nautilus-07-lockdown.diff revision 16372
--- naut.orig/libnautilus-private/Makefile.am 2008-08-21 00:31:04.420925000 +0100
+++ naut.new/libnautilus-private/Makefile.am 2008-08-21 00:32:23.511265000 +0100
@@ -124,6 +124,8 @@
diff -urN naut.orig/libnautilus-private/nautilus-directory-async.c naut.new/libnautilus-private/nautilus-directory-async.c
--- naut.orig/libnautilus-private/nautilus-directory-async.c 2008-08-21 00:31:04.526001000 +0100
+++ naut.new/libnautilus-private/nautilus-directory-async.c 2008-08-21 00:32:23.527964000 +0100
@@ -33,6 +33,7 @@
#include "nautilus-signaller.h"
#include "nautilus-global-preferences.h"
#include "nautilus-link.h"
+#include "nautilus-lockdown.h"
#include "nautilus-marshal.h"
#include "nautilus-metafile.h"
#include <eel/eel-glib-extensions.h>
@@ -803,6 +804,10 @@
return TRUE;
}
+ if (nautilus_lockdown_is_forbidden_file(directory, info)) {
+ return TRUE;
+ }
+
return FALSE;
}
diff -urN naut.orig/libnautilus-private/nautilus-directory.c naut.new/libnautilus-private/nautilus-directory.c
--- naut.orig/libnautilus-private/nautilus-directory.c 2008-08-21 00:31:04.564463000 +0100
+++ naut.new/libnautilus-private/nautilus-directory.c 2008-08-21 00:32:23.586555000 +0100
@@ -341,6 +341,7 @@
eel_preferences_add_callback (NAUTILUS_PREFERENCES_SHOW_BACKUP_FILES,
filtering_changed_callback,
NULL);
+ nautilus_lockdown_notify_add(filtering_changed_callback, NULL) ;
eel_preferences_add_callback (NAUTILUS_PREFERENCES_SHOW_TEXT_IN_ICONS,
async_data_preference_changed_callback,
NULL);
--- /usr/tmp/nautilus-2.25.4/libnautilus-private/nautilus-file.c 2009-02-02 12:28:32.000000000 +0000
+++ nautilus-2.25.4/libnautilus-private/nautilus-file.c 2009-02-16 09:44:12.266040000 +0000
@@ -47,6 +47,7 @@
#include "nautilus-users-groups-cache.h"
#include "nautilus-vfs-file.h"
#include "nautilus-saved-search-file.h"
+#include "nautilus-lockdown.h"
#include <eel/eel-debug.h>
#include <eel/eel-glib-extensions.h>
#include <eel/eel-gtk-extensions.h>
@@ -2799,7 +2800,8 @@
return TRUE;
} else {
return (show_hidden || (!nautilus_file_is_hidden_file (file) && !is_file_hidden (file))) &&
- (show_backup || !nautilus_file_is_backup_file (file)) &&
+ (show_backup || !nautilus_file_is_backup_file (file) &&
+ !nautilus_lockdown_is_forbidden_nautilus_file(file)) &&
(show_foreign || !(nautilus_file_is_in_desktop (file) && nautilus_file_is_foreign_link (file)));
}
}
diff -urN naut.orig/libnautilus-private/nautilus-global-preferences.h naut.new/libnautilus-private/nautilus-global-preferences.h
--- naut.orig/libnautilus-private/nautilus-global-preferences.h 2008-08-21 00:31:04.746483000 +0100
+++ naut.new/libnautilus-private/nautilus-global-preferences.h 2008-08-21 00:32:23.628411000 +0100
@@ -218,6 +218,10 @@
#define NAUTILUS_PREFERENCES_DESKTOP_NETWORK_NAME "desktop/network_icon_name"
#define NAUTILUS_PREFERENCES_DESKTOP_PRIMARY_SCREEN "desktop/primary_screen"
+#define NAUTILUS_PREFERENCES_DISABLE_COMMANDLINE "/desktop/gnome/lockdown/disable_command_line"
+#define NAUTILUS_PREFERENCES_RESTRICT_APP_LAUNCHING "/desktop/gnome/lockdown/restrict_application_launching"
+#define NAUTILUS_PREFERENCES_ALLOWED_APPLICATIONS "/desktop/gnome/lockdown/allowed_applications"
+
void nautilus_global_preferences_init (void);
char *nautilus_global_preferences_get_default_folder_viewer_preference_as_iid (void);
G_END_DECLS
diff -urN naut.orig/libnautilus-private/nautilus-lockdown.c naut.new/libnautilus-private/nautilus-lockdown.c
--- naut.orig/libnautilus-private/nautilus-lockdown.c 1970-01-01 01:00:00.000000000 +0100
+++ naut.new/libnautilus-private/nautilus-lockdown.c 2008-08-21 00:32:23.631525000 +0100
@@ -0,0 +1,332 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/*
+ * Copyright (C) 2004 Sun Microsystems, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors:
+ * Matt Keenan <matt.keenan@sun.com>
+ * Mark McLoughlin <mark@skynet.ie>
+ */
+
+#include <config.h>
+
+#include "nautilus-lockdown.h"
+#include "nautilus-global-preferences.h"
+#include "nautilus-program-choosing.h"
+#include <eel/eel-preferences.h>
+#include <eel/eel-string.h>
+#include <libgnome/gnome-desktop-item.h>
+
+#include <string.h>
+
+#define N_LISTENERS 3
+
+typedef struct {
+ guint initialized : 1;
+ guint disable_command_line : 1;
+ guint restrict_application_launching : 1;
+
+ char** allowed_applications;
+
+ guint listeners [N_LISTENERS];
+
+ GSList *closures;
+} NautilusLockdown ;
+
+const gchar *command_line_execs[] = {
+ "/usr/bin/xterm",
+};
+#define NUMBER_COMMAND_LINE_EXECS 2
+
+static NautilusLockdown nautilus_lockdown = { 0, };
+
+
+static inline void
+nautilus_lockdown_invoke_closures (NautilusLockdown *lockdown)
+{
+ GSList *l;
+
+ for (l = lockdown->closures; l; l = l->next)
+ g_closure_invoke (l->data, NULL, 0, NULL, NULL);
+}
+
+static void
+disable_command_line_notify (NautilusLockdown *lockdown)
+{
+ lockdown->disable_command_line =
+ eel_preferences_get_boolean(
+ NAUTILUS_PREFERENCES_DISABLE_COMMANDLINE) ;
+ nautilus_lockdown_invoke_closures (lockdown);
+}
+
+static void
+restrict_application_launching_notify (NautilusLockdown *lockdown)
+{
+ lockdown->restrict_application_launching =
+ eel_preferences_get_boolean (
+ NAUTILUS_PREFERENCES_RESTRICT_APP_LAUNCHING);
+ nautilus_lockdown_invoke_closures (lockdown);
+}
+
+static void
+allowed_applications_notify (NautilusLockdown *lockdown)
+{
+ g_strfreev(lockdown->allowed_applications) ;
+ lockdown->allowed_applications =
+ eel_preferences_get_string_array(
+ NAUTILUS_PREFERENCES_ALLOWED_APPLICATIONS) ;
+ nautilus_lockdown_invoke_closures (lockdown);
+}
+
+static gboolean
+nautilus_lockdown_load_bool (NautilusLockdown *lockdown,
+ const char *key,
+ EelPreferencesCallback notify_func)
+{
+ gboolean retval = eel_preferences_get_boolean (key);
+
+ eel_preferences_add_callback(key, notify_func, lockdown) ;
+ return retval;
+}
+
+static char**
+nautilus_lockdown_load_allowed_applications (NautilusLockdown *lockdown)
+{
+ char **retval;
+
+ retval = eel_preferences_get_string_array(
+ NAUTILUS_PREFERENCES_ALLOWED_APPLICATIONS) ;
+ eel_preferences_add_callback(NAUTILUS_PREFERENCES_ALLOWED_APPLICATIONS,
+ allowed_applications_notify, lockdown) ;
+ return retval;
+}
+
+void
+nautilus_lockdown_init (void)
+{
+ nautilus_lockdown_load_bool (
+ &nautilus_lockdown,
+ NAUTILUS_PREFERENCES_DISABLE_COMMANDLINE,
+ disable_command_line_notify);
+ nautilus_lockdown_load_bool (
+ &nautilus_lockdown,
+ NAUTILUS_PREFERENCES_RESTRICT_APP_LAUNCHING,
+ restrict_application_launching_notify) ;
+ nautilus_lockdown_load_allowed_applications (
+ &nautilus_lockdown) ;
+ nautilus_lockdown.initialized = TRUE;
+}
+
+void
+nautilus_lockdown_finalize (void)
+{
+ GSList *l = NULL ;
+
+ g_assert (nautilus_lockdown.initialized == TRUE);
+ eel_preferences_remove_callback(
+ NAUTILUS_PREFERENCES_DISABLE_COMMANDLINE,
+ disable_command_line_notify,
+ &nautilus_lockdown) ;
+ eel_preferences_remove_callback(
+ NAUTILUS_PREFERENCES_RESTRICT_APP_LAUNCHING,
+ restrict_application_launching_notify,
+ &nautilus_lockdown) ;
+ eel_preferences_remove_callback(
+ NAUTILUS_PREFERENCES_ALLOWED_APPLICATIONS,
+ allowed_applications_notify,
+ &nautilus_lockdown) ;
+ g_strfreev(nautilus_lockdown.allowed_applications) ;
+ for (l = nautilus_lockdown.closures; l; l = l->next) {
+ g_closure_unref (l->data);
+ }
+ g_slist_free (nautilus_lockdown.closures);
+ nautilus_lockdown.closures = NULL;
+ nautilus_lockdown.initialized = FALSE;
+}
+
+gboolean
+nautilus_lockdown_is_command_line_disabled (void)
+{
+ g_assert (nautilus_lockdown.initialized == TRUE);
+ return nautilus_lockdown.disable_command_line;
+}
+
+gboolean
+nautilus_lockdown_is_app_launching_restricted (void)
+{
+ g_assert (nautilus_lockdown.initialized == TRUE);
+}
+
+char**
+nautilus_lockdown_get_allowed_apps (void)
+{
+ g_assert (nautilus_lockdown.initialized == TRUE);
+ return nautilus_lockdown.allowed_applications;
+}
+
+static GClosure *
+nautilus_lockdown_notify_find (GSList *closures,
+ GCallback callback_func,
+ gpointer user_data)
+{
+ GSList *l;
+
+ for (l = closures; l; l = l->next) {
+ GCClosure *cclosure = l->data;
+ GClosure *closure = l->data;
+
+ if (closure->data == user_data &&
+ cclosure->callback == callback_func)
+ return closure;
+ }
+
+ return NULL;
+}
+
+static void
+marshal_user_data (GClosure *closure,
+ GValue *return_value,
+ guint n_param_values,
+ const GValue *param_values,
+ gpointer invocation_hint,
+ gpointer marshal_data)
+{
+ GCClosure *cclosure = (GCClosure*) closure;
+
+ g_return_if_fail (cclosure->callback != NULL);
+ g_return_if_fail (n_param_values == 0);
+
+ ((void (*) (gpointer *))cclosure->callback) (closure->data);
+}
+
+void
+nautilus_lockdown_notify_add (GCallback callback_func,
+ gpointer user_data)
+{
+ GClosure *closure;
+
+ g_assert (nautilus_lockdown_notify_find (nautilus_lockdown.closures,
+ callback_func,
+ user_data) == NULL);
+ closure = g_cclosure_new (callback_func, user_data, NULL);
+ g_closure_set_marshal (closure, marshal_user_data);
+ nautilus_lockdown.closures = g_slist_append (nautilus_lockdown.closures,
+ closure);
+}
+
+void
+nautilus_lockdown_notify_remove (GCallback callback_func,
+ gpointer user_data)
+{
+ GClosure *closure;
+
+ closure = nautilus_lockdown_notify_find (nautilus_lockdown.closures,
+ callback_func,
+ user_data);
+ g_assert (closure != NULL);
+ nautilus_lockdown.closures = g_slist_remove (nautilus_lockdown.closures,
+ closure);
+ g_closure_unref (closure);
+}
+
+static gboolean nautilus_lockdown_is_forbidden_uri(const char *uri)
+{
+ GnomeDesktopItem *item = NULL ;
+ GError *error = NULL ;
+ const char *command = NULL ;
+ gboolean ret_code = FALSE ;
+
+ item = gnome_desktop_item_new_from_uri(uri, 0, &error) ;
+ if (error != NULL) {
+ g_error_free(error) ;
+ return ret_code ;
+ }
+ command = gnome_desktop_item_get_string(item, GNOME_DESKTOP_ITEM_EXEC) ;
+ if (command == NULL) { return ret_code ; }
+ return nautilus_lockdown_is_forbidden_command(command) ;
+}
+
+static const char *GNOME_APP_MIME = "application/x-gnome-app-info" ;
+static const char *DESKTOP_MIME = "application/x-desktop" ;
+
+gboolean nautilus_lockdown_is_forbidden_file(NautilusDirectory *directory,
+ GFileInfo *file)
+{
+ const char *mime_type = g_file_info_get_content_type(file) ;
+
+ mime_type != NULL &&
+ (strcmp(mime_type, GNOME_APP_MIME) == 0 ||
+ strcmp(mime_type, DESKTOP_MIME) == 0)) {
+ return nautilus_lockdown_is_forbidden_command(
+ nautilus_directory_get_file_uri(directory, g_file_info_get_name(file)));
+ }
+ return FALSE ;
+}
+
+gboolean nautilus_lockdown_is_forbidden_nautilus_file(NautilusFile *file)
+{
+ (nautilus_file_is_mime_type(file, GNOME_APP_MIME) ||
+ nautilus_file_is_mime_type(file, DESKTOP_MIME))) {
+ return nautilus_lockdown_is_forbidden_uri(nautilus_file_get_uri(file)) ;
+ }
+ return FALSE ;
+}
+
+gboolean nautilus_lockdown_is_forbidden_command(const char *command)
+{
+ char *commandCopy = NULL ;
+ char *program = NULL ;
+ char *allowed_app;
+ gboolean retCode = FALSE ;
+
+ if (!nautilus_lockdown.restrict_application_launching) { return retCode ; }
+ commandCopy = g_shell_unquote(command, NULL) ;
+ if (commandCopy == NULL) { commandCopy = g_strdup(command) ; }
+ strtok(commandCopy, " ") ;
+ if (g_path_is_absolute(commandCopy)) {
+ program = commandCopy ;
+ }
+ else {
+ char *stripped = g_path_get_basename(commandCopy) ;
+
+ program = g_find_program_in_path(stripped) ;
+ g_free(stripped) ;
+ g_free(commandCopy) ;
+ }
+ retCode = TRUE;
+ if (program != NULL) {
+ int i = 0;
+ allowed_app = nautilus_lockdown.allowed_applications[i];
+ while (allowed_app != NULL) {
+ if (!strcmp(allowed_app, program)) {
+ retCode = FALSE;
+ break;
+ }
+ allowed_app = nautilus_lockdown.allowed_applications[++i];
+ }
+ g_free(program) ;
+ }
+ return retCode ;
+}
+
diff -urN naut.orig/libnautilus-private/nautilus-lockdown.h naut.new/libnautilus-private/nautilus-lockdown.h
--- naut.orig/libnautilus-private/nautilus-lockdown.h 1970-01-01 01:00:00.000000000 +0100
+++ naut.new/libnautilus-private/nautilus-lockdown.h 2008-08-21 00:32:23.661411000 +0100
@@ -0,0 +1,54 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/*
+ * Copyright (C) 2004 Sun Microsystems, Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Authors:
+ * Matt Keenan <matt.keenan@sun.com>
+ * Mark McLoughlin <mark@skynet.ie>
+ */
+
+#ifndef __NAUTILUS_LOCKDOWN_H__
+#define __NAUTILUS_LOCKDOWN_H__
+
+#include <libgnomevfs/gnome-vfs.h>
+#include <glib.h>
+#include <glib-object.h>
+#include "nautilus-directory.h"
+
+G_BEGIN_DECLS
+
+void nautilus_lockdown_init (void);
+void nautilus_lockdown_finalize (void);
+
+void nautilus_lockdown_notify_add (GCallback callback_func,
+ gpointer user_data);
+void nautilus_lockdown_notify_remove (GCallback callback_func,
+ gpointer user_data);
+
+gboolean nautilus_lockdown_is_command_line_disabled(void) ;
+gboolean nautilus_lockdown_is_app_launching_restricted(void) ;
+char** nautilus_lockdown_get_allowed_apps(void) ;
+
+gboolean nautilus_lockdown_is_forbidden_file(NautilusDirectory *directory,
+ GFileInfo *file) ;
+gboolean nautilus_lockdown_is_forbidden_nautilus_file(NautilusFile *file) ;
+gboolean nautilus_lockdown_is_forbidden_command(const char *command) ;
+
+G_END_DECLS
+
+#endif /* __NAUTILUS_LOCKDOWN_H__ */
--- nautilus-2.24.0.old/src/file-manager/fm-directory-view.c 2008-09-21 23:11:41.000000000 +0100
+++ nautilus-2.24.0/src/file-manager/fm-directory-view.c 2008-09-24 22:08:05.993129000 +0100
@@ -316,6 +316,7 @@
static void schedule_idle_display_of_pending_files (FMDirectoryView *view);
static void unschedule_display_of_pending_files (FMDirectoryView *view);
static void disconnect_model_handlers (FMDirectoryView *view);
+static void lockdown_changed_callback (gpointer context);
static void metadata_for_directory_as_file_ready_callback (NautilusFile *file,
gpointer callback_data);
static void metadata_for_files_in_directory_ready_callback (NautilusDirectory *directory,
@@ -1923,6 +1924,7 @@
click_policy_changed_callback, view);
eel_preferences_add_callback (NAUTILUS_PREFERENCES_SORT_DIRECTORIES_FIRST,
sort_directories_first_changed_callback, view);
+ nautilus_lockdown_notify_add (lockdown_changed_callback, view);
}
static void
@@ -2038,6 +2040,8 @@
eel_preferences_remove_callback (NAUTILUS_PREFERENCES_SORT_DIRECTORIES_FIRST,
sort_directories_first_changed_callback, view);
+ nautilus_lockdown_notify_remove (lockdown_changed_callback, view);
+
unschedule_pop_up_location_context_menu (view);
if (view->details->location_popup_event != NULL) {
gdk_event_free ((GdkEvent *) view->details->location_popup_event);
@@ -9477,6 +9481,15 @@
g_free (container_uri);
}
+static void lockdown_changed_callback(gpointer context)
+{
+ FMDirectoryView *directory_view = FM_DIRECTORY_VIEW(context) ;
+
+ if (directory_view != NULL && directory_view->details->model != NULL) {
+ load_directory(directory_view, directory_view->details->model) ;
+ }
+}
+
void
fm_directory_view_handle_text_drop (FMDirectoryView *view,
const char *text,
--- naut.orig/src/file-manager/fm-tree-model.c 2008-08-21 00:30:56.405907000 +0100
+++ naut.new/src/file-manager/fm-tree-model.c 2008-08-21 00:32:23.782284000 +0100
@@ -38,6 +38,8 @@
#include <gtk/gtk.h>
#include <string.h>
+#include <libnautilus-private/nautilus-lockdown.h>
+
enum {
ROW_LOADED,
LAST_SIGNAL
@@ -1713,6 +1715,14 @@
schedule_monitoring_update (model);
}
+void fm_tree_model_refresh_permissions(FMTreeModel *model)
+{
+ g_return_if_fail(FM_IS_TREE_MODEL(model)) ;
+ stop_monitoring(model) ;
+ destroy_by_function(model, nautilus_lockdown_is_forbidden_nautilus_file) ;
+ schedule_monitoring_update(model) ;
+}
+
static gboolean
file_is_not_directory (NautilusFile *file)
{
--- nautilus-2.24.0.old/src/file-manager/fm-tree-view.c 2008-09-17 16:01:24.000000000 +0100
+++ nautilus-2.24.0/src/file-manager/fm-tree-view.c 2008-09-24 22:12:17.631749000 +0100
@@ -1450,6 +1450,7 @@
fm_tree_model_set_show_only_directories
(view->details->child_model,
eel_preferences_get_boolean (NAUTILUS_PREFERENCES_TREE_SHOW_ONLY_DIRECTORIES));
+ fm_tree_model_refresh_permissions(view->details->child_model) ;
}
static void
@@ -1508,6 +1509,7 @@
filtering_changed_callback, view, G_OBJECT (view));
eel_preferences_add_callback_while_alive (NAUTILUS_PREFERENCES_SHOW_BACKUP_FILES,
filtering_changed_callback, view, G_OBJECT (view));
+ nautilus_lockdown_notify_add (filtering_changed_callback, view);
eel_preferences_add_callback_while_alive (NAUTILUS_PREFERENCES_TREE_SHOW_ONLY_DIRECTORIES,
filtering_changed_callback, view, G_OBJECT (view));
@@ -1570,6 +1572,8 @@
view = FM_TREE_VIEW (object);
+ nautilus_lockdown_notify_remove (filtering_changed_callback, view);
+
g_free (view->details);
G_OBJECT_CLASS (parent_class)->finalize (object);
--- naut.orig/src/nautilus-window-menus.c 2008-08-21 00:30:56.182989000 +0100
+++ naut.new/src/nautilus-window-menus.c 2008-08-21 00:32:23.813862000 +0100
@@ -49,6 +49,7 @@
#include <libnautilus-private/nautilus-icon-names.h>
#include <libnautilus-private/nautilus-ui-utilities.h>
+#include <libnautilus-private/nautilus-lockdown.h>
#include <libnautilus-private/nautilus-module.h>
#include <libnautilus-private/nautilus-undo-manager.h>
@@ -1057,6 +1058,34 @@
}
}
+static gboolean
+load_extension_menus_idle(gpointer context)
+{
+ NautilusWindow *window = NAUTILUS_WINDOW(context);
+
+ nautilus_window_load_extension_menus(window);
+ return FALSE;
+}
+
+static void
+lockdown_changed_callback(gpointer context)
+{
+ NautilusWindow *window = NAUTILUS_WINDOW(context);
+ g_idle_add(load_extension_menus_idle, window);
+}
+
+void
+nautilus_window_menus_lockdown_notify_remove (NautilusWindow *window)
+{
+ nautilus_lockdown_notify_remove(lockdown_changed_callback, window);
+}
+
+void
+nautilus_window_menus_lockdown_notify_add (NautilusWindow *window)
+{
+ nautilus_lockdown_notify_add(lockdown_changed_callback, window);
+}
+
void
nautilus_window_load_extension_menus (NautilusWindow *window)
{
--- /usr/tmp/nautilus-2.25.4/src/nautilus-window.c 2008-12-19 11:34:06.000000000 +0000
+++ nautilus-2.25.4/src/nautilus-window.c 2009-02-16 09:34:42.336842000 +0000
@@ -628,6 +628,8 @@
g_object_unref (window->details->ui_manager);
+ nautilus_window_menus_lockdown_notify_remove(window);
+
G_OBJECT_CLASS (nautilus_window_parent_class)->finalize (object);
}
@@ -649,6 +651,8 @@
slot = nautilus_window_open_slot (window, 0);
nautilus_window_set_active_slot (window, slot);
+ nautilus_window_menus_lockdown_notify_add (window);
+
return object;
}
--- nautilus-2.25.93/libnautilus-private/nautilus-global-preferences.c.ori 2009-03-16 08:14:08.704089387 +0000
+++ nautilus-2.25.93/libnautilus-private/nautilus-global-preferences.c 2009-03-16 08:15:22.688071524 +0000
@@ -41,6 +41,7 @@
/* Path for gnome-vfs preferences */
static const char *EXTRA_MONITOR_PATHS[] = { "/desktop/gnome/file_views",
NULL };
/* Forward declarations */
--- nautilus-2.26.2/src/nautilus-main.c.ori 2009-04-15 06:30:11.209902629 +0100
+++ nautilus-2.26.2/src/nautilus-main.c 2009-04-15 06:31:36.570691772 +0100
@@ -48,6 +48,7 @@
#include <libnautilus-private/nautilus-debug-log.h>
+#include <libnautilus-private/nautilus-lockdown.h>
#include <libnautilus-private/nautilus-icon-names.h>
#include <libxml/parser.h>
@@ -464,6 +465,7 @@
(NAUTILUS_PREFERENCES_DESKTOP_IS_HOME_DIR, TRUE);
}
+ nautilus_lockdown_init ();
application = NULL;
/* Do either the self-check or the real work. */
@@ -525,6 +527,7 @@
g_object_unref (application);
}
+ nautilus_lockdown_finalize ();
eel_debug_shut_down ();
nautilus_application_save_accel_map (NULL);
--- nautilus-2.26.2/src/nautilus-window-private.h.ori 2009-04-15 06:33:04.011629039 +0100
+++ nautilus-2.26.2/src/nautilus-window-private.h 2009-04-15 06:34:36.857486098 +0100
@@ -164,6 +164,8 @@
const char *status);
void nautilus_window_load_view_as_menus (NautilusWindow *window);
void nautilus_window_load_extension_menus (NautilusWindow *window);
+void nautilus_window_menus_lockdown_notify_add (NautilusWindow *window);
+void nautilus_window_menus_lockdown_notify_remove (NautilusWindow *window);
void nautilus_window_initialize_menus (NautilusWindow *window);
void nautilus_window_remove_trash_monitor_callback (NautilusWindow *window);
void nautilus_menus_append_bookmark_to_menu (NautilusWindow *window,
--- nautilus-2.26.2/libnautilus-private/nautilus-program-choosing.c.ori 2009-04-15 06:27:45.072758259 +0100
+++ nautilus-2.26.2/libnautilus-private/nautilus-program-choosing.c 2009-04-15 06:29:37.692472686 +0100
@@ -158,6 +158,22 @@
eel_g_list_free_deep (uris);
}
+static gboolean
+command_is_allowed (const char *full_command)
+{
+ gboolean allowed = !nautilus_lockdown_is_forbidden_command(full_command);
+ if (!allowed) {
+ eel_show_error_dialog
+ /* SUN_BRANDING */
+ (_("Sorry, This is a restricted application which "
+ "you may not run."),
+ /* SUN_BRANDING */
+ _("Restricted Application"),
+ NULL);
+ }
+ return allowed;
+}
+
void
nautilus_launch_application_by_uri (GAppInfo *application,
GList *uris,
@@ -335,8 +351,22 @@
}
}
+ if (!command_is_allowed (command_string)) {
+ g_free (full_command);
+ return;
+ }
+
if (use_terminal) {
- eel_gnome_open_terminal_on_screen (full_command, screen);
+ if (!nautilus_lockdown_is_command_line_disabled ()) {
+ eel_gnome_open_terminal_on_screen (full_command, screen);
+ } else {
+ eel_show_error_dialog
+ /* SUN_BRANDING */
+ (_("Sorry, this command requires a terminal "),
+ /* SUN_BRANDING */
+ _("Terminal access is restricted."),
+ NULL);
+ }
} else {
gdk_spawn_command_line_on_screen (screen, full_command, NULL);
}
@@ -387,6 +417,10 @@
parent_window);
return;
}
+
+ if (!command_is_allowed (g_app_info_get_executable (app_info))) {
+ return;
+ }
/* count the number of uris with local paths */
count = 0;