| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This is cleaner, even if the security outcome is low...
|
|
|
|
|
|
New org.freedesktop.SystemToolsBackends.Authenticate interface, which can be called on all modules. This method takes no arguments, and returns a boolean, or error for cancelled or failed. It's implemented via dispatcher_filter_func(), calling dispatch_auth_message().
New check_polkit_auth() function to centralize PolicyKit authorizations handling, returning error when needed. We now require PolicyKit instead of it being an optional dependency, and need version 0.94 so that we can remove the PID checking workaround.
PolicyKit action for SelfConfig is now really used, so set it to "yes" since settings that can be changed that way are minor (just like the old behavior).
|
|
We don't need to use a struct, since the whole message only holds this object. Update the parameters taken in set_self(), which were outdated.
|
|
Never allow an UID of 0 to pass, in case of strange failure. Use gulong for UID since it's what D-Bus uses.
|
|
This was obviously preventing clients from starting the needed backends via D-Bus activation.
|
|
|
|
|
|
|
|
"System policy prevents..." is really not user-friendly, and doesn't mean anything clear. Use a nicer "You need to autenticate to..."
bgo#557770
|
|
|
|
Clients need to know what values were chosen for fields left blank. This also allows us to return NULL in case of failure, which provides error checking.
|
|
GroupsConfig is now only used to fetch list of groups and settings. All commit operations now go through GroupConfig: set(), add() and del() methods. This avoids problems when committing the whole list, which could lead to removing all groups on the system.
|
|
Instead of getting the password encrypted by the client, get it in plain text, and set it via PAM. This behavior is standard on all supported platforms, which allows for code simplification, and avoids bugs when new password encryption algorithms appear.
Never return the encrypted password on the bus. Instead, PAM should always be used to change it, possibly authenticating when changing own password.
|
|
SelfConfig is now a real object, and a dispatcher redirects messages with the UID of the caller. Rename a few calls that were naming it user_config, to avoid any confusion with the general UserConfig.
Add SelfConfig.pm, only accepting GECOS fields, locale and location, since other parameters can't be changed without admin authentication. Old and new passwords are required, since we'll use PAM to change it. Add Users.pm::[sg]et_self() to handle the DBus methods. Update DBus config file as needed.
|
|
When creating an user, empty string or maximum unsigned 32 bits integer value means "default", platform tools will then apply default system settings themselves. This applies to all parameters but user login, which is mandatory. Most clients should use this instead of guessing the policy by themselves.
On FreeBSD, we need to choose the name of the home dir ourselves, since pw doesn't create it.
|
|
Going through UsersConfig to commit changes to users is not the best solution since this can affect users that were not edited in case of a bug on the client's side. Thus, remove UsersConfig::set() in favor of new UserConfig::add(), del() and set(), which take a generic user structure. Allow these functions in dispatcher.c, but always check for "set" PolicyKit authorization (making distinction between "add", "set", "del" makes no sense at this point).
Add some fields to the user struct to be used later: encrypted home, locale and location, plus password and home directory flags. GID is now an unsigned 32 bits integer, with its max value meaning no group.
Rename D-Bus interfaces to UserConfig2 and UsersConfig2, since we break compatibility. Update DBus config file to reflect that.
|
|
exec() does not allow checking the returned error code. Use system() instead, even if we still need to fork to set stdin, stdout and LC_ALL. Add a new report when launching a command failed.
|
|
|
|
|
|
|
|
|
|
|
|
Another wrong command was preventing modifications from being applied.
|
|
Commit ee59351bfa31ee60779a20a79b1b49f308a777b0 broke it by removing the password parameter.
|
|
Passing a variable that did not exist on default platform completely broke users modification in most cases.
|
|
Copied and pasted too quickly...
|
|
|
|
|
|
|
|
|
|
|
|
This will prevent bad configuration from reaching the system. In addition, liboobs can now use priority 0 to mean "default value", so that the backends choose the default priority by themselves - GUI-side code should not deal with this.
|
|
Add a new "upstart" init system type that is for now a modified copy of our SystemV support. Use it under Debian systems. More precisely, we need to discard scripts from /etc/init.d that are also present in /etc/init, because they're only compatibility symlinks we should not play with. We also use "service" to start/stop scripts, instead of running them directly. This way, we don't break under Upstart, but only support traditional scripts for now. Support for Upstart jobs should come later.
|
|
Versions are confusing, and we should only support the current distribution release, since backports to stable releases are very unlikely. All this complexity was creating bugs with new versions not being supported properly. Adapted from a patch shipped by Debian as 01_debian_4.0.patch.
|
|
arguments
Using system() with a string instead of an array raises various issues when strings passed include special chars. Overall, it's claner and safer to use an array everywhere. This requires us to use our own execution code since system() does not accept setting STDOUT, STDERR, LC_ALL, and starting processes in the background when using an array. Note that run_backticks() still use the old logic, which is safe(r) because those commandlines are static. However, this commit also cleans get_cmd_path() by merging do_get_cmd_path() into it, and removing duplicate settings like $PATH.
|
|
|
|
D-Bus activation can return an error if we daemonize, so we should not do this be default, and let D-Bus daemonize the dispatcher. Thus, add a -D option to force this behavior if needed, and make -n a no-op. In the process, the commit removes the handling of the old STB_NO_DAEMON envvar, which has become useless. This fixes https://bugs.launchpad.net/bugs/411533. See also an explanation at https://bugzilla.gnome.org/show_bug.cgi?id=583356.
|
|
|
|
|
|
|
|
|
|
This prevents custom installs from potentially breaking the stb. Seems to be the common practice actually.
|
|
|
|
Also adjusted linguae in LINGUAS.
|
|
|
|
|
|
|
|
|
