- 04 Sep, 2020 1 commit
-
-
Christian K authored
-
- 14 Aug, 2020 1 commit
-
-
Simon McVittie authored
Otherwise, a trivial executable that includes <act/act.h>, built with $(pkg-config --cflags --libs accountsservice), will fail to compile when we cannot include headers like <glib-object.h>. Signed-off-by:
Simon McVittie <smcv@debian.org>
-
- 04 May, 2020 1 commit
-
- 01 May, 2020 2 commits
-
-
Philip Withnall authored
This introduces one small functional change: if any of the groups in `EXTRA_ADMIN_GROUPS` can’t be resolved using `getgrnam()`, an error will now be thrown. Previously, it would be ignored. Other than that, this introduces no functional changes and is just intended as a code cleanup. Signed-off-by:
Philip Withnall <withnall@endlessm.com>
-
Philip Withnall authored
Filter out the `extra_admin_groups` from the group list when a user is no longer an admin. Signed-off-by:
Philip Withnall <withnall@endlessm.com>
-
- 27 Apr, 2020 2 commits
-
-
Philip Withnall authored
The correct way to tell `g_option_context_new()` not to print any information after the options is to pass `NULL`. Passing the empty string results in a call to `gettext ("")`, which returns the translation’s header. This fixes the output of `accounts-daemon --help`. Signed-off-by:
Philip Withnall <withnall@endlessm.com>
-
Andika Triwidada authored
-
- 12 Mar, 2020 2 commits
-
-
Michael Catanzaro authored
Bad news for Geoffrey Ingram Taylor. See: #57
-
Michael Catanzaro authored
We don't want this code running except on Red Hat systems, where we can maintain it in a downstream patch if need be. The heuristic has been wrong before (e.g. as in #57) and is not useful on upstream systems where 1000 is the presumed minimum uid for human users.
-
- 04 Mar, 2020 1 commit
-
-
Michael Catanzaro authored
Many, many user accounts use / as their home directory. If deleting these accounts with accountsservice, we should just ignore requests to delete the home dir, rather than trash the user's computer. Fixes #57
-
- 28 Feb, 2020 2 commits
-
-
Michael Catanzaro authored
Because real name is stored in the GECOS field of /etc/passwd, which is delimited by commas that cannot be escaped, the user's full name must not contain a comma. Fixes #83
-
Michael Catanzaro authored
See: #83
-
- 27 Feb, 2020 2 commits
-
-
Michael Catanzaro authored
When we return FALSE, we're not saying "failure," we're actually saying "unhandled." So in accounts-user-generated.c (generated by gdbus-codegen), _accounts_user_skeleton_handle_method_call() will call g_dbus_method_invocation_return_error(), which assumes ownership, sends a D-Bus error to the peer, and unrefs the GDBusMethodInvocation. Problem is, we've already done all of that and doing so twice is unexpected and bad. Spotted by Ray Strode in !51. Fixes #86
-
Michael Catanzaro authored
-
- 24 Feb, 2020 5 commits
-
-
Philip Withnall authored
This tidies up the code a bit, and (critically) exposes a concrete structure for `ActUser` and `ActUserClass`. Previously these were dangling typedefs, which meant the compiler had no idea they derived from `GObject`, and hence would give warnings about strict aliasing when (for example) calling: ``` g_set_object (&my_user, user); ``` where `my_user` and `user` were both `ActUser*`. This shouldn’t introduce any API or ABI changes, as the library basically exposed no API in this area before. The autoptr cleanup function is now defined by `G_DECLARE_FINAL_TYPE`. libaccountsservice already depends on GLib 2.63, so no dependency bump is needed. Signed-off-by:
Philip Withnall <withnall@endlessm.com>
-
Anders Jonsson authored
-
Robert Ancell authored
ConsoleKit is very much dead and replaced by logind or elogind.
-
libre ajans authored
-
Gunnar Hjalmarsson authored
We don't use transifex anymore, so the file can be generated when needed instead of stored in version control. Closes: #30
-
- 18 Feb, 2020 1 commit
-
-
Philip Withnall authored
In particular, make it clear what format a locale is in, and what the empty string and NULL values mean. I’ve guessed what they mean based on what code which uses libaccountsservice does. Signed-off-by:
Philip Withnall <withnall@endlessm.com>
-
- 11 Feb, 2020 1 commit
-
-
Michael Catanzaro authored
This regressed in 4b3fdd19.
-
- 07 Feb, 2020 1 commit
-
-
Matthew Leeds authored
Currently we always use the flag POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if a subject is authorized for an action, meaning that we cause polkit to create an interactive dialog box. However since GLib 2.46, there has been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which indicates if the caller is prepared to have the user authenticate (e.g. it's a user-facing program not a daemon). So, check for this flag in daemon_local_check_auth(). The impetus for this patch is that in the Endles fork of gnome-control-center we use the library malcontent, and call mct_manager_get_app_filter() even when we don't have permission to actually read the user's app filter, since it shouldn't cause a dialog without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However because accountsservice doesn't respect G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to create an auth dialog anyway (and hits an error but that's a separate gnome-shell bug). In libaccountsservice, we use code generated by gdbus-codegen to call D-Bus methods implemented by the daemon, and that generated code unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users of libaccountsservice can't use interactive auth. The solution is to bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and pass --glib-min-required 2.64 to gdbus-codegen, which causes the generated code to have two more arguments for each method call: one for GDBusCallFlags and one for a timeout value. For now we always use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION in libaccountsservice, to maintain compatibility. It might make sense to add API in the future so that users of the library can specify if they want to allow interactive auth. This commit also makes us use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION for method calls implemented by ConsoleKit, even though presumably no problems are caused by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory ConsoleKit could check for G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION one day (although in practice I think it's deprecated and inactive), and I think the whole of libaccountsservice should assume interactive auth is allowed until we have API to distinguish the no-interactive-auth case.
-
- 16 Sep, 2019 1 commit
-
-
Rico Tzschichholz authored
-
- 13 Sep, 2019 1 commit
-
-
Rico Tzschichholz authored
-
- 06 Sep, 2019 1 commit
-
-
Robert Ancell authored
Meson gives the warning: WARNING: Project specifies a minimum meson_version '>= 0.46.0' but uses features which were added in newer versions: * 0.50.0: {'install arg in configure_file'}
-
- 04 Sep, 2019 1 commit
-
-
Robert Ancell authored
The previous code would abort the write if it didn't exist.
-
- 25 Aug, 2019 1 commit
-
-
Piotr Drąg authored
-
- 24 Aug, 2019 1 commit
-
-
Gunnar Hjalmarsson authored
-
- 13 Aug, 2019 2 commits
-
-
Robert Ancell authored
-
Robert Ancell authored
We're using meson now.
-
- 01 Aug, 2019 1 commit
-
-
Soapux authored
Since D-Bus 1.9.18 configuration files installed by third-party should go in $(datadir)/dbus-1/system.d. The old location is for sysadmin overrides. Also check that we have recent enough D-Bus to use the new location. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html
-
- 09 May, 2019 1 commit
-
-
Ray Strode authored
The login-history property of user objects can be quite large. If wtmp is changed frequently, that can lead to memory fragmentation in clients. Furthermore, most clients never check login-history, so it's wasted memory and wasted cpu. This commit disables change notification for that property. If a client really needs to get updates, they can manually refresh their cache when appropriate.
-
- 07 May, 2019 2 commits
-
-
Philip Withnall authored
Tighten up the sandboxing of the daemon, paying particular attention to file system access. Further work could be done to make the daemon run as a non-root user (User=/Group=/DynamicUser=), drop capabilities (CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=). This is a reasonable starting point, though. It has been tested with adding, modifying and deleting users, and reading/writing user extension data. Testing was done on a Fedora and a Debian-based system. The useradd/userdel/usermod subprocesses require a lot of permissions which the accounts-service daemon itself doesn’t. In future, it might make sense to run them in a separate privilege-escalated sandbox, and further restrict the permissions of the accounts-service daemon itself. Signed-off-by:
Philip Withnall <withnall@endlessm.com> !22
-
Philip Withnall authored
This will be used in a following commit. Signed-off-by:
Philip Withnall <withnall@endlessm.com>
-
- 29 Apr, 2019 1 commit
-
-
Ray Strode authored
At the moment we skip cache files for system users. That doesn't make much sense; if there's a cache file we should be using it. This commit changes the code to read cache files, even for system users, and so lets root have a non-default session. Closes: #65
-
- 23 Apr, 2019 2 commits
-
-
Ray Strode authored
-
Ray Strode authored
-
- 17 Apr, 2019 1 commit
-
-
João Paulo Rechi Vita authored
When /etc/passwd, /etc/shadow or /etc/group are changed outside of AccountsService, the cache reload is delayed by 500 ms so subsequent changes to these files are process seen together and AccountsService has a consistent view of the data (since after one of these files is changed the others may change too). If ListCachedUsers is called in this 500 ms window, finish_list_cached_users will be executed before reload_users_timeout has been dispatched, since its added to the mainloop as an idler and at point there is nothing preventing it from being executed. This makes finish_list_cached_users only be attached to the mainloop after reload_users_timeout has been dispatched. This bug was introduced by commit 4e3fad33 when the 500 ms delay was implemented. Closes: #71
-
- 09 Apr, 2019 1 commit
-
-
Moo authored
-
- 08 Apr, 2019 1 commit
-
-
Moo authored
-