| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment an admin can decide whether or not a user is a system
account by setting SystemAccount= to true or false in the users
cache file, but there's no way to to do the same sort of configuration
for deciding whether or not a user is a local account.
This commit adds support for a new LocalAccount= key in the cache file.
Note, by default this key won't get written into the cache file and
instead accountsservice will continue to rely on it's "user is in
/etc/shadow" heuristic.
The key only gets rewritten into the file during cache file
serialization if an admin added it there first.
Closes: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/110
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now we assume all local users are in /etc/shadow. This
mostly right, but there may be cases where an admin wants a user
to be treated as local even though they don't have a password
set there.
As a first step toward supporting that end goal, this commit changes
the code to track local users in a hash table allocated outside
of the generator function. This way the table can be used from
more than one generator.
A future commit will change the cache file generator to populate
the local users hash table as well.
|
|
|
|
|
|
|
|
| |
<stdio.h> needs to be included for printf. Newer compilers like Clang 16 make
implicit function declarations an error by default which can cause misleading
or incorrect configure test results.
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turning off shadow passwords with `shadowconfig off` or `pwunconv`
(so that the hashed password is in /etc/passwd) is something that
distributions still at least half-support, and apparently some people
genuinely do this. After resolving #107 this would cause accountsservice
to crash. Looking at the implementation, it seems the same crash would
happen if /etc/shadow is present but empty.
In this situation, treat all users as non-local (unless cached) with a
warning, but don't crash.
Bug-Debian: https://bugs.debian.org/1031309
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
| |
This lets the compiler detect and diagnose type mismatches like the one
fixed in the previous commit.
Helps: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Uid property is defined in the D-Bus introspection XML to be a
64-bit unsigned integer, so we need to treat it as such when using
varargs. Otherwise, architectures that do not align arguments on the
stack at 64-bit boundaries can parse the stack incorrectly, resulting
in a crash.
For whatever obscure ABI reason, among Debian's supported architectures
this only showed up as a segmentation fault on 32-bit ARM (specifically
ARMv5 softfloat and ARMv7 hardfloat), and not on (for example) i386.
Resolves: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to https://bugs.freedesktop.org/show_bug.cgi?id=48177 and
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/116,
the intention is that merely existing in /etc/passwd is not enough to
consider an account to be local; it must also be listed in /etc/shadow.
This was done to provide graceful handling of systems where the
complete list of LDAP/NIS/etc. users is written into /etc/passwd by
rsync or similar instead of using a NSS plugin (but authentication still
uses a PAM plugin). However, this unintentionally regressed in 34bedecf
which continues reading after an account not in /etc/shadow is found.
entry_generator_fgetpwent() intentionally only outputs a maximum of 50
users, and only outputs users that are classified as likely to be human
users' accounts, as opposed to system uids. However, when enumerating
cached or explicitly requested users, we need to look them up in a
complete list of local users. Otherwise, we can incorrectly classify
local users as remote (if they are beyond the limit of 50 or have a
username or shell that is more typically used for system users), which
makes at least GNOME Settings display a misleading user interface for
those users.
Resolves: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/107
Bug-Debian: https://bugs.debian.org/1030262
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
|
| |
Writing the password to chpasswd's standard input avoids it becoming
visible in `/proc/$pid/cmdline` (CVE-2012-6655).
Resolves: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/8
Bug-Debian: https://bugs.debian.org/757912
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
| |
Workaround for https://github.com/gcovr/gcovr/issues/710 and similar
bugs. Because Meson invokes gcovr internally, it doesn't seem to be
possible to add options any other way.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
| |
I named my fork smcv/accountsservice-branches> and now I regret that
choice.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
| |
This is not in systemd-devel because it contains facts about the service
manager itself, rather than facts about the libsystemd shared library.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that the accountsservice code has been uncrustified, it would be
good to keep it that way going forward.
plymouth has a script it runs during CI to check the coding style.
This commit steals that script and uses it for accountsservice CI
too.
|
|
|
|
|
| |
This is necessary for the CI_MERGE_REQUEST_DIFF_BASE_SHA variable
to be exposed.
|
|
|
|
|
|
|
|
|
|
|
| |
The accountsservice coding style is less than pristine, and it would be
good to improve that going forward.
Its coding style is ostensibly the same as plymouths, though, and
plymouth has an uncrustify config hammered out already.
This commit runs the tree through that config to get things in better
shape.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This will get an array of unique languages, formatted in XPG locale
format, as used by all the users of the system.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Languages is a property that can be used by desktops to declare what
languages other than the main UI language they would want to use, such
as fallback languages for missing translations, preferred languages in
subtitles, installed dictionaries, etc.
See https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1969
|
|
|
|
|
|
|
|
| |
accountsservice is going to use the locale it's running in
as a proxy for the system locale.
To that end, this commit changes the daemon test to set
a simulated system locale before starting the accounts-daemon.
|
|
|
|
|
|
|
|
|
| |
I noticed we got a greenlight in CI even though something failed because
of a missing locale.
This commit adds a set -e to hopefully fix that issue.
It also adds a -v so that there's moar output.
|
|
|
|
|
|
| |
I'm seeing the test suite use C when en_IE.utf8 is requested.
This suggests, perhaps, that not all langpacks are installed.
|
|
|
|
|
|
|
|
| |
The test suite is svelt enough at the moment I don't think it's going
to be a big resource drag, so let's just get the mem checking in the
regular loop.
This is an experiment that may not pan out.
|
| |
|
|
|
|
|
| |
Start a mocked polkitd when needed so we can give ourselves the
necessary permissions to access API.
|
| |
|
| |
|
|
|
|
| |
Just checks whether the daemon can start.
|
|
|
|
|
|
| |
Add minimal /etc and /var/lib/AccountsService data to be able to run
the daemon against. The .in file needs to be processed for the path
to be adjusted.
|
|
|
|
| |
For the shadow file, as this cannot be overridden using mocklibc.
|
| |
|
| |
|
|
|
|
|
|
| |
This makes it possible to override the hardcoded USERDIR, ICONDIR,
and /etc by setting the ROOTDIR environment variable, if the daemon
is running as a normal user.
|
|
|
|
| |
This will be used to mock /etc/passwd and co.
|
|
|
|
| |
We want to make sure all the tests are being run.
|
|
|
|
| |
Rather than as root.
|
|
|
|
|
|
| |
generate-version.sh expected the current directory to be the git
checkout, which isn't always possible to achieve. Fix the checks for
that case.
|