| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Positional parameters to merge_file() were never allowed and always
ignored, so just drop it.
See: https://github.com/mesonbuild/meson/issues/9441
Fixes #97
|
|
At the moment there's no easy way to set a default session, or
face icon or whatever for all users. If a user has never logged in
before, we just generate their cache file from hardcoded defaults.
This commit introduces a template system to make it possible for
admins to set up defaults on their own.
Admins can write either
/etc/accountsservice/user-templates/administrator
or
/etc/accountsservice/user-templates/standard
files. These files follow the same format as
/var/lib/AccountsService/users/username
files, but will support substituting $HOME and $USER to the appropriate
user specific values.
User templates also support an additional group [Template] that
have an additional key EnvironmentFiles that specify a list
of environment files to load (files with KEY=VALUE pairs in them).
Any keys listed in those environment files will also get substituted.
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/63
|
|
The login-history property of user objects can be quite large.
If wtmp is changed frequently, that can lead to memory fragmentation
in clients.
Furthermore, most clients never check login-history, so it's
wasted memory and wasted cpu.
This commit disables change notification for that property. If
a client really needs to get updates, they can manually refresh
their cache when appropriate.
|
|
Tighten up the sandboxing of the daemon, paying particular attention to
file system access. Further work could be done to make the daemon run as
a non-root user (User=/Group=/DynamicUser=), drop capabilities
(CapabilityBoundingSet=) and restrict system calls (SystemCallFilter=).
This is a reasonable starting point, though. It has been tested with
adding, modifying and deleting users, and reading/writing user extension
data. Testing was done on a Fedora and a Debian-based system.
The useradd/userdel/usermod subprocesses require a lot of permissions
which the accounts-service daemon itself doesn’t. In future, it might
make sense to run them in a separate privilege-escalated sandbox, and
further restrict the permissions of the accounts-service daemon itself.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://gitlab.freedesktop.org/accountsservice/accountsservice/merge_requests/22
|
|
To avoid the burden of maintaining multiple build systems, this
patch removes autotools support.
GitLab CI configuration has also been updated to use meson.
|
|
meson is a build system focused on speed an ease of use, which
helps speeding up the software development. This patch adds meson
support along autotools.
|
|
|
|
Recent versions of Gettext are able to translate several formats
that are used in GNOME applications. This patch migrates from
Intltool to Gettext by using meson's i18n features.
Recent Gettext versions when used along with autotools, also make
use of `PACKAGE` and `VERSION` variables[0]. Due to this the domain
has been changed to use the value from `PACKAGE`.
[0] https://www.gnu.org/software/autoconf/manual/gettext.html#configure_002eac
|
|
accountsservice maintains a state file for some users, if those users
have selected a specific session or language.
There's no good way, at the moment, for an application to check if a
specific user has saved state.
This commit exports the Saved property on the User object.
|
|
Having a property called XSession in the API makes little
sense when wayland has taken the world by storm.
This commit adds new "Session" property without the "X" in the name,
and an additional property "SessionType" that can be either
"wayland" or "x11".
|
|
This stops us having to iterate across each user to find which users are
configured for automatic login.
Currently we only support 0 or 1 automatic login user, but this allows
us to support multiple in the future if required. Since D-Bus doesn't have
nullable types [1] this also makes it easier to support the 0 case.
https://bugs.freedesktop.org/show_bug.cgi?id=104564
[1] https://bugs.freedesktop.org/show_bug.cgi?id=27857
|
|
Do not override default DefaultStandardOutput in
/etc/systemd/systemd.conf as it could be helpful for sysadmins
to determine how output gets logged.
|
|
|
|
Every gnome-shell instance wants to know if the system has multiple
users or not, in order to know whether or not to show the
'Switch User' feature in the menu.
accountsservice doesn't provide this information directly, though,
so libaccountsservice instead requests a list of all users on the
system and counts the provided list, filtering out system users.
This is a lot of work for every gnome-shell instance to do, when
it doesn't actually need the list of users at all.
This adds a new property HasMultipleUsers which libaccountsservice
can watch for instead. For good measure, this commit also adds a
HasNoUsers boolean which can be used to know whether or not to start
gnome-initial-setup.
https://bugs.freedesktop.org/show_bug.cgi?id=103488
|
|
We need to enforce this, because otherwise we're allowing the
user to bypass password sanity enforcement rules.
This commit changes the newly added change-own-password action to
be auth_admin.
https://bugzilla.gnome.org/show_bug.cgi?id=97518
Notes:
Should be https://bugs.freedesktop.org/show_bug.cgi?id=97518
|
|
Introduces a new action with default state auth_self to be used by
SetPassword and SetPasswordMode when changing ones own password.
https://bugs.freedesktop.org/show_bug.cgi?id=97518
|
|
If the desktop wants to display a notification about pending password
expiration it needs some way to query that information from the user.
This commit reads those numbers from shadow and makes them available
to the caller.
https://bugs.freedesktop.org/show_bug.cgi?id=100421
|
|
accountsservice doesn't need support for GVFS modules,
and those modules lead to /root/.cache getting created
at startup.
accountsservice runs as root, but shouldn't be touching /root.
This commit disables GVFS for accountsservice
https://bugs.freedesktop.org/show_bug.cgi?id=96316
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=94895
|
|
So far the only way of setting the password hint is by setting also the
password.
But there are several cases where setting the password isn't done through
AccountsService, but still we want to set the password hint. For instance GDM
setups the pasword for new used directly from PAM.
Thus, let's add a new function to set the hint without changing the password.
https://bugs.freedesktop.org/show_bug.cgi?id=89588
|
|
The various NSS calls don't give accurate results in some configurations
until midway through boot up. This is because SSSD or winbind (or
whatever) needs to initialize.
In order to prevent accounts service from using NSS prematurely, we need
to add an ordering constraint between the nss-user-lookup.target and
accountsservice.
This commit accomplishes this by adding the appropriate Wants= and
After= directives to the accountsservice systemd unit file.
|
|
Change the polkit policy so accountsservice allows use of the
DBus API by admin users that are not logged in via a monitor+keyboard.
This includes users logged in via ssh or Cockpit.
https://bugs.freedesktop.org/show_bug.cgi?id=78279
|
|
The login history for this user.
Each entry in the array represents a login session. The first
two members are the login time and logout time, as timestamps
(seconds since the epoch). If the session is still running, the logout
time is 0.
https://bugs.freedesktop.org/show_bug.cgi?id=55915
|
|
This commit reports the last login time of the user.
https://bugzilla.gnome.org/show_bug.cgi?id=681772
|
|
This property describes whether the user account is local to the machine
or not, and thus can be managed with usermod, userdel and so on.
We currently implement this as a heuristic. If it's found in /etc/passwd
then we treat it as 'local'
https://bugs.freedesktop.org/show_bug.cgi?id=51037
|
|
This commit introduces a CacheUser() method, which explicitly
makes a user show up in the results of a ListCachedUsers call
provided the user is otherwise known to the system.
This commit also introduces an UncacheUser() method to undo
what CacheUser() does.
https://bugs.freedesktop.org/show_bug.cgi?id=50770
|
|
|
|
Even though ListCachedUsers filters out these users, they can
still show up on the client-side, e.g. via UserAdded signals.
Adding a boolean property to mark them as system accounts lets
us filter them them out without regetting the entire list all
the time.
|
|
It's not very well fleshed out now, so don't ever infer an account
as supervised, and stop publicizing SUPERVISED as an acceptable
account type.
|
|
Change
Administer user accounts
to
Manage user accounts
https://bugs.freedesktop.org/show_bug.cgi?id=34086
|
|
It had information about the SetXSession method, but not
the XSession property
|
|
This is useful for display managers to know what session
to log the user into.
|
|
This was never emitted, we have the Changed signal for individual
users instead.
|
|
See https://bugs.freedesktop.org/show_bug.cgi?id=29193
|
|
...and the gdk-pixbuf dependency that comes with it. The responsibility
for saving image data as a png lies now with the clients.
|
|
Even when changing your own username.
|
|
Allow changing password mode or setting a password even when the
account is locked, and unlock it as a side-effect.
|
|
This is no longer needed, the accounts-dialog uses /usr/bin/passwd
directly in this case.
|
|
|
|
|
|
Now there is just set-login-options, set-own-user-data and user-administration.
|
|
|
|
...also make the accounts-daemon rewrite the corresponding gdm
configuration, since gdm is not allowed to do it itself.
|
|
|
|
|
