Package: xdm Version: 1:1.1.10-3 Severity: wishlist Tags: patch
Hi, Starting with ConsoleKit 0.4.2, sessions launched by ck-launch-session are no longer considered active and local. Instead, display managers are supposed to create the ConsoleKit session directly through the DBus API, specifying parameters that are not available when running Xsession.d. That's essentially what the provided patch does. Why is this relevant? PolicyKit policies often give special permissions to local users. This means you can automount devices with UDisks or maybe configure certain NetworkManager parameters if you have an active local session. This trend seems on the rise too, since HAL is gonna be abandoned eventually and the *Kit APIs often play nice with PolicyKit and local active sessions for a smoother user experience. This patch is not mine. It's from OpenSUSE and I believe similar patches are also being used by Mandriva. Upstream did not show much interest in those patches when they were posted in the upstream bugtracker, but I believe this has never been discussed in their mailing list. Anyways, the patch is small and libck-connector abstracts the whole thing very nicely (it's intended to be used by display managers). The patch adds a build dependendency on libck-connector-dev, translating into a runtime dependency on libck-connector0. libck-connector0 is very lightweight (only depends on libdbus). The patch also works great for the time I've been testing it. You don't get duplicate sessions or anything like that. Regards, -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.37-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages xdm depends on: ii cpp 4:4.4.5-2 The GNU C preprocessor (cpp) ii debconf [debconf-2.0] 1.5.38 Debian configuration management sy ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libpam0g 1.1.2-2 Pluggable Authentication Modules l ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libx11-6 2:1.4.1-5 X11 client-side library ii libxau6 1:1.0.6-1 X11 authorisation library ii libxaw7 2:1.0.9-2 X11 Athena Widget library ii libxdmcp6 1:1.1.0-1 X11 Display Manager Control Protoc ii libxext6 2:1.2.0-2 X11 miscellaneous extension librar ii libxft2 2.2.0-2 FreeType-based font drawing librar ii libxinerama1 2:1.1.1-1 X11 Xinerama extension library ii libxmu6 2:1.1.0-1 X11 miscellaneous utility library ii libxpm4 1:3.5.9-1 X11 pixmap library ii libxrender1 1:0.9.6-1 X Rendering Extension client libra ii libxt6 1:1.0.9-2 X11 toolkit intrinsics library ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip ii procps 1:3.2.8-10 /proc file system utilities ii x11-common 1:7.6+3 X Window System (X.Org) infrastruc ii x11-utils 7.6+1 X11 utilities ii x11-xserver-utils 7.6+1 X server utilities xdm recommends no packages. xdm suggests no packages. -- debconf information: xdm/stop_running_server_with_children: false xdm/daemon_name: /usr/bin/xdm * shared/default-x-display-manager: xdm
>From ac232d8fa2e2c3fcbd30aff86af1c9f8cfb73876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fernando=20Tarl=C3=A1=20Cardoso=20Lemos?= <fernando...@gmail.com> Date: Sat, 19 Feb 2011 13:40:15 -0200 Subject: [PATCH] Add a patch for ConsoleKit support. --- debian/control | 1 + debian/patches/consolekit.diff | 231 ++++++++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + debian/rules | 3 +- 4 files changed, 235 insertions(+), 1 deletions(-) create mode 100644 debian/patches/consolekit.diff diff --git a/debian/control b/debian/control index 7c2da31..6e7439c 100644 --- a/debian/control +++ b/debian/control @@ -14,6 +14,7 @@ Build-Depends: libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], libxinerama-dev (>= 1:1.0.1), libxft-dev, + libck-connector-dev, quilt, automake, libtool, diff --git a/debian/patches/consolekit.diff b/debian/patches/consolekit.diff new file mode 100644 index 0000000..c5afffa --- /dev/null +++ b/debian/patches/consolekit.diff @@ -0,0 +1,231 @@ +Description: Implement ConsoleKit support + Starting from 0.4.2, ConsoleKit has more strict securty requirements + and ck-launch-session doesn't create a local and active session + anymore. +Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=17325 +Origin: https://build.opensuse.org/package/view_file?file=xdm-consolekit.diff&package=xorg-x11&project=openSUSE:11.3:Update:Test&srcmd5=5e43d91b0bf84c8a82fc23b1cb550931 +--- a/configure.ac ++++ b/configure.ac +@@ -434,6 +434,20 @@ + + AM_CONDITIONAL(DYNAMIC_GREETER, test x$DYNAMIC_GREETER = xyes) + ++# ConsoleKit support ++AC_ARG_WITH(consolekit, AC_HELP_STRING([--with-consolekit], [Use ConsoleKit]), ++ [USE_CONSOLEKIT=$withval], [USE_CONSOLEKIT=yes]) ++if test x"$USE_CONSOLEKIT" != xno; then ++ PKG_CHECK_MODULES(CK_CONNECTOR, ck-connector, ++ [USE_CONSOLEKIT=yes], [USE_CONSOLEKIT=no]) ++ if test x"$USE_CONSOLEKIT" = xyes; then ++ AC_DEFINE([USE_CONSOLEKIT], 1, [Define to 1 to use ConsoleKit]) ++ XDM_CFLAGS="$XDM_CFLAGS $CK_CONNECTOR_CFLAGS" ++ XDM_LIBS="$XDM_LIBS $CK_CONNECTOR_LIBS" ++ fi ++fi ++dnl AM_CONDITIONAL(USE_CONSOLEKIT, test$USE_CONSOLEKIT = xyes) ++ + # + # XDM + # +--- a/dm.h ++++ b/dm.h +@@ -323,6 +323,9 @@ + extern char *prngdSocket; + extern int prngdPort; + # endif ++#ifdef USE_CONSOLEKIT ++extern int use_consolekit; ++#endif + + extern char *greeterLib; + extern char *willing; +--- a/resource.c ++++ b/resource.c +@@ -65,6 +65,9 @@ + char *prngdSocket; + int prngdPort; + #endif ++#ifdef USE_CONSOLEKIT ++int use_consolekit; ++#endif + + char *greeterLib; + char *willing; +@@ -196,6 +199,10 @@ + "false"} , + { "willing", "Willing", DM_STRING, &willing, + ""} , ++#ifdef USE_CONSOLEKIT ++{ "consoleKit", "ConsoleKit", DM_BOOL, (char **) &use_consolekit, ++ "true"} , ++#endif + }; + + #define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0]) +@@ -378,7 +385,11 @@ + {"-debug", "*debugLevel", XrmoptionSepArg, (caddr_t) NULL }, + {"-xrm", NULL, XrmoptionResArg, (caddr_t) NULL }, + {"-daemon", ".daemonMode", XrmoptionNoArg, "true" }, +-{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" } ++{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" }, ++#ifdef USE_CONSOLEKIT ++{"-consolekit", ".consoleKit", XrmoptionNoArg, "true" }, ++{"-noconsolekit", ".consoleKit", XrmoptionNoArg, "false" } ++#endif + }; + + static int originalArgc; +--- a/session.c ++++ b/session.c +@@ -67,6 +67,11 @@ + # endif + #endif /* USE_PAM */ + ++#ifdef USE_CONSOLEKIT ++#include <ck-connector.h> ++#include <dbus/dbus.h> ++#endif ++ + #ifdef __SCO__ + # include <prot.h> + #endif +@@ -514,6 +519,97 @@ + } + } + ++#ifdef USE_CONSOLEKIT ++ ++static CkConnector *connector; ++ ++static int openCKSession(struct verify_info *verify, struct display *d) ++{ ++ int ret; ++ DBusError error; ++ char *remote_host_name = ""; ++ dbus_bool_t is_local; ++ char *display_name = ""; ++ char *display_device = ""; ++ char devtmp[16]; ++ ++ if (!use_consolekit) ++ return 1; ++ ++ is_local = d->displayType.location == Local; ++ if (d->peerlen > 0 && d->peer) ++ remote_host_name = d->peer; ++ if (d->name) ++ display_name = d->name; ++ /* how can we get the corresponding tty at best...? */ ++ if (d->windowPath) { ++ display_device = strchr(d->windowPath, ':'); ++ if (display_device && display_device[1]) ++ display_device++; ++ else ++ display_device = d->windowPath; ++ snprintf(devtmp, sizeof(devtmp), "/dev/tty%s", display_device); ++ display_device = devtmp; ++ } ++ ++ connector = ck_connector_new(); ++ if (!connector) { ++ LogOutOfMem("ck_connector"); ++ return 0; ++ } ++ ++ dbus_error_init(&error); ++ ret = ck_connector_open_session_with_parameters( ++ connector, &error, ++ "unix-user", &verify->uid, ++ "x11-display", &display_name, ++ "x11-display-device", &display_device, ++ "remote-host-name", &remote_host_name, ++ "is-local", &is_local, ++ NULL); ++ if (!ret) { ++ if (dbus_error_is_set(&error)) { ++ LogError("Dbus error: %s\n", error.message); ++ dbus_error_free(&error); ++ } else { ++ LogError("ConsoleKit error\n"); ++ } ++ LogError("console-kit-daemon not running?\n"); ++ ck_connector_unref(connector); ++ connector = NULL; ++ return 0; ++ } ++ ++ verify->userEnviron = setEnv(verify->userEnviron, ++ "XDG_SESSION_COOKIE", ck_connector_get_cookie(connector)); ++ return 1; ++} ++ ++static void closeCKSession(void) ++{ ++ DBusError error; ++ ++ if (!connector) ++ return; ++ ++ dbus_error_init(&error); ++ if (!ck_connector_close_session(connector, &error)) { ++ if (dbus_error_is_set(&error)) { ++ LogError("Dbus error: %s\n", error.message); ++ dbus_error_free(&error); ++ } else { ++ LogError("ConsoleKit close error\n"); ++ } ++ LogError("console-kit-daemon not running?\n"); ++ } ++ ck_connector_unref(connector); ++ connector = NULL; ++} ++#else ++#define openCKSession(v,d) 1 ++#define closeCKSession() ++#endif ++ + void + SessionExit (struct display *d, int status, int removeAuth) + { +@@ -528,6 +624,8 @@ + } + #endif + ++ closeCKSession(); ++ + /* make sure the server gets reset after the session is over */ + if (d->serverPid >= 2 && d->resetSignal) + kill (d->serverPid, d->resetSignal); +@@ -610,6 +708,10 @@ + #ifdef USE_PAM + if (pamh) pam_open_session(pamh, 0); + #endif ++ ++ if (!openCKSession(verify, d)) ++ return 0; ++ + switch (pid = fork ()) { + case 0: + CleanUpChild (); +--- a/xdm.man.cpp ++++ b/xdm.man.cpp +@@ -48,6 +48,8 @@ + ] [ + .B \-session + .I session_program ++] [ ++.B \-noconsolekit + ] + .SH DESCRIPTION + .I Xdm +@@ -215,6 +217,10 @@ + .IP "\fB\-xrm\fP \fIresource_specification\fP" + Allows an arbitrary resource to be specified, as in most + X Toolkit applications. ++.IP "\fB\-noconsolekit\fP" ++Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP ++resource. ++This suppresses the session management using ConsoleKit. + .SH RESOURCES + At many stages the actions of + .I xdm diff --git a/debian/patches/series b/debian/patches/series index 15eddf7..e37ea22 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -9,3 +9,4 @@ support_logfile_rotation.diff debian.diff doc_mention_xdm.options.diff +consolekit.diff diff --git a/debian/rules b/debian/rules index 57b33e8..81ccf3b 100755 --- a/debian/rules +++ b/debian/rules @@ -22,7 +22,8 @@ confflags += --with-pam \ --with-bw-pixmap=debianbw.xpm \ --disable-dynamic-greeter \ --disable-xdm-auth \ - --with-xft + --with-xft \ + --with-consolekit CFLAGS = -Wall -g ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) -- 1.7.4.1