Add a LockedHint Property

This adds a LockedHint property to ConsoleKit.Session and a
SetLockedHint dbus method to change it. The SetLockedHint method
is resitricted to the user that owns the session.
For: https://github.com/ConsoleKit2/ConsoleKit2/issues/89

3 files changed, 90 insertions, 4 deletions

diff --git a/data/ConsoleKit.conf b/data/ConsoleKit.conf
index dfa3b47..b54fe16 100644
--- a/data/ConsoleKit.conf
+++ b/data/ConsoleKit.conf
@@ -190,6 +190,8 @@
            send_member="GetIdleSinceHint"/>
     <allow send_interface="org.freedesktop.ConsoleKit.Session"
            send_member="SetIdleHint"/>
+    <allow send_interface="org.freedesktop.ConsoleKit.Session"
+           send_member="SetLockedHint"/>
     <allow send_destination="org.freedesktop.ConsoleKit"
            send_interface="org.freedesktop.ConsoleKit.Session"
            send_member="TakeControl"/>
diff --git a/src/ck-session.c b/src/ck-session.c
index 2b71154..86e2eee 100644
--- a/src/ck-session.c
+++ b/src/ck-session.c
@@ -254,9 +254,8 @@ register_session (CkSession *session, GDBusConnection *connection)
 }
 
 /*
-  lock and unlock are separate functions because:
-   1. we don't maintain state for locked
-   2. so security policy can be handled separately
+  lock and unlock are separate functions because we may want
+  security policy to be handled separately
 */
 static gboolean
 dbus_lock (ConsoleKitSession     *cksession,
@@ -269,6 +268,7 @@ dbus_lock (ConsoleKitSession     *cksession,
         g_return_val_if_fail (CK_IS_SESSION (session), FALSE);
 
         g_debug ("Emitting lock for session %s", session->priv->id);
+        console_kit_session_set_locked_hint (cksession, TRUE);
         console_kit_session_emit_lock (cksession);
 
         console_kit_session_complete_lock (cksession, context);
@@ -286,6 +286,7 @@ dbus_unlock (ConsoleKitSession     *cksession,
         g_return_val_if_fail (CK_IS_SESSION (session), FALSE);
 
         g_debug ("Emitting unlock for session %s", session->priv->id);
+        console_kit_session_set_locked_hint (cksession, FALSE);
         console_kit_session_emit_unlock (cksession);
 
         console_kit_session_complete_unlock (cksession, context);
@@ -447,6 +448,55 @@ dbus_set_idle_hint (ConsoleKitSession     *cksession,
         return TRUE;
 }
 
+/*
+  Example:
+  dbus-send --system --dest=org.freedesktop.ConsoleKit \
+  --type=method_call --print-reply --reply-timeout=2000 \
+  /org/freedesktop/ConsoleKit/Session1 \
+  org.freedesktop.ConsoleKit.Session.SetLockedHint boolean:TRUE
+*/
+static gboolean
+dbus_set_locked_hint (ConsoleKitSession     *cksession,
+                      GDBusMethodInvocation *context,
+                      gboolean               arg_locked_hint)
+{
+        const char *sender;
+        uid_t       calling_uid = 0;
+        pid_t       calling_pid = 0;
+        gboolean    res;
+        CkSession *session;
+
+        TRACE ();
+
+        g_return_val_if_fail (CK_IS_SESSION (cksession), FALSE);
+
+        session = CK_SESSION(cksession);
+
+        sender = g_dbus_method_invocation_get_sender (context);
+
+        res = get_caller_info (session,
+                               sender,
+                               &calling_uid,
+                               &calling_pid);
+
+        if (! res) {
+                g_warning ("stat on pid %d failed", calling_pid);
+                throw_error (context, CK_SESSION_ERROR_FAILED, _("Unable to lookup information about calling process '%d'"), calling_pid);
+                return TRUE;
+        }
+
+        /* only restrict this by UID for now */
+        if (console_kit_session_get_unix_user (cksession) != calling_uid) {
+                throw_error (context, CK_SESSION_ERROR_INSUFFICIENT_PERMISSION, _("Only session owner may set locked hint state"));
+                return TRUE;
+        }
+
+        console_kit_session_set_locked_hint (cksession, arg_locked_hint);
+
+        console_kit_session_complete_set_idle_hint (cksession, context);
+        return TRUE;
+}
+
 static gboolean
 dbus_get_session_type (ConsoleKitSession     *cksession,
                        GDBusMethodInvocation *context)
@@ -1901,6 +1951,7 @@ ck_session_iface_init (ConsoleKitSessionIface *iface)
 {
         iface->handle_activate               = dbus_activate;
         iface->handle_set_idle_hint          = dbus_set_idle_hint;
+        iface->handle_set_locked_hint        = dbus_set_locked_hint;
         iface->handle_get_unix_user          = dbus_get_unix_user;
         iface->handle_get_seat_id            = dbus_get_seat_id;
         iface->handle_get_login_session_id   = dbus_get_login_session_id;
diff --git a/src/org.freedesktop.ConsoleKit.Session.xml b/src/org.freedesktop.ConsoleKit.Session.xml
index cb3fc25..962c38d 100644
--- a/src/org.freedesktop.ConsoleKit.Session.xml
+++ b/src/org.freedesktop.ConsoleKit.Session.xml
@@ -293,6 +293,27 @@
       </doc:doc>
     </method>
 
+    <method name="SetLockedHint">
+      <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+      <arg name="locked_hint" type="b" direction="in">
+        <doc:doc>
+          <doc:summary>boolean value to set the locked-hint to</doc:summary>
+        </doc:doc>
+      </arg>
+      <doc:doc>
+        <doc:description>
+          <doc:para> This is used by Desktop Environments to update the
+          <doc:ref type="property" to="Session:LockedHint">LockedHint</doc:ref>
+          property. Calling <doc:ref type="method" to="Session.Lock">Lock()</doc:ref>
+          or <doc:ref type="method" to="Session.Unlock">Unlock()</doc:ref> will also
+          update the <doc:ref type="property" to="Session:LockedHint">LockedHint</doc:ref>
+          value.</doc:para>
+          <doc:para>Use of this method is restricted to the user
+          that owns the session.</doc:para>
+        </doc:description>
+      </doc:doc>
+    </method>
+
     <method name="TakeControl">
       <arg name="force" type="b" direction="in">
         <doc:doc>
@@ -525,7 +546,8 @@
       <doc:doc>
         <doc:description>
           <doc:para>Emitted in response to a call to the <doc:ref type="method" to="Session.Unlock">Unlock()</doc:ref> method.</doc:para>
-          <doc:para>It is intended that the screensaver for the session should unlock the screen in response to this signal.</doc:para>
+          <doc:para>It is intended that the screensaver for the session should unlock the screen in response to this signal.
+                    Which may involve showing the password unlock dialog, depending on the screensaver policy.</doc:para>
         </doc:description>
       </doc:doc>
     </signal>
@@ -655,6 +677,17 @@
         </doc:description>
       </doc:doc>
     </property>
+    <property name="LockedHint" type="b" access="read">
+      <doc:doc>
+        <doc:description>
+          <doc:para>
+          This is a hint used by Desktop Environments to indicate that the
+          session may be locked.
+          </doc:para>
+        </doc:description>
+      </doc:doc>
+    </property>
+
 
   </interface>
 </node>