--- Begin Message ---
Package: xdm
Version: 1:1.1.10-3
Severity: wishlist
Tags: patch
Hi,
Starting with ConsoleKit 0.4.2, sessions launched by ck-launch-session are no
longer considered active and local. Instead, display managers are supposed to
create the ConsoleKit session directly through the DBus API, specifying
parameters that are not available when running Xsession.d. That's essentially
what the provided patch does.
Why is this relevant? PolicyKit policies often give special permissions to
local users. This means you can automount devices with UDisks or maybe
configure certain NetworkManager parameters if you have an active local
session. This trend seems on the rise too, since HAL is gonna be abandoned
eventually and the *Kit APIs often play nice with PolicyKit and local active
sessions for a smoother user experience.
This patch is not mine. It's from OpenSUSE and I believe similar patches are
also being used by Mandriva. Upstream did not show much interest in those
patches when they were posted in the upstream bugtracker, but I believe this
has never been discussed in their mailing list. Anyways, the patch is small
and libck-connector abstracts the whole thing very nicely (it's intended to be
used by display managers).
The patch adds a build dependendency on libck-connector-dev, translating into
a runtime dependency on libck-connector0. libck-connector0 is very lightweight
(only depends on libdbus).
The patch also works great for the time I've been testing it. You don't get
duplicate sessions or anything like that.
Regards,
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xdm depends on:
ii cpp 4:4.4.5-2 The GNU C preprocessor (cpp)
ii debconf [debconf-2.0] 1.5.38 Debian configuration management sy
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libpam0g 1.1.2-2 Pluggable Authentication Modules l
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libx11-6 2:1.4.1-5 X11 client-side library
ii libxau6 1:1.0.6-1 X11 authorisation library
ii libxaw7 2:1.0.9-2 X11 Athena Widget library
ii libxdmcp6 1:1.1.0-1 X11 Display Manager Control Protoc
ii libxext6 2:1.2.0-2 X11 miscellaneous extension librar
ii libxft2 2.2.0-2 FreeType-based font drawing librar
ii libxinerama1 2:1.1.1-1 X11 Xinerama extension library
ii libxmu6 2:1.1.0-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.9-1 X11 pixmap library
ii libxrender1 1:0.9.6-1 X Rendering Extension client libra
ii libxt6 1:1.0.9-2 X11 toolkit intrinsics library
ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
ii procps 1:3.2.8-10 /proc file system utilities
ii x11-common 1:7.6+3 X Window System (X.Org) infrastruc
ii x11-utils 7.6+1 X11 utilities
ii x11-xserver-utils 7.6+1 X server utilities
xdm recommends no packages.
xdm suggests no packages.
-- debconf information:
xdm/stop_running_server_with_children: false
xdm/daemon_name: /usr/bin/xdm
* shared/default-x-display-manager: xdm
>From ac232d8fa2e2c3fcbd30aff86af1c9f8cfb73876 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fernando=20Tarl=C3=A1=20Cardoso=20Lemos?= <fernando...@gmail.com>
Date: Sat, 19 Feb 2011 13:40:15 -0200
Subject: [PATCH] Add a patch for ConsoleKit support.
---
debian/control | 1 +
debian/patches/consolekit.diff | 231 ++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
debian/rules | 3 +-
4 files changed, 235 insertions(+), 1 deletions(-)
create mode 100644 debian/patches/consolekit.diff
diff --git a/debian/control b/debian/control
index 7c2da31..6e7439c 100644
--- a/debian/control
+++ b/debian/control
@@ -14,6 +14,7 @@ Build-Depends:
libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64],
libxinerama-dev (>= 1:1.0.1),
libxft-dev,
+ libck-connector-dev,
quilt,
automake,
libtool,
diff --git a/debian/patches/consolekit.diff b/debian/patches/consolekit.diff
new file mode 100644
index 0000000..c5afffa
--- /dev/null
+++ b/debian/patches/consolekit.diff
@@ -0,0 +1,231 @@
+Description: Implement ConsoleKit support
+ Starting from 0.4.2, ConsoleKit has more strict securty requirements
+ and ck-launch-session doesn't create a local and active session
+ anymore.
+Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=17325
+Origin: https://build.opensuse.org/package/view_file?file=xdm-consolekit.diff&package=xorg-x11&project=openSUSE:11.3:Update:Test&srcmd5=5e43d91b0bf84c8a82fc23b1cb550931
+--- a/configure.ac
++++ b/configure.ac
+@@ -434,6 +434,20 @@
+
+ AM_CONDITIONAL(DYNAMIC_GREETER, test x$DYNAMIC_GREETER = xyes)
+
++# ConsoleKit support
++AC_ARG_WITH(consolekit, AC_HELP_STRING([--with-consolekit], [Use ConsoleKit]),
++ [USE_CONSOLEKIT=$withval], [USE_CONSOLEKIT=yes])
++if test x"$USE_CONSOLEKIT" != xno; then
++ PKG_CHECK_MODULES(CK_CONNECTOR, ck-connector,
++ [USE_CONSOLEKIT=yes], [USE_CONSOLEKIT=no])
++ if test x"$USE_CONSOLEKIT" = xyes; then
++ AC_DEFINE([USE_CONSOLEKIT], 1, [Define to 1 to use ConsoleKit])
++ XDM_CFLAGS="$XDM_CFLAGS $CK_CONNECTOR_CFLAGS"
++ XDM_LIBS="$XDM_LIBS $CK_CONNECTOR_LIBS"
++ fi
++fi
++dnl AM_CONDITIONAL(USE_CONSOLEKIT, test$USE_CONSOLEKIT = xyes)
++
+ #
+ # XDM
+ #
+--- a/dm.h
++++ b/dm.h
+@@ -323,6 +323,9 @@
+ extern char *prngdSocket;
+ extern int prngdPort;
+ # endif
++#ifdef USE_CONSOLEKIT
++extern int use_consolekit;
++#endif
+
+ extern char *greeterLib;
+ extern char *willing;
+--- a/resource.c
++++ b/resource.c
+@@ -65,6 +65,9 @@
+ char *prngdSocket;
+ int prngdPort;
+ #endif
++#ifdef USE_CONSOLEKIT
++int use_consolekit;
++#endif
+
+ char *greeterLib;
+ char *willing;
+@@ -196,6 +199,10 @@
+ "false"} ,
+ { "willing", "Willing", DM_STRING, &willing,
+ ""} ,
++#ifdef USE_CONSOLEKIT
++{ "consoleKit", "ConsoleKit", DM_BOOL, (char **) &use_consolekit,
++ "true"} ,
++#endif
+ };
+
+ #define NUM_DM_RESOURCES (sizeof DmResources / sizeof DmResources[0])
+@@ -378,7 +385,11 @@
+ {"-debug", "*debugLevel", XrmoptionSepArg, (caddr_t) NULL },
+ {"-xrm", NULL, XrmoptionResArg, (caddr_t) NULL },
+ {"-daemon", ".daemonMode", XrmoptionNoArg, "true" },
+-{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" }
++{"-nodaemon", ".daemonMode", XrmoptionNoArg, "false" },
++#ifdef USE_CONSOLEKIT
++{"-consolekit", ".consoleKit", XrmoptionNoArg, "true" },
++{"-noconsolekit", ".consoleKit", XrmoptionNoArg, "false" }
++#endif
+ };
+
+ static int originalArgc;
+--- a/session.c
++++ b/session.c
+@@ -67,6 +67,11 @@
+ # endif
+ #endif /* USE_PAM */
+
++#ifdef USE_CONSOLEKIT
++#include <ck-connector.h>
++#include <dbus/dbus.h>
++#endif
++
+ #ifdef __SCO__
+ # include <prot.h>
+ #endif
+@@ -514,6 +519,97 @@
+ }
+ }
+
++#ifdef USE_CONSOLEKIT
++
++static CkConnector *connector;
++
++static int openCKSession(struct verify_info *verify, struct display *d)
++{
++ int ret;
++ DBusError error;
++ char *remote_host_name = "";
++ dbus_bool_t is_local;
++ char *display_name = "";
++ char *display_device = "";
++ char devtmp[16];
++
++ if (!use_consolekit)
++ return 1;
++
++ is_local = d->displayType.location == Local;
++ if (d->peerlen > 0 && d->peer)
++ remote_host_name = d->peer;
++ if (d->name)
++ display_name = d->name;
++ /* how can we get the corresponding tty at best...? */
++ if (d->windowPath) {
++ display_device = strchr(d->windowPath, ':');
++ if (display_device && display_device[1])
++ display_device++;
++ else
++ display_device = d->windowPath;
++ snprintf(devtmp, sizeof(devtmp), "/dev/tty%s", display_device);
++ display_device = devtmp;
++ }
++
++ connector = ck_connector_new();
++ if (!connector) {
++ LogOutOfMem("ck_connector");
++ return 0;
++ }
++
++ dbus_error_init(&error);
++ ret = ck_connector_open_session_with_parameters(
++ connector, &error,
++ "unix-user", &verify->uid,
++ "x11-display", &display_name,
++ "x11-display-device", &display_device,
++ "remote-host-name", &remote_host_name,
++ "is-local", &is_local,
++ NULL);
++ if (!ret) {
++ if (dbus_error_is_set(&error)) {
++ LogError("Dbus error: %s\n", error.message);
++ dbus_error_free(&error);
++ } else {
++ LogError("ConsoleKit error\n");
++ }
++ LogError("console-kit-daemon not running?\n");
++ ck_connector_unref(connector);
++ connector = NULL;
++ return 0;
++ }
++
++ verify->userEnviron = setEnv(verify->userEnviron,
++ "XDG_SESSION_COOKIE", ck_connector_get_cookie(connector));
++ return 1;
++}
++
++static void closeCKSession(void)
++{
++ DBusError error;
++
++ if (!connector)
++ return;
++
++ dbus_error_init(&error);
++ if (!ck_connector_close_session(connector, &error)) {
++ if (dbus_error_is_set(&error)) {
++ LogError("Dbus error: %s\n", error.message);
++ dbus_error_free(&error);
++ } else {
++ LogError("ConsoleKit close error\n");
++ }
++ LogError("console-kit-daemon not running?\n");
++ }
++ ck_connector_unref(connector);
++ connector = NULL;
++}
++#else
++#define openCKSession(v,d) 1
++#define closeCKSession()
++#endif
++
+ void
+ SessionExit (struct display *d, int status, int removeAuth)
+ {
+@@ -528,6 +624,8 @@
+ }
+ #endif
+
++ closeCKSession();
++
+ /* make sure the server gets reset after the session is over */
+ if (d->serverPid >= 2 && d->resetSignal)
+ kill (d->serverPid, d->resetSignal);
+@@ -610,6 +708,10 @@
+ #ifdef USE_PAM
+ if (pamh) pam_open_session(pamh, 0);
+ #endif
++
++ if (!openCKSession(verify, d))
++ return 0;
++
+ switch (pid = fork ()) {
+ case 0:
+ CleanUpChild ();
+--- a/xdm.man.cpp
++++ b/xdm.man.cpp
+@@ -48,6 +48,8 @@
+ ] [
+ .B \-session
+ .I session_program
++] [
++.B \-noconsolekit
+ ]
+ .SH DESCRIPTION
+ .I Xdm
+@@ -215,6 +217,10 @@
+ .IP "\fB\-xrm\fP \fIresource_specification\fP"
+ Allows an arbitrary resource to be specified, as in most
+ X Toolkit applications.
++.IP "\fB\-noconsolekit\fP"
++Specifies ``false'' as the value for the \fBDisplayManager.consoleKit\fP
++resource.
++This suppresses the session management using ConsoleKit.
+ .SH RESOURCES
+ At many stages the actions of
+ .I xdm
diff --git a/debian/patches/series b/debian/patches/series
index 15eddf7..e37ea22 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@ support_logfile_rotation.diff
debian.diff
doc_mention_xdm.options.diff
+consolekit.diff
diff --git a/debian/rules b/debian/rules
index 57b33e8..81ccf3b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -22,7 +22,8 @@ confflags += --with-pam \
--with-bw-pixmap=debianbw.xpm \
--disable-dynamic-greeter \
--disable-xdm-auth \
- --with-xft
+ --with-xft \
+ --with-consolekit
CFLAGS = -Wall -g
ifneq (,$(filter noopt,$(DEB_BUILD_OPTIONS)))
--
1.7.4.1
--- End Message ---