1 |
pacho 13/12/04 19:38:30 |
2 |
|
3 |
Added: accountsservice-0.6.35-nondelete-root.patch |
4 |
accountsservice-0.6.35-user-logic.patch |
5 |
accountsservice-0.6.35-older-glib.patch |
6 |
accountsservice-0.6.35-gentoo-system-users.patch |
7 |
Removed: accountsservice-0.6.30-xsession-typo.patch |
8 |
accountsservice-0.6.30-login-history-variant.patch |
9 |
Log: |
10 |
Version bump, drop old |
11 |
|
12 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key A188FBD4) |
13 |
|
14 |
Revision Changes Path |
15 |
1.1 sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch |
16 |
|
17 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch?rev=1.1&view=markup |
18 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch?rev=1.1&content-type=text/plain |
19 |
|
20 |
Index: accountsservice-0.6.35-nondelete-root.patch |
21 |
=================================================================== |
22 |
From 980692e6b9cfe4a34e22f566e0981a8c549e4348 Mon Sep 17 00:00:00 2001 |
23 |
From: Matthias Clasen <mclasen@××××××.com> |
24 |
Date: Fri, 01 Nov 2013 21:09:25 +0000 |
25 |
Subject: Avoid deleting the root user |
26 |
|
27 |
The check we have in place against deleting the root user can |
28 |
be tricked by exploiting the fact that we are checking a gint64, |
29 |
and then later cast it to a uid_t. This can be seen with the |
30 |
following test, which will delete your root account: |
31 |
|
32 |
qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \ |
33 |
org.freedesktop.Accounts.DeleteUser -9223372036854775808 true |
34 |
|
35 |
Found with the dfuzzer tool, |
36 |
https://github.com/matusmarhefka/dfuzzer |
37 |
--- |
38 |
diff --git a/src/daemon.c b/src/daemon.c |
39 |
index ea75190..9c7001b 100644 |
40 |
--- a/src/daemon.c |
41 |
+++ b/src/daemon.c |
42 |
@@ -1227,7 +1227,7 @@ daemon_uncache_user (AccountsAccounts *accounts, |
43 |
} |
44 |
|
45 |
typedef struct { |
46 |
- gint64 uid; |
47 |
+ uid_t uid; |
48 |
gboolean remove_files; |
49 |
} DeleteUserData; |
50 |
|
51 |
@@ -1309,13 +1309,13 @@ daemon_delete_user (AccountsAccounts *accounts, |
52 |
Daemon *daemon = (Daemon*)accounts; |
53 |
DeleteUserData *data; |
54 |
|
55 |
- if (uid == 0) { |
56 |
+ if ((uid_t)uid == 0) { |
57 |
throw_error (context, ERROR_FAILED, "Refuse to delete root user"); |
58 |
return TRUE; |
59 |
} |
60 |
|
61 |
data = g_new0 (DeleteUserData, 1); |
62 |
- data->uid = uid; |
63 |
+ data->uid = (uid_t)uid; |
64 |
data->remove_files = remove_files; |
65 |
|
66 |
daemon_local_check_auth (daemon, |
67 |
-- |
68 |
cgit v0.9.0.2-2-gbebe |
69 |
|
70 |
|
71 |
|
72 |
1.1 sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch |
73 |
|
74 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch?rev=1.1&view=markup |
75 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch?rev=1.1&content-type=text/plain |
76 |
|
77 |
Index: accountsservice-0.6.35-user-logic.patch |
78 |
=================================================================== |
79 |
From ba13b59cb91ec67c86b3e3fb390d91db01df8963 Mon Sep 17 00:00:00 2001 |
80 |
From: Ray Strode <rstrode@××××××.com> |
81 |
Date: Fri, 15 Nov 2013 15:11:15 +0000 |
82 |
Subject: Change up user classification logic again |
83 |
|
84 |
relying on login.defs is fragile, and the |
85 |
user heuristics are fragile. |
86 |
|
87 |
This commit requires an explicit uid minimum |
88 |
get configured, and heuristics now only get |
89 |
applied to the specific problematic range |
90 |
they were added to address. |
91 |
|
92 |
https://bugs.freedesktop.org/show_bug.cgi?id=71801 |
93 |
--- |
94 |
diff --git a/configure.ac b/configure.ac |
95 |
index cb1fcda..39c5b92 100644 |
96 |
--- a/configure.ac |
97 |
+++ b/configure.ac |
98 |
@@ -55,11 +55,17 @@ AS_IF([test x$enable_admin_group = xauto], [ |
99 |
AC_DEFINE_UNQUOTED([ADMIN_GROUP], ["$enable_admin_group"], [Define to the group for administrator users]) |
100 |
|
101 |
AC_ARG_ENABLE(user-heuristics, |
102 |
- [AS_HELP_STRING([--enable-user-heuristics],[Enable heuristics for guessing system vs. human users])], |
103 |
+ [AS_HELP_STRING([--enable-user-heuristics],[Enable heuristics for guessing system vs. human users in the range 500-minimum-uid])], |
104 |
[if test "$enableval" = yes; then |
105 |
AC_DEFINE([ENABLE_USER_HEURISTICS], , [System vs. human user heuristics enabled]) |
106 |
fi]) |
107 |
|
108 |
+AC_ARG_WITH(minimum-uid, |
109 |
+ [AS_HELP_STRING([--with-minimum-uid],[Set minimum uid for human users])], |
110 |
+ ,with_minimum_uid=1000) |
111 |
+ |
112 |
+AC_DEFINE_UNQUOTED([MINIMUM_UID], $with_minimum_uid, [Define to the minumum UID of human users]) |
113 |
+ |
114 |
dnl --------------------------------------------------------------------------- |
115 |
dnl - coverage |
116 |
dnl --------------------------------------------------------------------------- |
117 |
diff --git a/src/user-classify.c b/src/user-classify.c |
118 |
index b68c9ae..69e6809 100644 |
119 |
--- a/src/user-classify.c |
120 |
+++ b/src/user-classify.c |
121 |
@@ -26,7 +26,6 @@ |
122 |
|
123 |
#include <string.h> |
124 |
|
125 |
-#ifdef ENABLE_USER_HEURISTICS |
126 |
static const char *default_excludes[] = { |
127 |
"bin", |
128 |
"root", |
129 |
@@ -57,16 +56,10 @@ static const char *default_excludes[] = { |
130 |
"gnome-initial-setup" |
131 |
}; |
132 |
|
133 |
-#define PATH_NOLOGIN "/sbin/nologin" |
134 |
-#define PATH_FALSE "/bin/false" |
135 |
- |
136 |
static gboolean |
137 |
-user_classify_is_excluded_by_heuristics (const gchar *username, |
138 |
- const gchar *shell, |
139 |
- const gchar *password_hash) |
140 |
+user_classify_is_blacklisted (const char *username) |
141 |
{ |
142 |
static GHashTable *exclusions; |
143 |
- gboolean ret = FALSE; |
144 |
|
145 |
if (exclusions == NULL) { |
146 |
guint i; |
147 |
@@ -82,6 +75,20 @@ user_classify_is_excluded_by_heuristics (const gchar *username, |
148 |
return TRUE; |
149 |
} |
150 |
|
151 |
+ return FALSE; |
152 |
+} |
153 |
+ |
154 |
+#define PATH_NOLOGIN "/sbin/nologin" |
155 |
+#define PATH_FALSE "/bin/false" |
156 |
+ |
157 |
+#ifdef ENABLE_USER_HEURISTICS |
158 |
+static gboolean |
159 |
+user_classify_is_excluded_by_heuristics (const gchar *username, |
160 |
+ const gchar *shell, |
161 |
+ const gchar *password_hash) |
162 |
+{ |
163 |
+ gboolean ret = FALSE; |
164 |
+ |
165 |
if (shell != NULL) { |
166 |
char *basename, *nologin_basename, *false_basename; |
167 |
|
168 |
@@ -139,99 +146,6 @@ user_classify_is_excluded_by_heuristics (const gchar *username, |
169 |
|
170 |
return ret; |
171 |
} |
172 |
- |
173 |
-#else /* ENABLE_USER_HEURISTICS */ |
174 |
- |
175 |
-static gboolean |
176 |
-user_classify_parse_login_defs_field (const gchar *contents, |
177 |
- const gchar *key, |
178 |
- uid_t *result) |
179 |
-{ |
180 |
- gsize key_len; |
181 |
- gint64 value; |
182 |
- gchar *end; |
183 |
- |
184 |
- key_len = strlen (key); |
185 |
- |
186 |
- for (;;) { |
187 |
- /* Our key has to be at the start of the line, followed by whitespace */ |
188 |
- if (strncmp (contents, key, key_len) == 0 && g_ascii_isspace (contents[key_len])) { |
189 |
- /* Found it. Move contents past the key itself and break out. */ |
190 |
- contents += key_len; |
191 |
- break; |
192 |
- } |
193 |
- |
194 |
- /* Didn't find it. Find the end of the line. */ |
195 |
- contents = strchr (contents, '\n'); |
196 |
- |
197 |
- /* EOF? */ |
198 |
- if (!contents) { |
199 |
- /* We didn't find the field... */ |
200 |
- return FALSE; |
201 |
- } |
202 |
- |
203 |
- /* Start at the beginning of the next line on next iteration. */ |
204 |
- contents++; |
205 |
- } |
206 |
- |
207 |
- /* 'contents' now points at the whitespace character just after |
208 |
- * the field name. strtoll can deal with that. |
209 |
- */ |
210 |
- value = g_ascii_strtoll (contents, &end, 10); |
211 |
- |
212 |
- if (*end && !g_ascii_isspace (*end)) { |
213 |
- g_warning ("Trailing junk after '%s' field in login.defs", key); |
214 |
- return FALSE; |
215 |
- } |
216 |
- |
217 |
- if (value <= 0 || value >= G_MAXINT32) { |
218 |
- g_warning ("Value for '%s' field out of range", key); |
219 |
- return FALSE; |
220 |
- } |
221 |
- |
222 |
- *result = value; |
223 |
- |
224 |
- return TRUE; |
225 |
-} |
226 |
- |
227 |
-static void |
228 |
-user_classify_read_login_defs (uid_t *min_uid, |
229 |
- uid_t *max_uid) |
230 |
-{ |
231 |
- GError *error = NULL; |
232 |
- char *contents; |
233 |
- |
234 |
- if (!g_file_get_contents ("/etc/login.defs", &contents, NULL, &error)) { |
235 |
- g_warning ("Could not open /etc/login.defs: %s. Falling back to default human uid range of %d to %d", |
236 |
- error->message, (int) *min_uid, (int) *max_uid); |
237 |
- g_error_free (error); |
238 |
- return; |
239 |
- } |
240 |
- |
241 |
- if (!user_classify_parse_login_defs_field (contents, "UID_MIN", min_uid)) { |
242 |
- g_warning ("Could not find UID_MIN value in login.defs. Using default of %d", (int) *min_uid); |
243 |
- } |
244 |
- |
245 |
- if (!user_classify_parse_login_defs_field (contents, "UID_MAX", max_uid)) { |
246 |
- g_warning ("Could not find UID_MIN value in login.defs. Using default of %d", (int) *max_uid); |
247 |
- } |
248 |
- |
249 |
- g_free (contents); |
250 |
-} |
251 |
- |
252 |
-static gboolean |
253 |
-user_classify_is_in_human_range (uid_t uid) |
254 |
-{ |
255 |
- static uid_t min_uid = 1000, max_uid = 60000; |
256 |
- static gboolean initialised; |
257 |
- |
258 |
- if (!initialised) { |
259 |
- user_classify_read_login_defs (&min_uid, &max_uid); |
260 |
- initialised = TRUE; |
261 |
- } |
262 |
- |
263 |
- return min_uid <= uid && uid <= max_uid; |
264 |
-} |
265 |
#endif /* ENABLE_USER_HEURISTICS */ |
266 |
|
267 |
gboolean |
268 |
@@ -240,9 +154,16 @@ user_classify_is_human (uid_t uid, |
269 |
const gchar *shell, |
270 |
const gchar *password_hash) |
271 |
{ |
272 |
+ if (user_classify_is_blacklisted (username)) |
273 |
+ return FALSE; |
274 |
+ |
275 |
#ifdef ENABLE_USER_HEURISTICS |
276 |
- return !user_classify_is_excluded_by_heuristics (username, shell, password_hash); |
277 |
-#else |
278 |
- return user_classify_is_in_human_range (uid); |
279 |
+ /* only do heuristics on the range 500-1000 to catch one off migration problems in Fedora */ |
280 |
+ if (uid >= 500 && uid < MINIMUM_UID) { |
281 |
+ if (!user_classify_is_excluded_by_heuristics (username, shell, password_hash)) |
282 |
+ return TRUE; |
283 |
+ } |
284 |
#endif |
285 |
+ |
286 |
+ return uid >= MINIMUM_UID; |
287 |
} |
288 |
-- |
289 |
cgit v0.9.0.2-2-gbebe |
290 |
|
291 |
|
292 |
|
293 |
1.1 sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch |
294 |
|
295 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch?rev=1.1&view=markup |
296 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch?rev=1.1&content-type=text/plain |
297 |
|
298 |
Index: accountsservice-0.6.35-older-glib.patch |
299 |
=================================================================== |
300 |
From f86c93014e698d81d43fe1ebaf805fa794e5a984 Mon Sep 17 00:00:00 2001 |
301 |
From: Ray Strode <rstrode@××××××.com> |
302 |
Date: Tue, 22 Oct 2013 19:42:16 +0000 |
303 |
Subject: daemon: rip out extension interface |
304 |
|
305 |
It requires newer glib than we're shipping |
306 |
--- |
307 |
diff --git a/configure.ac b/configure.ac |
308 |
index cb1fcda..a7f4e20 100644 |
309 |
--- a/configure.ac |
310 |
+++ b/configure.ac |
311 |
@@ -25,7 +25,7 @@ AC_SUBST(LT_CURRENT) |
312 |
AC_SUBST(LT_REVISION) |
313 |
AC_SUBST(LT_AGE) |
314 |
|
315 |
-PKG_CHECK_MODULES(GIO, gio-2.0 >= 2.37.3 gio-unix-2.0) |
316 |
+PKG_CHECK_MODULES(GIO, gio-2.0 gio-unix-2.0) |
317 |
PKG_CHECK_MODULES(POLKIT, gio-unix-2.0 polkit-gobject-1) |
318 |
|
319 |
AM_MAINTAINER_MODE([enable]) |
320 |
diff --git a/src/Makefile.am b/src/Makefile.am |
321 |
index 6940f2d..de57e7a 100644 |
322 |
--- a/src/Makefile.am |
323 |
+++ b/src/Makefile.am |
324 |
@@ -34,7 +34,6 @@ accounts_daemon_SOURCES = \ |
325 |
types.h \ |
326 |
daemon.h \ |
327 |
daemon.c \ |
328 |
- extensions.c \ |
329 |
user-classify.h \ |
330 |
user-classify.c \ |
331 |
user.h \ |
332 |
diff --git a/src/daemon.c b/src/daemon.c |
333 |
index 9c9f617..ea75190 100644 |
334 |
--- a/src/daemon.c |
335 |
+++ b/src/daemon.c |
336 |
@@ -80,7 +80,6 @@ struct DaemonPrivate { |
337 |
guint autologin_id; |
338 |
|
339 |
PolkitAuthority *authority; |
340 |
- GHashTable *extension_ifaces; |
341 |
}; |
342 |
|
343 |
typedef struct passwd * (* EntryGeneratorFunc) (GHashTable *, gpointer *); |
344 |
@@ -683,8 +682,6 @@ daemon_init (Daemon *daemon) |
345 |
{ |
346 |
daemon->priv = DAEMON_GET_PRIVATE (daemon); |
347 |
|
348 |
- daemon->priv->extension_ifaces = daemon_read_extension_ifaces (); |
349 |
- |
350 |
daemon->priv->users = create_users_hash_table (); |
351 |
|
352 |
daemon->priv->passwd_monitor = setup_monitor (daemon, |
353 |
@@ -728,8 +725,6 @@ daemon_finalize (GObject *object) |
354 |
|
355 |
g_hash_table_destroy (daemon->priv->users); |
356 |
|
357 |
- g_hash_table_unref (daemon->priv->extension_ifaces); |
358 |
- |
359 |
G_OBJECT_CLASS (daemon_parent_class)->finalize (object); |
360 |
} |
361 |
|
362 |
@@ -1553,12 +1548,6 @@ daemon_local_set_automatic_login (Daemon *daemon, |
363 |
return TRUE; |
364 |
} |
365 |
|
366 |
-GHashTable * |
367 |
-daemon_get_extension_ifaces (Daemon *daemon) |
368 |
-{ |
369 |
- return daemon->priv->extension_ifaces; |
370 |
-} |
371 |
- |
372 |
static void |
373 |
get_property (GObject *object, |
374 |
guint prop_id, |
375 |
diff --git a/src/daemon.h b/src/daemon.h |
376 |
index b7e072e..e036407 100644 |
377 |
--- a/src/daemon.h |
378 |
+++ b/src/daemon.h |
379 |
@@ -96,9 +96,6 @@ gboolean daemon_local_set_automatic_login (Daemon *daemon, |
380 |
gboolean enabled, |
381 |
GError **error); |
382 |
|
383 |
-GHashTable * daemon_read_extension_ifaces (void); |
384 |
-GHashTable * daemon_get_extension_ifaces (Daemon *daemon); |
385 |
- |
386 |
G_END_DECLS |
387 |
|
388 |
#endif /* __DAEMON_H__ */ |
389 |
diff --git a/src/user.c b/src/user.c |
390 |
index 1698eeb..163d136 100644 |
391 |
--- a/src/user.c |
392 |
+++ b/src/user.c |
393 |
@@ -104,9 +104,6 @@ struct User { |
394 |
gboolean automatic_login; |
395 |
gboolean system_account; |
396 |
gboolean local_account; |
397 |
- |
398 |
- guint *extension_ids; |
399 |
- guint n_extension_ids; |
400 |
}; |
401 |
|
402 |
typedef struct UserClass |
403 |
@@ -463,259 +460,6 @@ move_extra_data (const gchar *old_name, |
404 |
g_free (new_filename); |
405 |
} |
406 |
|
407 |
-static GVariant * |
408 |
-user_extension_get_value (User *user, |
409 |
- GDBusInterfaceInfo *interface, |
410 |
- const GDBusPropertyInfo *property) |
411 |
-{ |
412 |
- const GVariantType *type = G_VARIANT_TYPE (property->signature); |
413 |
- GVariant *value; |
414 |
- gchar *printed; |
415 |
- gint i; |
416 |
- |
417 |
- /* First, try to get the value from the keyfile */ |
418 |
- printed = g_key_file_get_value (user->keyfile, interface->name, property->name, NULL); |
419 |
- if (printed) { |
420 |
- value = g_variant_parse (type, printed, NULL, NULL, NULL); |
421 |
- g_free (printed); |
422 |
- |
423 |
- if (value != NULL) |
424 |
- return value; |
425 |
- } |
426 |
- |
427 |
- /* If that didn't work, try for a default value annotation */ |
428 |
- for (i = 0; property->annotations && property->annotations[i]; i++) { |
429 |
- GDBusAnnotationInfo *annotation = property->annotations[i]; |
430 |
- |
431 |
- if (g_str_equal (annotation->key, "org.freedesktop.Accounts.DefaultValue.String")) { |
432 |
- if (g_str_equal (property->signature, "s")) |
433 |
- return g_variant_ref_sink (g_variant_new_string (annotation->value)); |
434 |
- } |
435 |
- else if (g_str_equal (annotation->key, "org.freedesktop.Accounts.DefaultValue")) { |
436 |
- value = g_variant_parse (type, annotation->value, NULL, NULL, NULL); |
437 |
- if (value != NULL) |
438 |
- return value; |
439 |
- } |
440 |
- } |
441 |
- |
442 |
- /* Nothing found... */ |
443 |
- return NULL; |
444 |
-} |
445 |
- |
446 |
-static void |
447 |
-user_extension_get_property (User *user, |
448 |
- Daemon *daemon, |
449 |
- GDBusInterfaceInfo *interface, |
450 |
- GDBusMethodInvocation *invocation) |
451 |
-{ |
452 |
- const GDBusPropertyInfo *property = g_dbus_method_invocation_get_property_info (invocation); |
453 |
- GVariant *value; |
454 |
- |
455 |
- value = user_extension_get_value (user, interface, property); |
456 |
- |
457 |
- if (value) { |
458 |
- g_dbus_method_invocation_return_value (invocation, g_variant_new ("(v)", value)); |
459 |
- g_variant_unref (value); |
460 |
- } |
461 |
- else { |
462 |
- g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS, |
463 |
- "Key '%s' is not set and has no default value", |
464 |
- property->name); |
465 |
- } |
466 |
-} |
467 |
- |
468 |
-static void |
469 |
-user_extension_get_all_properties (User *user, |
470 |
- Daemon *daemon, |
471 |
- GDBusInterfaceInfo *interface, |
472 |
- GDBusMethodInvocation *invocation) |
473 |
-{ |
474 |
- GVariantBuilder builder; |
475 |
- gint i; |
476 |
- |
477 |
- g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT); |
478 |
- for (i = 0; interface->properties && interface->properties[i]; i++) { |
479 |
- GDBusPropertyInfo *property = interface->properties[i]; |
480 |
- GVariant *value; |
481 |
- |
482 |
- value = user_extension_get_value (user, interface, property); |
483 |
- |
484 |
- if (value) { |
485 |
- g_variant_builder_add (&builder, "{sv}", property->name, value); |
486 |
- g_variant_unref (value); |
487 |
- } |
488 |
- } |
489 |
- |
490 |
- g_dbus_method_invocation_return_value (invocation, g_variant_new ("(a{sv})", &builder)); |
491 |
-} |
492 |
- |
493 |
-static void |
494 |
-user_extension_set_property (User *user, |
495 |
- Daemon *daemon, |
496 |
- GDBusInterfaceInfo *interface, |
497 |
- GDBusMethodInvocation *invocation) |
498 |
-{ |
499 |
- const GDBusPropertyInfo *property = g_dbus_method_invocation_get_property_info (invocation); |
500 |
- GVariant *value; |
501 |
- gchar *printed; |
502 |
- gchar *prev; |
503 |
- |
504 |
- g_variant_get_child (g_dbus_method_invocation_get_parameters (invocation), 2, "v", &value); |
505 |
- |
506 |
- /* We'll always have the type when we parse it back so |
507 |
- * we don't need it to be printed with annotations. |
508 |
- */ |
509 |
- printed = g_variant_print (value, FALSE); |
510 |
- |
511 |
- /* May as well try to avoid the thrashing... */ |
512 |
- prev = g_key_file_get_value (user->keyfile, interface->name, property->name, NULL); |
513 |
- |
514 |
- if (!prev || !g_str_equal (printed, prev)) { |
515 |
- g_key_file_set_value (user->keyfile, interface->name, property->name, printed); |
516 |
- |
517 |
- /* Emit a change signal. Use invalidation |
518 |
- * because the data may not be world-readable. |
519 |
- */ |
520 |
- g_dbus_connection_emit_signal (g_dbus_method_invocation_get_connection (invocation), |
521 |
- NULL, /* destination_bus_name */ |
522 |
- g_dbus_method_invocation_get_object_path (invocation), |
523 |
- "org.freedesktop.DBus.Properties", "PropertiesChanged", |
524 |
- g_variant_new_parsed ("( %s, %a{sv}, [ %s ] )", |
525 |
- interface->name, NULL, property->name), |
526 |
- NULL); |
527 |
- |
528 |
- accounts_user_emit_changed (ACCOUNTS_USER (user)); |
529 |
- save_extra_data (user); |
530 |
- } |
531 |
- |
532 |
- g_variant_unref (value); |
533 |
- g_free (printed); |
534 |
- g_free (prev); |
535 |
- |
536 |
- g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); |
537 |
-} |
538 |
- |
539 |
-static void |
540 |
-user_extension_authentication_done (Daemon *daemon, |
541 |
- User *user, |
542 |
- GDBusMethodInvocation *invocation, |
543 |
- gpointer user_data) |
544 |
-{ |
545 |
- GDBusInterfaceInfo *interface = user_data; |
546 |
- const gchar *method_name; |
547 |
- |
548 |
- method_name = g_dbus_method_invocation_get_method_name (invocation); |
549 |
- |
550 |
- if (g_str_equal (method_name, "Get")) |
551 |
- user_extension_get_property (user, daemon, interface, invocation); |
552 |
- else if (g_str_equal (method_name, "GetAll")) |
553 |
- user_extension_get_all_properties (user, daemon, interface, invocation); |
554 |
- else if (g_str_equal (method_name, "Set")) |
555 |
- user_extension_set_property (user, daemon, interface, invocation); |
556 |
- else |
557 |
- g_assert_not_reached (); |
558 |
-} |
559 |
- |
560 |
-static void |
561 |
-user_extension_method_call (GDBusConnection *connection, |
562 |
- const gchar *sender, |
563 |
- const gchar *object_path, |
564 |
- const gchar *interface_name, |
565 |
- const gchar *method_name, |
566 |
- GVariant *parameters, |
567 |
- GDBusMethodInvocation *invocation, |
568 |
- gpointer user_data) |
569 |
-{ |
570 |
- User *user = user_data; |
571 |
- GDBusInterfaceInfo *iface_info; |
572 |
- const gchar *annotation_name; |
573 |
- const gchar *action_id; |
574 |
- gint uid; |
575 |
- gint i; |
576 |
- |
577 |
- /* We don't allow method calls on extension interfaces, so we |
578 |
- * should only ever see property calls here. |
579 |
- */ |
580 |
- g_assert_cmpstr (interface_name, ==, "org.freedesktop.DBus.Properties"); |
581 |
- |
582 |
- /* Now get the real interface name */ |
583 |
- g_variant_get_child (parameters, 0, "&s", &interface_name); |
584 |
- |
585 |
- if (get_caller_uid (invocation, &uid) && (uid_t) uid == user->uid) { |
586 |
- /* Operation on sender's own User object */ |
587 |
- if (g_str_equal (method_name, "Set")) { |
588 |
- annotation_name = "org.freedesktop.Accounts.Authentication.ChangeOwn"; |
589 |
- action_id = "org.freedesktop.accounts.change-own-user-data"; |
590 |
- } |
591 |
- else { |
592 |
- annotation_name = "org.freedesktop.Accounts.Authentication.ReadOwn"; |
593 |
- action_id = ""; /* reading allowed by default */ |
594 |
- } |
595 |
- } |
596 |
- else { |
597 |
- /* Operation on someone else's User object */ |
598 |
- if (g_str_equal (method_name, "Set")) { |
599 |
- annotation_name = "org.freedesktop.Accounts.Authentication.ChangeAny"; |
600 |
- action_id = "org.freedesktop.accounts.user-administration"; |
601 |
- } |
602 |
- else { |
603 |
- annotation_name = "org.freedesktop.Accounts.Authentication.ReadAny"; |
604 |
- action_id = ""; /* reading allowed by default */ |
605 |
- } |
606 |
- } |
607 |
- |
608 |
- iface_info = g_hash_table_lookup (daemon_get_extension_ifaces (user->daemon), interface_name); |
609 |
- g_assert (iface_info != NULL); |
610 |
- |
611 |
- for (i = 0; iface_info->annotations && iface_info->annotations[i]; i++) { |
612 |
- if (g_str_equal (iface_info->annotations[i]->key, annotation_name)) { |
613 |
- action_id = iface_info->annotations[i]->value; |
614 |
- break; |
615 |
- } |
616 |
- } |
617 |
- |
618 |
- if (action_id[0] == '\0') { |
619 |
- /* Should always allow this call, so just do it now */ |
620 |
- user_extension_authentication_done (user->daemon, user, invocation, iface_info); |
621 |
- } |
622 |
- else { |
623 |
- daemon_local_check_auth (user->daemon, user, action_id, TRUE, |
624 |
- user_extension_authentication_done, |
625 |
- invocation, iface_info, NULL); |
626 |
- } |
627 |
-} |
628 |
- |
629 |
-static void |
630 |
-user_register_extensions (User *user) |
631 |
-{ |
632 |
- static const GDBusInterfaceVTable vtable = { |
633 |
- user_extension_method_call, |
634 |
- NULL /* get_property */, |
635 |
- NULL /* set_property */ |
636 |
- }; |
637 |
- GHashTable *extensions; |
638 |
- GHashTableIter iter; |
639 |
- gpointer iface; |
640 |
- gint i = 0; |
641 |
- |
642 |
- g_assert (user->extension_ids == NULL); |
643 |
- g_assert (user->n_extension_ids == 0); |
644 |
- |
645 |
- extensions = daemon_get_extension_ifaces (user->daemon); |
646 |
- user->n_extension_ids = g_hash_table_size (extensions); |
647 |
- user->extension_ids = g_new (guint, user->n_extension_ids); |
648 |
- g_hash_table_iter_init (&iter, extensions); |
649 |
- |
650 |
- /* Ignore errors when registering more interfaces because (a) |
651 |
- * they won't happen and (b) even if they do, we still want to |
652 |
- * publish the main user interface. |
653 |
- */ |
654 |
- while (g_hash_table_iter_next (&iter, NULL, &iface)) |
655 |
- user->extension_ids[i++] = g_dbus_connection_register_object (user->system_bus_connection, |
656 |
- user->object_path, iface, |
657 |
- &vtable, user, NULL, NULL); |
658 |
-} |
659 |
- |
660 |
static gchar * |
661 |
compute_object_path (User *user) |
662 |
{ |
663 |
@@ -753,8 +497,6 @@ user_register (User *user) |
664 |
} |
665 |
return; |
666 |
} |
667 |
- |
668 |
- user_register_extensions (user); |
669 |
} |
670 |
|
671 |
void |
672 |
@@ -767,21 +509,6 @@ void |
673 |
user_unregister (User *user) |
674 |
{ |
675 |
g_dbus_interface_skeleton_unexport (G_DBUS_INTERFACE_SKELETON (user)); |
676 |
- |
677 |
- if (user->extension_ids) { |
678 |
- guint i; |
679 |
- |
680 |
- for (i = 0; i < user->n_extension_ids; i++) { |
681 |
- /* In theory, if an error happened during registration, we could have 0 here. */ |
682 |
- if (user->extension_ids[i] == 0) |
683 |
- continue; |
684 |
- |
685 |
- g_dbus_connection_unregister_object (user->system_bus_connection, user->extension_ids[i]); |
686 |
- } |
687 |
- |
688 |
- g_clear_pointer (&user->extension_ids, g_free); |
689 |
- user->n_extension_ids = 0; |
690 |
- } |
691 |
} |
692 |
|
693 |
void |
694 |
-- |
695 |
cgit v0.9.0.2-2-gbebe |
696 |
|
697 |
|
698 |
|
699 |
1.1 sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch |
700 |
|
701 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch?rev=1.1&view=markup |
702 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch?rev=1.1&content-type=text/plain |
703 |
|
704 |
Index: accountsservice-0.6.35-gentoo-system-users.patch |
705 |
=================================================================== |
706 |
--- src/user-classify.c.old 2013-12-04 20:29:48.944454769 +0100 |
707 |
+++ src/user-classify.c 2013-12-04 20:32:59.728283477 +0100 |
708 |
@@ -55,6 +55,48 @@ |
709 |
"at", |
710 |
"gdm", |
711 |
"gnome-initial-setup" |
712 |
+ /* Additional Gentoo system users with non-trivial login shell */ |
713 |
+ "amanda", |
714 |
+ "backuppc", |
715 |
+ "drqueue", |
716 |
+ "firebird", |
717 |
+ "flexlm", |
718 |
+ "foldingathome", |
719 |
+ "geneweb", |
720 |
+ "git", |
721 |
+ "gnump3d", |
722 |
+ "hacluster", |
723 |
+ "hg", |
724 |
+ "hsqldb", |
725 |
+ "infinote", |
726 |
+ "foldingathome", |
727 |
+ "geneweb", |
728 |
+ "git", |
729 |
+ "gnump3d", |
730 |
+ "hacluster", |
731 |
+ "hg", |
732 |
+ "hsqldb", |
733 |
+ "infinote", |
734 |
+ "jffnms", |
735 |
+ "klive", |
736 |
+ "mailman", |
737 |
+ "mpd", |
738 |
+ "mythtv", |
739 |
+ "nagios", |
740 |
+ "nx", |
741 |
+ "oneadmin", |
742 |
+ "openvpn", |
743 |
+ "p2p", |
744 |
+ "phxd", |
745 |
+ "resin", |
746 |
+ "rplayd", |
747 |
+ "scponly", |
748 |
+ "secoff", |
749 |
+ "tinyproxy", |
750 |
+ "ttrssd", |
751 |
+ "vboxguest", |
752 |
+ "vdr", |
753 |
+ "vdradmin", |
754 |
}; |
755 |
|
756 |
#define PATH_NOLOGIN "/sbin/nologin" |