GitLab

accountsservice maintains a state file for some users, if those users
have selected a specific session or language.

There's no good way, at the moment, for an application to check if a
specific user has saved state.

This commit exports the Saved property on the User object.

Having a property called XSession in the API makes little
sense when wayland has taken the world by storm.

This commit adds new "Session" property without the "X" in the name,
and an additional property "SessionType" that can be either
"wayland" or "x11".

At the moment if logind can fail in two ways when
asking the session associated with the current pid:

1) ENOENT, the process isn't part of a registered session
2) ENODATA, the mechanism for checking which session a
process is registered with isn't working.

If we hit the second case then wefail loading the user manager
entirely.  This leads to the dbus proxy associated with a user
from loading and the user getting stuck with defaults like a
NULL xsession and systemaccount=TRUE

This commit changes the behavior for the second case to be
like the first. Namely, to accept there's no associated
session and carry on as best we can.

At the moment we set is-loaded on the user-manager
object as soon as we start fetching the seat, but
we should waiting until the seat is fetched, so
that can_switch() will return the correct value
if the caller waited until the loaded signal
to use it.

This commit changes the >= to > which I believe
was the original intention anyway.

https://bugs.freedesktop.org/show_bug.cgi?id=107298

The path prefix check can be circumvented by regular users by passing
relative path component like so:

$ dbus-send --system --print-reply --dest=org.freedesktop.Accounts \
        /org/freedesktop/Accounts/User1000 \
        org.freedesktop.Accounts.User.SetIconFile \
        string:/usr/share/../../tmp/test

This results in a user controlled path being stored in the
accountsservice. Clients of accountsservice may unwittingly trust this
path.

To fix that situation this commit canonicalizes the input path before
the prefix comparison.

Some small changes to patch by Ray Strode.

https://bugs.freedesktop.org/show_bug.cgi?id=107085

Some system accounts, e.g. sshd have no entries in /etc/shadow
because they are created prior to /etc/shadow and have no passwords.

Right now load_entries aborts iterating through /etc/passwd entries
if it fails to find the corresponding /etc/shadow entry, ignoring
all the users behind it, making those users missing from the gdm
login screen user list.

https://bugs.freedesktop.org/show_bug.cgi?id=106904

When user session type is wayland, act_user_is_logged_in can return TRUE
if user is logged in.

https://bugs.freedesktop.org/show_bug.cgi?id=106855

Right now we have code like:

 if (!refreshed_user || user_get_cached (user) && !user_get_cached (refreshed_user))

which gcc warns about because of missing parentheses.

This commit fixes it by adding brackets.

https://bugs.freedesktop.org/show_bug.cgi?id=106463

This reverts commit 27f4dbe3.

https://bugs.freedesktop.org/show_bug.cgi?id=106463

Right now we have code like:

 if (!refreshed_user || user_get_cached (user) && !user_get_cached (refreshed_user))

which gcc warns about because of missing parentheses.  Rather than
just add brackets, this commit moves the last bit into a separate boolean
for clarity.

https://bugs.freedesktop.org/show_bug.cgi?id=106463

commit 93e2a856 added support for extra admin groups, but causes useradd
failures, when adding admin accounts. It is because admin_groups are
released before they are actually used, which causes that garbage is
used instead of the group and useradd fails consequently with invalid
group name. Do not release the memory before it is used and also fix
one corresponding memory leak.

https://bugs.freedesktop.org/show_bug.cgi?id=101972

Right now we emit spurious user-deleted signals for
all uncached users anytime a reload occurs.
Uncached users are users explicitly requested by a client,
but not part of the results returned from ListCachedUsers.

We should only be emitting user-deleted it they were initially
cached and transitioned to uncached, not if they're still
hanging around in an uncached state.

This commit fixes the code to do that.

https://bugs.freedesktop.org/show_bug.cgi?id=106455

Now that we get the object path for a user directly from the skeleton,
we can't access that object path after the skeleton is unregistered.

This commit fixes a problem where the user deletion handling code tries
to access the object path of a user after its skeleton is unregistered.

https://bugs.freedesktop.org/show_bug.cgi?id=106455

The wtmp helper code examines /var/log/wtmp to determine which
users log in the most frequently.

That code calls getpwnam() once for every entry in /var/log/wtmp.
This is very inefficient, since getpwnam() can be quite slow, and
/var/log/wtmp will often have the same users repeated over and
over again.

Also, we don't actually use the result for anything other than verifying
the existence of the user! And we already verify the existence of
the user later later in the code in a more efficient way (by finding
the user in the users hashtable).

This commit just drops the unnecessary getpwnam() call.

https://bugs.freedesktop.org/show_bug.cgi?id=106240

Right now calling act_user_manager_list_users can inadvertently
lead to user-added signals getting emitted before the call completes.

This is not something users of the API expect.

https://bugs.freedesktop.org/show_bug.cgi?id=106162

At the moment the skeleton superclass associated with a user keeps
cached copies of all properties, and the derived user class also
keeps duplicate copies of those properties.

The problem is these property values get out of sync and the derived
class fails to emit PropertyChanged signals when the properties
are updated.

This commit solves the issue by cutting out the redundant property
data and just defers all property storage to the skeleton.

https://bugs.freedesktop.org/show_bug.cgi?id=106162

The library will try to update the login frequency to 1 if the
requested user isn't finished asynchronously loading yet, but we
know they have an open session.

That no longer works, since we no longer track login-frequency
separately from the dbus proxy object.

This commit drops the code, since it's unnecessary anyway.

To be "on the safe side" we change the value returned for unloaded
users from 0 to 1.  This is okay because the value is undefined
before the user is loaded anyway.

Right now we assume the user's shadow entry will always be available.
If it's not available, we return fields from it initialized to 0.

That leads to spurious password expired notifications in GNOME.

This commit throws a NOT_SUPPORTED error if the shadow file is off
limits.

https://bugs.freedesktop.org/show_bug.cgi?id=104996

act_user_get_locked may segfault if accounts_proxy is not created (e.g.
when run under root). All other functions which rely on accounts_proxy
already contain checks for NULL and valid ActUser. Do the same also in
act_user_get_locked in order to avoid segfaults in certain cases.

https://bugs.freedesktop.org/show_bug.cgi?id=104851

libcrypt is getting cleaved from glibc, and it's definition is
getting moved to crypt.h (along side the crypt_r definition that's
existed for some time)

This commit add #include <crypt.h> to keep things working in old
and new libcs.

https://bugs.freedesktop.org/show_bug.cgi?id=104771

This stops us having to iterate across each user to find which users are
configured for automatic login.

Currently we only support 0 or 1 automatic login user, but this allows
us to support multiple in the future if required. Since D-Bus doesn't have
nullable types [1] this also makes it easier to support the 0 case.

https://bugs.freedesktop.org/show_bug.cgi?id=104564

[1] https://bugs.freedesktop.org/show_bug.cgi?id=27857

Do not override default DefaultStandardOutput in
/etc/systemd/systemd.conf as it could be helpful for sysadmins
to determine how output gets logged.