17807N/A+ if (nautilus_lockdown_is_forbidden_file(directory, info)) {
20802N/A "changed::" NAUTILUS_PREFERENCES_SHOW_HIDDEN_FILES,
20802N/A G_CALLBACK(filtering_changed_callback),
20802N/A+ nautilus_lockdown_notify_add(filtering_changed_callback, NULL);
20802N/A g_signal_connect_swapped (nautilus_preferences,
20802N/A "changed::" NAUTILUS_PREFERENCES_SHOW_TEXT_IN_ICONS,
20802N/A G_CALLBACK (async_data_preference_changed_callback),
20904N/A@@ -3335,6 +3336,7 @@ nautilus_file_should_show (NautilusFile
17807N/A return (show_hidden || (!nautilus_file_is_hidden_file (file) && !is_file_hidden (file))) &&
20802N/A+ !(nautilus_lockdown_is_forbidden_nautilus_file(file)) &&
17807N/A (show_foreign || !(nautilus_file_is_in_desktop (file) && nautilus_file_is_foreign_link (file)));
9802N/A+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
9802N/A+ * Copyright (C) 2004 Sun Microsystems, Inc.
9802N/A+ * This program is free software; you can redistribute it
and/or 9802N/A+ * modify it under the terms of the GNU General Public License as
9802N/A+ * published by the Free Software Foundation; either version 2 of the
9802N/A+ * License, or (at your option) any later version.
9802N/A+ * This program is distributed in the hope that it will be useful, but
9802N/A+ * WITHOUT ANY WARRANTY; without even the implied warranty of
9802N/A+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9802N/A+ * General Public License for more details.
9802N/A+ * You should have received a copy of the GNU General Public License
9802N/A+ * along with this program; if not, write to the Free Software
9802N/A+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
9802N/A+ * Matt Keenan <matt.keenan@sun.com>
9802N/A+ * Mark McLoughlin <mark@skynet.ie>
9802N/A+ guint disable_command_line : 1;
9802N/A+ guint restrict_application_launching : 1;
9802N/A+ guint listeners [N_LISTENERS];
9802N/A+const gchar *command_line_execs[] = {
9802N/A+#define NUMBER_COMMAND_LINE_EXECS 2
9802N/A+static NautilusLockdown nautilus_lockdown = { 0, };
9802N/A+nautilus_lockdown_invoke_closures (NautilusLockdown *lockdown)
9802N/A+ for (l = lockdown->closures; l; l = l->next)
9802N/A+ g_closure_invoke (l->data, NULL, 0, NULL, NULL);
9802N/A+disable_command_line_notify (NautilusLockdown *lockdown)
9802N/A+ lockdown->disable_command_line =
20802N/A+ g_settings_get_boolean(gnome_lockdown_preferences,
20802N/A+ NAUTILUS_PREFERENCES_LOCKDOWN_COMMAND_LINE) ;
9802N/A+ nautilus_lockdown_invoke_closures (lockdown);
9802N/A+restrict_application_launching_notify (NautilusLockdown *lockdown)
9802N/A+ lockdown->restrict_application_launching =
20802N/A+ g_settings_get_boolean (gnome_lockdown_preferences,
20802N/A+ NAUTILUS_PREFERENCES_LOCKDOWN_RESTRICT_APP_LAUNCHING);
9802N/A+ nautilus_lockdown_invoke_closures (lockdown);
9802N/A+allowed_applications_notify (NautilusLockdown *lockdown)
17807N/A+ g_strfreev(lockdown->allowed_applications) ;
9802N/A+ lockdown->allowed_applications =
20802N/A+ g_settings_get_strv(gnome_lockdown_preferences,
20802N/A+ NAUTILUS_PREFERENCES_LOCKDOWN_ALLOWED_APPLICATIONS) ;
9802N/A+ nautilus_lockdown_invoke_closures (lockdown);
9802N/A+nautilus_lockdown_load_allowed_applications (NautilusLockdown *lockdown)
20802N/A+ retval = g_settings_get_strv(gnome_lockdown_preferences,
20802N/A+ NAUTILUS_PREFERENCES_LOCKDOWN_ALLOWED_APPLICATIONS) ;
20802N/A+ g_signal_connect_swapped (gnome_lockdown_preferences,
20802N/A+ "changed::" NAUTILUS_PREFERENCES_LOCKDOWN_ALLOWED_APPLICATIONS,
20802N/A+ G_CALLBACK(allowed_applications_notify), lockdown);
9802N/A+nautilus_lockdown_init (void)
19925N/A+ if (nautilus_lockdown_is_user_authorized())
20802N/A+ g_settings_get_boolean (gnome_lockdown_preferences,
20802N/A+ NAUTILUS_PREFERENCES_LOCKDOWN_COMMAND_LINE);
20802N/A+ g_signal_connect_swapped (gnome_lockdown_preferences,
20802N/A+ "changed::" NAUTILUS_PREFERENCES_LOCKDOWN_COMMAND_LINE,
20802N/A+ G_CALLBACK(disable_command_line_notify),
20802N/A+ g_settings_get_boolean (gnome_lockdown_preferences,
20802N/A+ NAUTILUS_PREFERENCES_LOCKDOWN_RESTRICT_APP_LAUNCHING);
20802N/A+ g_signal_connect_swapped (gnome_lockdown_preferences,
20802N/A+ "changed::" NAUTILUS_PREFERENCES_LOCKDOWN_RESTRICT_APP_LAUNCHING,
20802N/A+ G_CALLBACK(restrict_application_launching_notify),
9802N/A+ nautilus_lockdown_load_allowed_applications (
9802N/A+nautilus_lockdown_finalize (void)
20802N/A+ g_signal_handlers_disconnect_by_func(gnome_lockdown_preferences,
20802N/A+ G_CALLBACK(disable_command_line_notify),
20802N/A+ g_signal_handlers_disconnect_by_func(gnome_lockdown_preferences,
20802N/A+ G_CALLBACK(restrict_application_launching_notify),
20802N/A+ g_signal_handlers_disconnect_by_func(gnome_lockdown_preferences,
20802N/A+ G_CALLBACK(allowed_applications_notify),
9802N/A+ g_closure_unref (l->data);
9802N/A+nautilus_lockdown_is_command_line_disabled (void)
9802N/A+nautilus_lockdown_is_app_launching_restricted (void)
9802N/A+nautilus_lockdown_get_allowed_apps (void)
9802N/A+nautilus_lockdown_notify_find (GSList *closures,
9802N/A+ for (l = closures; l; l = l->next) {
9802N/A+ GCClosure *cclosure = l->data;
9802N/A+ GClosure *closure = l->data;
9802N/A+ if (closure->data == user_data &&
9802N/A+ cclosure->callback == callback_func)
9802N/A+marshal_user_data (GClosure *closure,
9802N/A+ const GValue *param_values,
9802N/A+ GCClosure *cclosure = (GCClosure*) closure;
9802N/A+ g_return_if_fail (cclosure->callback != NULL);
9802N/A+ g_return_if_fail (n_param_values == 0);
9802N/A+ ((void (*) (gpointer *))cclosure->callback) (closure->data);
9802N/A+nautilus_lockdown_notify_add (GCallback callback_func,
9802N/A+ closure = g_cclosure_new (callback_func, user_data, NULL);
9802N/A+ g_closure_set_marshal (closure, marshal_user_data);
9802N/A+nautilus_lockdown_notify_remove (GCallback callback_func,
9802N/A+ g_assert (closure != NULL);
9802N/A+ g_closure_unref (closure);
9802N/A+static gboolean nautilus_lockdown_is_forbidden_uri(const char *uri)
9802N/A+ const char *command = NULL ;
9802N/A+ gboolean ret_code = FALSE ;
20802N/A+ file = g_file_new_for_uri (uri);
20802N/A+ file_path = g_file_get_path (file);
20802N/A+ app_info = g_desktop_app_info_new_from_filename (file_path);
20802N/A+ command = g_app_info_get_executable (app_info);
9802N/A+ if (command == NULL) { return ret_code ; }
9802N/A+ return nautilus_lockdown_is_forbidden_command(command) ;
9802N/A+gboolean nautilus_lockdown_is_forbidden_file(NautilusDirectory *directory,
17807N/A+ const char *mime_type = g_file_info_get_content_type(file) ;
9802N/A+ (strcmp(mime_type, GNOME_APP_MIME) == 0 ||
9802N/A+ strcmp(mime_type, DESKTOP_MIME) == 0)) {
17807N/A+ return nautilus_lockdown_is_forbidden_command(
17807N/A+ nautilus_directory_get_file_uri(directory, g_file_info_get_name(file)));
9802N/A+gboolean nautilus_lockdown_is_forbidden_nautilus_file(NautilusFile *file)
9802N/A+ (nautilus_file_is_mime_type(file, GNOME_APP_MIME) ||
9802N/A+ nautilus_file_is_mime_type(file, DESKTOP_MIME))) {
9802N/A+ return nautilus_lockdown_is_forbidden_uri(nautilus_file_get_uri(file)) ;
9802N/A+gboolean nautilus_lockdown_is_forbidden_command(const char *command)
9802N/A+ char *commandCopy = NULL ;
9802N/A+ commandCopy = g_shell_unquote(command, NULL) ;
9802N/A+ if (commandCopy == NULL) { commandCopy = g_strdup(command) ; }
9802N/A+ strtok(commandCopy, " ") ;
9802N/A+ if (g_path_is_absolute(commandCopy)) {
9802N/A+ char *stripped = g_path_get_basename(commandCopy) ;
9802N/A+ program = g_find_program_in_path(stripped) ;
17807N/A+ if (!strcmp(allowed_app, program)) {
19925N/A+ } else if (!strcmp(allowed_app, command)) {
20260N/A+ static gboolean ret_val = FALSE;
20260N/A+ static gboolean cached_root = FALSE;
20260N/A+ if (cached_root == FALSE && (userattr = getusernam(username)) != NULL)
19925N/A+ rolelist = kva_match(userattr->attr, USERATTR_ROLES_KW);
19925N/A+ rolename = strtok(rolelist, ",");
19925N/A+ if (strcmp (rolename, ROOT_ROLE) == 0) {
19925N/A+has_admin_profile (char *username)
20260N/A+ static gboolean ret_val = FALSE;
20260N/A+ static gboolean cached_admin = FALSE;
20260N/A+ if (cached_admin == FALSE && (execattr = getexecuser (username, NULL, NULL, GET_ALL)) != NULL)
20260N/A+ if (strcmp (execattr->name, SYSTEM_ADMINISTRATOR_PROF) == 0)
19925N/A+gboolean nautilus_lockdown_is_user_authorized(void) {
19925N/A+ if ((pw = getpwuid(uid)) == NULL)
19925N/A+ if (has_admin_profile (pw->pw_name))
19925N/A+ if (has_root_role (pw->pw_name))
12886N/A+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
12886N/A+ * Copyright (C) 2004 Sun Microsystems, Inc.
12886N/A+ * This program is free software; you can redistribute it
and/or 12886N/A+ * modify it under the terms of the GNU General Public License as
12886N/A+ * published by the Free Software Foundation; either version 2 of the
12886N/A+ * License, or (at your option) any later version.
12886N/A+ * This program is distributed in the hope that it will be useful, but
12886N/A+ * WITHOUT ANY WARRANTY; without even the implied warranty of
12886N/A+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12886N/A+ * General Public License for more details.
12886N/A+ * You should have received a copy of the GNU General Public License
12886N/A+ * along with this program; if not, write to the Free Software
12886N/A+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
12886N/A+ * Matt Keenan <matt.keenan@sun.com>
12886N/A+ * Mark McLoughlin <mark@skynet.ie>
12886N/A+#ifndef __NAUTILUS_LOCKDOWN_H__
12886N/A+#define __NAUTILUS_LOCKDOWN_H__
12886N/A+void nautilus_lockdown_init (void);
12886N/A+void nautilus_lockdown_finalize (void);
12886N/A+void nautilus_lockdown_notify_add (GCallback callback_func,
12886N/A+void nautilus_lockdown_notify_remove (GCallback callback_func,
12886N/A+gboolean nautilus_lockdown_is_command_line_disabled(void) ;
12886N/A+gboolean nautilus_lockdown_is_app_launching_restricted(void) ;
17807N/A+char** nautilus_lockdown_get_allowed_apps(void) ;
12886N/A+gboolean nautilus_lockdown_is_forbidden_file(NautilusDirectory *directory,
12886N/A+gboolean nautilus_lockdown_is_forbidden_nautilus_file(NautilusFile *file) ;
12886N/A+gboolean nautilus_lockdown_is_forbidden_command(const char *command) ;
19925N/A+gboolean nautilus_lockdown_is_user_authorized(void);
19925N/A+#define SYSTEM_ADMINISTRATOR_PROF "System Administrator"
12886N/A+#endif /* __NAUTILUS_LOCKDOWN_H__ */
20904N/A@@ -296,6 +296,7 @@ static void unschedule_display_of_pe
20802N/A static void disconnect_model_handlers (NautilusView *view);
17807N/A static void metadata_for_directory_as_file_ready_callback (NautilusFile *file,
20802N/A+static void lockdown_changed_callback (gpointer context);
17807N/A static void metadata_for_files_in_directory_ready_callback (NautilusDirectory *directory,
20904N/A@@ -2562,6 +2563,7 @@ nautilus_view_init (NautilusView *view)
20802N/A g_signal_connect_swapped (nautilus_window_state,
20802N/A "changed::" NAUTILUS_WINDOW_STATE_START_WITH_STATUS_BAR,
20802N/A G_CALLBACK (nautilus_view_display_selection_info), view);
20904N/A+ nautilus_lockdown_notify_add (lockdown_changed_callback, view);
20904N/A manager = nautilus_file_undo_manager_get ();
20904N/A g_signal_connect_object (manager, "undo-changed",
20904N/A@@ -2683,6 +2685,7 @@ nautilus_view_finalize (GObject *object)
20802N/A g_signal_handlers_disconnect_by_func (gnome_lockdown_preferences,
20802N/A+ nautilus_lockdown_notify_remove (lockdown_changed_callback, view);
20802N/A unschedule_pop_up_location_context_menu (view);
20802N/A if (view->details->location_popup_event != NULL) {
20904N/A@@ -9112,6 +9115,15 @@ metadata_for_files_in_directory_ready_ca
20802N/A finish_loading_if_all_metadata_loaded (view);
17807N/A+static void lockdown_changed_callback(gpointer context)
20802N/A+ NautilusView *view = NAUTILUS_VIEW(context) ;
20802N/A+ if (view != NULL && view->details->model != NULL) {
20802N/A+ load_directory(view, view->details->model) ;
20802N/A disconnect_handler (GObject *object, int *id)
17807N/A schedule_monitoring_update (model);
17807N/A+void fm_tree_model_refresh_permissions(FMTreeModel *model)
20802N/A+ g_return_if_fail(FM_IS_TREE_MODEL(model)) ;
20802N/A+ destroy_by_function(model, nautilus_lockdown_is_forbidden_nautilus_file);
20802N/A+ schedule_monitoring_update(model) ;
17807N/A file_is_not_directory (NautilusFile *file)
20802N/A g_settings_get_boolean (nautilus_tree_sidebar_preferences,
20802N/A NAUTILUS_PREFERENCES_TREE_SHOW_ONLY_DIRECTORIES));
20802N/A+ fm_tree_model_refresh_permissions(view->details->child_model);
20802N/A "changed::" NAUTILUS_PREFERENCES_SHOW_HIDDEN_FILES,
20802N/A G_CALLBACK(filtering_changed_callback),
17807N/A+ nautilus_lockdown_notify_add (filtering_changed_callback, view);
20802N/A g_signal_connect_swapped (nautilus_tree_sidebar_preferences,
20802N/A "changed::" NAUTILUS_PREFERENCES_TREE_SHOW_ONLY_DIRECTORIES,
17807N/A+ nautilus_lockdown_notify_remove (filtering_changed_callback, view);
17807N/A G_OBJECT_CLASS (parent_class)->finalize (object);
17807N/A+load_extension_menus_idle(gpointer context)
17807N/A+ NautilusWindow *window = NAUTILUS_WINDOW(context);
17807N/A+ nautilus_window_load_extension_menus(window);
17807N/A+lockdown_changed_callback(gpointer context)
17807N/A+ NautilusWindow *window = NAUTILUS_WINDOW(context);
17807N/A+ g_idle_add(load_extension_menus_idle, window);
17807N/A+nautilus_window_menus_lockdown_notify_remove (NautilusWindow *window)
17807N/A+ nautilus_lockdown_notify_remove(lockdown_changed_callback, window);
17807N/A+nautilus_window_menus_lockdown_notify_add (NautilusWindow *window)
17807N/A+ nautilus_lockdown_notify_add(lockdown_changed_callback, window);
17807N/A nautilus_window_load_extension_menus (NautilusWindow *window)
20904N/A@@ -617,6 +617,7 @@ nautilus_window_constructed (GObject *se
20904N/A slot = nautilus_window_pane_open_slot (window->details->active_pane, 0);
20802N/A nautilus_window_set_active_slot (window, slot);
20802N/A+ nautilus_window_menus_lockdown_notify_add (window);
20904N/A@@ -726,6 +727,8 @@ nautilus_window_finalize (GObject *objec
20904N/A /* nautilus_window_close() should have run */
20904N/A g_assert (window->details->panes == NULL);
17807N/A+ nautilus_window_menus_lockdown_notify_remove(window);
17807N/A G_OBJECT_CLASS (nautilus_window_parent_class)->finalize (object);
20802N/A /* Run the nautilus application. */
20802N/A application = nautilus_application_get_singleton ();
17807N/A+ nautilus_lockdown_finalize ();
20802N/A g_list_free_full (uris, g_free);
16372N/A+command_is_allowed (const char *full_command)
20802N/A+ gboolean allowed = !nautilus_lockdown_is_forbidden_command(full_command);
20802N/A+ (_("Sorry, This is a restricted application which "
17807N/A nautilus_launch_application_by_uri (GAppInfo *application,
16372N/A- eel_gnome_open_terminal_on_screen (full_command, screen);
16372N/A+ if (!nautilus_lockdown_is_command_line_disabled ()) {
16372N/A+ eel_gnome_open_terminal_on_screen (full_command, screen);
16372N/A+ (_("Sorry, this command requires a terminal "),
16372N/A+ _("Terminal access is restricted."),
20802N/A app = g_app_info_create_from_commandline (full_command, NULL, 0, NULL);
20802N/A+ if (!command_is_allowed (command_string)) {
20802N/A launch_application_from_command_internal (full_command, screen, use_terminal);
17807N/A+ if (!command_is_allowed (g_app_info_get_executable (app_info))) {
17807N/A /* count the number of uris with local paths */
20802N/A #define NAUTILUS_PREFERENCES_LOCKDOWN_COMMAND_LINE "disable-command-line"
20802N/A+#define NAUTILUS_PREFERENCES_LOCKDOWN_RESTRICT_APP_LAUNCHING "restrict-application-launching"
20802N/A+#define NAUTILUS_PREFERENCES_LOCKDOWN_ALLOWED_APPLICATIONS "allowed_applications"
20802N/A #define NAUTILUS_PREFERENCES_SHOW_DESKTOP "show-desktop-icons"
20904N/A@@ -159,6 +159,8 @@ void nautilus_window_initi
20904N/A void nautilus_window_finalize_menus (NautilusWindow *window);
20802N/A void nautilus_window_update_show_hide_menu_items (NautilusWindow *window);
18256N/A+void nautilus_window_menus_lockdown_notify_add (NautilusWindow *window);
18256N/A+void nautilus_window_menus_lockdown_notify_remove (NautilusWindow *window);
20862N/A void nautilus_window_close_pane (NautilusWindow *window,