20788N/Acommit 310cdf6456ea1a6d2661048dd7251b9014e02a44
20788N/AAuthor: Halton Huo <halton.huo@sun.com>
20788N/ADate: Fri Mar 26 14:20:18 2010 +0800
20788N/A
20788N/A gdm-19-trusted-extensions.diff
20788N/A
20788N/Adiff --git a/daemon/Makefile.am b/daemon/Makefile.am
20788N/Aindex 2afb2fb..aa78458 100644
20788N/A--- a/daemon/Makefile.am
20788N/A+++ b/daemon/Makefile.am
20788N/A@@ -137,7 +137,7 @@ gdm_simple_slave_SOURCES = \
20788N/A
20788N/A gdm_simple_slave_LDFLAGS = \
20788N/A $(PAM_LIBS) \
20788N/A- $(NULL)
20788N/A+ $(NULL) -lXtsol
20788N/A
20788N/A gdm_simple_slave_LDADD = \
20788N/A $(top_builddir)/common/libgdmcommon.la \
20788N/A@@ -172,7 +172,7 @@ gdm_factory_slave_SOURCES = \
20788N/A
20788N/A gdm_factory_slave_LDFLAGS = \
20788N/A $(PAM_LIBS) \
20788N/A- $(NULL)
20788N/A+ $(NULL) -lXtsol
20788N/A
20788N/A gdm_factory_slave_LDADD = \
20788N/A $(top_builddir)/common/libgdmcommon.la \
20788N/A@@ -201,7 +201,7 @@ gdm_product_slave_SOURCES = \
20788N/A
20788N/A gdm_product_slave_LDFLAGS = \
20788N/A $(PAM_LIBS) \
20788N/A- $(NULL)
20788N/A+ $(NULL) -lXtsol
20788N/A
20788N/A gdm_product_slave_LDADD = \
20788N/A $(top_builddir)/common/libgdmcommon.la \
20788N/A@@ -232,7 +232,7 @@ gdm_xdmcp_chooser_slave_LDADD = \
20788N/A $(DAEMON_LIBS) \
20788N/A $(EXTRA_DAEMON_LIBS) \
20788N/A $(top_builddir)/common/libgdmcommon.la \
20788N/A- $(NULL)
20788N/A+ $(NULL) -lXtsol
20788N/A
20788N/A gdm_session_worker_SOURCES = \
20788N/A session-worker-main.c \
20788N/Adiff --git a/daemon/gdm-simple-slave.c b/daemon/gdm-simple-slave.c
20788N/Aindex 9e8b0a2..d13a105 100644
20788N/A--- a/daemon/gdm-simple-slave.c
20788N/A+++ b/daemon/gdm-simple-slave.c
20788N/A@@ -457,6 +457,7 @@ start_session_timeout (GdmSimpleSlave *s
20788N/A
20788N/A char *auth_file;
20788N/A gboolean migrated;
20788N/A+ char *username;
20788N/A
20788N/A g_debug ("GdmSimpleSlave: accredited");
20788N/A
20788N/A@@ -494,7 +495,13 @@ start_session_timeout (GdmSimpleSlave *s
20788N/A gdm_session_start_session (GDM_SESSION (slave->priv->session),
20788N/A slave->priv->start_session_service_name);
20788N/A gdm_slave_unblock_console_session_requests_on_display (GDM_SLAVE (slave));
20788N/A+
20788N/A+ username = gdm_session_direct_get_username (slave->priv->session);
20788N/A+ gdm_slave_tsol_start_session (GDM_SLAVE (slave), username);
20788N/A+ g_free (username);
20788N/A+
20788N/A out:
20788N/A+
20788N/A slave->priv->start_session_id = 0;
20788N/A g_free (slave->priv->start_session_service_name);
20788N/A slave->priv->start_session_service_name = NULL;
20788N/Adiff --git a/daemon/gdm-slave.c b/daemon/gdm-slave.c
20788N/Aindex 852538f..998d252 100644
20788N/A--- a/daemon/gdm-slave.c
20788N/A+++ b/daemon/gdm-slave.c
20788N/A@@ -31,6 +31,7 @@
20788N/A #include <pwd.h>
20788N/A #include <grp.h>
20788N/A #include <signal.h>
20788N/A+#include <X11/extensions/Xtsol.h>
20788N/A
20788N/A #include <glib.h>
20788N/A #include <glib/gstdio.h>
20788N/A@@ -1016,6 +1017,33 @@ _get_uid_and_gid_for_user (const char *username,
20788N/A return TRUE;
20788N/A }
20788N/A
20788N/A+/* Trusted Solaris - start */
20788N/A+void
20788N/A+gdm_slave_tsol_start_session (GdmSlave *slave, const char *username)
20788N/A+{
20788N/A+ uid_t uid;
20788N/A+ Atom prop;
20788N/A+ Status status;
20788N/A+
20788N/A+ if (! _get_uid_and_gid_for_user (username, &uid, NULL)) {
20788N/A+ g_debug ("GdmSlave: unable to determine uid for user: %s", username);
20788N/A+ } else {
20788N/A+ prop = XInternAtom (slave->priv->server_display, "RESOURCE_MANAGER", True);
20788N/A+ if (prop == None) {
20788N/A+ g_debug ("no RESOURCE_MANAGER atom");
20788N/A+ } else {
20788N/A+ g_debug ("Setting property UID to %s", username);
20788N/A+ status = XTSOLsetPropUID (slave->priv->server_display,
20788N/A+ DefaultRootWindow (slave->priv->server_display),
20788N/A+ prop,
20788N/A+ &uid);
20788N/A+ g_debug ("Called XTSOLsetPropUID, status=%d", status);
20788N/A+ XSync (slave->priv->server_display, False);
20788N/A+ }
20788N/A+ }
20788N/A+}
20788N/A+/* Trusted Solaris - end */
20788N/A+
20788N/A static gboolean
20788N/A x11_session_is_on_seat (GdmSlave *slave,
20788N/A const char *session_id,
20788N/Adiff --git a/daemon/gdm-slave.h b/daemon/gdm-slave.h
20788N/Aindex 3783c2a..7ae3061 100644
20788N/A--- a/daemon/gdm-slave.h
20788N/A+++ b/daemon/gdm-slave.h
20788N/A@@ -86,6 +86,8 @@ gboolean gdm_slave_run_script
20788N/A void gdm_slave_stopped (GdmSlave *slave);
20788N/A void gdm_slave_set_console_session_id (GdmSlave *slave,
20788N/A const char *session_id);
20788N/A+void gdm_slave_tsol_start_session (GdmSlave *slave,
20788N/A+ const char *username);
20788N/A
20788N/A G_END_DECLS
20788N/A
20788N/Adiff --git a/daemon/gdm-welcome-session.c b/daemon/gdm-welcome-session.c
20788N/Aindex d2ccde9..2eee281 100644
20788N/A--- a/daemon/gdm-welcome-session.c
20788N/A+++ b/daemon/gdm-welcome-session.c
20788N/A@@ -32,6 +32,7 @@
20788N/A #include <pwd.h>
20788N/A #include <grp.h>
20788N/A #include <signal.h>
20788N/A+#include <X11/extensions/Xtsol.h>
20788N/A
20788N/A #include <glib.h>
20788N/A #include <glib/gi18n.h>
20788N/A@@ -554,6 +555,7 @@ spawn_child_setup (SpawnChildData *data)
20788N/A {
20788N/A struct passwd *pwent;
20788N/A struct group *grent;
20788N/A+ priv_set_t *pset;
20788N/A int res;
20788N/A
20788N/A if (data->user_name == NULL) {
20788N/A@@ -602,6 +604,22 @@ spawn_child_setup (SpawnChildData *data)
20788N/A g_strerror (errno));
20788N/A }
20788N/A
20788N/A+ /* Trusted Solaris - start */
20788N/A+ pset = priv_allocset();
20788N/A+
20788N/A+ (void) setpflags (PRIV_AWARE, 1);
20788N/A+ if (getppriv (PRIV_INHERITABLE, pset) != 0) {
20788N/A+ g_debug ("getppriv(inheritable) failed");
20788N/A+ }
20788N/A+
20788N/A+ priv_addset(pset, PRIV_WIN_DAC_READ);
20788N/A+ priv_addset(pset, PRIV_WIN_DAC_WRITE);
20788N/A+
20788N/A+ if (setppriv (PRIV_SET, PRIV_INHERITABLE, pset) != 0) {
20788N/A+ g_debug ("setppriv(inheritable) failed");
20788N/A+ }
20788N/A+ /* Trusted Solaris - end */
20788N/A+
20788N/A g_debug ("GdmWelcomeSession: Changing (uid:gid) for child process to (%d:%d)",
20788N/A pwent->pw_uid,
20788N/A grent->gr_gid);