1. 16 Sep, 2019 1 commit
  2. 13 Sep, 2019 1 commit
  3. 06 Sep, 2019 1 commit
    • Robert Ancell's avatar
      build: Bump minimum version of meson required · 2e9ee995
      Robert Ancell authored
      Meson gives the warning:
      
      WARNING: Project specifies a minimum meson_version '>= 0.46.0' but uses features which were added in newer versions:
       * 0.50.0: {'install arg in configure_file'}
      2e9ee995
  4. 04 Sep, 2019 1 commit
  5. 25 Aug, 2019 1 commit
  6. 24 Aug, 2019 1 commit
  7. 13 Aug, 2019 2 commits
  8. 01 Aug, 2019 1 commit
  9. 09 May, 2019 1 commit
    • Ray Strode's avatar
      data: don't send change updates for login-history · 64b11314
      Ray Strode authored
      The login-history property of user objects can be quite large.
      If wtmp is changed frequently, that can lead to memory fragmentation
      in clients.
      
      Furthermore, most clients never check login-history, so it's
      wasted memory and wasted cpu.
      
      This commit disables change notification for that property.  If
      a client really needs to get updates, they can manually refresh
      their cache when appropriate.
      64b11314
  10. 07 May, 2019 2 commits
    • Philip Withnall's avatar
      data: Tighten up systemd sandboxing of accounts-daemon.service · 0e712e93
      Philip Withnall authored
      Tighten up the sandboxing of the daemon, paying particular attention to
      file system access. Further work could be done to make the daemon run as
      a non-root user (User=/Group=/DynamicUser=), drop capabilities
      (CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=).
      
      This is a reasonable starting point, though. It has been tested with
      adding, modifying and deleting users, and reading/writing user extension
      data. Testing was done on a Fedora and a Debian-based system.
      
      The useradd/userdel/usermod subprocesses require a lot of permissions
      which the accounts-service daemon itself doesn’t. In future, it might
      make sense to run them in a separate privilege-escalated sandbox, and
      further restrict the permissions of the accounts-service daemon itself.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      
      !22
      0e712e93
    • Philip Withnall's avatar
      build: Expose chosen path_wtmp value as a variable · 152b845b
      Philip Withnall authored
      This will be used in a following commit.
      Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
      152b845b
  11. 29 Apr, 2019 1 commit
    • Ray Strode's avatar
      daemon: ensure cache files for system users are processed · d8b77951
      Ray Strode authored
      At the moment we skip cache files for system users.  That
      doesn't make much sense; if there's a cache file we should
      be using it.
      
      This commit changes the code to read cache files, even for
      system users, and so lets root have a non-default session.
      
      Closes: #65
      d8b77951
  12. 23 Apr, 2019 2 commits
  13. 17 Apr, 2019 1 commit
    • João Paulo Rechi Vita's avatar
      daemon: Wait for reload before servicing list_cached_users · e88a50bd
      João Paulo Rechi Vita authored
      When /etc/passwd, /etc/shadow or /etc/group are changed outside of
      AccountsService, the cache reload is delayed by 500 ms so subsequent
      changes to these files are process seen together and AccountsService has
      a consistent view of the data (since after one of these files is changed
      the others may change too).
      
      If ListCachedUsers is called in this 500 ms window,
      finish_list_cached_users will be executed before reload_users_timeout
      has been dispatched, since its added to the mainloop as an idler and at
      point there is nothing preventing it from being executed. This makes
      finish_list_cached_users only be attached to the mainloop after
      reload_users_timeout has been dispatched.
      
      This bug was introduced by commit 4e3fad33 when the 500 ms delay was
      implemented.
      
      Closes: #71
      e88a50bd
  14. 09 Apr, 2019 1 commit
  15. 08 Apr, 2019 1 commit
  16. 20 Mar, 2019 1 commit
  17. 15 Mar, 2019 1 commit
  18. 12 Mar, 2019 1 commit
  19. 22 Feb, 2019 4 commits
  20. 20 Feb, 2019 1 commit
  21. 12 Feb, 2019 1 commit
  22. 19 Dec, 2018 1 commit
  23. 02 Oct, 2018 1 commit
  24. 01 Oct, 2018 1 commit
  25. 29 Sep, 2018 3 commits
  26. 26 Sep, 2018 7 commits