--- gnome-panel-2.30.2.orig/gnome-panel/Makefile.am 2010-06-22 19:27:02.000000000 +0200
+++ gnome-panel-2.30.2/gnome-panel/Makefile.am 2010-12-27 12:47:44.039426493 +0100
@@ -165,6 +165,8 @@
+ panel-lockdown.c \
+ panel-gconf.c \
gnome_desktop_item_edit_LDFLAGS = -export-dynamic
--- gnome-panel-2.30.2.orig/gnome-panel/gnome-desktop-item-edit.c 2010-12-27 13:01:19.485602424 +0100
+++ gnome-panel-2.30.2/gnome-panel/gnome-desktop-item-edit.c 2010-12-27 12:47:44.055057740 +0100
@@ -18,7 +18,6 @@
#include "panel-config-global.h"
gboolean panel_global_config_get_tooltips_enabled (void) { return FALSE; }
#include "panel-lockdown.h"
-gboolean panel_lockdown_get_disable_lock_screen (void) { return FALSE; }
static int dialogs = 0;
static gboolean create_new = FALSE;
@@ -103,6 +102,8 @@
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
textdomain (GETTEXT_PACKAGE);
+ panel_lockdown_init ();
+
if (!gtk_init_with_args (&argc, &argv,
_("- Edit .desktop files"),
options,
@@ -220,5 +221,7 @@
if (dialogs > 0)
gtk_main ();
+ panel_lockdown_finalize ();
+
return 0;
}
--- gnome-panel-2.30.2.orig/gnome-panel/launcher.c 2010-06-22 19:27:02.000000000 +0200
+++ gnome-panel-2.30.2/gnome-panel/launcher.c 2010-12-27 12:47:44.045078620 +0100
@@ -105,6 +105,9 @@
g_return_if_fail (launcher != NULL);
g_return_if_fail (launcher->key_file != NULL);
+ if (panel_lockdown_is_forbidden_launcher (launcher))
+ return;
+
/* FIXME panel_ditem_launch() should be enough for this! */
url = panel_key_file_get_string (launcher->key_file, "URL");
@@ -136,6 +139,9 @@
g_return_if_fail (launcher != NULL);
g_return_if_fail (launcher->key_file != NULL);
+ if (panel_lockdown_is_forbidden_launcher (launcher))
+ return;
+
if (panel_global_config_get_enable_animations ())
xstuff_zoom_animate (widget,
button_widget_get_pixbuf (BUTTON_WIDGET (widget)),
@@ -253,6 +259,8 @@
gtk_widget_destroy (dialog);
}
+static void panel_recheck_launcher (Launcher *launcher);
+
static void
free_launcher (gpointer data)
{
@@ -266,6 +274,8 @@
g_free (launcher->location);
launcher->location = NULL;
+ panel_lockdown_notify_remove (G_CALLBACK (panel_recheck_launcher), launcher);
+
g_free (launcher);
}
@@ -410,6 +420,19 @@
}
+static void
+panel_recheck_launcher (Launcher *launcher)
+{
+ if (!launcher || !launcher->button)
+ return;
+
+ if (panel_lockdown_is_forbidden_launcher (launcher)) {
+ gtk_widget_hide (launcher->button);
+ } else {
+ gtk_widget_show (launcher->button);
+ }
+}
+
static Launcher *
create_launcher (const char *location)
{
@@ -488,7 +511,11 @@
FALSE,
PANEL_ORIENTATION_TOP);
- gtk_widget_show (launcher->button);
+ if (panel_lockdown_is_forbidden_launcher (launcher)) {
+ gtk_widget_hide (launcher->button);
+ } else {
+ gtk_widget_show (launcher->button);
+ }
/*gtk_drag_dest_set (GTK_WIDGET (launcher->button),
GTK_DEST_DEFAULT_ALL,
@@ -515,6 +542,8 @@
G_CALLBACK (destroy_launcher),
launcher);
+ panel_lockdown_notify_add (G_CALLBACK (panel_recheck_launcher), launcher);
+
return launcher;
}
@@ -813,6 +842,12 @@
/* setup button according to ditem */
setup_button (launcher);
+ if (panel_lockdown_is_forbidden_launcher (launcher)) {
+ gtk_widget_hide (launcher->button);
+ } else {
+ gtk_widget_show (launcher->button);
+ }
+
return launcher;
}
@@ -901,6 +936,10 @@
if (file != NULL)
panel_key_file_set_string (key_file, "Exec", file);
panel_key_file_set_string (key_file, "Type", "Application");
+
+ if (panel_lockdown_is_forbidden_key_file (key_file))
+ return; /* Application being dragged is forbidden so just return */
+
panel_ditem_editor_sync_display (PANEL_DITEM_EDITOR (dialog));
panel_ditem_register_save_uri_func (PANEL_DITEM_EDITOR (dialog),
@@ -957,17 +996,18 @@
location = panel_make_unique_desktop_uri (NULL, exec_or_uri);
error = NULL;
- if (panel_key_file_to_file (key_file, location, &error)) {
- panel_launcher_create (toplevel, position, location);
- } else {
- panel_error_dialog (GTK_WINDOW (toplevel),
- gtk_window_get_screen (GTK_WINDOW (toplevel)),
- "cannot_save_launcher", TRUE,
- _("Could not save launcher"),
- error->message);
- g_error_free (error);
- }
-
+ if (!panel_lockdown_is_forbidden_key_file (key_file)) {
+ if (panel_key_file_to_file (key_file, location, &error)) {
+ panel_launcher_create (toplevel, position, location);
+ } else {
+ panel_error_dialog (GTK_WINDOW (toplevel),
+ gtk_window_get_screen (GTK_WINDOW (toplevel)),
+ "cannot_save_launcher", TRUE,
+ _("Could not save launcher"),
+ error->message);
+ g_error_free (error);
+ }
+ }
g_key_file_free (key_file);
}
--- gnome-panel-2.30.2.orig/gnome-panel/menu.c 2010-06-22 19:27:02.000000000 +0200
+++ gnome-panel-2.30.2/gnome-panel/menu.c 2010-12-27 12:47:44.044345990 +0100
@@ -75,7 +75,8 @@
static GSList *image_menu_items = NULL;
static GtkWidget *populate_menu_from_directory (GtkWidget *menu,
- GMenuTreeDirectory *directory);
+ GMenuTreeDirectory *directory,
+ gboolean *is_hidden);
static void panel_load_menu_image_deferred (GtkWidget *image_menu_item,
GtkIconSize icon_size,
@@ -1273,7 +1274,8 @@
}
static void
-submenu_to_display (GtkWidget *menu)
+submenu_to_display (GtkWidget *menu,
+ gboolean *is_hidden)
{
GMenuTree *tree;
GMenuTreeDirectory *directory;
@@ -1308,7 +1310,15 @@
}
if (directory)
- populate_menu_from_directory (menu, directory);
+ { /* It's possible that is_hidden is NULL if we end up here from the show
+ signal, which could only happen for the top level menu. */
+ gboolean local_is_hidden = FALSE;
+
+ populate_menu_from_directory (menu, directory, &local_is_hidden);
+ if (is_hidden != NULL) {
+ *is_hidden = local_is_hidden;
+ }
+ }
append_callback = g_object_get_data (G_OBJECT (menu),
"panel-menu-append-callback");
@@ -1322,10 +1332,11 @@
submenu_to_display_in_idle (gpointer data)
{
GtkWidget *menu = GTK_WIDGET (data);
+ gboolean is_hidden = FALSE;
g_object_set_data (G_OBJECT (menu), "panel-menu-idle-id", NULL);
- submenu_to_display (menu);
+ submenu_to_display (menu, &is_hidden);
return FALSE;
}
@@ -1420,19 +1431,25 @@
static void
create_submenu (GtkWidget *menu,
GMenuTreeDirectory *directory,
- GMenuTreeDirectory *alias_directory)
+ GMenuTreeDirectory *alias_directory,
+ gboolean *is_hidden)
{
GtkWidget *menuitem;
GtkWidget *submenu;
gboolean force_categories_icon;
+ submenu = create_fake_menu (directory);
+ if (panel_lockdown_get_restrict_application_launching ()) {
+ submenu_to_display (submenu, is_hidden);
+ } else {
+ *is_hidden = FALSE;
+ }
+
if (alias_directory)
menuitem = create_submenu_entry (menu, alias_directory);
else
menuitem = create_submenu_entry (menu, directory);
- submenu = create_fake_menu (directory);
-
gtk_menu_item_set_submenu (GTK_MENU_ITEM (menuitem), submenu);
/* Keep the infor that we force (or not) the icons to be visible */
@@ -1441,15 +1458,21 @@
g_object_set_data (G_OBJECT (submenu),
"panel-menu-force-icon-for-categories",
GINT_TO_POINTER (force_categories_icon));
+
+ if (*is_hidden) {
+ gtk_widget_hide (menuitem);
+ }
}
static void
create_header (GtkWidget *menu,
- GMenuTreeHeader *header)
+ GMenuTreeHeader *header,
+ gboolean *is_hidden)
{
GMenuTreeDirectory *directory;
GtkWidget *menuitem;
+ *is_hidden = FALSE;
directory = gmenu_tree_header_get_directory (header);
menuitem = create_submenu_entry (menu, directory);
gmenu_tree_item_unref (directory);
@@ -1466,10 +1489,12 @@
static void
create_menuitem (GtkWidget *menu,
GMenuTreeEntry *entry,
- GMenuTreeDirectory *alias_directory)
+ GMenuTreeDirectory *alias_directory,
+ gboolean *is_hidden)
{
GtkWidget *menuitem;
+ *is_hidden = FALSE;
menuitem = panel_image_menu_item_new ();
g_object_set_data_full (G_OBJECT (menuitem),
@@ -1550,12 +1575,18 @@
g_signal_connect (menuitem, "activate",
G_CALLBACK (activate_app_def), entry);
- gtk_widget_show (menuitem);
+ if (entry != NULL && !panel_lockdown_is_allowed_menu_entry (entry)) {
+ gtk_widget_hide (menuitem);
+ *is_hidden = TRUE;
+ } else {
+ gtk_widget_show (menuitem);
+ }
}
static void
create_menuitem_from_alias (GtkWidget *menu,
- GMenuTreeAlias *alias)
+ GMenuTreeAlias *alias,
+ gboolean *is_hidden)
{
GMenuTreeItem *aliased_item;
@@ -1565,13 +1596,15 @@
case GMENU_TREE_ITEM_DIRECTORY:
create_submenu (menu,
GMENU_TREE_DIRECTORY (aliased_item),
- gmenu_tree_alias_get_directory (alias));
+ gmenu_tree_alias_get_directory (alias),
+ is_hidden);
break;
case GMENU_TREE_ITEM_ENTRY:
create_menuitem (menu,
GMENU_TREE_ENTRY (aliased_item),
- gmenu_tree_alias_get_directory (alias));
+ gmenu_tree_alias_get_directory (alias),
+ is_hidden);
break;
default:
@@ -1678,18 +1711,21 @@
static GtkWidget *
populate_menu_from_directory (GtkWidget *menu,
- GMenuTreeDirectory *directory)
+ GMenuTreeDirectory *directory,
+ gboolean *is_hidden)
{
GSList *l;
GSList *items;
gboolean add_separator;
+ *is_hidden = TRUE;
add_separator = (GTK_MENU_SHELL (menu)->children != NULL);
items = gmenu_tree_directory_get_contents (directory);
for (l = items; l; l = l->next) {
GMenuTreeItem *item = l->data;
+ gboolean is_item_hidden = TRUE;
if (add_separator ||
gmenu_tree_item_get_type (item) == GMENU_TREE_ITEM_SEPARATOR) {
@@ -1699,11 +1735,13 @@
switch (gmenu_tree_item_get_type (item)) {
case GMENU_TREE_ITEM_DIRECTORY:
- create_submenu (menu, GMENU_TREE_DIRECTORY (item), NULL);
+ create_submenu (menu, GMENU_TREE_DIRECTORY (item), NULL,
+ &is_item_hidden);
break;
case GMENU_TREE_ITEM_ENTRY:
- create_menuitem (menu, GMENU_TREE_ENTRY (item), NULL);
+ create_menuitem (menu, GMENU_TREE_ENTRY (item), NULL,
+ &is_item_hidden);
break;
case GMENU_TREE_ITEM_SEPARATOR :
@@ -1711,11 +1749,13 @@
break;
case GMENU_TREE_ITEM_ALIAS:
- create_menuitem_from_alias (menu, GMENU_TREE_ALIAS (item));
+ create_menuitem_from_alias (menu, GMENU_TREE_ALIAS (item),
+ &is_item_hidden);
break;
case GMENU_TREE_ITEM_HEADER:
- create_header (menu, GMENU_TREE_HEADER (item));
+ create_header (menu, GMENU_TREE_HEADER (item),
+ &is_item_hidden);
break;
default:
@@ -1723,6 +1763,10 @@
}
gmenu_tree_item_unref (item);
+
+ if (!is_item_hidden) {
+ *is_hidden = FALSE;
+ }
}
g_slist_free (items);
--- gnome-panel-2.30.2.orig/gnome-panel/panel-action-button.c 2010-06-22 19:27:02.000000000 +0200
+++ gnome-panel-2.30.2/gnome-panel/panel-action-button.c 2010-12-27 12:47:44.039866740 +0100
@@ -207,8 +207,11 @@
static void
panel_action_run_program (GtkWidget *widget)
{
- panel_run_dialog_present (gtk_widget_get_screen (widget),
- gtk_get_current_event_time ());
+ if (!panel_lockdown_get_restrict_application_launching () &&
+ !panel_lockdown_get_disable_command_line ()) {
+ panel_run_dialog_present (gtk_widget_get_screen (widget),
+ gtk_get_current_event_time ());
+ }
}
/* Search For Files
--- gnome-panel-2.30.2.orig/gnome-panel/panel-addto.c 2010-06-22 19:27:02.000000000 +0200
+++ gnome-panel-2.30.2/gnome-panel/panel-addto.c 2010-12-27 12:47:44.038546226 +0100
@@ -571,9 +571,10 @@
dialog, NULL);
}
-static void panel_addto_make_application_list (GSList **parent_list,
+static gint panel_addto_make_application_list (GSList **parent_list,
GMenuTreeDirectory *directory,
const char *filename);
+static void panel_addto_dialog_free_item_info (PanelAddtoItemInfo *item_info);
static void
panel_addto_prepend_directory (GSList **parent_list,
@@ -581,6 +582,7 @@
const char *filename)
{
PanelAddtoAppList *data;
+ gint entries_added = 0;
data = g_new0 (PanelAddtoAppList, 1);
@@ -600,9 +602,16 @@
* So the iid is built when we select the row.
*/
- *parent_list = g_slist_prepend (*parent_list, data);
-
- panel_addto_make_application_list (&data->children, directory, filename);
+ entries_added = panel_addto_make_application_list (&data->children, directory, filename);
+ if (entries_added > 0) {
+ /*Only prepend if there are entries */
+ *parent_list = g_slist_prepend (*parent_list, data);
+ }
+ else {
+ /* Free data as not being appended */
+ panel_addto_dialog_free_item_info (&data->item_info);
+ g_free (data);
+ }
}
static void
@@ -624,12 +633,13 @@
*parent_list = g_slist_prepend (*parent_list, data);
}
-static void
+static gint
panel_addto_prepend_alias (GSList **parent_list,
GMenuTreeAlias *alias,
const char *filename)
{
GMenuTreeItem *aliased_item;
+ gint entry = 0;
aliased_item = gmenu_tree_alias_get_item (alias);
@@ -641,9 +651,14 @@
break;
case GMENU_TREE_ITEM_ENTRY:
- panel_addto_prepend_entry (parent_list,
- GMENU_TREE_ENTRY (aliased_item),
- filename);
+
+ if (panel_lockdown_is_allowed_menu_entry
+ (GMENU_TREE_ENTRY (aliased_item))) {
+ panel_addto_prepend_entry (parent_list,
+ GMENU_TREE_ENTRY (aliased_item),
+ filename);
+ entry = 1;
+ }
break;
default:
@@ -651,15 +666,17 @@
}
gmenu_tree_item_unref (aliased_item);
+ return entry;
}
-static void
+static gint
panel_addto_make_application_list (GSList **parent_list,
GMenuTreeDirectory *directory,
const char *filename)
{
GSList *items;
GSList *l;
+ gint number_entries = 0;
items = gmenu_tree_directory_get_contents (directory);
@@ -670,11 +687,15 @@
break;
case GMENU_TREE_ITEM_ENTRY:
- panel_addto_prepend_entry (parent_list, l->data, filename);
+ if (panel_lockdown_is_allowed_menu_entry (l->data)) {
+ panel_addto_prepend_entry (parent_list, l->data, filename);
+ number_entries = number_entries + 1;
+ }
break;
case GMENU_TREE_ITEM_ALIAS:
- panel_addto_prepend_alias (parent_list, l->data, filename);
+ number_entries = number_entries +
+ panel_addto_prepend_alias (parent_list, l->data, filename);
break;
default:
@@ -687,6 +708,8 @@
g_slist_free (items);
*parent_list = g_slist_reverse (*parent_list);
+
+ return number_entries;
}
static void
--- gnome-panel-2.30.2.orig/gnome-panel/panel-lockdown.c 2010-02-09 13:32:08.000000000 +0100
+++ gnome-panel-2.30.2/gnome-panel/panel-lockdown.c 2010-12-27 12:59:35.878172712 +0100
@@ -28,13 +28,22 @@
#include <string.h>
#include "panel-gconf.h"
+#include <libpanel-util/panel-keyfile.h>
+#include <libgnome/gnome-desktop-tsol-extensions.h>
-#define N_LISTENERS 6
+#include <exec_attr.h>
+#include <user_attr.h>
+#include <secdb.h>
+#include <pwd.h>
+
+#define N_LISTENERS 8
#define PANEL_GLOBAL_LOCKDOWN_DIR "/apps/panel/global"
#define DESKTOP_GNOME_LOCKDOWN_DIR "/desktop/gnome/lockdown"
#define PANEL_GLOBAL_LOCKED_DOWN_KEY PANEL_GLOBAL_LOCKDOWN_DIR "/locked_down"
#define DISABLE_COMMAND_LINE_KEY DESKTOP_GNOME_LOCKDOWN_DIR "/disable_command_line"
+#define RESTRICT_APPLICATION_LAUNCHING_KEY DESKTOP_GNOME_LOCKDOWN_DIR "/restrict_application_launching"
+#define ALLOWED_APPLICATIONS_KEY DESKTOP_GNOME_LOCKDOWN_DIR "/allowed_applications"
#define DISABLE_LOCK_SCREEN_KEY DESKTOP_GNOME_LOCKDOWN_DIR "/disable_lock_screen"
#define DISABLE_LOG_OUT_KEY PANEL_GLOBAL_LOCKDOWN_DIR "/disable_log_out"
#define DISABLE_FORCE_QUIT_KEY PANEL_GLOBAL_LOCKDOWN_DIR "/disable_force_quit"
@@ -48,6 +57,9 @@
guint disable_lock_screen : 1;
guint disable_log_out : 1;
guint disable_force_quit : 1;
+ guint restrict_application_launching : 1;
+
+ GSList *allowed_applications;
GSList *disabled_applets;
@@ -56,6 +68,12 @@
GSList *closures;
} PanelLockdown;
+static const gchar *command_line_execs[] = {
+ "/usr/bin/xterm"
+};
+#define NUMBER_COMMAND_LINE_EXECS 2
+
static PanelLockdown panel_lockdown = { 0, };
@@ -63,9 +81,17 @@
panel_lockdown_invoke_closures (PanelLockdown *lockdown)
{
GSList *l;
+ GSList *copy = NULL;
- for (l = lockdown->closures; l; l = l->next)
+ copy = g_slist_copy (lockdown->closures);
+ for (l = copy; l != NULL; l = l->next) {
+ if (g_slist_find (lockdown->closures, l->data)) {
+ g_closure_ref (l->data);
g_closure_invoke (l->data, NULL, 0, NULL, NULL);
+ g_closure_unref (l->data);
+ }
+ }
+ g_slist_free (copy);
}
static void
@@ -166,6 +192,50 @@
panel_lockdown_invoke_closures (lockdown);
}
+static void
+restrict_application_launching_notify (GConfClient *client,
+ guint cnxn_id,
+ GConfEntry *entry,
+ PanelLockdown *lockdown)
+{
+ if (!entry->value || entry->value->type != GCONF_VALUE_BOOL)
+ return;
+
+ lockdown->restrict_application_launching =
+ gconf_value_get_bool (entry->value);
+
+ panel_lockdown_invoke_closures (lockdown);
+}
+
+
+static void
+allowed_applications_notify (GConfClient *client,
+ guint cnxn_id,
+ GConfEntry *entry,
+ PanelLockdown *lockdown)
+{
+ GSList *l;
+
+ if (!entry->value || entry->value->type != GCONF_VALUE_LIST ||
+ gconf_value_get_list_type (entry->value) != GCONF_VALUE_STRING)
+ return;
+
+ for (l = lockdown->allowed_applications; l; l = l->next)
+ g_free (l->data);
+ g_slist_free (lockdown->allowed_applications);
+ lockdown->allowed_applications = NULL;
+
+ for (l = gconf_value_get_list (entry->value); l; l = l->next) {
+ const char *iid = gconf_value_get_string (l->data);
+
+ lockdown->allowed_applications =
+ g_slist_prepend (lockdown->allowed_applications,
+ g_strdup (iid));
+ }
+
+ panel_lockdown_invoke_closures (lockdown);
+}
+
static gboolean
panel_lockdown_load_bool (PanelLockdown *lockdown,
GConfClient *client,
@@ -215,9 +285,43 @@
return retval;
}
+static GSList *
+panel_lockdown_load_allowed_applications (PanelLockdown *lockdown,
+ GConfClient *client,
+ int listener)
+{
+ GSList *retval;
+
+ retval = gconf_client_get_list (client,
+ ALLOWED_APPLICATIONS_KEY,
+ GCONF_VALUE_STRING,
+ NULL);
+
+ lockdown->listeners [listener] =
+ gconf_client_notify_add (client,
+ ALLOWED_APPLICATIONS_KEY,
+ (GConfClientNotifyFunc) allowed_applications_notify,
+ lockdown,
+ NULL, NULL);
+
+ return retval;
+}
+
void
panel_lockdown_init (void)
{
+ if (panel_lockdown_is_user_authorized())
+ {
+ panel_lockdown.locked_down = FALSE;
+ panel_lockdown.disable_command_line = FALSE;
+ panel_lockdown.disable_lock_screen = FALSE;
+ panel_lockdown.disable_log_out = FALSE;
+ panel_lockdown.disable_force_quit = FALSE;
+ panel_lockdown.initialized = TRUE;
+ return;
+ }
+
GConfClient *client;
int i = 0;
@@ -273,6 +377,18 @@
client,
i++);
+ panel_lockdown_load_bool (&panel_lockdown,
+ client,
+ RESTRICT_APPLICATION_LAUNCHING_KEY,
+ (GConfClientNotifyFunc) restrict_application_launching_notify,
+ i++);
+
+ panel_lockdown_load_allowed_applications (&panel_lockdown,
+ client,
+ i++);
+
g_assert (i == N_LISTENERS);
panel_lockdown.initialized = TRUE;
@@ -294,6 +410,13 @@
g_slist_free (panel_lockdown.disabled_applets);
panel_lockdown.disabled_applets = NULL;
+ for (l = panel_lockdown.allowed_applications; l; l = l->next) {
+ g_free (l->data);
+ }
+
+ g_slist_free (panel_lockdown.allowed_applications);
+ panel_lockdown.allowed_applications = NULL;
+
for (i = 0; i < N_LISTENERS; i++) {
if (panel_lockdown.listeners [i])
gconf_client_notify_remove (client,
@@ -371,6 +494,36 @@
return FALSE;
}
+gboolean
+panel_lockdown_get_restrict_application_launching (void)
+{
+ g_assert (panel_lockdown.initialized != FALSE);
+
+}
+
+GSList *
+panel_lockdown_get_allowed_applications (void)
+{
+ g_assert (panel_lockdown.initialized == TRUE);
+
+ return panel_lockdown.allowed_applications;
+}
+
+gboolean
+panel_lockdown_is_allowed_application (const gchar *app)
+{
+ GSList *l;
+
+ g_assert (panel_lockdown.initialized != FALSE);
+
+ for (l = panel_lockdown.allowed_applications; l; l = l->next)
+ if (!strcmp (l->data, app))
+ return TRUE;
+
+ return FALSE;
+}
+
static GClosure *
panel_lockdown_notify_find (GSList *closures,
GCallback callback_func,
@@ -440,3 +593,243 @@
g_closure_unref (closure);
}
+
+gchar *
+panel_lockdown_get_stripped_exec (const gchar *full_exec)
+{
+ gchar *str1, *str2, *retval, *p;
+
+ str1 = g_strdup (full_exec);
+ p = strtok (str1, " ");
+
+ if (p != NULL)
+ str2 = g_strdup (p);
+ else
+ str2 = g_strdup (full_exec);
+
+ g_free (str1);
+
+ if (g_path_is_absolute (str2))
+ retval = g_strdup (str2);
+ else
+ retval = g_strdup (g_find_program_in_path ((const gchar *)str2));
+ g_free (str2);
+
+ return retval;
+}
+
+gchar *
+panel_lockdown_get_exec_from_ditem (GnomeDesktopItem *ditem)
+{
+ const char *full_exec;
+
+ full_exec = gnome_desktop_item_get_string (ditem,
+ GNOME_DESKTOP_ITEM_EXEC);
+
+ return (gchar *)full_exec;
+}
+
+gboolean
+panel_lockdown_ditem_in_allowed_applications (GnomeDesktopItem *ditem)
+{
+ gboolean retval = FALSE;
+ gchar *full_exec;
+ gchar *stripped_exec;
+
+ full_exec = panel_lockdown_get_exec_from_ditem (ditem);
+ if (full_exec != NULL)
+ stripped_exec = panel_lockdown_get_stripped_exec (full_exec);
+
+ if (stripped_exec != NULL) {
+ retval = panel_lockdown_is_allowed_application (stripped_exec);
+ g_free (stripped_exec);
+ }
+
+ if (retval == FALSE && full_exec != NULL) {
+ retval = panel_lockdown_is_allowed_application (full_exec);
+ }
+
+ g_free (full_exec);
+
+ return retval;
+}
+
+gboolean
+panel_lockdown_is_disabled_command_line (const gchar *term_cmd)
+{
+ int i = 0;
+ gboolean retval = FALSE;
+
+ for (i=0; i<NUMBER_COMMAND_LINE_EXECS; i++) {
+ if (!strcmp (command_line_execs [i], term_cmd)) {
+ retval = TRUE;
+ break;
+ }
+ }
+
+ return retval;
+}
+
+gboolean
+panel_lockdown_is_forbidden_app(GnomeDesktopItem *ditem) {
+ g_return_val_if_fail (ditem != NULL, TRUE) ;
+ return panel_lockdown_get_restrict_application_launching () &&
+ !panel_lockdown_ditem_in_allowed_applications (ditem) ;
+}
+
+gboolean
+panel_lockdown_is_forbidden_ditem(GnomeDesktopItem *ditem)
+{
+ gboolean retval = FALSE;
+ gchar *full_exec;
+ gchar *stripped_exec;
+
+ g_return_val_if_fail (ditem != NULL, TRUE) ;
+ if (panel_lockdown_is_forbidden_app (ditem)) { return TRUE ; }
+ if (panel_lockdown_get_disable_command_line ()) {
+ full_exec = panel_lockdown_get_exec_from_ditem (ditem) ;
+ if (full_exec != NULL)
+ stripped_exec = panel_lockdown_get_stripped_exec (full_exec);
+
+ if (stripped_exec != NULL) {
+ retval = panel_lockdown_is_disabled_command_line (stripped_exec) ;
+ g_free (stripped_exec) ;
+ }
+ g_free (full_exec) ;
+ }
+ return retval;
+}
+
+gboolean
+panel_lockdown_is_forbidden_command (const char *command)
+{
+ g_return_val_if_fail (command != NULL, TRUE) ;
+ return panel_lockdown_get_restrict_application_launching () &&
+ !panel_lockdown_is_allowed_application (command) ;
+}
+
+gboolean
+panel_lockdown_is_allowed_menu_entry (GMenuTreeEntry *entry)
+{
+ const char *path;
+ GnomeDesktopItem *item = NULL ;
+
+ if (!panel_lockdown_get_restrict_application_launching ())
+ return TRUE;
+
+ path = gmenu_tree_entry_get_desktop_file_path (entry) ;
+
+ if (path != NULL) {
+ item = gnome_desktop_item_new_from_file (path, 0, NULL) ;
+ if (item != NULL) {
+ gboolean retCode = !panel_lockdown_is_forbidden_ditem (item) ;
+
+ gnome_desktop_item_unref (item) ;
+ return retCode ;
+ }
+ }
+ return TRUE ;
+}
+
+gboolean
+panel_lockdown_is_forbidden_launcher (Launcher *launcher)
+{
+ return (panel_lockdown_is_forbidden_key_file(launcher->key_file));
+}
+
+gboolean
+panel_lockdown_is_forbidden_key_file (GKeyFile *key_file)
+{
+ gchar *full_exec; /* Executable including possible arguments */
+ gchar *stripped_exec; /* Executable with arguments stripped away */
+ gboolean retval = FALSE;
+
+ /* If restrict_application_launching not set on return TRUE */
+ if (!panel_lockdown_get_restrict_application_launching ()) {
+ return retval;
+ }
+
+ if (key_file != NULL)
+ {
+ full_exec = panel_key_file_get_string (key_file, "Exec");
+ if (full_exec != NULL) {
+ stripped_exec = panel_lockdown_get_stripped_exec (full_exec);
+ retval = panel_lockdown_is_forbidden_command (stripped_exec);
+ g_free (stripped_exec);
+ if (retval == TRUE) {
+ retval = panel_lockdown_is_forbidden_command (full_exec);
+ }
+ }
+ }
+ return retval;
+}
+
+static gboolean
+has_root_role (char *username)
+{
+ userattr_t *userattr = NULL;
+ gchar *rolelist = NULL;
+ gchar *rolename = NULL;
+ static gboolean ret_val = FALSE;
+ static gboolean cached_root = FALSE;
+
+ if (cached_root == FALSE && (userattr = getusernam(username)) != NULL)
+ {
+ rolelist = kva_match(userattr->attr, USERATTR_ROLES_KW);
+ rolename = strtok(rolelist, ",");
+ while (rolename != NULL) {
+ if (strcmp (rolename, ROOT_ROLE) == 0) {
+ ret_val = TRUE;
+ break;
+ }
+ rolename = strtok(NULL, ",");
+ }
+
+ free_userattr(userattr);
+ cached_root = TRUE;
+ }
+
+ return ret_val;
+}
+
+static gboolean
+has_admin_profile (char *username)
+{
+ execattr_t *execattr = NULL;
+ static gboolean ret_val = FALSE;
+ static gboolean cached_admin = FALSE;
+
+ if (cached_admin == FALSE && (execattr = getexecuser (username, NULL, NULL, GET_ALL)) != NULL)
+ {
+ while (execattr != NULL) {
+ if (strcmp (execattr->name, SYSTEM_ADMINISTRATOR_PROF) == 0)
+ {
+ ret_val = TRUE;
+ break;
+ }
+ execattr = execattr->next;
+ }
+ free_execattr (execattr);
+ cached_admin = TRUE;
+ }
+ return ret_val;
+}
+
+gboolean panel_lockdown_is_user_authorized(void) {
+ uid_t uid = getuid();
+ struct passwd *pw;
+
+ if ((pw = getpwuid(uid)) == NULL)
+ return FALSE;
+
+ if (has_admin_profile (pw->pw_name))
+ return TRUE;
+
+ if (has_root_role (pw->pw_name))
+ return TRUE;
+
+ if (uid == 0)
+ return TRUE;
+
+ return FALSE;
+}
--- gnome-panel-2.30.2.orig/gnome-panel/panel-lockdown.h 2010-02-09 13:32:08.000000000 +0100
+++ gnome-panel-2.30.2/gnome-panel/panel-lockdown.h 2010-12-27 12:55:47.600117997 +0100
@@ -25,8 +25,11 @@
#ifndef __PANEL_LOCKDOWN_H__
#define __PANEL_LOCKDOWN_H__
+#include <libgnome/gnome-desktop-item.h>
#include <glib.h>
#include <glib-object.h>
+#include <gmenu-tree.h>
+#include "launcher.h"
G_BEGIN_DECLS
@@ -39,13 +42,64 @@
gboolean panel_lockdown_get_disable_log_out (void);
gboolean panel_lockdown_get_disable_force_quit (void);
+gboolean panel_lockdown_get_restrict_application_launching (void);
+GSList *panel_lockdown_get_allowed_applications (void);
+
gboolean panel_lockdown_is_applet_disabled (const char *iid);
+gboolean panel_lockdown_is_allowed_application (const gchar *app);
void panel_lockdown_notify_add (GCallback callback_func,
gpointer user_data);
void panel_lockdown_notify_remove (GCallback callback_func,
gpointer user_data);
+gchar *panel_lockdown_get_stripped_exec (const gchar *full_exec);
+gchar *panel_lockdown_get_exec_from_ditem (GnomeDesktopItem *ditem);
+gboolean panel_lockdown_ditem_in_allowed_applications (GnomeDesktopItem *ditem);
+gboolean panel_lockdown_is_disabled_command_line (const gchar *term_cmd);
+
+/**
+ * Returns true if the ditem corresponds to an application whose use has been
+ * disallowed by the administrator (tests whether restrictions are in place
+ * and if the ditem matches the allowed applications list).
+ */
+gboolean panel_lockdown_is_forbidden_app (GnomeDesktopItem *ditem);
+/**
+ * Returns true if the ditem corresponds to either an application whose use
+ * has been disallowed by the administrator (same as previous function) or
+ * a shell when command line use has been restricted.
+ */
+gboolean panel_lockdown_is_forbidden_ditem (GnomeDesktopItem *ditem);
+/**
+ * Returns true if the command line corresponds to an application whose use
+ * has been disallowed by the administrator.
+ */
+gboolean panel_lockdown_is_forbidden_command (const gchar *command);
+
+/**
+ * Returns true if the menu entry corresponds to an application whose use
+ * has been allowed by the administrator.
+ */
+gboolean panel_lockdown_is_allowed_menu_entry (GMenuTreeEntry *entry);
+
+/**
+ * Returns true if the launcher application has been disallowed by the administrator.
+ */
+gboolean panel_lockdown_is_forbidden_launcher (Launcher *launcher);
+
+/**
+ * Returns true if the key_file application has been disallowed by the administrator.
+ */
+gboolean panel_lockdown_is_forbidden_key_file (GKeyFile *key_file);
+
+/**
+ * Returns true if the user is the root user, has the root role or has the
+ * Primary Administrator or System Administrator profile.
+ */
+gboolean panel_lockdown_is_user_authorized(void);
+#define SYSTEM_ADMINISTRATOR_PROF "System Administrator"
+#define ROOT_ROLE "root"
+
G_END_DECLS
#endif /* __PANEL_LOCKDOWN_H__ */
--- gnome-panel-2.30.2.orig/gnome-panel/panel-menu-bar.c 2010-06-22 19:27:02.000000000 +0200
+++ gnome-panel-2.30.2/gnome-panel/panel-menu-bar.c 2010-12-27 12:47:44.040378527 +0100
@@ -69,6 +69,8 @@
PROP_ORIENTATION,
};
+static GObjectClass *parent_class = NULL;
+
static void panel_menu_bar_update_text_gravity (PanelMenuBar *menubar);
static gboolean
@@ -132,6 +134,32 @@
}
static void
+panel_menu_bar_parent_set (GtkWidget *widget,
+ GtkWidget *previous_parent);
+
+static void
+panel_menubar_recreate_menus (PanelMenuBar *menubar)
+{
+ if (menubar->priv->applications_menu != NULL) {
+ while (GTK_MENU_SHELL (menubar->priv->applications_menu)->children) {
+ gtk_widget_destroy (
+ GTK_MENU_SHELL (menubar->priv->applications_menu)->children->data);
+ }
+ menubar->priv->applications_menu =
+ create_applications_menu ("applications.menu", NULL, TRUE);
+ gtk_menu_item_set_submenu
+ (GTK_MENU_ITEM (menubar->priv->applications_item),
+ menubar->priv->applications_menu);
+
+ panel_place_menu_item_recreate_menu(menubar->priv->places_item);
+ panel_desktop_menu_item_recreate_menu(
+ (PanelDesktopMenuItem *)menubar->priv->desktop_item);
+
+ panel_menu_bar_parent_set ((GtkWidget *)menubar, NULL);
+ }
+}
+
+static void
panel_menu_bar_init (PanelMenuBar *menubar)
{
GtkWidget *image;
@@ -164,6 +192,8 @@
menubar->priv->desktop_item);
panel_menu_bar_setup_tooltip (menubar);
+ panel_lockdown_notify_add (G_CALLBACK (panel_menubar_recreate_menus),
+ menubar);
panel_menu_bar_update_text_gravity (menubar);
g_signal_connect (menubar, "screen-changed",
@@ -172,6 +202,15 @@
}
static void
+panel_menu_bar_finalize (GObject *object)
+{
+ panel_lockdown_notify_remove (G_CALLBACK (panel_menubar_recreate_menus),
+ object);
+
+ parent_class->finalize (object);
+}
+
+static void
panel_menu_bar_get_property (GObject *object,
guint prop_id,
GValue *value,
@@ -274,10 +313,13 @@
gobject_class->get_property = panel_menu_bar_get_property;
gobject_class->set_property = panel_menu_bar_set_property;
+ gobject_class->finalize = panel_menu_bar_finalize;
widget_class->parent_set = panel_menu_bar_parent_set;
widget_class->size_allocate = panel_menu_bar_size_allocate;
+ parent_class = g_type_class_peek_parent (klass);
+
g_type_class_add_private (klass, sizeof (PanelMenuBarPrivate));
g_object_class_install_property (
--- gnome-panel-2.30.2.orig/gnome-panel/panel-menu-items.c 2010-12-27 13:01:19.490005304 +0100
+++ gnome-panel-2.30.2/gnome-panel/panel-menu-items.c 2010-12-27 12:47:44.059419355 +0100
@@ -158,6 +158,21 @@
char *icon;
char *name;
char *comment;
+ GnomeDesktopItem *ditem;
+
+ /* If restricted application, then don't append */
+ if (g_path_is_absolute (path))
+ ditem = gnome_desktop_item_new_from_file (path, 0, NULL);
+ else
+ ditem = gnome_desktop_item_new_from_basename (path, 0, NULL);
+ if (ditem != NULL && panel_lockdown_is_forbidden_ditem (ditem)) {
+ gnome_desktop_item_unref (ditem);
+ return;
+ }
+
+ if (ditem != NULL) {
+ gnome_desktop_item_unref (ditem);
+ }
path_freeme = NULL;
@@ -1116,7 +1131,7 @@
return places_menu;
}
-static void
+void
panel_place_menu_item_recreate_menu (GtkWidget *widget)
{
PanelPlaceMenuItem *place_item;
@@ -1224,7 +1239,7 @@
return desktop_menu;
}
-static void
+void
panel_desktop_menu_item_recreate_menu (PanelDesktopMenuItem *desktop_item)
{
if (desktop_item->priv->menu) {
@@ -1592,8 +1607,11 @@
tooltip = NULL;
}
- item = panel_menu_items_create_action_item_full (PANEL_ACTION_LOGOUT,
- label, tooltip);
+ if (!panel_lockdown_get_disable_log_out ()) {
+ item = panel_menu_items_create_action_item_full (PANEL_ACTION_LOGOUT,
+ label, tooltip);
+ }
+
g_free (label);
g_free (tooltip);
@@ -1619,5 +1637,21 @@
panel_menu_item_activate_desktop_file (GtkWidget *menuitem,
const char *path)
{
+ GnomeDesktopItem *ditem;
+
+ if (g_path_is_absolute (path))
+ ditem = gnome_desktop_item_new_from_file (path, 0, NULL);
+ else
+ ditem = gnome_desktop_item_new_from_basename (path, 0, NULL);
+
+ if (ditem != NULL && panel_lockdown_is_forbidden_ditem (ditem)) {
+ gnome_desktop_item_unref (ditem);
+ return; /* Don't launch as it's a forbidden desktop file */
+ }
+
+ if (ditem != NULL) {
+ gnome_desktop_item_unref (ditem);
+ }
+
panel_launch_desktop_file (path, menuitem_to_screen (menuitem), NULL);
}
--- gnome-panel-2.30.2.orig/gnome-panel/panel-menu-items.h 2010-02-09 13:32:08.000000000 +0100
+++ gnome-panel-2.30.2/gnome-panel/panel-menu-items.h 2010-12-27 12:47:44.039156167 +0100
@@ -90,6 +90,8 @@
void panel_menu_items_append_lock_logout (GtkWidget *menu);
void panel_menu_item_activate_desktop_file (GtkWidget *menuitem,
const char *path);
+void panel_place_menu_item_recreate_menu (GtkWidget *widget);
+void panel_desktop_menu_item_recreate_menu (PanelDesktopMenuItem *desktop_item);
G_END_DECLS