From 919a4e8b48d37816fa7b0f7c79d6f3bac20c09bf Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 10 2018 05:37:40 +0000 Subject: import accountsservice-0.6.45-7.el7 --- diff --git a/SOURCES/0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch b/SOURCES/0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch new file mode 100644 index 0000000..b6b10fe --- /dev/null +++ b/SOURCES/0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch @@ -0,0 +1,89 @@ +From 919e8972a6635539499f153a28d92e0c4052b354 Mon Sep 17 00:00:00 2001 +From: Ondrej Holy +Date: Tue, 30 Jan 2018 08:58:20 +0100 +Subject: [PATCH 15/15] act-user: Prevent segfault if accounts_proxy is not + created + +act_user_get_locked may segfault if accounts_proxy is not created (e.g. +when run under root). All other functions which rely on accounts_proxy +already contain checks for NULL and valid ActUser. Do the same also in +act_user_get_locked in order to avoid segfaults in certain cases. + +https://bugs.freedesktop.org/show_bug.cgi?id=104851 +--- + src/libaccountsservice/act-user.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c +index a24f25a..e21c9db 100644 +--- a/src/libaccountsservice/act-user.c ++++ b/src/libaccountsservice/act-user.c +@@ -859,60 +859,65 @@ act_user_is_logged_in (ActUser *user) + + /** + * act_user_is_logged_in_anywhere: + * @user: a #ActUser + * + * Returns whether or not #ActUser is currently logged in in any way + * whatsoever. See also act_user_is_logged_in(). + * + * (Currently, this function is only implemented for systemd-logind. + * For ConsoleKit, it is equivalent to act_user_is_logged_in.) + * + * Returns: %TRUE or %FALSE + */ + gboolean + act_user_is_logged_in_anywhere (ActUser *user) + { + return user->our_sessions != NULL || user->other_sessions != NULL; + } + + /** + * act_user_get_locked: + * @user: a #ActUser + * + * Returns whether or not the #ActUser account is locked. + * + * Returns: %TRUE or %FALSE + */ + gboolean + act_user_get_locked (ActUser *user) + { ++ g_return_val_if_fail (ACT_IS_USER (user), TRUE); ++ ++ if (user->accounts_proxy == NULL) ++ return TRUE; ++ + return accounts_user_get_locked (user->accounts_proxy); + } + + /** + * act_user_get_automatic_login: + * @user: a #ActUser + * + * Returns whether or not #ActUser is automatically logged in at boot time. + * + * Returns: %TRUE or %FALSE + */ + gboolean + act_user_get_automatic_login (ActUser *user) + { + g_return_val_if_fail (ACT_IS_USER (user), FALSE); + + if (user->accounts_proxy == NULL) + return FALSE; + + return accounts_user_get_automatic_login (user->accounts_proxy); + } + + /** + * act_user_is_system_account: + * @user: a #ActUser + * + * Returns whether or not #ActUser represents a 'system account' like + * 'root' or 'nobody'. + * + * Returns: %TRUE or %FALSE +-- +2.14.3 + diff --git a/SOURCES/0016-daemon-don-t-return-account-expiration-policy-if-not.patch b/SOURCES/0016-daemon-don-t-return-account-expiration-policy-if-not.patch new file mode 100644 index 0000000..ca01fd1 --- /dev/null +++ b/SOURCES/0016-daemon-don-t-return-account-expiration-policy-if-not.patch @@ -0,0 +1,214 @@ +From 7facd87e8ba34654fc9c46b4a42943e92acafffb Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 7 Feb 2018 11:03:21 -0500 +Subject: [PATCH 16/16] daemon: don't return account expiration policy if not + known + +Right now we assume the user's shadow entry will always be available. +If it's not available, we return fields from it initialized to 0. + +That leads to spurious password expired notifications in GNOME. + +This commit throws a NOT_SUPPORTED error if the shadow file is off +limits. +--- + src/user.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/user.c b/src/user.c +index a83cfe4..cf7eb26 100644 +--- a/src/user.c ++++ b/src/user.c +@@ -79,60 +79,61 @@ struct User { + gchar *object_path; + + Daemon *daemon; + + GKeyFile *keyfile; + + uid_t uid; + gid_t gid; + gchar *user_name; + gchar *real_name; + AccountType account_type; + PasswordMode password_mode; + gchar *password_hint; + gchar *home_dir; + gchar *shell; + gchar *email; + gchar *language; + gchar *x_session; + gchar *location; + guint64 login_frequency; + gint64 login_time; + gint64 expiration_time; + gint64 last_change_time; + gint64 min_days_between_changes; + gint64 max_days_between_changes; + gint64 days_to_warn; + gint64 days_after_expiration_until_lock; + GVariant *login_history; + gchar *icon_file; + gchar *default_icon_file; ++ gboolean account_expiration_policy_known; + gboolean locked; + gboolean automatic_login; + gboolean system_account; + gboolean local_account; + gboolean cached; + + guint *extension_ids; + guint n_extension_ids; + }; + + typedef struct UserClass + { + AccountsUserSkeletonClass parent_class; + } UserClass; + + static void user_accounts_user_iface_init (AccountsUserIface *iface); + + G_DEFINE_TYPE_WITH_CODE (User, user, ACCOUNTS_TYPE_USER_SKELETON, G_IMPLEMENT_INTERFACE (ACCOUNTS_TYPE_USER, user_accounts_user_iface_init)); + + static gint + account_type_from_pwent (struct passwd *pwent) + { + struct group *grp; + gint i; + + if (pwent->pw_uid == 0) { + g_debug ("user is root so account type is administrator"); + return ACCOUNT_TYPE_ADMINISTRATOR; + } + +@@ -261,60 +262,61 @@ user_update_from_pwent (User *user, + locked = TRUE; + } + else { + locked = FALSE; + } + + if (user->locked != locked) { + user->locked = locked; + changed = TRUE; + g_object_notify (G_OBJECT (user), "locked"); + } + + if (passwd == NULL || passwd[0] != 0) { + mode = PASSWORD_MODE_REGULAR; + } + else { + mode = PASSWORD_MODE_NONE; + } + + if (spent) { + if (spent->sp_lstchg == 0) { + mode = PASSWORD_MODE_SET_AT_LOGIN; + } + + user->expiration_time = spent->sp_expire; + user->last_change_time = spent->sp_lstchg; + user->min_days_between_changes = spent->sp_min; + user->max_days_between_changes = spent->sp_max; + user->days_to_warn = spent->sp_warn; + user->days_after_expiration_until_lock = spent->sp_inact; ++ user->account_expiration_policy_known = TRUE; + } + + if (user->password_mode != mode) { + user->password_mode = mode; + changed = TRUE; + g_object_notify (G_OBJECT (user), "password-mode"); + } + + user->system_account = !user_classify_is_human (user->uid, user->user_name, pwent->pw_shell, passwd); + + g_object_thaw_notify (G_OBJECT (user)); + + if (changed) + accounts_user_emit_changed (ACCOUNTS_USER (user)); + } + + void + user_update_from_keyfile (User *user, + GKeyFile *keyfile) + { + gchar *s; + + g_object_freeze_notify (G_OBJECT (user)); + + s = g_key_file_get_string (keyfile, "User", "Language", NULL); + if (s != NULL) { + /* TODO: validate / normalize */ + g_free (user->language); + user->language = s; + g_object_notify (G_OBJECT (user), "language"); +@@ -1154,60 +1156,65 @@ user_set_x_session (AccountsUser *auser, + + if (!get_caller_uid (context, &uid)) { + throw_error (context, ERROR_FAILED, "identifying caller failed"); + return FALSE; + } + + if (user->uid == (uid_t) uid) + action_id = "org.freedesktop.accounts.change-own-user-data"; + else + action_id = "org.freedesktop.accounts.user-administration"; + + daemon_local_check_auth (user->daemon, + user, + action_id, + TRUE, + user_change_x_session_authorized_cb, + context, + g_strdup (x_session), + (GDestroyNotify) g_free); + + return TRUE; + } + + static void + user_get_password_expiration_policy_authorized_cb (Daemon *daemon, + User *user, + GDBusMethodInvocation *context, + gpointer data) + + { ++ if (!user->account_expiration_policy_known) { ++ throw_error (context, ERROR_NOT_SUPPORTED, "account expiration policy unknown to accounts service"); ++ return; ++ } ++ + accounts_user_complete_get_password_expiration_policy (ACCOUNTS_USER (user), + context, + user->expiration_time, + user->last_change_time, + user->min_days_between_changes, + user->max_days_between_changes, + user->days_to_warn, + user->days_after_expiration_until_lock); + } + + static gboolean + user_get_password_expiration_policy (AccountsUser *auser, + GDBusMethodInvocation *context) + { + User *user = (User*)auser; + int uid; + const gchar *action_id; + + if (!get_caller_uid (context, &uid)) { + throw_error (context, ERROR_FAILED, "identifying caller failed"); + return FALSE; + } + + if (user->uid == (uid_t) uid) + action_id = "org.freedesktop.accounts.change-own-user-data"; + else + action_id = "org.freedesktop.accounts.user-administration"; + + daemon_local_check_auth (user->daemon, + user, +-- +2.14.3 + diff --git a/SOURCES/0017-lib-don-t-try-to-update-login-frequency-manually.patch b/SOURCES/0017-lib-don-t-try-to-update-login-frequency-manually.patch new file mode 100644 index 0000000..5115683 --- /dev/null +++ b/SOURCES/0017-lib-don-t-try-to-update-login-frequency-manually.patch @@ -0,0 +1,163 @@ +From 94e16cbaba4e727af4fe40a039110c5d0f0eb467 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Wed, 14 Feb 2018 10:00:19 -0500 +Subject: [PATCH 17/17] lib: don't try to update login frequency manually + +The library will try to update the login frequency to 1 if the +requested user isn't finished asynchronously loading yet, but we +know they have an open session. + +That no longer works, since we no longer track login-frequency +separately from the dbus proxy object. + +This commit drops the code, since it's unnecessary anyway. + +To be "on the safe side" we change the value returned for unloaded +users from 0 to 1. This is okay because the value is undefined +before the user is loaded anyway. +--- + src/libaccountsservice/act-user-manager.c | 6 ------ + src/libaccountsservice/act-user.c | 2 +- + 2 files changed, 1 insertion(+), 7 deletions(-) + +diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c +index 6c6628b..6efb772 100644 +--- a/src/libaccountsservice/act-user-manager.c ++++ b/src/libaccountsservice/act-user-manager.c +@@ -1663,66 +1663,60 @@ get_x11_display_for_new_session (ActUserManagerNewSession *new_session) + static void + maybe_add_new_session (ActUserManagerNewSession *new_session) + { + ActUserManager *manager; + ActUser *user; + gboolean is_ours; + + manager = ACT_USER_MANAGER (new_session->manager); + + is_ours = TRUE; + + if (new_session->x11_display == NULL) { + g_debug ("AcUserManager: (mostly) ignoring session '%s' since it's not graphical", + new_session->id); + is_ours = FALSE; + } else if (session_is_login_window (manager, new_session->id)) { + new_session->state = ACT_USER_MANAGER_NEW_SESSION_STATE_LOADED; + unload_new_session (new_session); + return; + } else if (!session_is_on_our_seat (manager, new_session->id)) { + is_ours = FALSE; + } + + user = act_user_manager_get_user_by_id (manager, new_session->uid); + if (user == NULL) { + unload_new_session (new_session); + return; + } + + add_session_for_user (manager, user, new_session->id, is_ours); +- +- /* if we haven't yet gotten the login frequency +- then at least add one because the session exists */ +- if (act_user_get_login_frequency (user) == 0) { +- _act_user_update_login_frequency (user, 1); +- } + } + + static void + load_new_session (ActUserManager *manager, + const char *session_id) + { + ActUserManagerNewSession *new_session; + + new_session = g_slice_new0 (ActUserManagerNewSession); + + new_session->manager = g_object_ref (manager); + new_session->id = g_strdup (session_id); + new_session->state = ACT_USER_MANAGER_NEW_SESSION_STATE_UNLOADED + 1; + new_session->cancellable = g_cancellable_new (); + + manager->priv->new_sessions = g_slist_prepend (manager->priv->new_sessions, + new_session); + load_new_session_incrementally (new_session); + } + + static void + seat_session_added (GDBusProxy *seat_proxy, + const char *session_id, + ActUserManager *manager) + { + g_debug ("ActUserManager: Session added: %s", session_id); + + load_new_session (manager, session_id); + } + +diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c +index e21c9db..bc8b7f8 100644 +--- a/src/libaccountsservice/act-user.c ++++ b/src/libaccountsservice/act-user.c +@@ -705,61 +705,61 @@ act_user_get_location (ActUser *user) + * + * Returns: (transfer none): a pointer to an array of characters which must not be modified or + * freed, or %NULL. + **/ + + const char * + act_user_get_user_name (ActUser *user) + { + g_return_val_if_fail (ACT_IS_USER (user), NULL); + + if (user->accounts_proxy == NULL) + return NULL; + + return accounts_user_get_user_name (user->accounts_proxy); + } + + /** + * act_user_get_login_frequency: + * @user: a #ActUser + * + * Returns the number of times @user has logged in. + * + * Returns: the login frequency + */ + int + act_user_get_login_frequency (ActUser *user) + { + g_return_val_if_fail (ACT_IS_USER (user), 0); + + if (user->accounts_proxy == NULL) +- return 0; ++ return 1; + + return accounts_user_get_login_frequency (user->accounts_proxy); + } + + /** + * act_user_get_login_time: + * @user: a #ActUser + * + * Returns the last login time for @user. + * + * Returns: (transfer none): the login time + */ + gint64 + act_user_get_login_time (ActUser *user) + { + g_return_val_if_fail (ACT_IS_USER (user), 0); + + if (user->accounts_proxy == NULL) + return 0; + + return accounts_user_get_login_time (user->accounts_proxy); + } + + /** + * act_user_get_login_history: + * @user: a #ActUser + * + * Returns the login history for @user. + * + * Returns: (transfer none): a pointer to GVariant of type "a(xxa{sv})" +-- +2.14.3 + diff --git a/SPECS/accountsservice.spec b/SPECS/accountsservice.spec index a27e700..5e13e8d 100644 --- a/SPECS/accountsservice.spec +++ b/SPECS/accountsservice.spec @@ -2,7 +2,7 @@ Name: accountsservice Version: 0.6.45 -Release: 3%{?dist}.1 +Release: 7%{?dist} Summary: D-Bus interfaces for querying and manipulating user account information Group: System Environment/Daemons @@ -42,6 +42,9 @@ Patch11: 0011-lib-simplify-code-dramatically.patch Patch12: 0012-lib-don-t-track-user-added-user-removed-until-we-get.patch Patch13: 0013-lib-only-track-users-after-act_user_manager_list_use.patch Patch14: 0014-lib-fix-crasher-if-accounts-proxy-is-unavailable.patch +Patch15: 0015-act-user-Prevent-segfault-if-accounts_proxy-is-not-c.patch +Patch16: 0016-daemon-don-t-return-account-expiration-policy-if-not.patch +Patch17: 0017-lib-don-t-try-to-update-login-frequency-manually.patch %package libs Summary: Client-side library to talk to accountsservice @@ -124,7 +127,20 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.a %{_datadir}/gtk-doc/html/libaccountsservice/* %changelog -* Fri Nov 03 2017 Ray Strode - 0.6.45-3.1 +* Wed Feb 14 2018 Ray Strode - 0.6.45-7 +- Fix bug leading to harmless error in log + Resolves: #1544640 + +* Wed Feb 07 2018 Ray Strode - 0.6.45-6 +- Don't return bogus password expiration policy when + shadow file is unavailable + Resolves: #1530659 + +* Tue Jan 30 2018 Ray Strode - 0.6.45-5 +- Fix other crasher introduced in -3 + Resolves: #1532252 + +* Fri Nov 03 2017 Ray Strode - 0.6.45-4 - Fix crasher introduced in -3 Related: #1474579, 1509261