1. 11 Apr, 2022 1 commit
    • Ray Strode's avatar
      util: Drop spawn_with_login_uid function · aef0cf13
      Ray Strode authored
      accountsservice will try to run commands under the loginuid of the
      caller that initiates a command. This gives a better trail in the
      audit log of who is doing what.
      
      Many systems now use CONFIG_AUDIT_LOGINUID_IMMUTABLE, though, making
      loginuid spoofing not even possible.
      
      Furthermore, some versions of systemd seem to be failing to handle
      putting /proc/self/loginuid in the ReadWritePaths list failing
      with an error:
      
        Failed to mount /run/systemd/unit-root/proc/844/loginuid to /run/systemd/unit-root/proc/844/loginuid: Permission denied
        accounts-daemon.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc/844/loginuid: Permission denied
        accounts-daemon.service: Failed at step NAMESPACE spawning /usr/libexec/accounts-daemon: Permission denied
      
      This commit drops all mentions of loginuid to workaround that error.
      
      Closes: #102
      aef0cf13
  2. 08 Apr, 2022 1 commit
    • Ray Strode's avatar
      daemon: Reload users less aggressively on wtmp changes · 836a9135
      Ray Strode authored
      accountsservice parses wtmp anytime it changes, so that it has
      an accurate accounting of user login frequency. This is important
      so that, e.g., the login screen can show the list of users in
      the order they use the system the most.
      
      The wtmp file can get very big though and take a long time to parse.
      
      Furthermore, in one scenario where it gets big, a user constantly
      logging in and out of the system, it also get written to frequently.
      In that case accountsservice basically constantly reparses the big
      file, chewing through CPU.
      
      This commit attempts to mitigate that scenario, by more aggressively
      rate limiting how often it reparses the file.
      
      Previously it would only parse the file 2 times a seconds at most.
      Now it only parses the file once every 10 seconds at most.
      
      Closes: #104
      836a9135
  3. 04 Apr, 2022 2 commits
  4. 23 Feb, 2022 1 commit
  5. 22 Feb, 2022 2 commits
  6. 19 Feb, 2022 1 commit
    • Ray Strode's avatar
      meson: Fix up version generation heursitics · 18191450
      Ray Strode authored
      They were all broken before for the tarball case and I didn't
      notice because I was checking the tarball in a subdirectory of
      the git repo so it was just exercising the git path.
      
      This commit makes one more attempt at fixing the issue, and
      also provides some protection against users that does shallow
      clones.
      
      #99
      18191450
  7. 15 Feb, 2022 3 commits
  8. 29 Jan, 2022 1 commit
  9. 28 Jan, 2022 3 commits
    • Ray Strode's avatar
      NEWS: Drop file completely · b92982be
      Ray Strode authored
      In the previous commit I changed NEWS to a stub saying to run git log,
      but I just realized telling someone who has potentially just unpacked
      a tarball to run git log is silly and wrong.
      
      This commit drops NEWS entirely.
      
      Maybe we can generate it from CI or something down the line.
      b92982be
    • Ray Strode's avatar
      NEWS: Drop NEWS file · f850cf20
      Ray Strode authored
      The NEWS file is an attempt to distill what changes have gone in since
      last release from the commits.
      
      But accountsservice is a pretty slow moving project and it doesn't
      really provide that much value over reading the commits directly.
      
      This commit drops the file, to make it easier to do releases.
      f850cf20
    • Ray Strode's avatar
      meson: Determine project version from date · e4a0b113
      Ray Strode authored
      Numbers are arbitrary, and we've never successfully made it to
      version 1.0 after like 12 years or something.
      
      Furthermore, accountsservice has a very slow release schedule at present
      and some distros hate building from git.
      
      So, I'd like to start generating tarballs more regularly.
      
      Adopting a version number derived from the date will help facilitate
      that.
      
      This commit introduces a script to figure out the version number based
      on the date and the number of commits since the last release.
      e4a0b113
  10. 27 Jan, 2022 1 commit
    • Sebastien's avatar
      daemon: Don't try to add admin users to non existing groups · b5903d5a
      Sebastien authored
      The extra admin groups list is a build-time option, but there is no guarantee
      the groups are available on the installed system. Currently if an extra admin
      group is missing on the system, accountsservice's will fail to create users
      because the underlying useradd call will fail.
      
      This commit fixes the issue, by pre-validating the extra admin groups
      list.
      b5903d5a
  11. 31 Oct, 2021 1 commit
  12. 12 Oct, 2021 1 commit
  13. 11 Oct, 2021 1 commit
  14. 08 Oct, 2021 4 commits
    • Ray Strode's avatar
      main: Allow cache files to be marked immutable · 9544664a
      Ray Strode authored and Ray Strode's avatar Ray Strode committed
      At the moment, at start up we unconditionally reset permission of all
      cache files in /var/lib/AccountsService/users.  If the mode of the files
      can't be reset, accountsservice fails to start.
      
      But there's a situation where we should proceed anyway: If the
      mode is already correct, and the file is read-only, there is no reason
      to refuse to proceed.
      
      This commit changes the code to explicitly validate the permissions of
      the file before failing.
      9544664a
    • Ray Strode's avatar
      daemon: Allow SystemAccount=false to be set in cache file · 985aed05
      Ray Strode authored and Ray Strode's avatar Ray Strode committed
      At the moment we do dodgy checks based on uid to decide whether or not
      an account is a system account.
      
      For legacy reasons, sometimes normal users have really low UIDs.
      
      This commit reshuffles things, so the cache file "wins" for deciding
      whether or not a user is a system user.
      985aed05
    • Dušan Kazik's avatar
      po: update slovak translation · 1ca1e90c
      Dušan Kazik authored and Ray Strode's avatar Ray Strode committed
      1ca1e90c
    • Ray Strode's avatar
      user: Introduce user templates for setting default session etc · e6dc3b9c
      Ray Strode authored and Ray Strode's avatar Ray Strode committed
      At the moment there's no easy way to set a default session, or
      face icon or whatever for all users.  If a user has never logged in
      before, we just generate their cache file from hardcoded defaults.
      
      This commit introduces a template system to make it possible for
      admins to set up defaults on their own.
      
      Admins can write either
      /etc/accountsservice/user-templates/administrator
      or
      /etc/accountsservice/user-templates/standard
      
      files.  These files follow the same format as
      
      /var/lib/AccountsService/users/username
      
      files, but will support substituting $HOME and $USER to the appropriate
      user specific values.
      
      User templates also support an additional group [Template] that
      have an additional key EnvironmentFiles that specify a list
      of environment files to load (files with KEY=VALUE pairs in them).
      Any keys listed in those environment files will also get substituted.
      
      #63
      e6dc3b9c
  15. 30 Sep, 2021 1 commit
  16. 26 Jul, 2021 1 commit
  17. 14 Jul, 2021 1 commit
  18. 27 Jun, 2021 1 commit
  19. 26 Jun, 2021 1 commit
  20. 22 Jun, 2021 1 commit
  21. 17 Jun, 2021 1 commit
    • mouse's avatar
      daemon: Remove duplicate "changed" signal emission · ceb0300c
      mouse authored
      The daemon code manually calls `g_signal_emit_by_name (user, "changed", 0)` every time it changes that users `automatic-login` property.
      This emission is redundant because the user code sets up a `notify` handler to emit `changed` it self any time any of its properties are changed.
      ceb0300c
  22. 13 May, 2021 1 commit
    • qi long's avatar
      util: Get uid when needed · bf883b03
      qi long authored
      The variable uid is used only when the loginuid cannot be obtained
      or is empty. Change it to get the variable uid when needed
      bf883b03
  23. 24 Mar, 2021 1 commit
  24. 16 Mar, 2021 7 commits
  25. 04 Sep, 2020 1 commit