New upstream version 2.1.3

nx-session-launcher/ConsoleKit-NX.conf

@@ -0,0 +1,26 @@
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- Allow nx user to manage sessions -->
+  <policy user="nx">
+    <allow own="org.freedesktop.ConsoleKit"/>
+
+    <allow send_interface="org.freedesktop.ConsoleKit.Manager"/>
+    <allow send_interface="org.freedesktop.ConsoleKit.Seat"/>
+    <allow send_interface="org.freedesktop.ConsoleKit.Session"/>
+
+    <deny send_interface="org.freedesktop.ConsoleKit.Manager"
+           send_member="SetX11ParkingPlace"/>
+    <allow send_interface="org.freedesktop.ConsoleKit.Manager"
+           send_member="OpenConsoleWithParameters"/>
+    <allow send_interface="org.freedesktop.ConsoleKit.Session"
+           send_member="Lock"/>
+    <allow send_interface="org.freedesktop.ConsoleKit.Session"
+           send_member="Unlock"/>
+    <allow send_destination="org.freedesktop.ConsoleKit"
+           send_interface="org.freedesktop.DBus.Properties" />
+  </policy>
+
+</busconfig>

nx-session-launcher/Makefile

@@ -0,0 +1,17 @@
+.PHONY: all install
+
+CC=gcc
+CFLAGS=-g -O2 -Wall -fPIC
+
+SOURCES = nx-session-launcher-suid.c
+PROGRAMS = nx-session-launcher-suid
+
+ifneq ($(NX_VERSION),)
+CFLAGS+=-DNXSERVER_COMMAND="\"$(PATH_BIN)/nx-session-launcher\""
+endif
+
+all: $(PROGRAMS)
+
+clean:
+	rm -f $(PROGRAMS)
+

nx-session-launcher/README

@@ -0,0 +1,12 @@
+The unlock buttons on Users and Groups or Network are greyed out and un-accessible.
+Running from a term 'sudo users-admin' should work the same way. (Not in Ubuntu due
+to bug https://bugs.edge.launchpad.net/ubuntu/+source/policykit/+bug/210897)
+
+If you are not using a packed version, correct the problem by following this steps:
+ - Copy nx-session-launcher and nx-session-launcher-suid to /usr/bin
+ - Execute $ chown nx /usr/bin/nx-session-launcher-suid
+ - Execute $ chmod 4755 /usr/bin/nx-session-launcher-suid
+ - Copy ConsoleKit-NX.conf to /etc/dbus-1/system.d/
+ - Reload dbus by issuing /etc/init.d/dbus reload
+ - Edit /etc/nxserver/node.conf and change '#COMMAND_START_GNOME=gnome-session'
+     to 'COMMAND_START_GNOME=/usr/bin/nx-session-launcher-suid gnome-session'

nx-session-launcher/freenx.session.policy

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+
+ <action id="freenx.session.create">
+    <description>Create a new FreeNX session</description>
+    <message>System policy allows to create a new session</message>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>yes</allow_active>
+    </defaults>
+  </action>
+
+</policyconfig>
+

nx-session-launcher/nx-session-launcher

@@ -0,0 +1,170 @@
+#!/usr/bin/env python
+
+import xml.parsers.expat as expat
+import os
+import gobject
+import dbus
+import sys
+import logging
+
+logging.basicConfig (level=logging.ERROR, format='%(asctime)s %(name)-12s %(levelname)-8s %(message)s', stream=sys.stderr)
+log = logging.getLogger ("nx-session-launcher")
+log.debug ("Starting nx-session-launcher")
+
+# Getting the system dbus
+bus = dbus.SystemBus ()
+
+USE_PK_CREDENTIALS = False
+
+# ------------------- ConsoleKit integration ------------------------
+
+# Getting the ConsoleKit object
+ck_manager_obj = bus.get_object ('org.freedesktop.ConsoleKit', '/org/freedesktop/ConsoleKit/Manager')
+ck_manager = dbus.Interface (ck_manager_obj, 'org.freedesktop.ConsoleKit.Manager')
+objs = ck_manager.GetSeats ()
+
+nx_create_session = os.getenv('NX_CREATE_CK_SESSION')
+create_session = True
+if nx_create_session == "false":
+    create_session = False
+
+nx_session_type = os.getenv('NX_SESSION_TYPE')
+if nx_session_type == None:
+    nx_session_type = "nx"
+display = os.getenv('DISPLAY')
+
+# Get the current session
+current_cookie = os.getenv('XDG_SESSION_COOKIE')
+current_session = None
+if current_cookie != None:
+    current_session = ck_manager.GetSessionForCookie (current_cookie)
+
+def takeOwnership():
+    log.debug ("NX_CREATE_CK_SESSION = " + current_cookie)
+    log.debug ("Not creating a CK session")
+    
+    session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
+    session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
+    
+    properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
+    try:
+        properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
+        properties.Set ("org.freedesktop.DBus.Properties", "is-local", dbus.Boolean (True, variant_level=1))
+        properties.Set ("org.freedesktop.DBus.Properties", "session-type", dbus.String (nx_session_type, variant_level=1))
+        if display != None:
+            properties.Set ("org.freedesktop.DBus.Properties", "x11-display", dbus.String (display, variant_level=1))
+        log.debug ("Ownership taken")
+        return True
+    except expat.ExpatError, e:
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        log.error ("Falling back to create a new session")
+        return False
+    except dbus.DBusException, e:
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        log.error ("Falling back to create a new session")
+        return False
+    except Exception, e:
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        log.error ("Falling back to create a new session")
+        return False
+
+def createSession():
+    try:
+        # Defining the session attributes
+        params = dbus.Array ([], signature = "(sv)")
+        params.append (("unix-user", dbus.Int32 (os.getuid(), variant_level=1)))
+        params.append (("session-type", dbus.String (nx_session_type, variant_level=1)))
+        if display != None:
+            params.append (("x11-display", dbus.String (display, variant_level=1)))
+        params.append (("is-local", dbus.Boolean (True, variant_level=1)))
+        
+        # Create the ConsoleKit session
+        cookie = ck_manager.OpenSessionWithParameters (params)
+        log.debug ("Session " + cookie + " created")
+        
+        # Exporting the XDG_SESSION_COOKIE variable
+        os.environ['XDG_SESSION_COOKIE'] = cookie
+        
+        # Getting the ConsoleKit session
+        current_session = ck_manager.GetSessionForCookie (cookie)
+        session_obj = bus.get_object ('org.freedesktop.ConsoleKit', current_session)
+        session = dbus.Interface (session_obj, 'org.freedesktop.ConsoleKit.Session')
+        
+        # Setting the session as active
+        properties = dbus.Interface (session_obj, 'org.freedesktop.DBus.Properties')
+        properties.Set ("org.freedesktop.DBus.Properties", "active", dbus.Boolean (True, variant_level=1))
+         
+    except dbus.DBusException, e:
+        # Dbus error problably you don't have the dbus rule installed or your launcher is not suid nx
+        # Open session without the parameters
+        log.error ("Failed to create a CK session using parameters")
+        
+        error_string = str(e)
+        log.error ("Error: " + error_string)
+        
+        # Create the ConsoleKit session
+        cookie = ck_manager.OpenSession ()
+        log.debug ("Session " + cookie + " created")
+        
+        # Exporting the XDG_SESSION_COOKIE variable
+        os.environ['XDG_SESSION_COOKIE'] = cookie
+
+def checkPermission ():
+    if USE_PK_CREDENTIALS == False:
+        return True
+    
+    policykit = bus.get_object ('org.freedesktop.PolicyKit', '/', "org/freedesktop/PolicyKit")
+    
+    if(policykit == None):
+        log.error ("Error: Could not get PolicyKit D-Bus Interface\n")
+    else:
+        polkit_interface = dbus.Interface (policykit, 'org.freedesktop.PolicyKit')
+        
+        try:
+            granted = polkit_interface.IsProcessAuthorized ("freenx.session.create", os.getpid(), "false")
+            
+            if granted == "yes":
+                return True
+            else:
+                return False
+            
+        except dbus.DBusException, e :
+            # Dbus error problably you don't have the PolicyKit rule installed
+            error_string = str(e)
+            log.error ("Error: " + error_string)
+
+
+if create_session and ( current_session == None or not takeOwnership () ):
+     log.debug("Creating a new session")
+     createSession ()
+     pid = os.fork ()
+     if pid == -1:
+         log.rrror ("error forking child")
+     elif pid == 0:
+         log.debug ("Forked")
+     else:
+         # Parent
+         status = os.waitpid (pid, 0)
+         os._exit (0)
+
+if os.geteuid () != os.getuid ():
+    # Drop setuid privilege
+    os.setreuid(os.getuid(), os.getuid())
+    
+    os.environ ['NX_CREATE_CK_SESSION'] = "false"
+    
+    # Reexecute this script to really drop euid privilege
+#    os.spawnvp (os.P_WAIT, sys.argv[0], sys.argv)
+#    sys.exit()
+
+args = sys.argv
+args.pop(0)
+log.info ("Launching the program\n")
+if checkPermission ():
+    os.execvp(args[0], args)
+else:
+    log.error ("You don't have permission to execute the action\n")
+

nx-session-launcher/nx-session-launcher-suid.c

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2007 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Authors: alriddoch@google.com (Alistair Riddoch)
+ * 	    freenx@fabian-franz.de (Fabian Franz)
+ */
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#ifndef SESSION_LAUNCHER_COMMAND
+#define SESSION_LAUNCHER_COMMAND "/usr/bin/nx-session-launcher"
+#endif
+
+#define CK_LAUNCH_SESSION_COMMAND "/usr/bin/ck-launch-session"
+
+int main(int argc, char ** argv)
+{
+    char ** new_argv;
+    new_argv = calloc(argc + 1, sizeof(char *));
+    int i;
+
+    for (i = 1; i < argc; ++i) {
+        new_argv[i] = argv[i];
+    }
+
+    uid_t calling_uid = getuid();
+
+    if (geteuid() == calling_uid) {
+        printf("Not running suid. Executing ck-launch-session.\n");
+
+        new_argv[0] = CK_LAUNCH_SESSION_COMMAND;
+
+    }else{
+        new_argv[0] = SESSION_LAUNCHER_COMMAND;
+    }
+
+    return execv(new_argv[0], new_argv);
+}