that it will be useful, but
|
|
26 |
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
27 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
28 |
+ * Lesser General Public License for more details.
|
|
29 |
+ *
|
|
30 |
+ * You should have received a copy of the GNU General Public License
|
|
31 |
+ * along with this program; if not, write to the Free Software
|
|
32 |
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
33 |
+ * 02111-1307, USA.
|
|
34 |
+ */
|
|
35 |
+
|
|
36 |
+#include <priv.h>
|
|
37 |
+#include <user_attr.h>
|
|
38 |
+#include <secdb.h>
|
|
39 |
+#include <gtk/gtk.h>
|
|
40 |
+#include <X11/Xlib.h>
|
|
41 |
+#include <sys/types.h>
|
|
42 |
+#include <unistd.h>
|
|
43 |
+#include <glib/gi18n.h>
|
|
44 |
+#include "trusted.h"
|
|
45 |
+
|
|
46 |
+void
|
|
47 |
+escalate_privs (void)
|
|
48 |
+{
|
|
49 |
+ priv_set_t *pset;
|
|
50 |
+
|
|
51 |
+ pset = priv_allocset ();
|
|
52 |
+ getppriv (PRIV_PERMITTED, pset);
|
|
53 |
+ setppriv (PRIV_SET, PRIV_INHERITABLE, pset);
|
|
54 |
+}
|
|
55 |
+
|
|
56 |
+void
|
|
57 |
+drop_privs (void)
|
|
58 |
+{
|
|
59 |
+ priv_set_t *pset;
|
|
60 |
+ userattr_t *uattr = NULL;
|
|
61 |
+ char *value = NULL;
|
|
62 |
+
|
|
63 |
+ pset = priv_allocset ();
|
|
64 |
+ if ((uattr = getuseruid (getuid())) &&
|
|
65 |
+ (value = kva_match (uattr->attr, USERATTR_DFLTPRIV_KW))) {
|
|
66 |
+ pset = priv_str_to_set (value, ",", NULL);
|
|
67 |
+ } else {
|
|
68 |
+ pset = priv_str_to_set ("basic", ",", NULL);
|
|
69 |
+ }
|
|
70 |
+
|
|
71 |
+ setppriv (PRIV_SET, PRIV_INHERITABLE, pset);
|
|
72 |
+ priv_freeset (pset);
|
|
73 |
+}
|
|
74 |
+
|
|
75 |
+void
|
|
76 |
+gsm_trusted_session_start (void)
|
|
77 |
+{
|
|
78 |
+ char **app_path = NULL;
|
|
79 |
+ static char *setup_apps[] = {"/usr/lib/gnome-settings-daemon",
|
|
80 |
+ "/usr/lib/gnome-session/helpers/gnome-settings-daemon-helper",
|
|
81 |
+ "/usr/lib/gnome-session/helpers/gnome-keyring-daemon-wrapper",
|
14919
|
82 |
+ "/usr/lib/nwam-manager",
|
13117
|
83 |
+ NULL};
|
|
84 |
+ static char *trusted_apps[] = {"/usr/bin/tsoljds-setssheight",
|
|
85 |
+ "/usr/bin/metacity",
|
|
86 |
+ "/usr/bin/tsoljdsselmgr",
|
|
87 |
+ "/usr/bin/tsoljds-tstripe",
|
|
88 |
+ "/usr/lib/wnck_applet",
|
|
89 |
+ "/usr/bin/gnome-panel",
|
|
90 |
+ NULL};
|
|
91 |
+
|
16514
|
92 |
+ static char *untrusted_apps[] = {"/usr/X11/bin/xscreensaver", NULL};
|
13117
|
93 |
+
|
|
94 |
+ for (app_path = setup_apps; *app_path != NULL; app_path++) {
|
|
95 |
+ g_spawn_command_line_async (*app_path, NULL);
|
|
96 |
+ }
|
|
97 |
+ escalate_privs ();
|
|
98 |
+
|
|
99 |
+ for (app_path = trusted_apps; *app_path != NULL; app_path++) {
|
|
100 |
+ g_spawn_command_line_async (*app_path, NULL);
|
|
101 |
+ }
|
|
102 |
+
|
|
103 |
+ drop_privs ();
|
|
104 |
+
|
|
105 |
+ for (app_path = untrusted_apps; *app_path != NULL; app_path++) {
|
|
106 |
+ g_spawn_command_line_async (*app_path, NULL);
|
|
107 |
+ }
|
|
108 |
+}
|
|
109 |
+
|
|
110 |
+gboolean
|
|
111 |
+trusted_session_init (Display *display)
|
|
112 |
+{
|
|
113 |
+ int major_code, first_event, first_error;
|
|
114 |
+ GtkWidget *dialog;
|
|
115 |
+
|
|
116 |
+ if (XQueryExtension (display, "SUN_TSOL", &major_code, &first_event,
|
|
117 |
+ &first_error)) {
|
|
118 |
+ g_setenv ("TRUSTED_SESSION", "TRUE", TRUE);
|
|
119 |
+ drop_privs ();
|
|
120 |
+ return TRUE;
|
|
121 |
+ } else {
|
|
122 |
+ dialog = gtk_message_dialog_new (NULL, 0, GTK_MESSAGE_ERROR,
|
14401
|
123 |
+ /* SUN_BRANDING */
|
13117
|
124 |
+ GTK_BUTTONS_OK, _("Unable to login to Trusted Session. Required X server security extension not loaded."));
|
|
125 |
+ gtk_widget_show (dialog);
|
|
126 |
+ gtk_dialog_run (GTK_DIALOG (dialog));
|
|
127 |
+ gtk_widget_destroy (dialog);
|
|
128 |
+
|
|
129 |
+ return FALSE;
|
|
130 |
+ }
|
|
131 |
+}
|
|
132 |
+
|
15330
|
133 |
diff -urN -x'*.orig' -x'*.rej' gnome-session-2.25.92/gnome-session/trusted.h ../SUNWgnome-session-2.25.91.p10/gnome-session-2.25.92/gnome-session/trusted.h
|
|
134 |
--- gnome-session-2.25.92/gnome-session/trusted.h 1970-01-01 01:00:00.000000000 +0100
|
|
135 |
+++ ../SUNWgnome-session-2.25.91.p10/gnome-session-2.25.92/gnome-session/trusted.h 2009-03-09 15:41:33.527708000 +0000
|
13117
|
136 |
@@ -0,0 +1,28 @@
|
|
137 |
+/* trusted.h
|
|
138 |
+ * Copyright (C) 2008 SUN Microsystems, Inc.
|
|
139 |
+ *
|
|
140 |
+ * This program is free software; you can redistribute it and/or
|
|
141 |
+ * modify it under the terms of the GNU General Public License as
|
|
142 |
+ * published by the Free Software Foundation; either version 2 of the
|
|
143 |
+ * License, or (at your option) any later version.
|
|
144 |
+ *
|
|
145 |
+ * This program is distributed in the hope that it will be useful, but
|
|
146 |
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
147 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
148 |
+ * Lesser General Public License for more details.
|
|
149 |
+ *
|
|
150 |
+ * You should have received a copy of the GNU General Public License
|
|
151 |
+ * along with this program; if not, write to the Free Software
|
|
152 |
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
|
153 |
+ * 02111-1307, USA.
|
|
154 |
+ */
|
|
155 |
+
|
|
156 |
+#ifndef __TRUSTED_H__
|
|
157 |
+#define __TRUSTED_H__
|
|
158 |
+
|
|
159 |
+#include <glib.h>
|
|
160 |
+
|
|
161 |
+gboolean trusted_session_init ();
|
|
162 |
+void gsm_trusted_session_start (void);
|
|
163 |
+
|
|
164 |
+#endif
|
15416
|
165 |
--- gnome-session-2.26.0/gnome-session/main.c.ori 2009-03-17 14:52:41.087991974 +0000
|
|
166 |
+++ gnome-session-2.26.0/gnome-session/main.c 2009-03-17 14:53:49.364619311 +0000
|
|
167 |
@@ -62,6 +62,7 @@
|
|
168 |
static gboolean failsafe = FALSE;
|
|
169 |
static gboolean show_version = FALSE;
|
|
170 |
static gboolean debug = FALSE;
|
|
171 |
+static gboolean trusted_session = FALSE;
|
|
172 |
|
|
173 |
static void
|
|
174 |
on_bus_name_lost (DBusGProxy *bus_proxy,
|
|
175 |
@@ -506,6 +507,8 @@
|
|
176 |
{ "default-session-key", 0, 0, G_OPTION_ARG_STRING, &default_session_key, N_("GConf key used to lookup default session"), NULL },
|
|
177 |
{ "debug", 0, 0, G_OPTION_ARG_NONE, &debug, N_("Enable debugging code"), NULL },
|
|
178 |
{ "failsafe", 'f', 0, G_OPTION_ARG_NONE, &failsafe, N_("Do not load user-specified applications"), NULL },
|
|
179 |
+ /* SUN_BRANDING */
|
|
180 |
+ { "trusted-session", '\0', 0, G_OPTION_ARG_NONE, &trusted_session, N_("Used for Trusted Multi-Label Session"), NULL },
|
|
181 |
{ "version", 0, 0, G_OPTION_ARG_NONE, &show_version, N_("Version of this application"), NULL },
|
|
182 |
{ NULL, 0, 0, 0, NULL, NULL, NULL }
|
|
183 |
};
|
|
184 |
@@ -561,6 +564,12 @@
|
|
185 |
xdisp = gdk_x11_display_get_xdisplay (gdisp);
|
|
186 |
XInternAtom (xdisp, "GNOME_SM_DESKTOP", FALSE);
|
|
187 |
|
|
188 |
+ if (trusted_session) {
|
|
189 |
+ if (!trusted_session_init (xdisp)) {
|
|
190 |
+ exit (1);
|
|
191 |
+ }
|
|
192 |
+ }
|
|
193 |
+
|
|
194 |
gsm_wait_for_unfinished_postrun ();
|
|
195 |
|
|
196 |
/* Some third-party programs rely on GNOME_DESKTOP_SESSION_ID to
|
|
197 |
@@ -597,7 +606,13 @@
|
|
198 |
}
|
|
199 |
|
|
200 |
gsm_xsmp_server_start (xsmp_server);
|
|
201 |
- gsm_manager_start (manager);
|
|
202 |
+
|
|
203 |
+ if (trusted_session) {
|
|
204 |
+ gsm_trusted_session_start ();
|
|
205 |
+ gsm_manager_set_phase (manager, GSM_MANAGER_PHASE_RUNNING);
|
|
206 |
+ } else {
|
|
207 |
+ gsm_manager_start (manager);
|
|
208 |
+ }
|
|
209 |
|
|
210 |
gtk_main ();
|
|
211 |
|
16403
|
212 |
diff -ruN gnome-session-2.27.91.orig/gnome-session/Makefile.am gnome-session-2.27.91/gnome-session/Makefile.am
|
|
213 |
--- gnome-session-2.27.91.orig/gnome-session/Makefile.am 2009-08-28 00:03:35.464750989 +0100
|
|
214 |
+++ gnome-session-2.27.91/gnome-session/Makefile.am 2009-08-28 00:04:24.074458760 +0100
|
|
215 |
@@ -47,6 +47,7 @@
|
|
216 |
$(top_builddir)/egg/libeggdesktopfile.la \
|
|
217 |
$(SM_LIBS) \
|
|
218 |
$(ICE_LIBS) \
|
|
219 |
+ -lsecdb \
|
|
220 |
$(GNOME_SESSION_LIBS) \
|
|
221 |
$(GCONF_LIBS) \
|
|
222 |
$(XRENDER_LIBS) \
|