Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Positional parameters to merge_file() were never allowed and always
ignored, so just drop it.
See: https://github.com/mesonbuild/meson/issues/9441
Fixes #97
|
|
Contribution by Henrique Machado Campos
|
|
|
|
At the moment, at start up we unconditionally reset permission of all
cache files in /var/lib/AccountsService/users. If the mode of the files
can't be reset, accountsservice fails to start.
But there's a situation where we should proceed anyway: If the
mode is already correct, and the file is read-only, there is no reason
to refuse to proceed.
This commit changes the code to explicitly validate the permissions of
the file before failing.
|
|
At the moment we do dodgy checks based on uid to decide whether or not
an account is a system account.
For legacy reasons, sometimes normal users have really low UIDs.
This commit reshuffles things, so the cache file "wins" for deciding
whether or not a user is a system user.
|
|
|
|
At the moment there's no easy way to set a default session, or
face icon or whatever for all users. If a user has never logged in
before, we just generate their cache file from hardcoded defaults.
This commit introduces a template system to make it possible for
admins to set up defaults on their own.
Admins can write either
/etc/accountsservice/user-templates/administrator
or
/etc/accountsservice/user-templates/standard
files. These files follow the same format as
/var/lib/AccountsService/users/username
files, but will support substituting $HOME and $USER to the appropriate
user specific values.
User templates also support an additional group [Template] that
have an additional key EnvironmentFiles that specify a list
of environment files to load (files with KEY=VALUE pairs in them).
Any keys listed in those environment files will also get substituted.
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/63
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The daemon code manually calls `g_signal_emit_by_name (user, "changed", 0)` every time it changes that users `automatic-login` property.
This emission is redundant because the user code sets up a `notify` handler to emit `changed` it self any time any of its properties are changed.
|
|
The variable uid is used only when the loginuid cannot be obtained
or is empty. Change it to get the variable uid when needed
|
|
|
|
|
|
|
|
|
|
The proxy "xsession" property is exposed as "x-session" to the API, so
don't break the API, but translate the name internally.
|
|
Accounts service provides the user's set_user_name() function that
allows to change an user username, but if this happens the user won't
ever be moved by index in the containing hash table, causing the user to
be never deleted when calling delete_user() and it will be always
exposed when listing or fetching it.
In fact we refer to the users only by their usernames but this may
change and in such situation they'd be left stale in the containing
table.
So, add ability to get an user by the UID, and use this function to
check if the user has been renamed during the "changed" callback and if
so, update its hashtable key.
|
|
The refcounting of `ActUser` instances was a bit jumbled and unclear,
and seemed to contain several bugs. In particular,
`act_user_manager_get_user_by_id()` was behaving as `(transfer full)`
when it was documented as `(transfer none)`.
Try and tidy the refcounting up, to a certain extent. There may still be
issues left.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
Otherwise, a trivial executable that includes <act/act.h>, built with
$(pkg-config --cflags --libs accountsservice), will fail to compile
when we cannot include headers like <glib-object.h>.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
And set is-loaded accordingly. This causes properties to be invalidated
on the client side and then get re-fetched when the daemon comes back.
https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/55
|
|
This introduces one small functional change: if any of the groups in
`EXTRA_ADMIN_GROUPS` can’t be resolved using `getgrnam()`, an error will
now be thrown. Previously, it would be ignored.
Other than that, this introduces no functional changes and is just
intended as a code cleanup.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
Filter out the `extra_admin_groups` from the group list when a user is
no longer an admin.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
The correct way to tell `g_option_context_new()` not to print any
information after the options is to pass `NULL`. Passing the empty
string results in a call to `gettext ("")`, which returns the
translation’s header.
This fixes the output of `accounts-daemon --help`.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
Bad news for Geoffrey Ingram Taylor.
See: #57
|
|
We don't want this code running except on Red Hat systems, where we can
maintain it in a downstream patch if need be.
The heuristic has been wrong before (e.g. as in #57) and is not useful
on upstream systems where 1000 is the presumed minimum uid for human
users.
|
|
Many, many user accounts use / as their home directory. If deleting
these accounts with accountsservice, we should just ignore requests to
delete the home dir, rather than trash the user's computer.
Fixes #57
|
|
Because real name is stored in the GECOS field of /etc/passwd, which is delimited
by commas that cannot be escaped, the user's full name must not contain a comma.
Fixes #83
|
|
See: #83
|
|
When we return FALSE, we're not saying "failure," we're actually
saying "unhandled." So in accounts-user-generated.c (generated by
gdbus-codegen), _accounts_user_skeleton_handle_method_call() will
call g_dbus_method_invocation_return_error(), which assumes
ownership, sends a D-Bus error to the peer, and unrefs the
GDBusMethodInvocation. Problem is, we've already done all of that
and doing so twice is unexpected and bad.
Spotted by Ray Strode in !51.
Fixes #86
|
|
|
|
This tidies up the code a bit, and (critically) exposes a concrete
structure for `ActUser` and `ActUserClass`. Previously these were
dangling typedefs, which meant the compiler had no idea they derived
from `GObject`, and hence would give warnings about strict aliasing when
(for example) calling:
```
g_set_object (&my_user, user);
```
where `my_user` and `user` were both `ActUser*`.
This shouldn’t introduce any API or ABI changes, as the library
basically exposed no API in this area before. The autoptr cleanup
function is now defined by `G_DECLARE_FINAL_TYPE`.
libaccountsservice already depends on GLib 2.63, so no dependency bump
is needed.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
ConsoleKit is very much dead and replaced by logind or elogind.
|
|
|
|
We don't use transifex anymore, so the file can be generated when
needed instead of stored in version control.
Closes: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/30
|
|
In particular, make it clear what format a locale is in, and what the
empty string and NULL values mean. I’ve guessed what they mean based on
what code which uses libaccountsservice does.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
This regressed in 4b3fdd19.
|
|
Currently we always use the flag
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if
a subject is authorized for an action, meaning that we cause polkit to
create an interactive dialog box. However since GLib 2.46, there has
been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which
indicates if the caller is prepared to have the user authenticate (e.g.
it's a user-facing program not a daemon). So, check for this flag in
daemon_local_check_auth().
The impetus for this patch is that in the Endles fork of
gnome-control-center we use the library malcontent, and call
mct_manager_get_app_filter() even when we don't have permission to
actually read the user's app filter, since it shouldn't cause a dialog
without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However
because accountsservice doesn't respect
G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to
create an auth dialog anyway (and hits an error but that's a separate
gnome-shell bug).
In libaccountsservice, we use code generated by gdbus-codegen to call
D-Bus methods implemented by the daemon, and that generated code
unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users
of libaccountsservice can't use interactive auth. The solution is to
bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and
pass --glib-min-required 2.64 to gdbus-codegen, which causes the
generated code to have two more arguments for each method call: one for
GDBusCallFlags and one for a timeout value.
For now we always use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
in libaccountsservice, to maintain compatibility. It might make sense to
add API in the future so that users of the library can specify if they
want to allow interactive auth.
This commit also makes us use
G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION for method calls
implemented by ConsoleKit, even though presumably no problems are caused
by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory
ConsoleKit could check for
G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION one day (although
in practice I think it's deprecated and inactive), and I think the whole
of libaccountsservice should assume interactive auth is allowed until we
have API to distinguish the no-interactive-auth case.
|
|
|
|
|
|
Meson gives the warning:
WARNING: Project specifies a minimum meson_version '>= 0.46.0' but uses features which were added in newer versions:
* 0.50.0: {'install arg in configure_file'}
|
|
The previous code would abort the write if it didn't exist.
|