1. 01 May, 2020 1 commit
  2. 28 Feb, 2020 2 commits
  3. 27 Feb, 2020 2 commits
    • Michael Catanzaro's avatar
      user: fix double-unref of GDBusMethodInvocation throughout · 771eb671
      Michael Catanzaro authored
      When we return FALSE, we're not saying "failure," we're actually
      saying "unhandled." So in accounts-user-generated.c (generated by
      gdbus-codegen), _accounts_user_skeleton_handle_method_call() will
      call g_dbus_method_invocation_return_error(), which assumes
      ownership, sends a D-Bus error to the peer, and unrefs the
      GDBusMethodInvocation. Problem is, we've already done all of that
      and doing so twice is unexpected and bad.
      Spotted by Ray Strode in !51.
      Fixes #86
    • Michael Catanzaro's avatar
      user: fix indentation error · f8d77183
      Michael Catanzaro authored
  4. 07 Feb, 2020 1 commit
    • Matthew Leeds's avatar
      Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag · d5847d8d
      Matthew Leeds authored
      Currently we always use the flag
      a subject is authorized for an action, meaning that we cause polkit to
      create an interactive dialog box. However since GLib 2.46, there has
      indicates if the caller is prepared to have the user authenticate (e.g.
      it's a user-facing program not a daemon). So, check for this flag in
      The impetus for this patch is that in the Endles fork of
      gnome-control-center we use the library malcontent, and call
      mct_manager_get_app_filter() even when we don't have permission to
      actually read the user's app filter, since it shouldn't cause a dialog
      without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However
      because accountsservice doesn't respect
      create an auth dialog anyway (and hits an error but that's a separate
      gnome-shell bug).
      In libaccountsservice, we use code generated by gdbus-codegen to call
      D-Bus methods implemented by the daemon, and that generated code
      unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users
      of libaccountsservice can't use interactive auth. The solution is to
      bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and
      pass --glib-min-required 2.64 to gdbus-codegen, which causes the
      generated code to have two more arguments for each method call: one for
      GDBusCallFlags and one for a timeout value.
      in libaccountsservice, to maintain compatibility. It might make sense to
      add API in the future so that users of the library can specify if they
      want to allow interactive auth.
      This commit also makes us use
      implemented by ConsoleKit, even though presumably no problems are caused
      by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory
      ConsoleKit could check for
      in practice I think it's deprecated and inactive), and I think the whole
      of libaccountsservice should assume interactive auth is allowed until we
      have API to distinguish the no-interactive-auth case.
  5. 15 Mar, 2019 1 commit
  6. 19 Dec, 2018 1 commit
  7. 20 Aug, 2018 2 commits
    • Ray Strode's avatar
      user: export new Saved property · 14bb1237
      Ray Strode authored
      accountsservice maintains a state file for some users, if those users
      have selected a specific session or language.
      There's no good way, at the moment, for an application to check if a
      specific user has saved state.
      This commit exports the Saved property on the User object.
    • Ray Strode's avatar
      user: add new Session/SessionType properties to replace XSession · c66cee94
      Ray Strode authored
      Having a property called XSession in the API makes little
      sense when wayland has taken the world by storm.
      This commit adds new "Session" property without the "X" in the name,
      and an additional property "SessionType" that can be either
      "wayland" or "x11".
  8. 10 Jul, 2018 1 commit
    • Matthias Gerstner's avatar
      user: fix insufficient path prefix check · f9abd359
      Matthias Gerstner authored
      The path prefix check can be circumvented by regular users by passing
      relative path component like so:
      $ dbus-send --system --print-reply --dest=org.freedesktop.Accounts \
              /org/freedesktop/Accounts/User1000 \
              org.freedesktop.Accounts.User.SetIconFile \
      This results in a user controlled path being stored in the
      accountsservice. Clients of accountsservice may unwittingly trust this
      To fix that situation this commit canonicalizes the input path before
      the prefix comparison.
      Some small changes to patch by Ray Strode.
  9. 20 Apr, 2018 1 commit
    • Ray Strode's avatar
      daemon: don't override property from user skeleton · e18e8a3a
      Ray Strode authored
      At the moment the skeleton superclass associated with a user keeps
      cached copies of all properties, and the derived user class also
      keeps duplicate copies of those properties.
      The problem is these property values get out of sync and the derived
      class fails to emit PropertyChanged signals when the properties
      are updated.
      This commit solves the issue by cutting out the redundant property
      data and just defers all property storage to the skeleton.
  10. 07 Feb, 2018 1 commit
  11. 21 Dec, 2017 1 commit
  12. 19 Dec, 2017 3 commits
  13. 18 Aug, 2017 1 commit
  14. 15 May, 2017 1 commit
  15. 27 Mar, 2017 1 commit
  16. 30 Jun, 2016 2 commits
  17. 16 Mar, 2015 1 commit
  18. 31 Oct, 2014 1 commit
    • Giovanni Mascellani's avatar
      daemon: fix object path derivation for large UIDs · 163f2d14
      Giovanni Mascellani authored
      accountsservice exports an object on the system bus
      for every user it tracks. The path of the object is
      derived from the user's uid.
      The format string used for computing the object path
      supposes the UID is signed. UIDs are unsigned quantities,
      though, so very large UIDs get misrepresented as negative
      values in the resulting object path. The negative sign
      "-" is invalid in an object path. Under these circumstances,
      accountsservice will crash.
      This commit corrects the problem, by using a format string
      that is appropriate for unsigned values.
  19. 29 Jan, 2014 1 commit
  20. 07 Nov, 2013 1 commit
  21. 22 Oct, 2013 1 commit
  22. 15 Oct, 2013 1 commit
  23. 08 Oct, 2013 1 commit
  24. 01 Oct, 2013 1 commit
    • Allison Lortie's avatar
      Clean up user classification logic · 0a7e6f63
      Allison Lortie authored
      Bring back the simple login.defs-based check for if a user is human or
      not and enable it by default.
      Add a build option --enable-user-heuristics to get the old behaviour
      back again.
      Split out all human vs. system user divination into a new file,
      user-classify.c in order to clean up daemon.c a bit.
  25. 08 Aug, 2013 1 commit
  26. 17 Jul, 2013 2 commits
    • Allison Lortie's avatar
      service: add support for extension interfaces · 21de4bd5
      Allison Lortie authored
      First pass at what a patch might look like.  Requires the new GDBus
      async property handling changes.
    • Allison Lortie's avatar
      User: hold on to our keyfile · 3e1ce93f
      Allison Lortie authored
      When updating a User object from keyfile, keep reference on the keyfile
      object passed in and modify the Daemon not to destroy it.
      When saving a User, instead of creating a new keyfile, reuse the one we
      stored on the object.
      We still record the properties from the User object into the keyfile in
      the previous way (and include a modification to clear out the 'User'
      group before doing this).
      The intention here is to allow other groups stored in the keyfile to be
      preserved.  These other groups are likely to correspond to extension
      interfaces (which will be introduced in future patches).
      An alternative approach would have been to only preserve groups for
      extensions that we currently have loaded but this was abandoned as being
      excessively brittle since the result of a temporarily missing extension
      file would be the destruction of data.
  27. 18 Jun, 2013 1 commit
  28. 11 Jun, 2013 2 commits
  29. 06 Jun, 2013 1 commit
  30. 20 May, 2013 3 commits