[gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
- From: Brian Cameron <Brian Cameron Sun COM>
- To: gdm-list gnome org
- Subject: [gdm-list] Fixes for ConsoleKit and GDM 2.21 for Solaris
- Date: Sat, 26 Jan 2008 03:23:06 -0600
Jon:
Please find 4 patches which make GDM 2.21 work quite well on
Solaris again. Overall the new GDM looks really good. Here
is detail on the patches:
ConsoleKit-02-RBAC.diff:
This patch makes polkit an optional dependency. If present
it builds with it. If not, polkit support is disabled.
This patch also adds a --enable-rbac-shutdown=<key> option.
If set, then ConsoleKit will allow shutdown/reboot if the
user has the RBAC key authorization defined. For example,
since the GDM GUI program runs as the "gdm" user, setting
the key for the "gdm" user allows the login program to
shutdown and reboot via ConsoleKit.
Also this patch modifies the tools/solaris/ck-system-restart
and tools/solaris/ck-system-stop scripts to call "/sbin/init 6"
and "/sbin/init 5", which are the right commands for Solaris.
ConsoleKit-03-fixbugs.diff:
Fixes two bugs I found in the code. The first is that
we need some NULL protection around the g_strdup_printf
where we build CK_SESSION_X11_DISPLAY to avoid a crash.
Second, I noticed a bug in the ck_unix_pid_get_hash
function where we weren't parsing the data right and
causing the hash to not get set properly.
gdm-rbac.diff:
Very similar to the ConsoleKit-02-RBAC.diff patch. It basically
fixes GDM so that polkit-gnome is an optional dependency and
instead you can specify the --enable-rbac-shutdown=<key> value
and it has the same meaning as for ConsoleKit.
The one thing I am not sure you will like is that I needed to
add the "gdm-settings" code to this file so that the simple-greeter
could get the GDM username from the configuration. Perhaps this
isn't necessary and I should instead fix the code to just check
whatever the current user is who is running the program. What
do you think?
Also some cleanup in configure.ac to remove the way we used
to check for RBAC in the 2.20 branch.
I have tested the code and it works really well. If I define
the "gdm" user to have solaris.system.shutdown RBAC key, then
the buttons show up in the greeter and I have the ability to
shutdown/reboot the system. If the "gdm" user doesn' thave the
RBAC key defined, the buttons don't show up and ConsoleKit
does not allow me to shut down or reboot the system.
gdm-crash.diff:
Another NULL protection issue to avoid a crash on GDM GUI
startup.
Can these patches go upstream? I am happy to do any additional
work on these patches if you would like, or if you see any
issues.
Thanks,
Brian
--- ConsoleKit-0.2.6/configure.ac-orig 2008-01-25 16:36:17.267510000 -0600
+++ ConsoleKit-0.2.6/configure.ac 2008-01-25 16:37:32.639867000 -0600
@@ -53,8 +53,18 @@ PKG_CHECK_MODULES(CONSOLE_KIT,
dbus-glib-1 >= $DBUS_REQUIRED_VERSION
gobject-2.0 >= $GLIB_REQUIRED_VERSION
gthread-2.0 >= $GLIB_REQUIRED_VERSION
- polkit >= $POLKIT_REQUIRED_VERSION
)
+
+PKG_CHECK_MODULES(POLKIT,
+ polkit >= $POLKIT_REQUIRED_VERSION,
+ have_polkit=yes,
+ have_polkit=no)
+if test "x$have_polkit" = "xyes" ; then
+ AC_DEFINE(HAVE_POLKIT, [], [Define if we have polkit])
+fi
+AM_CONDITIONAL(HAVE_POLKIT, test x$have_polkit = xyes)
+AC_SUBST(HAVE_POLKIT)
+
PKG_CHECK_MODULES(LIBDBUS,
dbus-1 >= $DBUS_REQUIRED_VERSION
)
@@ -282,6 +292,23 @@ if test "x$enable_inotify" = "xyes" ; th
fi
dnl ---------------------------------------------------------------------------
+dnl check for RBAC
+dnl ---------------------------------------------------------------------------
+
+msg_rbac_shutdown=no
+AC_ARG_ENABLE(rbac-shutdown,
+ [AC_HELP_STRING([--enable-rbac-shutdown=<key>],
+ [Build with RBAC support specifying shutdown/reboot RBAC authentication key])],
+ enable_rbac_shutdown=$enableval,enable_rbac_shutdown=no)
+if test "x$enable_rbac_shutdown" != "xno"; then
+ RBAC_LIBS="-lsecdb -lsocket -lnsl"
+ AC_DEFINE(ENABLE_RBAC_SHUTDOWN, [], [Set if we build with RBAC support])
+ AC_DEFINE_UNQUOTED(RBAC_SHUTDOWN_KEY, "$enable_rbac_shutdown", [Set if we build with RBAC support])
+ msg_rbac_shutdown="yes, using key $enable_rbac_shutdown"
+fi
+AC_SUBST(RBAC_LIBS)
+
+dnl ---------------------------------------------------------------------------
dnl Finish
dnl ---------------------------------------------------------------------------
@@ -398,4 +425,5 @@ echo "
PAM module dir: ${PAM_MODULE_DIR}
Build PAM module: ${msg_pam_module}
Build docs: ${enable_docbook_docs}
+ Build with RBAC: ${msg_rbac_shutdown}
"
--- ConsoleKit-0.2.6/data/Makefile.am-orig 2008-01-25 16:28:48.407904000 -0600
+++ ConsoleKit-0.2.6/data/Makefile.am 2008-01-25 16:30:13.449716000 -0600
@@ -6,10 +6,12 @@ dbusconf_DATA = ConsoleKit.conf
seatdir = $(sysconfdir)/ConsoleKit/seats.d
seat_DATA = 00-primary.seat
+if HAVE_POLKIT
polkit_policydir = $(datadir)/PolicyKit/policy
dist_polkit_policy_DATA = \
ConsoleKit.policy \
$(NULL)
+endif
servicedir = $(datadir)/dbus-1/system-services
service_in_files = org.freedesktop.ConsoleKit.service.in
--- ConsoleKit-0.2.6/src/Makefile.am-orig 2008-01-25 14:57:05.908065000 -0600
+++ ConsoleKit-0.2.6/src/Makefile.am 2008-01-25 15:51:30.129953000 -0600
@@ -10,6 +10,7 @@ INCLUDES = \
-I. \
-I$(srcdir) \
$(CONSOLE_KIT_CFLAGS) \
+ $(POLKIT_CFLAGS) \
$(DISABLE_DEPRECATED_CFLAGS) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
@@ -129,6 +130,8 @@ EXTRA_console_kit_daemon_SOURCES = \
console_kit_daemon_LDADD = \
$(CONSOLE_KIT_LIBS) \
+ $(POLKIT_LIBS) \
+ $(RBAC_LIBS) \
libck.la \
libck-event-log.la \
$(NULL)
@@ -147,6 +150,8 @@ test_event_logger_SOURCES = \
test_event_logger_LDADD = \
$(CONSOLE_KIT_LIBS) \
+ $(POLKIT_LIBS) \
+ $(RBAC_LIBS) \
libck-event-log.la \
$(NULL)
@@ -158,6 +163,7 @@ test_vt_monitor_SOURCES = \
test_vt_monitor_LDADD = \
$(CONSOLE_KIT_LIBS) \
+ $(POLKIT_LIBS) \
libck.la \
$(NULL)
@@ -171,6 +177,7 @@ test_tty_idle_monitor_SOURCES = \
test_tty_idle_monitor_LDADD = \
$(CONSOLE_KIT_LIBS) \
+ $(POLKIT_LIBS) \
libck.la \
$(NULL)
--- ConsoleKit-0.2.6/src/ck-manager.c-orig 2008-01-26 02:49:31.221025000 -0600
+++ ConsoleKit-0.2.6/src/ck-manager.c 2008-01-26 02:48:48.089193000 -0600
@@ -39,7 +39,14 @@
#include <dbus/dbus-glib.h>
#include <dbus/dbus-glib-lowlevel.h>
+#ifdef HAVE_POLKIT
#include <polkit/polkit.h>
+#endif
+
+#ifdef ENABLE_RBAC_SHUTDOWN
+#include <auth_attr.h>
+#include <secdb.h>
+#endif
#include "ck-manager.h"
#include "ck-manager-glue.h"
@@ -61,7 +68,9 @@
struct CkManagerPrivate
{
+#ifdef HAVE_POLKIT
PolKitContext *pol_ctx;
+#endif
GHashTable *seats;
GHashTable *sessions;
@@ -703,6 +712,7 @@ get_session_for_unix_process (CkManager
return session;
}
+#ifdef HAVE_POLKIT
static PolKitSession *
new_polkit_session_from_session (CkManager *manager,
CkSession *ck_session)
@@ -1064,6 +1074,7 @@ _check_polkit_for_action (CkManager
return TRUE;
}
+#endif
/* adapted from PolicyKit */
static gboolean
@@ -1201,6 +1212,47 @@ get_system_num_users (CkManager *manager
return num_users;
}
+#ifdef ENABLE_RBAC_SHUTDOWN
+static gboolean
+check_rbac_permissions (CkManager *manager,
+ DBusGMethodInvocation *context)
+{
+ const char *sender;
+ char *username;
+ gboolean res;
+ uid_t uid;
+ pid_t pid;
+
+ username = NULL;
+ sender = dbus_g_method_get_sender (context);
+ res = get_caller_info (manager,
+ sender,
+ &uid,
+ &pid);
+ if (!res) {
+ goto out;
+ }
+
+ username = get_user_name (uid);
+
+ if (username == NULL ||
+ !chkauthattr (RBAC_SHUTDOWN_KEY, username)) {
+ res = FALSE;
+ goto out;
+ }
+
+out:
+
+ if (res == TRUE)
+ g_debug ("User %s has RBAC permission to stop/restart", username);
+ else
+ g_debug ("User %s does not have RBAC permission to stop/restart", username);
+
+ g_free (username);
+ return res;
+}
+#endif
+
/*
Example:
dbus-send --system --dest=org.freedesktop.ConsoleKit \
@@ -1227,11 +1279,17 @@ ck_manager_restart (CkManager
g_debug ("ConsoleKit Restart: %s", action);
+#ifdef HAVE_POLKIT
res = _check_polkit_for_action (manager, context, action);
-
if (! res) {
goto out;
}
+#endif
+
+#ifdef ENABLE_RBAC_SHUTDOWN
+ if (!check_rbac_permissions (manager, context))
+ goto out;
+#endif
g_debug ("ConsoleKit preforming Restart: %s", action);
@@ -1277,10 +1335,17 @@ ck_manager_stop (CkManager *
action = "org.freedesktop.consolekit.system.stop";
}
+#ifdef HAVE_POLKIT
res = _check_polkit_for_action (manager, context, action);
if (! res) {
goto out;
}
+#endif
+
+#ifdef ENABLE_RBAC_SHUTDOWN
+ if (!check_rbac_permissions (manager, context))
+ goto out;
+#endif
g_debug ("Stopping system");
error = NULL;
@@ -2296,6 +2361,7 @@ bus_name_owner_changed (DBusGProxy *bus
service_name, old_service_name, new_service_name);
}
+#ifdef HAVE_POLKIT
static gboolean
pk_io_watch_have_data (GIOChannel *channel,
GIOCondition condition,
@@ -2338,18 +2404,21 @@ pk_io_remove_watch (PolKitContext *pk_co
{
g_source_remove (watch_id);
}
+#endif
static gboolean
register_manager (CkManager *manager)
{
GError *error = NULL;
+#ifdef HAVE_POLKIT
manager->priv->pol_ctx = polkit_context_new ();
polkit_context_set_io_watch_functions (manager->priv->pol_ctx, pk_io_add_watch, pk_io_remove_watch);
if (! polkit_context_init (manager->priv->pol_ctx, NULL)) {
g_critical ("cannot initialize libpolkit");
return FALSE;
}
+#endif
error = NULL;
manager->priv->connection = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
--- ConsoleKit-0.2.6/tools/solaris/ck-system-restart-orig 2008-01-26 02:39:36.542383000 -0600
+++ ConsoleKit-0.2.6/tools/solaris/ck-system-restart 2008-01-26 02:40:35.988797000 -0600
@@ -1,12 +1,3 @@
#!/bin/sh
-#Try for common tools
-if [ -x "/sbin/shutdown" ] ; then
- /sbin/shutdown -r now
- exit $?
-elif [ -x "/usr/sbin/shutdown" ] ; then
- /usr/sbin/shutdown -r now
- exit $?
-else
- exit 1
-fi
+/sbin/init 6
--- ConsoleKit-0.2.6/tools/solaris/ck-system-stop-orig 2008-01-26 02:39:42.911765000 -0600
+++ ConsoleKit-0.2.6/tools/solaris/ck-system-stop 2008-01-26 02:40:44.114601000 -0600
@@ -1,12 +1,3 @@
#!/bin/sh
-#Try for common tools
-if [ -x "/sbin/shutdown" ] ; then
- /sbin/shutdown -h now
- exit $?
-elif [ -x "/usr/sbin/shutdown" ] ; then
- /usr/sbin/shutdown -h now
- exit $?
-else
- exit 1
-fi
+/sbin/init 5
--- ck-old/src/ck-session.c-orig 2008-01-25 23:22:09.006898000 -0600
+++ ck-old/src/ck-session.c 2008-01-25 23:22:47.083388000 -0600
@@ -1230,7 +1230,8 @@ ck_session_run_programs (CkSession *ses
if (session->priv->x11_display_device != NULL && strlen (session->priv->x11_display_device) > 0) {
extra_env[n++] = g_strdup_printf ("CK_SESSION_X11_DISPLAY_DEVICE=%s", session->priv->x11_display_device);
}
- extra_env[n++] = g_strdup_printf ("CK_SESSION_X11_DISPLAY=%s", session->priv->x11_display);
+ extra_env[n++] = g_strdup_printf ("CK_SESSION_X11_DISPLAY=%s",
+ session->priv->x11_display ? session->priv->x11_display : "");
if (session->priv->remote_host_name != NULL && strlen (session->priv->remote_host_name) > 0) {
extra_env[n++] = g_strdup_printf ("CK_SESSION_REMOTE_HOST_NAME=%s", session->priv->remote_host_name);
}
--- ck-old/src/ck-sysdeps-solaris.c-orig 2008-01-26 01:55:56.364088000 -0600
+++ ck-old/src/ck-sysdeps-solaris.c 2008-01-26 01:57:49.064138000 -0600
@@ -260,7 +260,7 @@ ck_unix_pid_get_env_hash (pid_t pid)
if (skip_prefix != NULL) {
char **vals;
- vals = g_strsplit (buf, "=", 2);
+ vals = g_strsplit (skip_prefix + 1, "=", 2);
if (vals != NULL) {
g_hash_table_insert (hash,
g_strdup (vals[0]),
Index: gdm-chooser-widget.c
===================================================================
--- gdm-chooser-widget.c (revision 5635)
+++ gdm-chooser-widget.c (working copy)
@@ -1321,9 +1321,9 @@
if (is_in_use) {
markup = g_strdup_printf ("<b>%s</b>\n"
"<i><span size=\"x-small\">%s</span></i>",
- name, widget->priv->in_use_message);
+ name ? name : "(null)", widget->priv->in_use_message);
} else {
- markup = g_strdup_printf ("<b>%s</b>", name);
+ markup = g_strdup_printf ("<b>%s</b>", name ? name : "(null)");
}
g_free (name);
Index: gui/simple-greeter/gdm-greeter-login-window.c
===================================================================
--- gui/simple-greeter/gdm-greeter-login-window.c (revision 5635)
+++ gui/simple-greeter/gdm-greeter-login-window.c (working copy)
@@ -33,6 +33,15 @@
#include <errno.h>
#include <pwd.h>
+#ifdef ENABLE_RBAC_SHUTDOWN
+#include <auth_attr.h>
+#include <secdb.h>
+#include "gdm-settings.h"
+#include "gdm-settings-direct.h"
+#include "gdm-settings-keys.h"
+static GdmSettings *settings = NULL;
+#endif
+
#include <glib.h>
#include <glib/gi18n.h>
#include <glib/gstdio.h>
@@ -49,7 +58,9 @@
#include <dbus/dbus-glib.h>
#include <dbus/dbus-glib-lowlevel.h>
+#if HAVE_POLKIT_GNOME
#include <polkit-gnome/polkit-gnome.h>
+#endif
#include "gdm-greeter-login-window.h"
#include "gdm-user-chooser-widget.h"
@@ -203,16 +214,33 @@
const char *default_name;
GtkWidget *user_chooser;
GtkWidget *box;
+ gchar *username;
+ gboolean show_restart_shutdown = TRUE;
/* FIXME: do animation */
default_name = NULL;
+#ifdef ENABLE_RBAC_SHUTDOWN
+ gdm_settings_direct_get_string (GDM_KEY_USER, &username);
+
+ if (username == NULL || !chkauthattr (RBAC_SHUTDOWN_KEY, username)) {
+ show_restart_shutdown = FALSE;
+ g_debug ("Not showing stop/restart buttons for user %s due to RBAC key %s",
+ username, RBAC_SHUTDOWN_KEY);
+ } else {
+ g_debug ("Showing stop/restart buttons for user %s due to RBAC key %s",
+ username, RBAC_SHUTDOWN_KEY);
+ }
+#endif
+
switch (number) {
case MODE_SELECTION:
show_widget (login_window, "log-in-button", FALSE);
show_widget (login_window, "cancel-button", FALSE);
- show_widget (login_window, "shutdown-button", login_window->priv->display_is_local);
- show_widget (login_window, "restart-button", login_window->priv->display_is_local);
+ show_widget (login_window, "shutdown-button",
+ login_window->priv->display_is_local && show_restart_shutdown);
+ show_widget (login_window, "restart-button",
+ login_window->priv->display_is_local && show_restart_shutdown);
show_widget (login_window, "suspend-button", login_window->priv->display_is_local);
show_widget (login_window, "disconnect-button", ! login_window->priv->display_is_local);
show_widget (login_window, "auth-input-box", FALSE);
@@ -525,6 +553,7 @@
return res;
}
+#ifdef HAVE_POLKIT_GNOME
static void
system_restart_auth_cb (PolKitAction *action,
gboolean gained_privilege,
@@ -613,6 +642,7 @@
return action;
}
+#endif
static void
do_system_restart (GdmGreeterLoginWindow *login_window)
@@ -630,6 +660,7 @@
}
res = try_system_restart (connection, &error);
+#ifdef HAVE_POLKIT_GNOME
if (! res) {
g_debug ("GdmGreeterLoginWindow: unable to restart system: %s: %s",
dbus_g_error_get_name (error),
@@ -662,7 +693,7 @@
}
}
-
+#endif
}
static void
@@ -681,6 +712,7 @@
}
res = try_system_stop (connection, &error);
+#ifdef HAVE_POLKIT_GNOME
if (! res) {
g_debug ("GdmGreeterLoginWindow: unable to stop system: %s: %s",
dbus_g_error_get_name (error),
@@ -713,7 +745,7 @@
}
}
-
+#endif
}
static void
@@ -1402,6 +1434,19 @@
gtk_window_set_skip_pager_hint (GTK_WINDOW (login_window), TRUE);
gtk_window_stick (GTK_WINDOW (login_window));
gtk_container_set_border_width (GTK_CONTAINER (login_window), 25);
+
+#ifdef ENABLE_RBAC_SHUTDOWN
+ settings = gdm_settings_new ();
+ if (settings == NULL) {
+ g_warning ("Unable to initialize settings");
+ return;
+ }
+
+ if (! gdm_settings_direct_init (settings, GDMCONFDIR "/gdm.schemas", "/")) {
+ g_warning ("Unable to initialize settings");
+ return;
+ }
+#endif
}
static void
@@ -1418,6 +1463,12 @@
remove_clock_timeout (login_window);
+#ifdef ENABLE_RBAC_SHUTDOWN
+ if (settings != NULL) {
+ g_object_unref (settings);
+ }
+#endif
+
G_OBJECT_CLASS (gdm_greeter_login_window_parent_class)->finalize (object);
}
Index: gui/simple-greeter/Makefile.am
===================================================================
--- gui/simple-greeter/Makefile.am (revision 5635)
+++ gui/simple-greeter/Makefile.am (working copy)
@@ -19,6 +19,7 @@
-DAT_SPI_REGISTRYD_DIR="\"$(AT_SPI_REGISTRYD_DIR)\"" \
$(GTK_CFLAGS) \
$(SIMPLE_GREETER_CFLAGS) \
+ $(POLKIT_GNOME_CFLAGS) \
$(NULL)
@INTLTOOL_SCHEMAS_RULE@
@@ -58,6 +59,9 @@
test_greeter_login_window_LDADD = \
$(SIMPLE_GREETER_LIBS) \
+ $(POLKIT_GNOME_LIBS) \
+ $(RBAC_LIBS) \
+ $(top_builddir)/common/libgdmcommon.la \
$(NULL)
test_greeter_panel_SOURCES = \
@@ -125,6 +129,7 @@
test_user_chooser_LDADD = \
$(SIMPLE_GREETER_LIBS) \
+ $(POLKIT_GNOME_LIBS) \
$(NULL)
test_user_manager_SOURCES = \
@@ -138,6 +143,7 @@
test_user_manager_LDADD = \
$(SIMPLE_GREETER_LIBS) \
+ $(POLKIT_GNOME_LIBS) \
$(NULL)
libexec_PROGRAMS = \
@@ -177,6 +183,9 @@
$(top_builddir)/common/libgdmcommon.la \
$(top_builddir)/gui/simple-greeter/libnotificationarea/libnotificationarea.la \
$(SIMPLE_GREETER_LIBS) \
+ $(POLKIT_GNOME_LIBS) \
+ $(RBAC_LIBS) \
+ $(top_builddir)/common/libgdmcommon.la \
$(NULL)
gladedir = $(pkgdatadir)
Index: acconfig.h
===================================================================
--- acconfig.h (revision 5635)
+++ acconfig.h (working copy)
@@ -9,7 +9,6 @@
#undef ENABLE_NLS
#undef ALWAYS_RESTART_SERVER
#undef GDM_USER_PATH
-#undef GDM_RBAC_SYSCMD_KEYS
#undef HAVE_ADT
#undef HAVE_CATGETS
#undef HAVE_CHKAUTHATTR
Index: configure.ac
===================================================================
--- configure.ac (revision 5635)
+++ configure.ac (working copy)
@@ -87,11 +87,20 @@
gtk+-2.0 >= $GTK_REQUIRED_VERSION
libglade-2.0 >= $LIBGLADE_REQUIRED_VERSION
gnome-vfs-2.0 >= $GNOME_VFS_REQUIRED_VERSION
- polkit-gnome >= $POLICYKIT_REQUIRED_VERSION
)
AC_SUBST(SIMPLE_GREETER_CFLAGS)
AC_SUBST(SIMPLE_GREETER_LIBS)
+PKG_CHECK_MODULES(POLKIT_GNOME,
+ polkit >= $POLICYKIT_REQUIRED_VERSION,
+ have_polkit=yes,
+ have_polkit=no)
+if test "x$have_polkit" = "xyes" ; then
+ AC_DEFINE(HAVE_POLKIT_GNOME, [], [Define if we have polkit])
+fi
+AM_CONDITIONAL(HAVE_POLKIT_GNOME, test x$have_polkit = xyes)
+AC_SUBST(HAVE_POLKIT_GNOME)
+
PKG_CHECK_MODULES(SIMPLE_CHOOSER,
dbus-glib-1 >= $DBUS_GLIB_REQUIRED_VERSION
gtk+-2.0 >= $GTK_REQUIRED_VERSION
@@ -862,6 +871,24 @@
dnl ---------------------------------------------------------------------------
+dnl check for RBAC
+dnl ---------------------------------------------------------------------------
+
+msg_rbac_shutdown=no
+AC_ARG_ENABLE(rbac-shutdown,
+ [AC_HELP_STRING([--enable-rbac-shutdown=<key>],
+ [Build with RBAC support specifying shutdown/reboot RBAC authentication key])],
+ enable_rbac_shutdown=$enableval,enable_rbac_shutdown=no)
+if test "x$enable_rbac_shutdown" != "xno"; then
+ RBAC_LIBS="-lsecdb -lsocket -lnsl"
+ AC_DEFINE(ENABLE_RBAC_SHUTDOWN, [], [Set if we build with RBAC support])
+ AC_DEFINE_UNQUOTED(RBAC_SHUTDOWN_KEY, "$enable_rbac_shutdown", [Set if we build with RBAC support])
+ msg_rbac_shutdown="yes, using key $enable_rbac_shutdown"
+fi
+AC_SUBST(RBAC_LIBS)
+
+
+dnl ---------------------------------------------------------------------------
dnl - Define some variables to represent the directories we use.
dnl ---------------------------------------------------------------------------
@@ -977,15 +1004,6 @@
AC_DEFINE(HAVE_LOGINDEVPERM)
EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -ldevinfo" ])
-# Check for RBAC support (chkauthattr
-#
-AC_MSG_CHECKING(for RBAC support - chkauthattr)
-AC_CHECK_LIB(secdb, chkauthattr, [
- AC_DEFINE(HAVE_CHKAUTHATTR)
- EXTRA_DAEMON_LIBS="$EXTRA_DAEMON_LIBS -lsecdb"
- EXTRA_GREETER_LIBS="$EXTRA_GREETER_LIBS -lsecdb"])
-
-
dnl ---------------------------------------------------------------------------
dnl - Check for Halt, and Reboot commands
dnl ---------------------------------------------------------------------------
@@ -995,7 +1013,6 @@
# On Solaris/bin is a symlink to /usr/bin, so don't include it in
# GDM_USER_PATH.
GDM_USER_PATH=""
-GDM_RBAC_SYSCMD_KEYS=""
case "$host" in
*solaris*)
@@ -1006,7 +1023,6 @@
SUSPEND_COMMAND="/usr/openwin/bin/sys-suspend -n"
XSESSION_SHELL=/bin/ksh
SOUND_PROGRAM=/usr/bin/audioplay
- GDM_RBAC_SYSCMD_KEYS="HALT:solaris.system.shutdown;REBOOT:solaris.system.shutdown"
;;
*freebsd*)
GDM_USER_PATH="/bin:/usr/bin"
@@ -1201,16 +1217,6 @@
AC_SUBST(GDM_WORKING_DIR)
dnl ---------------------------------------------------------------------------
-dnl - Allow configure to specify RBAC keys.
-dnl ---------------------------------------------------------------------------
-
-AC_ARG_WITH(rbac-system-command-keys, [ --with-rbac-system-command-keys=<keys> RBAC system command keys])
-
-if ! test -z "$with_system_command_keys"; then
- GDM_RBAC_SYSCMD_KEYS=$with_system_command_keys
-fi
-
-dnl ---------------------------------------------------------------------------
dnl - Finish
dnl ---------------------------------------------------------------------------
@@ -1288,8 +1294,6 @@
AC_DEFINE_UNQUOTED(GDM_USER_PATH,"$GDM_USER_PATH")
AC_SUBST(SOUND_PROGRAM)
AC_DEFINE_UNQUOTED(SOUND_PROGRAM,"$SOUND_PROGRAM")
-AC_SUBST(GDM_RBAC_SYSCMD_KEYS)
-AC_DEFINE_UNQUOTED(GDM_RBAC_SYSCMD_KEYS,"$GDM_RBAC_SYSCMD_KEYS")
AC_SUBST(X_PATH)
AC_SUBST(X_SERVER)
@@ -1371,6 +1375,7 @@
echo \
" TCP Wrappers support: no"
else
+ echo \
" TCP Wrappers support: yes"
fi
@@ -1379,4 +1384,5 @@
XDMCP support: ${XDMCP_SUPPORT}
SELinux support: ${with_selinux}
ConsoleKit support: ${use_console_kit}
+ Build with RBAC: ${msg_rbac_shutdown}
"
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
