| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
so to avoid Python confusing it with the
'dbusmock' python module.
Issue reported by Pierre Labastie.
Closes #112
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now we figure out which display manager to configure based on
reading a symlink from systemd.
This isn't full proof though. SELinux security policies may prevent it
from being readable, the system might not be using systemd, etc.
Furthermore, in the case where it fails, we currently don't set a
a GError, which leads to a crash when trying to fetch the error
message.
This commit makes accountsservice fall back to GDM when it can't
figure out what else to do. That way we maintain better backward
compatibility.
https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/2450
|
| |
|
|
|
|
|
|
| |
If an user gets destroyed early enough, while is still being loaded we
should also remove it from the list of new users or we'd try to
deference it at finalization time.
Closes: #114
|
| |
|
|
|
|
|
|
| |
Requests may be pending when we destroy them, in such case we should
disconnect them from the manager "is-loaded" changes, so that we don't
risk deferencing free'd requests when the manager is loaded again.
Closes: #113
|
| | |
|
| |
|
|
| |
Fixes #41 "Customize PATH_GDM_CUSTOM via the configure script".
|
| |
|
|
|
|
|
|
| |
-Wswitch-enum apparently complains about missing entries even if there
is a default:.
This commit ensures ACT_USER_MANAGER_SEAT_STATE_UNLOADED is added to the
default case to fix that warning.
|
| |
|
|
|
|
|
| |
print_indent is defined in one file and used in another without a
forward declaration. That leads to a compiler warning/error.
This commit fixes that.
|
| |
|
|
|
|
|
|
| |
Right now if a user is non-existent we dispose of it. This is wrong,
because callers may rely on it and they don't own it.
This commit keeps a list of non-existent users on the user
manager object.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If act_user_manager_get_user_by_id is called twice in a row
for the same user, two ActUser objects get generated, each
ultimately representing the same user.
That is less than ideal since the ActUser objects are owned
by the user manager, not by the callers.
This commit tries to minimize the amount of duplicate ActUser
objects that can get put in the wild, by checking for
existig in-flight requests and consolidating them.
Note there can still be duplicated users if there is a
act_user_manager_get_user and act_user_manager_get_user_by_id call
for the same user at the same time. There's no way to deduplicate
the objects in that case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The user manager owns the users returned from
act_user_manager_get_user*, but it's possible callers may not realize
that.
If a caller does unref the result while a user fetch is in progress, it
can lead to crashes that are hard to pin back to the caller.
This commit adds a weak reference to the user object while fetch user
requests are in flight, and cancels those requests, if the user object
is unexpectantly destroyed in the meanwhile.
|
| |
|
|
|
|
|
|
|
| |
Right now it's possible for a fetch user request to come in
after a user is destroyed.
This commit adds a cancellable to the request so we don't
leave operations in flight that we'll never need the results
for.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If act_user_manager_get_user_by_id is called twice in a row
quickly for the same user, two ActUser objects get generated,
each ultimately representing the same user.
The second one to load gets freed because it's a duplicate.
Freeing it is problematic though, because there still may
be callers relying on it.
This commit changes the code to track the object as a
"doppleganger" instead of freeing it.
Closes https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/103
|
| |
|
|
|
|
|
|
| |
AccountsService doesn't currently handle act_user_manager_get_user
getting called multiple times in quick succession for the same
user.
This commit adds a test to test that.
|
| |
|
|
|
|
|
|
|
| |
The accountservice template is supposed to allow the caller to
be able to provide pre-existing users up front.
We haven't used that feature yet, and it turns out it doesn't work.
This commit fixes that, so that a future commit can make use of it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
commit 836a9135fe2d8fdc7d6de3a6d11fb9a5fd05f926 made accountsservice
reload wtmp less aggressively.
Unfortunately, if wtmp is modified during boot, that added latency
can delay the user list getting loaded.
This commit addresses the problem by tracking how pressing the queued
reload operation is, and makes it happen sooner if a higher priority
request comes in.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Many builders don't want to talk to the network at build time, but
we currently do fetch mocklibc from the net.
This commit adds an in repo copy of it it, to resolve the problem.
Note, the project is very slow moving at this point so it's
unlikely we'll need to update it later.
Closes https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/111
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment an admin can decide whether or not a user is a system
account by setting SystemAccount= to true or false in the users
cache file, but there's no way to to do the same sort of configuration
for deciding whether or not a user is a local account.
This commit adds support for a new LocalAccount= key in the cache file.
Note, by default this key won't get written into the cache file and
instead accountsservice will continue to rely on it's "user is in
/etc/shadow" heuristic.
The key only gets rewritten into the file during cache file
serialization if an admin added it there first.
Closes: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/110
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now we assume all local users are in /etc/shadow. This
mostly right, but there may be cases where an admin wants a user
to be treated as local even though they don't have a password
set there.
As a first step toward supporting that end goal, this commit changes
the code to track local users in a hash table allocated outside
of the generator function. This way the table can be used from
more than one generator.
A future commit will change the cache file generator to populate
the local users hash table as well.
|
| |
|
|
|
|
|
|
| |
<stdio.h> needs to be included for printf. Newer compilers like Clang 16 make
implicit function declarations an error by default which can cause misleading
or incorrect configure test results.
Signed-off-by: Sam James <sam@gentoo.org>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turning off shadow passwords with `shadowconfig off` or `pwunconv`
(so that the hashed password is in /etc/passwd) is something that
distributions still at least half-support, and apparently some people
genuinely do this. After resolving #107 this would cause accountsservice
to crash. Looking at the implementation, it seems the same crash would
happen if /etc/shadow is present but empty.
In this situation, treat all users as non-local (unless cached) with a
warning, but don't crash.
Bug-Debian: https://bugs.debian.org/1031309
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
|
| |
This lets the compiler detect and diagnose type mismatches like the one
fixed in the previous commit.
Helps: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Uid property is defined in the D-Bus introspection XML to be a
64-bit unsigned integer, so we need to treat it as such when using
varargs. Otherwise, architectures that do not align arguments on the
stack at 64-bit boundaries can parse the stack incorrectly, resulting
in a crash.
For whatever obscure ABI reason, among Debian's supported architectures
this only showed up as a segmentation fault on 32-bit ARM (specifically
ARMv5 softfloat and ARMv7 hardfloat), and not on (for example) i386.
Resolves: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/109
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to https://bugs.freedesktop.org/show_bug.cgi?id=48177 and
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/merge_requests/116,
the intention is that merely existing in /etc/passwd is not enough to
consider an account to be local; it must also be listed in /etc/shadow.
This was done to provide graceful handling of systems where the
complete list of LDAP/NIS/etc. users is written into /etc/passwd by
rsync or similar instead of using a NSS plugin (but authentication still
uses a PAM plugin). However, this unintentionally regressed in 34bedecf
which continues reading after an account not in /etc/shadow is found.
entry_generator_fgetpwent() intentionally only outputs a maximum of 50
users, and only outputs users that are classified as likely to be human
users' accounts, as opposed to system uids. However, when enumerating
cached or explicitly requested users, we need to look them up in a
complete list of local users. Otherwise, we can incorrectly classify
local users as remote (if they are beyond the limit of 50 or have a
username or shell that is more typically used for system users), which
makes at least GNOME Settings display a misleading user interface for
those users.
Resolves: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/107
Bug-Debian: https://bugs.debian.org/1030262
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
| |
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
|
|
| |
Writing the password to chpasswd's standard input avoids it becoming
visible in `/proc/$pid/cmdline` (CVE-2012-6655).
Resolves: https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/8
Bug-Debian: https://bugs.debian.org/757912
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
|
| |
Workaround for https://github.com/gcovr/gcovr/issues/710 and similar
bugs. Because Meson invokes gcovr internally, it doesn't seem to be
possible to add options any other way.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
| |
I named my fork smcv/accountsservice-branches> and now I regret that
choice.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| |
|
|
|
|
|
| |
This is not in systemd-devel because it contains facts about the service
manager itself, rather than facts about the libsystemd shared library.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Now that the accountsservice code has been uncrustified, it would be
good to keep it that way going forward.
plymouth has a script it runs during CI to check the coding style.
This commit steals that script and uses it for accountsservice CI
too.
|
| |
|
|
|
| |
This is necessary for the CI_MERGE_REQUEST_DIFF_BASE_SHA variable
to be exposed.
|
| |
|
|
|
|
|
|
|
|
|
| |
The accountsservice coding style is less than pristine, and it would be
good to improve that going forward.
Its coding style is ostensibly the same as plymouths, though, and
plymouth has an uncrustify config hammered out already.
This commit runs the tree through that config to get things in better
shape.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This will get an array of unique languages, formatted in XPG locale
format, as used by all the users of the system.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Languages is a property that can be used by desktops to declare what
languages other than the main UI language they would want to use, such
as fallback languages for missing translations, preferred languages in
subtitles, installed dictionaries, etc.
See https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1969
|
