1. 25 Aug, 2019 1 commit
  2. 24 Aug, 2019 1 commit
  3. 13 Aug, 2019 2 commits
  4. 01 Aug, 2019 1 commit
  5. 09 May, 2019 1 commit
    • Ray Strode's avatar
      data: don't send change updates for login-history · 64b11314
      Ray Strode authored
      The login-history property of user objects can be quite large.
      If wtmp is changed frequently, that can lead to memory fragmentation
      in clients.
      Furthermore, most clients never check login-history, so it's
      wasted memory and wasted cpu.
      This commit disables change notification for that property.  If
      a client really needs to get updates, they can manually refresh
      their cache when appropriate.
  6. 07 May, 2019 2 commits
    • Philip Withnall's avatar
      data: Tighten up systemd sandboxing of accounts-daemon.service · 0e712e93
      Philip Withnall authored
      Tighten up the sandboxing of the daemon, paying particular attention to
      file system access. Further work could be done to make the daemon run as
      a non-root user (User=/Group=/DynamicUser=), drop capabilities
      (CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=).
      This is a reasonable starting point, though. It has been tested with
      adding, modifying and deleting users, and reading/writing user extension
      data. Testing was done on a Fedora and a Debian-based system.
      The useradd/userdel/usermod subprocesses require a lot of permissions
      which the accounts-service daemon itself doesn’t. In future, it might
      make sense to run them in a separate privilege-escalated sandbox, and
      further restrict the permissions of the accounts-service daemon itself.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
    • Philip Withnall's avatar
      build: Expose chosen path_wtmp value as a variable · 152b845b
      Philip Withnall authored
      This will be used in a following commit.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
  7. 29 Apr, 2019 1 commit
    • Ray Strode's avatar
      daemon: ensure cache files for system users are processed · d8b77951
      Ray Strode authored
      At the moment we skip cache files for system users.  That
      doesn't make much sense; if there's a cache file we should
      be using it.
      This commit changes the code to read cache files, even for
      system users, and so lets root have a non-default session.
      Closes: #65
  8. 23 Apr, 2019 2 commits
  9. 17 Apr, 2019 1 commit
    • João Paulo Rechi Vita's avatar
      daemon: Wait for reload before servicing list_cached_users · e88a50bd
      João Paulo Rechi Vita authored
      When /etc/passwd, /etc/shadow or /etc/group are changed outside of
      AccountsService, the cache reload is delayed by 500 ms so subsequent
      changes to these files are process seen together and AccountsService has
      a consistent view of the data (since after one of these files is changed
      the others may change too).
      If ListCachedUsers is called in this 500 ms window,
      finish_list_cached_users will be executed before reload_users_timeout
      has been dispatched, since its added to the mainloop as an idler and at
      point there is nothing preventing it from being executed. This makes
      finish_list_cached_users only be attached to the mainloop after
      reload_users_timeout has been dispatched.
      This bug was introduced by commit 4e3fad33 when the 500 ms delay was
      Closes: #71
  10. 09 Apr, 2019 1 commit
  11. 08 Apr, 2019 1 commit
  12. 20 Mar, 2019 1 commit
  13. 15 Mar, 2019 1 commit
  14. 12 Mar, 2019 1 commit
  15. 22 Feb, 2019 4 commits
  16. 20 Feb, 2019 1 commit
  17. 12 Feb, 2019 1 commit
  18. 19 Dec, 2018 1 commit
  19. 02 Oct, 2018 1 commit
  20. 01 Oct, 2018 1 commit
  21. 29 Sep, 2018 3 commits
  22. 26 Sep, 2018 9 commits
  23. 11 Sep, 2018 2 commits