diff options
-rw-r--r-- | .gitlab-ci.yml | 2 | ||||
-rw-r--r-- | meson.build | 7 | ||||
-rw-r--r-- | src/daemon.c | 24 | ||||
-rw-r--r-- | src/daemon.h | 1 | ||||
-rw-r--r-- | src/libaccountsservice/act-user-manager.c | 52 | ||||
-rw-r--r-- | src/libaccountsservice/act-user.c | 38 | ||||
-rw-r--r-- | src/libaccountsservice/meson.build | 1 | ||||
-rw-r--r-- | src/meson.build | 1 | ||||
-rw-r--r-- | src/user.c | 20 |
9 files changed, 112 insertions, 34 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 45abc9e..3d8d99e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ build-fedora: - image: fedora:latest + image: fedora:rawhide before_script: - dnf install -y gcc meson ninja-build gobject-introspection-devel glib-devel gtk-doc gettext-devel make polkit-devel redhat-rpm-config systemd-devel dbus-devel vala script: diff --git a/meson.build b/meson.build index 3f51d6c..09d93e2 100644 --- a/meson.build +++ b/meson.build @@ -138,9 +138,12 @@ endif add_project_arguments(common_flags, language: 'c') -gio_dep = dependency('gio-2.0', version: '>= 2.37.3') +# Ensure we have the changes from https://gitlab.gnome.org/GNOME/glib/merge_requests/1286 +# and https://gitlab.gnome.org/GNOME/glib/merge_requests/1342 +glib_min_version = '2.63.5' +gio_dep = dependency('gio-2.0', version: '>= ' + glib_min_version) gio_unix_dep = dependency('gio-unix-2.0') -glib_dep = dependency('glib-2.0', version: '>= 2.44') +glib_dep = dependency('glib-2.0', version: '>= ' + glib_min_version) polkit_gobject_dep = dependency('polkit-gobject-1') crypt_dep = cc.find_library('crypt') diff --git a/src/daemon.c b/src/daemon.c index 27790e5..300530d 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -1165,7 +1165,6 @@ daemon_create_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_create_user_authorized_cb, context, data, @@ -1217,7 +1216,6 @@ daemon_cache_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_cache_user_authorized_cb, context, g_strdup (user_name), @@ -1267,7 +1265,6 @@ daemon_uncache_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_uncache_user_authorized_cb, context, g_strdup (user_name), @@ -1363,7 +1360,6 @@ daemon_delete_user (AccountsAccounts *accounts, daemon_local_check_auth (daemon, NULL, "org.freedesktop.accounts.user-administration", - TRUE, daemon_delete_user_authorized_cb, context, data, @@ -1433,11 +1429,28 @@ check_auth_cb (PolkitAuthority *authority, check_auth_data_free (data); } +static gboolean +get_allow_interaction (GDBusMethodInvocation *invocation) +{ + /* GLib 2.46 is when G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION + * was first released. + */ +#if GLIB_CHECK_VERSION(2, 46, 0) + GDBusMessage *message = g_dbus_method_invocation_get_message (invocation); + GDBusMessageFlags message_flags = g_dbus_message_get_flags (message); + if (message_flags & G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION) + return TRUE; + else + return FALSE; +#else + return TRUE; +#endif +} + void daemon_local_check_auth (Daemon *daemon, User *user, const gchar *action_id, - gboolean allow_interaction, AuthorizedCallback authorized_cb, GDBusMethodInvocation *context, gpointer authorized_cb_data, @@ -1447,6 +1460,7 @@ daemon_local_check_auth (Daemon *daemon, CheckAuthData *data; PolkitSubject *subject; PolkitCheckAuthorizationFlags flags; + gboolean allow_interaction = get_allow_interaction (context); data = g_new0 (CheckAuthData, 1); data->daemon = g_object_ref (daemon); diff --git a/src/daemon.h b/src/daemon.h index 9047ad3..99689b0 100644 --- a/src/daemon.h +++ b/src/daemon.h @@ -83,7 +83,6 @@ typedef void (*AuthorizedCallback) (Daemon *daemon, void daemon_local_check_auth (Daemon *daemon, User *user, const gchar *action_id, - gboolean allow_interaction, AuthorizedCallback auth_cb, GDBusMethodInvocation *context, gpointer data, diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c index 93d4423..09306d7 100644 --- a/src/libaccountsservice/act-user-manager.c +++ b/src/libaccountsservice/act-user-manager.c @@ -289,6 +289,8 @@ activate_console_kit_session_id (ActUserManager *manager, if (proxy) res = console_kit_seat_call_activate_session_sync (proxy, session_id, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error); @@ -355,7 +357,12 @@ _ck_session_is_login_window (ActUserManager *manager, NULL, &error); if (proxy) - res = console_kit_session_call_get_session_type_sync (proxy, &session_type, NULL, &error); + res = console_kit_session_call_get_session_type_sync (proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, + &session_type, + NULL, + &error); if (!res) { if (error != NULL) { @@ -504,7 +511,12 @@ _can_activate_console_kit_sessions (ActUserManager *manager) g_autoptr(GError) error = NULL; gboolean can_activate_sessions = FALSE; - if (!console_kit_seat_call_can_activate_sessions_sync (priv->seat.seat_proxy, &can_activate_sessions, NULL, &error)) { + if (!console_kit_seat_call_can_activate_sessions_sync (priv->seat.seat_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, + &can_activate_sessions, + NULL, + &error)) { if (error != NULL) { g_warning ("unable to determine if seat can activate sessions: %s", error->message); @@ -853,6 +865,8 @@ get_seat_id_for_current_session (ActUserManager *manager) } #endif console_kit_session_call_get_seat_id (priv->seat.session_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_get_seat_id_finished, g_object_ref (manager)); @@ -1323,7 +1337,9 @@ get_current_session_id (ActUserManager *manager) } } - console_kit_manager_call_get_current_session (priv->ck_manager_proxy, NULL, + console_kit_manager_call_get_current_session (priv->ck_manager_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_get_current_session_finished, g_object_ref (manager)); } @@ -1483,6 +1499,8 @@ get_uid_for_new_session (ActUserManagerNewSession *new_session) new_session->pending_calls++; console_kit_session_call_get_unix_user (new_session->proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, new_session->cancellable, on_get_unix_user_finished, new_session); @@ -1563,6 +1581,8 @@ find_user_in_accounts_service (ActUserManager *manager, case ACT_USER_MANAGER_FETCH_USER_FROM_USERNAME_REQUEST: accounts_accounts_call_find_user_by_name (priv->accounts_proxy, request->username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_find_user_by_name_finished, request); @@ -1570,6 +1590,8 @@ find_user_in_accounts_service (ActUserManager *manager, case ACT_USER_MANAGER_FETCH_USER_FROM_ID_REQUEST: accounts_accounts_call_find_user_by_id (priv->accounts_proxy, request->uid, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_find_user_by_id_finished, request); @@ -1733,6 +1755,8 @@ get_x11_display_for_new_session (ActUserManagerNewSession *new_session) new_session->pending_calls++; console_kit_session_call_get_x11_display (new_session->proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, new_session->cancellable, on_get_x11_display_finished, new_session); @@ -2429,6 +2453,8 @@ load_user (ActUserManager *manager, user_found = accounts_accounts_call_find_user_by_name_sync (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &object_path, NULL, &error); @@ -2621,6 +2647,8 @@ load_console_kit_sessions (ActUserManager *manager) priv->getting_sessions = TRUE; console_kit_seat_call_get_sessions (priv->seat.seat_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, on_get_sessions_finished, g_object_ref (manager)); @@ -2654,6 +2682,8 @@ load_users (ActUserManager *manager) g_debug ("ActUserManager: calling 'ListCachedUsers'"); could_list = accounts_accounts_call_list_cached_users_sync (priv->accounts_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &user_paths, NULL, &error); @@ -3173,6 +3203,8 @@ act_user_manager_create_user (ActUserManager *manager, username, fullname, accounttype, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &path, NULL, &local_error); @@ -3244,6 +3276,8 @@ act_user_manager_create_user_async (ActUserManager *manager, username, fullname, accounttype, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } @@ -3318,6 +3352,8 @@ act_user_manager_cache_user (ActUserManager *manager, res = accounts_accounts_call_cache_user_sync (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, &path, NULL, &local_error); @@ -3369,6 +3405,8 @@ act_user_manager_cache_user_async (ActUserManager *manager, accounts_accounts_call_cache_user (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } @@ -3445,6 +3483,8 @@ act_user_manager_uncache_user (ActUserManager *manager, res = accounts_accounts_call_uncache_user_sync (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &local_error); if (!res) { @@ -3494,6 +3534,8 @@ act_user_manager_uncache_user_async (ActUserManager *manager, accounts_accounts_call_uncache_user (priv->accounts_proxy, username, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } @@ -3567,6 +3609,8 @@ act_user_manager_delete_user (ActUserManager *manager, if (!accounts_accounts_call_delete_user_sync (priv->accounts_proxy, act_user_get_uid (user), remove_files, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &local_error)) { g_propagate_error (error, local_error); @@ -3617,6 +3661,8 @@ act_user_manager_delete_user_async (ActUserManager *manager, accounts_accounts_call_delete_user (priv->accounts_proxy, act_user_get_uid (user), remove_files, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, cancellable, act_user_manager_async_complete_handler, task); } diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c index 5867180..8c30a02 100644 --- a/src/libaccountsservice/act-user.c +++ b/src/libaccountsservice/act-user.c @@ -1297,6 +1297,8 @@ act_user_get_password_expiration_policy (ActUser *user, g_return_if_fail (ACCOUNTS_IS_USER (user->accounts_proxy)); if (!accounts_user_call_get_password_expiration_policy_sync (user->accounts_proxy, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, expiration_time, last_change_time, min_days_between_changes, @@ -1331,6 +1333,8 @@ act_user_set_email (ActUser *user, if (!accounts_user_call_set_email_sync (user->accounts_proxy, email, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetEmail call failed: %s", error->message); @@ -1359,6 +1363,8 @@ act_user_set_language (ActUser *user, if (!accounts_user_call_set_language_sync (user->accounts_proxy, language, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetLanguage for language %s failed: %s", language, error->message); @@ -1387,6 +1393,8 @@ act_user_set_x_session (ActUser *user, if (!accounts_user_call_set_xsession_sync (user->accounts_proxy, x_session, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetXSession call failed: %s", error->message); @@ -1415,6 +1423,8 @@ act_user_set_session (ActUser *user, if (!accounts_user_call_set_session_sync (user->accounts_proxy, session, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetSession call failed: %s", error->message); @@ -1443,6 +1453,8 @@ act_user_set_session_type (ActUser *user, if (!accounts_user_call_set_session_type_sync (user->accounts_proxy, session_type, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetSessionType call failed: %s", error->message); @@ -1471,6 +1483,8 @@ act_user_set_location (ActUser *user, if (!accounts_user_call_set_location_sync (user->accounts_proxy, location, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetLocation call failed: %s", error->message); @@ -1499,6 +1513,8 @@ act_user_set_user_name (ActUser *user, if (!accounts_user_call_set_user_name_sync (user->accounts_proxy, user_name, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetUserName call failed: %s", error->message); @@ -1527,6 +1543,8 @@ act_user_set_real_name (ActUser *user, if (!accounts_user_call_set_real_name_sync (user->accounts_proxy, real_name, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetRealName call failed: %s", error->message); @@ -1555,6 +1573,8 @@ act_user_set_icon_file (ActUser *user, if (!accounts_user_call_set_icon_file_sync (user->accounts_proxy, icon_file, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetIconFile call failed: %s", error->message); @@ -1581,9 +1601,11 @@ act_user_set_account_type (ActUser *user, g_return_if_fail (ACCOUNTS_IS_USER (user->accounts_proxy)); if (!accounts_user_call_set_account_type_sync (user->accounts_proxy, - account_type, - NULL, - &error)) { + account_type, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, + NULL, + &error)) { g_warning ("SetAccountType call failed: %s", error->message); return; } @@ -1646,6 +1668,8 @@ act_user_set_password (ActUser *user, if (!accounts_user_call_set_password_sync (user->accounts_proxy, crypted, hint, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetPassword call failed: %s", error->message); @@ -1674,6 +1698,8 @@ act_user_set_password_hint (ActUser *user, if (!accounts_user_call_set_password_hint_sync (user->accounts_proxy, hint, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetPasswordHint call failed: %s", error->message); @@ -1704,6 +1730,8 @@ act_user_set_password_mode (ActUser *user, if (!accounts_user_call_set_password_mode_sync (user->accounts_proxy, (gint) password_mode, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetPasswordMode call failed: %s", error->message); @@ -1728,6 +1756,8 @@ act_user_set_locked (ActUser *user, if (!accounts_user_call_set_locked_sync (user->accounts_proxy, locked, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetLocked call failed: %s", error->message); @@ -1757,6 +1787,8 @@ act_user_set_automatic_login (ActUser *user, if (!accounts_user_call_set_automatic_login_sync (user->accounts_proxy, enabled, + G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, + -1, NULL, &error)) { g_warning ("SetAutomaticLogin call failed: %s", error->message); diff --git a/src/libaccountsservice/meson.build b/src/libaccountsservice/meson.build index 615a015..543f533 100644 --- a/src/libaccountsservice/meson.build +++ b/src/libaccountsservice/meson.build @@ -45,6 +45,7 @@ foreach iface: ifaces '@0@.@1@.xml'.format(prefix, iface), interface_prefix: prefix, namespace: namespace, + extra_args: ['--glib-min-required', '2.64'], ) endforeach diff --git a/src/meson.build b/src/meson.build index 20d5276..7db1d46 100644 --- a/src/meson.build +++ b/src/meson.build @@ -13,6 +13,7 @@ foreach iface: ifaces join_paths(data_dir, iface[1] + iface[2] + '.xml'), interface_prefix: iface[1], namespace: 'Accounts', + extra_args: ['--glib-min-required', '2.64'], ) sources += gdbus_sources gdbus_headers += gdbus_sources[1] @@ -611,7 +611,7 @@ user_extension_method_call (GDBusConnection *connection, user_extension_authentication_done (user->daemon, user, invocation, iface_info); } else { - daemon_local_check_auth (user->daemon, user, action_id, TRUE, + daemon_local_check_auth (user->daemon, user, action_id, user_extension_authentication_done, invocation, iface_info, NULL); } @@ -884,7 +884,6 @@ user_set_real_name (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_real_name_authorized_cb, context, g_strdup (real_name), @@ -943,7 +942,6 @@ user_set_user_name (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_user_name_authorized_cb, context, g_strdup (user_name), @@ -994,7 +992,6 @@ user_set_email (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_email_authorized_cb, context, g_strdup (email), @@ -1045,7 +1042,6 @@ user_set_language (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_language_authorized_cb, context, g_strdup (language), @@ -1094,7 +1090,6 @@ user_set_session (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_session_authorized_cb, context, g_strdup (session), @@ -1143,7 +1138,6 @@ user_set_session_type (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_session_type_authorized_cb, context, g_strdup (session_type), @@ -1192,7 +1186,6 @@ user_set_x_session (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_x_session_authorized_cb, context, g_strdup (x_session), @@ -1244,7 +1237,6 @@ user_get_password_expiration_policy (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_get_password_expiration_policy_authorized_cb, context, NULL, @@ -1294,7 +1286,6 @@ user_set_location (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_location_authorized_cb, context, g_strdup (location), @@ -1351,7 +1342,6 @@ user_set_home_directory (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_home_dir_authorized_cb, context, g_strdup (home_dir), @@ -1405,7 +1395,6 @@ user_set_shell (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_shell_authorized_cb, context, g_strdup (shell), @@ -1575,7 +1564,6 @@ user_set_icon_file (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_icon_file_authorized_cb, context, g_strdup (filename), @@ -1653,7 +1641,6 @@ user_set_locked (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_locked_authorized_cb, context, GINT_TO_POINTER (locked), @@ -1762,7 +1749,6 @@ user_set_account_type (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_account_type_authorized_cb, context, GINT_TO_POINTER (account_type), @@ -1878,7 +1864,6 @@ user_set_password_mode (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_password_mode_authorized_cb, context, GINT_TO_POINTER (mode), @@ -1964,7 +1949,6 @@ user_set_password (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_password_authorized_cb, context, data, @@ -2019,7 +2003,6 @@ user_set_password_hint (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, action_id, - TRUE, user_change_password_hint_authorized_cb, context, g_strdup (hint), @@ -2065,7 +2048,6 @@ user_set_automatic_login (AccountsUser *auser, daemon_local_check_auth (user->daemon, user, "org.freedesktop.accounts.user-administration", - TRUE, user_change_automatic_login_authorized_cb, context, GINT_TO_POINTER (enabled), |