AgeCommit message (Collapse)AuthorFilesLines
2020-09-04Update German translationHEADmasterChristian K1-19/+37
2020-08-14build: Add missing pkg-config Requires.private dependenciesSimon McVittie1-0/+6
Otherwise, a trivial executable that includes <act/act.h>, built with $(pkg-config --cflags --libs accountsservice), will fail to compile when we cannot include headers like <glib-object.h>. Signed-off-by: Simon McVittie <>
2020-05-04act-user-manager: Watch for the daemon going away and coming backIain Lane1-0/+21
And set is-loaded accordingly. This causes properties to be invalidated on the client side and then get re-fetched when the daemon comes back.
2020-05-01util: Split out helper method for getting admin group IDsPhilip Withnall3-17/+76
This introduces one small functional change: if any of the groups in `EXTRA_ADMIN_GROUPS` can’t be resolved using `getgrnam()`, an error will now be thrown. Previously, it would be ignored. Other than that, this introduces no functional changes and is just intended as a code cleanup. Signed-off-by: Philip Withnall <>
2020-05-01user: Remove user from extra_admin_groups when demoting them from adminPhilip Withnall1-12/+26
Filter out the `extra_admin_groups` from the group list when a user is no longer an admin. Signed-off-by: Philip Withnall <>
2020-04-27main: Don’t print translation header with `--help`Philip Withnall1-1/+1
The correct way to tell `g_option_context_new()` not to print any information after the options is to pass `NULL`. Passing the empty string results in a call to `gettext ("")`, which returns the translation’s header. This fixes the output of `accounts-daemon --help`. Signed-off-by: Philip Withnall <>
2020-04-27Updated Indonesian translationAndika Triwidada1-27/+42
2020-03-12user-classify: Add git to username blacklistMichael Catanzaro1-1/+2
Bad news for Geoffrey Ingram Taylor. See: #57
2020-03-12Remove user heuristicsMichael Catanzaro3-43/+0
We don't want this code running except on Red Hat systems, where we can maintain it in a downstream patch if need be. The heuristic has been wrong before (e.g. as in #57) and is not useful on upstream systems where 1000 is the presumed minimum uid for human users.
2020-03-04Never delete the root filesystem when removing usersMichael Catanzaro1-0/+13
Many, many user accounts use / as their home directory. If deleting these accounts with accountsservice, we should just ignore requests to delete the home dir, rather than trash the user's computer. Fixes #57
2020-02-28user: reject requests to change full name to something including a commaMichael Catanzaro1-0/+5
Because real name is stored in the GECOS field of /etc/passwd, which is delimited by commas that cannot be escaped, the user's full name must not contain a comma. Fixes #83
2020-02-28user: Don't overwrite entire GECOS field when setting full nameMichael Catanzaro1-1/+19
See: #83
2020-02-27user: fix double-unref of GDBusMethodInvocation throughoutMichael Catanzaro1-14/+14
When we return FALSE, we're not saying "failure," we're actually saying "unhandled." So in accounts-user-generated.c (generated by gdbus-codegen), _accounts_user_skeleton_handle_method_call() will call g_dbus_method_invocation_return_error(), which assumes ownership, sends a D-Bus error to the peer, and unrefs the GDBusMethodInvocation. Problem is, we've already done all of that and doing so twice is unexpected and bad. Spotted by Ray Strode in !51. Fixes #86
2020-02-27user: fix indentation errorMichael Catanzaro1-1/+1
2020-02-24act-user: Use G_DECLARE_FINAL_TYPE to declare ActUserPhilip Withnall2-21/+2
This tidies up the code a bit, and (critically) exposes a concrete structure for `ActUser` and `ActUserClass`. Previously these were dangling typedefs, which meant the compiler had no idea they derived from `GObject`, and hence would give warnings about strict aliasing when (for example) calling: ``` g_set_object (&my_user, user); ``` where `my_user` and `user` were both `ActUser*`. This shouldn’t introduce any API or ABI changes, as the library basically exposed no API in this area before. The autoptr cleanup function is now defined by `G_DECLARE_FINAL_TYPE`. libaccountsservice already depends on GLib 2.63, so no dependency bump is needed. Signed-off-by: Philip Withnall <>
2020-02-24Update Swedish translationAnders Jonsson1-19/+30
2020-02-24act-user-manager: Remove ConsoleKit supportRobert Ancell7-1673/+19
ConsoleKit is very much dead and replaced by logind or elogind.
2020-02-24Update tr.polibre ajans1-26/+43
2020-02-24po: delete obsolete po/accounts-service.potGunnar Hjalmarsson1-60/+0
We don't use transifex anymore, so the file can be generated when needed instead of stored in version control. Closes:
2020-02-18libaccountsservice: Expand documentation of ActUser:languagePhilip Withnall1-4/+23
In particular, make it clear what format a locale is in, and what the empty string and NULL values mean. I’ve guessed what they mean based on what code which uses libaccountsservice does. Signed-off-by: Philip Withnall <>
2020-02-11daemon: Fix error check in save_autologin()Michael Catanzaro1-1/+1
This regressed in 4b3fdd19.
2020-02-07Check GDBusMessage for INTERACTIVE_AUTHORIZATION flagMatthew Leeds9-34/+112
Currently we always use the flag POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION when checking if a subject is authorized for an action, meaning that we cause polkit to create an interactive dialog box. However since GLib 2.46, there has been a flag G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION which indicates if the caller is prepared to have the user authenticate (e.g. it's a user-facing program not a daemon). So, check for this flag in daemon_local_check_auth(). The impetus for this patch is that in the Endles fork of gnome-control-center we use the library malcontent, and call mct_manager_get_app_filter() even when we don't have permission to actually read the user's app filter, since it shouldn't cause a dialog without MCT_GET_APP_FILTER_FLAGS_INTERACTIVE being passed to it. However because accountsservice doesn't respect G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION, polkit attempts to create an auth dialog anyway (and hits an error but that's a separate gnome-shell bug). In libaccountsservice, we use code generated by gdbus-codegen to call D-Bus methods implemented by the daemon, and that generated code unconditionally uses G_DBUS_CALL_FLAGS_NONE, which would mean that users of libaccountsservice can't use interactive auth. The solution is to bump our GLib requirement to 2.63.5 (2.64 hasn't been released yet) and pass --glib-min-required 2.64 to gdbus-codegen, which causes the generated code to have two more arguments for each method call: one for GDBusCallFlags and one for a timeout value. For now we always use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION in libaccountsservice, to maintain compatibility. It might make sense to add API in the future so that users of the library can specify if they want to allow interactive auth. This commit also makes us use G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION for method calls implemented by ConsoleKit, even though presumably no problems are caused by the current behavior of using G_DBUS_CALL_FLAGS_NONE. In theory ConsoleKit could check for G_DBUS_MESSAGE_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION one day (although in practice I think it's deprecated and inactive), and I think the whole of libaccountsservice should assume interactive auth is allowed until we have API to distinguish the no-interactive-auth case.
2019-09-16Add support to build vala bindingsRico Tzschichholz3-2/+12
2019-09-13Fix g-i annotation of act_user_get_password_expiration_policyRico Tzschichholz1-6/+6
2019-09-06build: Bump minimum version of meson requiredRobert Ancell1-1/+1
Meson gives the warning: WARNING: Project specifies a minimum meson_version '>= 0.46.0' but uses features which were added in newer versions: * 0.50.0: {'install arg in configure_file'}
2019-09-04daemon: Write GDM custom.conf file if it doesn't existRobert Ancell1-1/+6
The previous code would abort the write if it didn't exist.
2019-08-25Add .service file to POTFILES.skipPiotr Drąg1-0/+2
2019-08-24Drop .service file from POTFILES.inGunnar Hjalmarsson1-1/+0
2019-08-14act-user-manager: Make a private function staticRobert Ancell1-1/+1
2019-08-14Stop ignoring autotools generated filesRobert Ancell1-35/+0
We're using meson now.
2019-08-01Move D-Bus conf file to $(datadir)/dbus-1/system.dSoapux1-1/+5
Since D-Bus 1.9.18 configuration files installed by third-party should go in $(datadir)/dbus-1/system.d. The old location is for sysadmin overrides. Also check that we have recent enough D-Bus to use the new location.
2019-05-09data: don't send change updates for login-historyRay Strode1-0/+1
The login-history property of user objects can be quite large. If wtmp is changed frequently, that can lead to memory fragmentation in clients. Furthermore, most clients never check login-history, so it's wasted memory and wasted cpu. This commit disables change notification for that property. If a client really needs to get updates, they can manually refresh their cache when appropriate.
2019-05-07data: Tighten up systemd sandboxing of accounts-daemon.servicePhilip Withnall2-0/+51
Tighten up the sandboxing of the daemon, paying particular attention to file system access. Further work could be done to make the daemon run as a non-root user (User=/Group=/DynamicUser=), drop capabilities (CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=). This is a reasonable starting point, though. It has been tested with adding, modifying and deleting users, and reading/writing user extension data. Testing was done on a Fedora and a Debian-based system. The useradd/userdel/usermod subprocesses require a lot of permissions which the accounts-service daemon itself doesn’t. In future, it might make sense to run them in a separate privilege-escalated sandbox, and further restrict the permissions of the accounts-service daemon itself. Signed-off-by: Philip Withnall <>
2019-05-07build: Expose chosen path_wtmp value as a variablePhilip Withnall1-2/+22
This will be used in a following commit. Signed-off-by: Philip Withnall <>
2019-04-29daemon: ensure cache files for system users are processedRay Strode1-1/+1
At the moment we skip cache files for system users. That doesn't make much sense; if there's a cache file we should be using it. This commit changes the code to read cache files, even for system users, and so lets root have a non-default session. Closes:
2019-04-23meson: bump to 0.6.550.6.55Ray Strode1-1/+1
2019-04-23NEWS: update for releaseRay Strode1-0/+10
2019-04-17daemon: Wait for reload before servicing list_cached_usersJoão Paulo Rechi Vita1-13/+24
When /etc/passwd, /etc/shadow or /etc/group are changed outside of AccountsService, the cache reload is delayed by 500 ms so subsequent changes to these files are process seen together and AccountsService has a consistent view of the data (since after one of these files is changed the others may change too). If ListCachedUsers is called in this 500 ms window, finish_list_cached_users will be executed before reload_users_timeout has been dispatched, since its added to the mainloop as an idler and at point there is nothing preventing it from being executed. This makes finish_list_cached_users only be attached to the mainloop after reload_users_timeout has been dispatched. This bug was introduced by commit 4e3fad33 when the 500 ms delay was implemented. Closes: #71
2019-04-09Update lt.poMoo1-13/+22
2019-04-08l10n: Update lt.poMoo1-11/+19
2019-03-20act-user-manager: Find the user's graphical session instead of assuming we ↵Iain Lane1-15/+120
are in it If we were started by systemd --user, we won't be in a login session. Find the user's graphical session by asking logind for it. Closes: #42
2019-03-15user: revert patch accidentally commitedRay Strode1-59/+1
commit 11c9bd6226cda64cfb8e48193be1ff2e7fb92cc1 tried to add a g_autoptr but it inadvertently committed chunks of a patch that's not reviewed yet from This commit reverts the erroneously added chunks.
2019-03-12[l10n] Update Italian translationMilo Casagrande1-23/+37
Signed-off-by: Milo Casagrande <>
2019-02-22build: Ensure state directories are installed with correct permissionsPhilip Withnall1-4/+4
See the previous commit. Signed-off-by: Philip Withnall <>
2019-02-22src: Ensure users directory is private at startupPhilip Withnall1-3/+54
The /var/lib/AccountsService/users directory contains per-user configuration which should be accessed through the D-Bus interface. Especially for extensions, access control is provided by polkit. Don’t allow users to read the configuration for other users’ accounts directly from the file system, bypassing the polkit access controls. Signed-off-by: Philip Withnall <>
2019-02-22Update Polish translationPiotr Drąg1-25/+38
2019-02-22po: one last update from transifexRay Strode74-1031/+2695
transifex hasn't really worked out for me, but there are some translations from hardworking translations left on the table. Before ceasing to use it, grab the latest translations.
2019-02-20Add Danish translationscootergrisen1-34/+45
2019-02-12Updated Romanian translationDaniel Șerbănescu1-36/+51
2018-12-19forgot to add g_autoptr(GError) in _act_user_update_from_object_path()Akira Nakajima2-2/+60