diff options
author | Matthew Leeds <mwl458@gmail.com> | 2020-02-07 19:30:21 +0000 |
---|---|---|
committer | Ray Strode <halfline@gmail.com> | 2020-02-07 19:30:21 +0000 |
commit | d5847d8d012d4a2a659f890c210ad10031a9cf3d (patch) | |
tree | 00370bcdfeacf302c56c78c159806d91d0e44117 | |
parent | eb1cac46823520eeadaf22e5be1fe3d3632e6e7e (diff) |
Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag
Currently we always use the flag
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if
a subject is authorized for an action, meaning that we cause polkit to
create an interactive dialog box. However since GLib 2.46, there has
been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which
indicates if the caller is prepared to have the user authenticate (e.g.
it's a user-facing program not a daemon). So, check for this flag in
daemon_local_check_auth().
The impetus for this patch is that in the Endles fork of
gnome-control-center we use the library malcontent, and call
mct_manager_get_app_filter() even when we don't have permission to
actually read the user's app filter, since it shouldn't cause a dialog
without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However
because accountsservice doesn't respect
G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to
create an auth dialog anyway (and hits an error but that's a separate
gnome-shell bug).
In libaccountsservice, we use code generated by gdbus-codegen to call
D-Bus methods implemented by the daemon, and that generated code
unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users
of libaccountsservice can't use interactive auth. The solution is to
bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and
pass --glib-min-required 2.64 to gdbus-codegen, which causes the
generated code to have two more arguments for each method call: one for
GDBusCallFlags and one for a timeout value.
For now we always use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
in libaccountsservice, to maintain compatibility. It might make sense to
add API in the future so that users of the library can specify if they
want to allow interactive auth.
This commit also makes us use
G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION for method calls
implemented by ConsoleKit, even though presumably no problems are caused
by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory
ConsoleKit could check for
G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION one day (although
in practice I think it's deprecated and inactive), and I think the whole
of libaccountsservice should assume interactive auth is allowed until we
have API to distinguish the no-interactive-auth case.
-rw-r--r-- | .gitlab-ci.yml | 2 | ||||
-rw-r--r-- | meson.build | 7 | ||||
-rw-r--r-- | src/daemon.c | 24 | ||||
-rw-r--r-- | src/daemon.h | 1 | ||||
-rw-r--r-- | src/libaccountsservice/act-user-manager.c | 52 | ||||
-rw-r--r-- | src/libaccountsservice/act-user.c | 38 | ||||
-rw-r--r-- | src/libaccountsservice/meson.build | 1 | ||||
-rw-r--r-- | src/meson.build | 1 | ||||
-rw-r--r-- | src/user.c | 20 |
9 files changed, 112 insertions, 34 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 45abc9e..3d8d99e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ build-fedora: - image: fedora:latest + image: fedora:rawhide before_script: - dnf install -y gcc meson ninja-build gobject-introspection-devel glib-devel gtk-doc gettext-devel make polkit-devel redhat-rpm-config systemd-devel dbus-devel vala script: diff --git a/meson.build b/meson.build index 3f51d6c..09d93e2 100644 --- a/meson.build +++ b/meson.build @@ -138,9 +138,12 @@ endif add_project_arguments(common_flags, language: 'c') -gio_dep = dependency('gio-2.0', version: '>= 2.37.3') +# Ensure we have the changes from https://gitlab.gnome.org/GNOME/glib/merge_requests/1286 +# and https://gitlab.gnome.org/GNOME/glib/merge_requests/1342 +glib_min_version = '2.63.5' +gio_dep = dependency('gio-2.0', version: '>= ' + glib_min_version) gio_unix_dep = dependency('gio-unix-2.0') -glib_dep = dependency('glib-2.0', version: '>= 2.44') +glib_dep = dependency('glib-2.0', version: '>= ' + glib_min_version) polkit_gobject_dep = dependency('polkit-gobject-1') crypt_dep = cc.find_library('crypt') diff --git a/src/daemon.c b/src/daemon.c index 27790e5..300530d 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -1165,7 +1165,6 @@ daemon_create_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_create_user_authorized_cb, context, data, @@ -1217,7 +1216,6 @@ daemon_cache_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_cache_user_authorized_cb, context, g_strdup (user_name), @@ -1267,7 +1265,6 @@ daemon_uncache_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_uncache_user_authorized_cb, context, g_strdup (user_name), @@ -1363,7 +1360,6 @@ daemon_delete_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_delete_user_authorized_cb, context, data, @@ -1433,11 +1429,28 @@ check_auth_cb (PolkitAuthority *authority, check_auth_data_free (data); } +static gboolean +get_allow_interaction (GDBusMethodInvocation *invocation) +{ + /* GLib 2.46 is when G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION + * was first released. + */ +#if GLIB_CHECK_VERSION(2, 46, 0) + GDBusMessage *message = g_dbus_method_invocation_get_message (invocation); + GDBusMessageFlags message_flags = g_dbus_message_get_flags (message); + if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION) + return TRUE; + else + return FALSE; +#else + return TRUE; +#endif +} + void daemon_local_check_auth (Daemon *daemon, User *user, const gchar *action_id, - gboolean allow_interaction, AuthorizedCallback authorized_cb, GDBusMethodInvocation *context, gpointer authorized_cb_data, @@ -1447,6 +1460,7 @@ daemon_local_check_auth (Daemon *daemon, CheckAuthData *data; PolkitSubject *subject; PolkitCheckAuthorizationFlags flags; + gboolean allow_interaction = get_allow_interaction (context); data = g_new0 (CheckAuthData, 1); data->daemon = g_object_ref (daemon); diff --git a/src/daemon.h b/src/daemon.h index 9047ad3..99689b0 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -83,7 +83,6 @@ typedef void (*AuthorizedCallback) (Daemon *daemon, void daemon_local_check_auth (Daemon *daemon, User *user, const gchar *action_id, - gboolean allow_interaction, AuthorizedCallback auth_cb, GDBusMethodInvocation *context, gpointer data, diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c index 93d4423..09306d7 100644 --- a/src/libaccountsservice/act-user-manager.c +++ b/src/libaccountsservice/act-user-manager.c @@ -289,6 +289,8 @@ activate_console_kit_session_id (ActUserManager *manager, if (proxy) res = console_kit_seat_call_activate_session_sync (proxy, session_id, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error); @@ -355,7 +357,12 @@ _ck_session_is_login_window (ActUserManager *manager, NULL, &error); if (proxy) - res = console_kit_session_call_get_session_type_sync (proxy, &session_type, NULL, &error); + res = console_kit_session_call_get_session_type_sync (proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, + &session_type, + NULL, + &error); if (!res) { if (error != NULL) { @@ -504,7 +511,12 @@ _can_activate_console_kit_sessions (ActUserManager *manager) g_autoptr(GError) error = NULL; gboolean can_activate_sessions = FALSE; - if (!console_kit_seat_call_can_activate_sessions_sync (priv->seat.seat_proxy, &can_activate_sessions, NULL, &error)) { + if (!console_kit_seat_call_can_activate_sessions_sync (priv->seat.seat_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, + &can_activate_sessions, + NULL, + &error)) { if (error != NULL) { g_warning ("unable to determine if seat can activate sessions: %s", error->message); @@ -853,6 +865,8 @@ get_seat_id_for_current_session (ActUserManager *manager) } #endif console_kit_session_call_get_seat_id (priv->seat.session_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_get_seat_id_finished, g_object_ref (manager)); @@ -1323,7 +1337,9 @@ get_current_session_id (ActUserManager *manager) } } - console_kit_manager_call_get_current_session (priv->ck_manager_proxy, NULL, + console_kit_manager_call_get_current_session (priv->ck_manager_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_get_current_session_finished, g_object_ref (manager)); } @@ -1483,6 +1499,8 @@ get_uid_for_new_session (ActUserManagerNewSession *new_session) new_session->pending_calls++; console_kit_session_call_get_unix_user (new_session->proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, new_session->cancellable, on_get_unix_user_finished, new_session); @@ -1563,6 +1581,8 @@ find_user_in_accounts_service (ActUserManager *manager, case ACT_USER_MANAGER_FETCH_USER_FROM_USERNAME_REQUEST: accounts_accounts_call_find_user_by_name (priv->accounts_proxy, request->username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_find_user_by_name_finished, request); @@ -1570,6 +1590,8 @@ find_user_in_accounts_service (ActUserManager *manager, case ACT_USER_MANAGER_FETCH_USER_FROM_ID_REQUEST: accounts_accounts_call_find_user_by_id (priv->accounts_proxy, request->uid, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_find_user_by_id_finished, request); @@ -1733,6 +1755,8 @@ get_x11_display_for_new_session (ActUserManagerNewSession *new_session) new_session->pending_calls++; console_kit_session_call_get_x11_display (new_session->proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, new_session->cancellable, on_get_x11_display_finished, new_session); @@ -2429,6 +2453,8 @@ load_user (ActUserManager *manager, user_found = accounts_accounts_call_find_user_by_name_sync (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &object_path, NULL, &error); @@ -2621,6 +2647,8 @@ load_console_kit_sessions (ActUserManager *manager) priv->getting_sessions = TRUE; console_kit_seat_call_get_sessions (priv->seat.seat_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_get_sessions_finished, g_object_ref (manager)); @@ -2654,6 +2682,8 @@ load_users (ActUserManager *manager) g_debug ("ActUserManager: calling 'ListCachedUsers'"); could_list = accounts_accounts_call_list_cached_users_sync (priv->accounts_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &user_paths, NULL, &error); @@ -3173,6 +3203,8 @@ act_user_manager_create_user (ActUserManager *manager, username, fullname, accounttype, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &path, NULL, &local_error); @@ -3244,6 +3276,8 @@ act_user_manager_create_user_async (ActUserManager *manager, username, fullname, accounttype, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } @@ -3318,6 +3352,8 @@ act_user_manager_cache_user (ActUserManager *manager, res = accounts_accounts_call_cache_user_sync (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &path, NULL, &local_error); @@ -3369,6 +3405,8 @@ act_user_manager_cache_user_async (ActUserManager *manager, accounts_accounts_call_cache_user (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } @@ -3445,6 +3483,8 @@ act_user_manager_uncache_user (ActUserManager *manager, res = accounts_accounts_call_uncache_user_sync (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &local_error); if (!res) { @@ -3494,6 +3534,8 @@ act_user_manager_uncache_user_async (ActUserManager *manager, accounts_accounts_call_uncache_user (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } @@ -3567,6 +3609,8 @@ act_user_manager_delete_user (ActUserManager *manager, if (!accounts_accounts_call_delete_user_sync (priv->accounts_proxy, act_user_get_uid (user), remove_files, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &local_error)) { g_propagate_error (error, local_error); @@ -3617,6 +3661,8 @@ act_user_manager_delete_user_async (ActUserManager *manager, accounts_accounts_call_delete_user (priv->accounts_proxy, act_user_get_uid (user), remove_files, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c index 5867180..8c30a02 100644 --- a/src/libaccountsservice/act-user.c +++ b/src/libaccountsservice/act-user.c @@ -1297,6 +1297,8 @@ act_user_get_password_expiration_policy (ActUser *user, g_return_if_fail (ACCOUNTS_IS_USER (user->accounts_proxy)); if (!accounts_user_call_get_password_expiration_policy_sync (user->accounts_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, expiration_time, last_change_time, min_days_between_changes, @@ -1331,6 +1333,8 @@ act_user_set_email (ActUser *user, if (!accounts_user_call_set_email_sync (user->accounts_proxy, email, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetEmail call failed: %s", error->message); @@ -1359,6 +1363,8 @@ act_user_set_language (ActUser *user, if (!accounts_user_call_set_language_sync (user->accounts_proxy, language, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetLanguage for language %s failed: %s", language, error->message); @@ -1387,6 +1393,8 @@ act_user_set_x_session (ActUser *user, if (!accounts_user_call_set_xsession_sync (user->accounts_proxy, x_session, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetXSession call failed: %s", error->message); @@ -1415,6 +1423,8 @@ act_user_set_session (ActUser *user, if (!accounts_user_call_set_session_sync (user->accounts_proxy, session, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetSession call failed: %s", error->message); @@ -1443,6 +1453,8 @@ act_user_set_session_type (ActUser *user, if (!accounts_user_call_set_session_type_sync (user->accounts_proxy, session_type, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetSessionType call failed: %s", error->message); @@ -1471,6 +1483,8 @@ act_user_set_location (ActUser *user, if (!accounts_user_call_set_location_sync (user->accounts_proxy, location, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetLocation call failed: %s", error->message); @@ -1499,6 +1513,8 @@ act_user_set_user_name (ActUser *user, if (!accounts_user_call_set_user_name_sync (user->accounts_proxy, user_name, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetUserName call failed: %s", error->message); @@ -1527,6 +1543,8 @@ act_user_set_real_name (ActUser *user, if (!accounts_user_call_set_real_name_sync (user->accounts_proxy, real_name, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetRealName call failed: %s", error->message); @@ -1555,6 +1573,8 @@ act_user_set_icon_file (ActUser *user, if (!accounts_user_call_set_icon_file_sync (user->accounts_proxy, icon_file, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetIconFile call failed: %s", error->message); @@ -1581,9 +1601,11 @@ act_user_set_account_type (ActUser *user, g_return_if_fail (ACCOUNTS_IS_USER (user->accounts_proxy)); if (!accounts_user_call_set_account_type_sync (user->accounts_proxy, - account_type, - NULL, - &error)) { + account_type, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, + NULL, + &error)) { g_warning ("SetAccountType call failed: %s", error->message); return; } @@ -1646,6 +1668,8 @@ act_user_set_password (ActUser *user, if (!accounts_user_call_set_password_sync (user->accounts_proxy, crypted, hint, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetPassword call failed: %s", error->message); @@ -1674,6 +1698,8 @@ act_user_set_password_hint (ActUser *user, if (!accounts_user_call_set_password_hint_sync (user->accounts_proxy, hint, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetPasswordHint call failed: %s", error->message); @@ -1704,6 +1730,8 @@ act_user_set_password_mode (ActUser *user, if (!accounts_user_call_set_password_mode_sync (user->accounts_proxy, (gint) password_mode, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetPasswordMode call failed: %s", error->message); @@ -1728,6 +1756,8 @@ act_user_set_locked (ActUser *user, if (!accounts_user_call_set_locked_sync (user->accounts_proxy, locked, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetLocked call failed: %s", error->message); @@ -1757,6 +1787,8 @@ act_user_set_automatic_login (ActUser *user, if (!accounts_user_call_set_automatic_login_sync (user->accounts_proxy, enabled, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetAutomaticLogin call failed: %s", error->message); diff --git a/src/libaccountsservice/meson.build b/src/libaccountsservice/meson.build index 615a015..543f533 100644 --- a/src/libaccountsservice/meson.build +++ b/src/libaccountsservice/meson.build @@ -45,6 +45,7 @@ foreach iface: ifaces '@0@.@1@.xml'.format(prefix, iface), interface_prefix: prefix, namespace: namespace, + extra_args: ['--glib-min-required', '2.64'], ) endforeach diff --git a/src/meson.build b/src/meson.build index 20d5276..7db1d46 100644 --- a/src/meson.build +++ b/src/meson.build @@ -13,6 +13,7 @@ foreach iface: ifaces join_paths(data_dir, iface[1] + iface[2] + '.xml'), interface_prefix: iface[1], namespace: 'Accounts', + extra_args: ['--glib-min-required', '2.64'], ) sources += gdbus_sources gdbus_headers += gdbus_sources[1] @@ -611,7 +611,7 @@ user_extension_method_call (GDBusConnection *connection, user_extension_authentication_done (user->daemon, user, invocation, iface_info); } else { - daemon_local_check_auth (user->daemon, user, action_id, TRUE, + daemon_local_check_auth (user->daemon, user, action_id, user_extension_authentication_done, invocation, iface_info, NULL); } @@ -884,7 +884,6 @@ user_set_real_name (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_real_name_authorized_cb, context, g_strdup (real_name), @@ -943,7 +942,6 @@ user_set_user_name (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_user_name_authorized_cb, context, g_strdup (user_name), @@ -994,7 +992,6 @@ user_set_email (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_email_authorized_cb, context, g_strdup (email), @@ -1045,7 +1042,6 @@ user_set_language (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_language_authorized_cb, context, g_strdup (language), @@ -1094,7 +1090,6 @@ user_set_session (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_session_authorized_cb, context, g_strdup (session), @@ -1143,7 +1138,6 @@ user_set_session_type (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_session_type_authorized_cb, context, g_strdup (session_type), @@ -1192,7 +1186,6 @@ user_set_x_session (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_x_session_authorized_cb, context, g_strdup (x_session), @@ -1244,7 +1237,6 @@ user_get_password_expiration_policy (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_get_password_expiration_policy_authorized_cb, context, NULL, @@ -1294,7 +1286,6 @@ user_set_location (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_location_authorized_cb, context, g_strdup (location), @@ -1351,7 +1342,6 @@ user_set_home_directory (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_home_dir_authorized_cb, context, g_strdup (home_dir), @@ -1405,7 +1395,6 @@ user_set_shell (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_shell_authorized_cb, context, g_strdup (shell), @@ -1575,7 +1564,6 @@ user_set_icon_file (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_icon_file_authorized_cb, context, g_strdup (filename), @@ -1653,7 +1641,6 @@ user_set_locked (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_locked_authorized_cb, context, GINT_TO_POINTER (locked), @@ -1762,7 +1749,6 @@ user_set_account_type (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_account_type_authorized_cb, context, GINT_TO_POINTER (account_type), @@ -1878,7 +1864,6 @@ user_set_password_mode (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_password_mode_authorized_cb, context, GINT_TO_POINTER (mode), @@ -1964,7 +1949,6 @@ user_set_password (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_password_authorized_cb, context, data, @@ -2019,7 +2003,6 @@ user_set_password_hint (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_password_hint_authorized_cb, context, g_strdup (hint), @@ -2065,7 +2048,6 @@ user_set_automatic_login (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_automatic_login_authorized_cb, context, GINT_TO_POINTER (enabled), |