daemon: don't return account expiration policy if not known

Right now we assume the user's shadow entry will always be available.
If it's not available, we return fields from it initialized to 0.

That leads to spurious password expired notifications in GNOME.

This commit throws a NOT_SUPPORTED error if the shadow file is off
limits.

https://bugs.freedesktop.org/show_bug.cgi?id=104996

1 files changed, 7 insertions, 0 deletions

diff --git a/src/user.c b/src/user.c
index 0dee26c..f6ff9e3 100644
--- a/src/user.c
+++ b/src/user.c
@@ -106,6 +106,7 @@ struct User {
         GVariant     *login_history;
         gchar        *icon_file;
         gchar        *default_icon_file;
+        gboolean      account_expiration_policy_known;
         gboolean      locked;
         gboolean      automatic_login;
         gboolean      system_account;
@@ -284,6 +285,7 @@ user_update_from_pwent (User          *user,
                 user->max_days_between_changes = spent->sp_max;
                 user->days_to_warn  = spent->sp_warn;
                 user->days_after_expiration_until_lock = spent->sp_inact;
+                user->account_expiration_policy_known = TRUE;
         }
 
         if (user->password_mode != mode) {
@@ -1151,6 +1153,11 @@ user_get_password_expiration_policy_authorized_cb (Daemon                *daemon
                                                    gpointer               data)
 
 {
+        if (!user->account_expiration_policy_known) {
+                throw_error (context, ERROR_NOT_SUPPORTED, "account expiration policy unknown to accounts service");
+                return;
+        }
+
         accounts_user_complete_get_password_expiration_policy (ACCOUNTS_USER (user),
                                                                context,
                                                                user->expiration_time,