1. 07 Feb, 2020 1 commit
    • Matthew Leeds's avatar
      Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag · d5847d8d
      Matthew Leeds authored
      Currently we always use the flag
      POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if
      a subject is authorized for an action, meaning that we cause polkit to
      create an interactive dialog box. However since GLib 2.46, there has
      been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which
      indicates if the caller is prepared to have the user authenticate (e.g.
      it's a user-facing program not a daemon). So, check for this flag in
      daemon_local_check_auth().
      
      The impetus for this patch is that in the Endles fork of
      gnome-control-center we use the library malcontent, and call
      mct_manager_get_app_filter() even when we don't have permission to
      actually read the user's app filter, since it shouldn't cause a dialog
      without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However
      because accountsservice doesn't respect
      G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to
      create an auth dialog anyway (and hits an error but that's a separate
      gnome-shell bug).
      
      In libaccountsservice, we use code generated by gdbus-codegen to call
      D-Bus methods implemented by the daemon, and that generated code
      unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users
      of libaccountsservice can't use interactive auth. The solution is to
      bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and
      pass --glib-min-required 2.64 to gdbus-codegen, which causes the
      generated code to have two more arguments for each method call: one for
      GDBusCallFlags and one for a timeout value.
      
      For now we always use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
      in libaccountsservice, to maintain compatibility. It might make sense to
      add API in the future so that users of the library can specify if they
      want to allow interactive auth.
      
      This commit also makes us use
      G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION for method calls
      implemented by ConsoleKit, even though presumably no problems are caused
      by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory
      ConsoleKit could check for
      G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION one day (although
      in practice I think it's deprecated and inactive), and I think the whole
      of libaccountsservice should assume interactive auth is allowed until we
      have API to distinguish the no-interactive-auth case.
      d5847d8d
  2. 13 Sep, 2019 1 commit
  3. 19 Dec, 2018 1 commit
  4. 20 Aug, 2018 2 commits
    • Ray Strode's avatar
      user: export new Saved property · 14bb1237
      Ray Strode authored
      accountsservice maintains a state file for some users, if those users
      have selected a specific session or language.
      
      There's no good way, at the moment, for an application to check if a
      specific user has saved state.
      
      This commit exports the Saved property on the User object.
      14bb1237
    • Ray Strode's avatar
      user: add new Session/SessionType properties to replace XSession · c66cee94
      Ray Strode authored
      Having a property called XSession in the API makes little
      sense when wayland has taken the world by storm.
      
      This commit adds new "Session" property without the "X" in the name,
      and an additional property "SessionType" that can be either
      "wayland" or "x11".
      c66cee94
  5. 14 Feb, 2018 1 commit
    • Ray Strode's avatar
      lib: don't try to update login frequency manually · a045e06a
      Ray Strode authored
      The library will try to update the login frequency to 1 if the
      requested user isn't finished asynchronously loading yet, but we
      know they have an open session.
      
      That no longer works, since we no longer track login-frequency
      separately from the dbus proxy object.
      
      This commit drops the code, since it's unnecessary anyway.
      
      To be "on the safe side" we change the value returned for unloaded
      users from 0 to 1.  This is okay because the value is undefined
      before the user is loaded anyway.
      a045e06a
  6. 30 Jan, 2018 1 commit
  7. 24 Jan, 2018 1 commit
  8. 19 Dec, 2017 1 commit
  9. 29 Nov, 2017 3 commits
  10. 03 Nov, 2017 1 commit
  11. 27 Oct, 2017 3 commits
  12. 27 Mar, 2017 1 commit
  13. 11 Jan, 2016 1 commit
  14. 16 Mar, 2015 1 commit
  15. 06 Mar, 2015 1 commit
  16. 22 Jan, 2015 1 commit
  17. 21 Jul, 2014 4 commits
  18. 01 Jul, 2013 1 commit
    • Lionel Landwerlin's avatar
      ActUserManager: handle nonexistent users · 254e959f
      Lionel Landwerlin authored
      Right now if a nonexistent user is requested from the accounts service,
      we don't give the caller any sort of notication that the user doesn't
      exist. This cascades into d-bus timeouts and ultimately a broken login
      screen.
      
      This commit adds a new "nonexistent" user property to the user object
      and sets it to TRUE when a requested user fails to load.  It also
      makes sure the user objects is-loaded property gets set.
      
      Based on a patch by Lionel Landwerlin <llandwerlin@gmail.com>
      
      https://bugs.freedesktop.org/show_bug.cgi?id=66325
      254e959f
  19. 18 Jun, 2013 1 commit
  20. 06 Jun, 2013 1 commit
  21. 11 May, 2013 1 commit
  22. 25 Mar, 2013 1 commit
  23. 18 Dec, 2012 1 commit
  24. 12 Dec, 2012 1 commit
    • Ray Strode's avatar
      lib: don't lose sessions list for users at startup · acb79f31
      Ray Strode authored
      ActUser objects can be germinated from various sources:
      
      1) a get_user call
      2) a get_user_by_id call
      3) a list_users call
      
      Because of this, there may be one ActUser objects in
      the wild holding the users session lists, and another
      holding all the user information returned from the account
      service.
      
      This commit makes sure at the, end of the day, we consolidate
      all the information we know, so some doesn't get dropped on
      the floor.
      
      Related to gnome bug https://bugzilla.gnome.org/show_bug.cgi?id=671858
      acb79f31
  25. 19 Nov, 2012 1 commit
  26. 18 Nov, 2012 2 commits
  27. 12 Nov, 2012 2 commits
  28. 16 Aug, 2012 3 commits