From 6a6479cb4bbca47fbb77489ae7117ed800951c2e Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Fri, 12 Oct 2007 18:27:29 +0000
Subject: [PATCH] - Try opening the console-kit session after the user's UID
 has already been     granted access to the server by localuser.sh, so that   
  console-kit-daemon can connect and ask the server for information just    
 by having switch to the user's UID (#287941).

---
 ck-xinit-session.c  | 90 +++++++++++++++++++++++++++++++++++++++++++++
 xinitrc             |  8 ++--
 xinitrc-common      |  2 +
 xorg-x11-xinit.spec | 17 ++++++++-
 4 files changed, 111 insertions(+), 6 deletions(-)
 create mode 100644 ck-xinit-session.c

diff --git a/ck-xinit-session.c b/ck-xinit-session.c
new file mode 100644
index 0000000..94733ea
--- /dev/null
+++ b/ck-xinit-session.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright Red Hat, Inc. 2007.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *  * Neither the name of Red Hat, Inc., nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Gate a process inside of a ConsoleKit session.
+ *
+ * We want to do this instead of doing it from inside of xinit because at the
+ * point we're doing it, we've already added the user's UID to the list of
+ * allowed clients for the X server, so the ConsoleKit daemon, which assumes
+ * the user's UID, will be able to connect without needing to be able to read
+ * the user's X cookies.
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <paths.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <ck-connector.h>
+
+int
+main(int argc, char **argv)
+{
+	CkConnector *ckc = NULL;
+	DBusError error;
+	const char *shell;
+	pid_t pid;
+	int status;
+
+	ckc = ck_connector_new();
+	if (ckc != NULL) {
+		dbus_error_init (&error);
+		if (ck_connector_open_session(ckc, &error)) {
+			pid = fork();
+			switch (pid) {
+			case -1:
+				syslog(LOG_ERR, "error forking child");
+				break;
+			case 0:
+				setenv("XDG_SESSION_COOKIE",
+				       ck_connector_get_cookie(ckc), 1);
+				break;
+			default:
+				waitpid(pid, &status, 0);
+				exit(status);
+				break;
+			}
+		} else {
+			syslog(LOG_ERR, "error connecting to console-kit");
+		}
+	} else {
+		syslog(LOG_ERR, "error setting up to connect to console-kit");
+	}
+	if (argc > 1) {
+		execvp(argv[1], argv + 1);
+	} else {
+		shell = getenv("SHELL");
+		if (shell == NULL) {
+			shell = _PATH_BSHELL;
+		}
+		execlp(shell, shell, NULL);
+	}
+	_exit(1);
+}
diff --git a/xinitrc b/xinitrc
index 95bc807..8d552a0 100755
--- a/xinitrc
+++ b/xinitrc
@@ -18,11 +18,11 @@
 # The user may have their own clients they want to run.  If they don't,
 # fall back to system defaults.
 if [ -f $HOME/.Xclients ]; then
-    exec $SSH_AGENT $DBUS_LAUNCH $HOME/.Xclients || \
-    exec $SSH_AGENT $HOME/.Xclients
+    exec $CK_XINIT_SESSION $SSH_AGENT $DBUS_LAUNCH $HOME/.Xclients || \
+    exec $CK_XINIT_SESSION $SSH_AGENT $HOME/.Xclients
 elif [ -f /etc/X11/xinit/Xclients ]; then
-    exec $SSH_AGENT $DBUS_LAUNCH /etc/X11/xinit/Xclients || \
-    exec $SSH_AGENT /etc/X11/xinit/Xclients
+    exec $CK_XINIT_SESSION $SSH_AGENT $DBUS_LAUNCH /etc/X11/xinit/Xclients || \
+    exec $CK_XINIT_SESSION $SSH_AGENT /etc/X11/xinit/Xclients
 else
     # Failsafe settings.  Although we should never get here
     # (we provide fallbacks in Xclients as well) it can't hurt.
diff --git a/xinitrc-common b/xinitrc-common
index 8e76e59..c8c269e 100644
--- a/xinitrc-common
+++ b/xinitrc-common
@@ -71,3 +71,5 @@ fi
 DBUS_LAUNCH=
 [ -x /usr/bin/dbus-launch -a -z "$DBUS_SESSION_BUS_ADDRESS" ] && DBUS_LAUNCH="/usr/bin/dbus-launch --exit-with-session"
 
+CK_XINIT_SESSION=
+[ -x /usr/bin/ck-xinit-session ] && CK_XINIT_SESSION="/usr/bin/ck-xinit-session"
diff --git a/xorg-x11-xinit.spec b/xorg-x11-xinit.spec
index 6b3ceaf..b564673 100644
--- a/xorg-x11-xinit.spec
+++ b/xorg-x11-xinit.spec
@@ -3,7 +3,7 @@
 Summary:   X.Org X11 X Window System xinit startup scripts
 Name:      xorg-x11-%{pkgname}
 Version:   1.0.7
-Release:   1%{?dist}
+Release:   2%{?dist}
 License:   MIT/X11
 Group:     User Interface/X
 URL:       http://www.x.org
@@ -19,6 +19,7 @@ Source14: Xresources
 #       here instead of the xdm package.
 Source16: Xsession
 Source17: localuser.sh
+Source100: ck-xinit-session.c
 
 Patch1: xinit-1.0.2-client-session.patch
 Patch2: xinit-1.0.7-poke-ck.patch
@@ -54,7 +55,7 @@ X.Org X11 X Window System xinit startup scripts
 %prep
 %setup -q -n %{pkgname}-%{version}
 %patch1 -p1 -b .client-session
-%patch2 -p1 -b .poke-ck
+#%patch2 -p1 -b .poke-ck
 
 %build
 autoreconf
@@ -62,12 +63,17 @@ autoreconf
 # FIXME: Upstream should default to XINITDIR being this.  Make a patch to
 # Makefile.am and submit it in a bug report or check into CVS.
 make XINITDIR=/etc/X11/xinit
+%{__cc} -o ck-xinit-session \
+	`pkg-config --cflags ck-connector` $RPM_OPT_FLAGS \
+	$RPM_SOURCE_DIR/ck-xinit-session.c \
+	`pkg-config --libs ck-connector`
 
 %install
 rm -rf $RPM_BUILD_ROOT
 # FIXME: Upstream should default to XINITDIR being this.  Make a patch to
 # Makefile.am and submit it in a bug report or check into CVS.
 %makeinstall XINITDIR=$RPM_BUILD_ROOT/etc/X11/xinit
+install -m755 ck-xinit-session $RPM_BUILD_ROOT/%{_bindir}
 
 # Install Red Hat custom xinitrc, etc.
 {
@@ -92,6 +98,7 @@ rm -rf $RPM_BUILD_ROOT
 %doc AUTHORS COPYING README NEWS ChangeLog
 %{_bindir}/startx
 %{_bindir}/xinit
+%{_bindir}/ck-xinit-session
 %dir %{_sysconfdir}/X11
 %dir %{_sysconfdir}/X11/xinit
 %{_sysconfdir}/X11/xinit/xinitrc
@@ -108,6 +115,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/xinit.1*
 
 %changelog
+* Fri Oct 12 2007 Nalin Dahyabhai <nalin@redhat.com> 1.0.7-2
+- Try opening the console-kit session after the user's UID has already
+  been granted access to the server by localuser.sh, so that console-kit-daemon
+  can connect and ask the server for information just by having switch to the
+  user's UID (#287941).
+
 * Mon Sep 24 2007 Adam Jackson <ajax@redhat.com> 1.0.7-1
 - xinit 1.0.7