SLFO-pool/accountsservice
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main accountsservice revision d3971491c447f29a4f98c98fd99af9ae

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 10:50:39 +02:00
commit 7c70bbe816
8 changed files with 1810 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
accountsservice-22.08.8.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

18
accountsservice-filter-suse-accounts.patch Normal file
View File

@ -0,0 +1,18 @@
diff -Nur accountsservice-22.08.8/src/user-classify.c new/src/user-classify.c
--- accountsservice-22.08.8/src/user-classify.c 2022-02-23 16:27:48.000000000 +0100
+++ new/src/user-classify.c 2022-04-30 22:33:44.148344188 +0200
@@ -52,7 +52,13 @@
"at",
"gdm",
"gnome-initial-setup",
- "git"
+ "git",
+ "beagleindex",
+ "fax",
+ "suse-ncc",
+ "mailman",
+ "ldap",
+ "cyrus"
};
static gboolean

636
accountsservice-sysconfig.patch Normal file
View File

@ -0,0 +1,636 @@
commit c3360e3878722b0fefdda02a320f6fb76a41b7da
Author: Vincent Untz <vuntz@gnome.org>
Date: Wed Jul 20 16:48:41 2011 +0200
Use autologin configuration from sysconfig (SUSE-ism)
diff -Nur accountsservice-22.08.8/src/daemon.c new/src/daemon.c
--- accountsservice-22.08.8/src/daemon.c 2022-02-23 16:27:48.000000000 +0100
+++ new/src/daemon.c 2022-04-30 22:23:22.228315678 +0200
@@ -50,6 +50,7 @@
#include "util.h"
#include "user.h"
#include "accounts-user-generated.h"
+#include "gdm-sysconfig.h"
#define PATH_PASSWD "/etc/passwd"
#define PATH_SHADOW "/etc/shadow"
@@ -581,7 +582,7 @@
priv->autologin_id = 0;
if (!load_autologin (daemon, &name, &enabled, &error)) {
- g_debug ("failed to load gdms custom.conf: %s", error->message);
+ g_debug ("failed to load autologin config: %s", error->message);
return FALSE;
}
@@ -1508,6 +1509,43 @@
g_object_unref (subject);
}
+#define SYSCONFIG_FILE "/etc/sysconfig/displaymanager"
+#define SYSCONFIG_AUTOLOGIN_KEY "DISPLAYMANAGER_AUTOLOGIN"
+
+gboolean
+load_autologin_suse (Daemon *daemon,
+ gchar **name,
+ gboolean *enabled,
+ GError **error)
+{
+ *name = gdm_sysconfig_load_value (SYSCONFIG_FILE, SYSCONFIG_AUTOLOGIN_KEY);
+ *enabled = (name && *name);
+
+ return TRUE;
+}
+
+static gboolean
+save_autologin_suse (Daemon *daemon,
+ const gchar *name,
+ gboolean enabled,
+ GError **error)
+{
+ const gchar *user;
+ gboolean result;
+
+ if (enabled && name)
+ user = name;
+ else
+ user = "";
+
+ result = gdm_sysconfig_save_value (SYSCONFIG_FILE, SYSCONFIG_AUTOLOGIN_KEY, user);
+
+ if (!result)
+ g_set_error (error, ERROR, ERROR_FAILED, "Could not save autologin configuration in sysconfig");
+
+ return result;
+}
+
gboolean
load_autologin (Daemon *daemon,
gchar **name,
@@ -1518,6 +1556,8 @@
GError *local_error = NULL;
g_autofree gchar *string = NULL;
+ return load_autologin_suse (daemon, name, enabled, error);
+
keyfile = g_key_file_new ();
if (!g_key_file_load_from_file (keyfile,
PATH_GDM_CUSTOM,
@@ -1558,6 +1598,8 @@
gboolean result;
g_autoptr(GError) local_error = NULL;
+ return save_autologin_suse (daemon, name, enabled, error);
+
keyfile = g_key_file_new ();
if (!g_key_file_load_from_file (keyfile,
PATH_GDM_CUSTOM,
diff -Nur accountsservice-22.08.8/src/gdm-sysconfig.c new/src/gdm-sysconfig.c
--- accountsservice-22.08.8/src/gdm-sysconfig.c 1970-01-01 01:00:00.000000000 +0100
+++ new/src/gdm-sysconfig.c 2022-04-30 22:22:54.876314424 +0200
@@ -0,0 +1,484 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2008 Hans Petter Jansson <hpj@novell.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+/* Parser for shell-script-like key-value files. Far from complete, but
+ * deals with a couple of common shell oddities. For instance, the following
+ * are parsed correctly:
+ *
+ * KEY=value\0
+ * KEY = value#comment\0
+ * KEY = " value with spaces" \0
+ * KEY = ' it\'s a value with "embedded" quotes'\0
+ * KEY = "if quotes aren't closed, we assume the string ends at EOL\0
+ *
+ * It should be good enough for the config files in /etc/sysconfig/.
+ */
+
+#include "config.h"
+
+#include <unistd.h>
+#include <string.h>
+
+#include <glib.h>
+#include <glib/gi18n.h>
+#include <glib/gstdio.h>
+
+#include "gdm-sysconfig.h"
+
+#define SPACE_CHARS " \t"
+#define KEY_ALLOW_CHARS "_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+
+static gchar **
+load_settings_file (const gchar *file_name)
+{
+ GIOChannel *channel;
+ GPtrArray *lines;
+ gchar *str;
+
+ g_debug ("Loading settings from %s", file_name);
+
+ channel = g_io_channel_new_file (file_name, "r", NULL);
+ if (!channel) {
+ g_debug ("Failed to open %s", file_name);
+ return NULL;
+ }
+
+ lines = g_ptr_array_new ();
+
+ while (g_io_channel_read_line (channel, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) {
+ if (str) {
+ gchar *p0;
+
+ /* Remove line separators */
+
+ for (p0 = str + strlen (str) - 1; p0 >= str && strchr ("\r\n", *p0); p0--)
+ *p0 = '\0';
+
+ g_ptr_array_add (lines, str);
+ g_debug ("%s", str);
+ } else {
+ g_ptr_array_add (lines, g_strdup (""));
+ g_debug ("%s", "");
+ }
+ }
+
+ g_io_channel_shutdown (channel, FALSE, NULL);
+ g_io_channel_unref (channel);
+
+ g_ptr_array_add (lines, NULL);
+
+ return (gchar **) g_ptr_array_free (lines, FALSE);
+}
+
+static gboolean
+save_settings_file (const gchar *file_name, gchar **lines)
+{
+ GIOStatus last_status = G_IO_STATUS_ERROR;
+ GIOChannel *channel = NULL;
+ gchar *temp_file_name;
+ gint i;
+
+ temp_file_name = g_strdup_printf ("%s.new.%u", file_name, g_random_int ());
+
+ channel = g_io_channel_new_file (temp_file_name, "w", NULL);
+ if (!channel)
+ goto out;
+
+ if (!lines)
+ goto out;
+
+ for (i = 0; lines [i]; i++) {
+ gsize bytes_written;
+
+ if (lines [i] [0] != '\0')
+ last_status = g_io_channel_write_chars (channel,
+ lines [i], strlen (lines [i]),
+ &bytes_written,
+ NULL);
+
+ if (last_status != G_IO_STATUS_NORMAL)
+ break;
+
+ last_status = g_io_channel_write_unichar (channel, '\n', NULL);
+
+ if (last_status != G_IO_STATUS_NORMAL)
+ break;
+ }
+
+out:
+ if (channel) {
+ g_io_channel_shutdown (channel, TRUE, NULL);
+ g_io_channel_unref (channel);
+ }
+
+ if (last_status == G_IO_STATUS_NORMAL && g_rename (temp_file_name, file_name) != 0)
+ last_status = G_IO_STATUS_ERROR;
+
+ g_free (temp_file_name);
+ return last_status == G_IO_STATUS_NORMAL ? TRUE : FALSE;
+}
+
+static const gchar *
+skip_from_start_to_key (const gchar *line)
+{
+ const gchar *p0;
+
+ /* Skip initial space */
+
+ p0 = line + strspn (line, SPACE_CHARS);
+
+ /* Ignore comments and other junk */
+
+ if (*p0 && strchr (KEY_ALLOW_CHARS, *p0))
+ return p0;
+
+ return NULL;
+}
+
+static const gchar *
+skip_from_start_to_value_of_key (const gchar *line, const gchar *key_normal, gint key_len)
+{
+ const gchar *p0, *p1;
+ gchar *potential_key_normal;
+ gboolean result;
+
+ p0 = skip_from_start_to_key (line);
+ if (!p0)
+ return NULL;
+
+ /* There's at least one key-like character, figure out how many */
+
+ p1 = p0 + strspn (p0, KEY_ALLOW_CHARS);
+
+ /* Is this the key we're looking for? */
+
+ if (p1 - p0 != key_len)
+ return NULL;
+
+ potential_key_normal = g_ascii_strdown (p0, p1 - p0);
+ result = strcmp (key_normal, potential_key_normal) == 0 ? TRUE : FALSE;
+ g_free (potential_key_normal);
+
+ if (!result)
+ return NULL;
+
+ /* It's the right key; skip over key-value separator */
+
+ p0 = p1 + strspn (p1, SPACE_CHARS);
+ if (*p0 != '=')
+ return NULL;
+
+ p0++;
+ p0 += strspn (p0, SPACE_CHARS);
+
+ return p0;
+}
+
+static const gchar *
+skip_over_value (const gchar *value_start, gchar *quotes_out)
+{
+ const gchar *p0 = value_start;
+ const gchar *p1;
+ gchar quotes;
+
+ /* Is the value quoted? */
+
+ quotes = *p0;
+ if (quotes == '\'' || quotes == '"') {
+ /* Quoted sequence opened; find closing quote, but skip over escaped ones. If
+ * there's no closing quote on this line, assume the EOL closes it. */
+
+ *quotes_out = quotes;
+
+ p1 = p0;
+ do {
+ p1++;
+ p1 = strchr (p1, quotes);
+ if (!p1) {
+ /* Hit EOL */
+
+ p1 = p0 + strlen (p0) - 1;
+ break;
+ }
+ } while (*(p1 - 1) == '\\');
+ } else {
+ /* No quotes; look for comment or EOL */
+
+ *quotes_out = 0;
+
+ p1 = strchr (p0, '#');
+ if (!p1)
+ p1 = p0 + strlen (p0);
+
+ for (p1--; p1 >= p0; p1--)
+ if (!strchr (SPACE_CHARS, *p1))
+ break;
+ }
+
+ return p1 + 1;
+}
+
+static gchar *
+get_value_of_key (const gchar *line, const gchar *key_normal, gint key_len)
+{
+ const gchar *p0, *p1;
+ gchar quotes;
+ gchar *value;
+ gchar *temp;
+
+ p0 = skip_from_start_to_value_of_key (line, key_normal, key_len);
+ if (!p0)
+ return NULL;
+
+ p1 = skip_over_value (p0, &quotes);
+
+ if (quotes != 0) {
+ if (p1 - p0 > 2) {
+ temp = g_strndup (p0 + 1, p1 - p0 - 2);
+ value = g_strcompress (temp);
+ g_free (temp);
+ } else {
+ value = g_strdup ("");
+ }
+ } else {
+ temp = g_strndup (p0, p1 - p0);
+ value = g_strcompress (temp);
+ g_free (temp);
+ g_strchomp (value);
+ }
+
+ return value;
+}
+
+static gchar *
+get_value (const gchar **lines, const gchar *key)
+{
+ gchar *value = NULL;
+ gchar *key_normal;
+ gint key_len;
+ gint i;
+
+ g_debug ("Getting value of %s", key);
+
+ if (!lines) {
+ g_debug ("Missing configuration data");
+ return NULL;
+ }
+
+ key_normal = g_ascii_strdown (key, -1);
+ key_len = strlen (key_normal);
+
+ for (i = 0; lines [i]; i++) {
+ value = get_value_of_key (lines [i], key_normal, key_len);
+ if (value)
+ break;
+ }
+
+ g_free (key_normal);
+
+ g_debug ("Got value of %s: %s", key, value);
+
+ return value;
+}
+
+static gchar *
+set_value_of_key (const gchar *line, const gchar *key_normal, gint key_len, const gchar *key, const gchar *value)
+{
+ const gchar *p0, *p1, *p2;
+ gchar quotes;
+ gchar *escaped_value;
+ gchar *quoted_escaped_value;
+ gint quoted_escaped_value_len;
+ gchar *new_line;
+ gint len;
+
+ p0 = skip_from_start_to_value_of_key (line, key_normal, key_len);
+ if (!p0)
+ return NULL;
+
+ escaped_value = g_strescape (value, "");
+ quoted_escaped_value = g_strdup_printf ("\"%s\"", escaped_value);
+ g_free (escaped_value);
+ quoted_escaped_value_len = strlen (quoted_escaped_value);
+
+ p1 = skip_over_value (p0, &quotes);
+ p2 = p1 + strlen (p1);
+ len = (p0 - line) + quoted_escaped_value_len + (p2 - p1);
+
+ new_line = g_malloc (len + 1);
+ memcpy (new_line, line, p0 - line);
+ memcpy (new_line + (p0 - line), quoted_escaped_value, quoted_escaped_value_len);
+ memcpy (new_line + (p0 - line) + quoted_escaped_value_len, p1, p2 - p1);
+
+ *(new_line + len) = '\0';
+
+ g_free (quoted_escaped_value);
+
+ return new_line;
+}
+
+static gboolean
+set_value (gchar **lines, const gchar *key, const gchar *value)
+{
+ gboolean result = FALSE;
+ gchar *key_normal;
+ gint key_len;
+ gint i;
+
+ if (!lines)
+ return FALSE;
+
+ key_normal = g_ascii_strdown (key, -1);
+ key_len = strlen (key_normal);
+
+ for (i = 0; lines [i]; i++) {
+ gchar *new_line;
+
+ new_line = set_value_of_key (lines [i], key_normal, key_len, key, value);
+ if (new_line) {
+ g_free (lines [i]);
+ lines [i] = new_line;
+ result = TRUE;
+ break;
+ }
+ }
+
+ g_free (key_normal);
+
+ return result;
+}
+
+gchar **
+gdm_sysconfig_load_file (const gchar *file_name)
+{
+ g_return_val_if_fail (file_name != NULL, NULL);
+
+ return load_settings_file (file_name);
+}
+
+gboolean
+gdm_sysconfig_save_file (const gchar *file_name, const gchar **sysconfig)
+{
+ g_return_val_if_fail (file_name != NULL, FALSE);
+ g_return_val_if_fail (sysconfig != NULL, FALSE);
+
+ return save_settings_file (file_name, sysconfig);
+}
+
+gchar *
+gdm_sysconfig_get_value (const gchar **sysconfig, const gchar *key)
+{
+ g_return_val_if_fail (sysconfig != NULL, NULL);
+ g_return_val_if_fail (key != NULL, NULL);
+
+ return get_value (sysconfig, key);
+}
+
+gboolean
+gdm_sysconfig_set_value (gchar **sysconfig, const gchar *key, const gchar *value)
+{
+ g_return_val_if_fail (sysconfig != NULL, FALSE);
+ g_return_val_if_fail (key != NULL, FALSE);
+ g_return_val_if_fail (value != NULL, FALSE);
+
+ return set_value (sysconfig, key, value);
+}
+
+gboolean
+gdm_sysconfig_get_value_boolean (const gchar **sysconfig, const gchar *key, gboolean *value)
+{
+ char *val;
+ gboolean val_bool;
+
+ g_return_val_if_fail (sysconfig != NULL, FALSE);
+ g_return_val_if_fail (key != NULL, FALSE);
+
+ val = get_value (sysconfig, key);
+ if (val == NULL) {
+ return FALSE;
+ }
+
+ if (!strcasecmp (val, "yes")) {
+ val_bool = TRUE;
+ } else if (!strcasecmp (val, "no")) {
+ val_bool = FALSE;
+ } else {
+ g_free (val);
+ return FALSE;
+ }
+
+ g_free (val);
+
+ if (value != NULL) {
+ *value = val_bool;
+ }
+
+ return TRUE;
+}
+
+gboolean
+gdm_sysconfig_set_value_boolean (gchar **sysconfig, const gchar *key, gboolean value)
+{
+ g_return_val_if_fail (sysconfig != NULL, FALSE);
+ g_return_val_if_fail (key != NULL, FALSE);
+
+ return set_value (sysconfig, key, value ? "yes" : "no");
+}
+
+gchar *
+gdm_sysconfig_load_value (const gchar *file_name, const gchar *key)
+{
+ gchar **lines;
+ gchar *value;
+
+ g_return_val_if_fail (file_name != NULL, NULL);
+ g_return_val_if_fail (key != NULL, NULL);
+
+ lines = load_settings_file (file_name);
+ if (!lines)
+ return NULL;
+
+ value = get_value (lines, key);
+
+ g_strfreev (lines);
+ return value;
+}
+
+gboolean
+gdm_sysconfig_save_value (const gchar *file_name, const gchar *key, const gchar *value)
+{
+ gchar **lines;
+ gboolean result;
+
+ g_return_val_if_fail (file_name != NULL, FALSE);
+ g_return_val_if_fail (key != NULL, FALSE);
+ g_return_val_if_fail (value != NULL, FALSE);
+
+ lines = load_settings_file (file_name);
+ if (!lines)
+ return FALSE;
+
+ result = set_value (lines, key, value);
+ if (result)
+ result = save_settings_file (file_name, lines);
+
+ g_strfreev (lines);
+ return result;
+}
diff -Nur accountsservice-22.08.8/src/gdm-sysconfig.h new/src/gdm-sysconfig.h
--- accountsservice-22.08.8/src/gdm-sysconfig.h 1970-01-01 01:00:00.000000000 +0100
+++ new/src/gdm-sysconfig.h 2022-04-30 22:22:54.876314424 +0200
@@ -0,0 +1,43 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*-
+ *
+ * Copyright (C) 2008 Hans Petter Jansson <hpj@novell.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ */
+
+
+#ifndef __GDM_SYSCONFIG_H
+#define __GDM_SYSCONFIG_H
+
+#include <glib-object.h>
+
+G_BEGIN_DECLS
+
+gchar **gdm_sysconfig_load_file (const gchar *file_name);
+gboolean gdm_sysconfig_save_file (const gchar *file_name, const gchar **sysconfig);
+
+gchar *gdm_sysconfig_get_value (const gchar **sysconfig, const gchar *key);
+gboolean gdm_sysconfig_set_value (gchar **sysconfig, const gchar *key, const gchar *value);
+
+gboolean gdm_sysconfig_get_value_boolean (const gchar **sysconfig, const gchar *key, gboolean *value);
+gboolean gdm_sysconfig_set_value_boolean (gchar **sysconfig, const gchar *key, gboolean value);
+
+gchar *gdm_sysconfig_load_value (const gchar *file_name, const gchar *key);
+gboolean gdm_sysconfig_save_value (const gchar *file_name, const gchar *key, const gchar *value);
+
+G_END_DECLS
+
+#endif /* __GDM_SYSCONFIG_H */
diff -Nur accountsservice-22.08.8/src/meson.build new/src/meson.build
--- accountsservice-22.08.8/src/meson.build 2022-02-23 16:27:48.000000000 +0100
+++ new/src/meson.build 2022-04-30 22:22:54.876314424 +0200
@@ -48,6 +48,8 @@
)
sources = files(
+ 'gdm-sysconfig.c',
+ 'gdm-sysconfig.h',
'daemon.c',
'extensions.c',
'main.c',

843
accountsservice.changes Normal file
View File

@ -0,0 +1,843 @@
-------------------------------------------------------------------
Mon Aug 1 12:01:59 UTC 2022 - Matthias Gerstner <matthias.gerstner@suse.com>
- Remove BuildIgnore for rpmlint-mini. This is a violation of the
security policies applying to SUSE products as it circumvents the
SUSE security team's control over what enters Factory and what
not.
-------------------------------------------------------------------
Fri Jul 29 13:11:50 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
- Allow to build without vala support.
- Refresh harden_accounts-daemon.service.patch to not duplicate
existing entries.
-------------------------------------------------------------------
Sat Apr 30 20:16:58 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 22.08.8
+ Handle missing admin groups when changing account types
+ Set PrivateTmp to false in the systemd service
+ Add function to set user password expiration policy
- Update to version 22.04.62
+ Updated Swedish translation
+ Updated Indonesian translation
+ Updated German translation
+ Updated slovak translation
+ Update Ukrainian translation
+ Updated Brazilian Portuguese translation
+ act-user: Use stronger hashing methods in make_crypted() if available.
+ act-user-manager: Watch for the daemon going away and coming back
+ user-manager: Update users tables on username changes
+ user: Translate property x-session property name to match the proxy one
+ Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag
+ daemon: Fix error check in save_autologin()
+ Never delete the root filesystem when removing users
+ Remove user heuristics
+ user-classify: Add git to username blacklist
+ daemon: ensure cache files for system users are processed
+ daemon: Don't try to add admin users to non existing groups
+ Move D-Bus conf file to $(datadir)/dbus-1/system.d
- Rebased patches:
+ accountsservice-sysconfig.patch
+ accountsservice-filter-suse-accounts.patch
+ as-fate318433-prevent-same-account-multi-logins.patch
- Drop upstream fixed patches:
+ ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch
+ accountsservice-fix-gdm-crash.patch
+ accountsservice-read-root-user-cache.patch
+ accountsservice-wtmp-io-improvements.patch
-------------------------------------------------------------------
Tue Feb 1 09:20:24 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
- Add ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch: Fix build
with meson 0.61.0.
-------------------------------------------------------------------
Thu Nov 4 10:39:37 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
- Stop passing the no longer used nor recognized option
user-heuristics=true to meson.
-------------------------------------------------------------------
Thu Aug 26 15:07:51 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
- Update harden_accounts-daemon.service.patch: Do not proect home
directories: the accounts daemon is used to create home
directories upon user creation (boo#1189853).
-------------------------------------------------------------------
Mon Aug 9 09:36:20 UTC 2021 - Yifan Jiang <yfjiang@suse.com>
- Spec layout cleaning up for harden_accounts-daemon.service.patch.
-------------------------------------------------------------------
Tue Jul 27 11:53:56 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Added patch(es):
* harden_accounts-daemon.service.patch
-------------------------------------------------------------------
Tue Mar 2 21:05:33 UTC 2021 - Antoine Belvire <antoine.belvire@opensuse.org>
- Add accountsservice-fix-gdm-crash.patch: Prevent crash of gdm
upon service restart when automatic login is enabled
(glfo#accountsservice/accountsservice#55).
-------------------------------------------------------------------
Tue Apr 14 00:28:10 UTC 2020 - Yifan Jiang <yfjiang@suse.com>
- Apply as-fate318433-prevent-same-account-multi-logins.patch to Leap.
-------------------------------------------------------------------
Sat Jan 25 14:05:06 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- No longer recommend -lang: supplements are in use
-------------------------------------------------------------------
Wed Sep 11 08:10:52 UTC 2019 - Felix Zhang <fezhang@suse.com>
- Add accountsservice-wtmp-io-improvements.patch: Backports that
improve wtmp io performance (boo#1139487).
- Refresh as-fate318433-prevent-same-account-multi-logins.patch.
-------------------------------------------------------------------
Wed May 29 21:28:30 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 0.6.55:
+ Memory leak fix.
+ Improved heuristics for identifying user session.
+ Export interfaces directory to pkgconfig.
+ Lock down state directory from prying eyes to be more friendly to
accountsservice extensions that require privacy.
+ Misc fixes.
+ Updated translations.
- Drop accountsservice-upstream-fixes.patch: Fixed upstream.
- Refresh patches with refresh_patches osc service.
-------------------------------------------------------------------
Wed May 8 01:25:32 UTC 2019 - xwang@suse.com
- Update accountsservice-read-root-user-cache.patch.
upstream commit d8b77951
(bsc#1114292 glfo#accountsservice/accountsservice#65).
-------------------------------------------------------------------
Wed Apr 3 02:54:51 UTC 2019 - xwang@suse.com
- Drop upstream fixed patches:
+ accountsservice-lib-don-not-set-loaded-state-until-seat-fetched.patch
- Update patches:
+ accountsservice-read-root-user-cache.patch
+ accountsservice-sysconfig.patch
-------------------------------------------------------------------
Sun Mar 17 10:52:44 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Redo summaries without em dashes.
- Reduce %systemd_requires to %systemd_ordering:
%service_* can handle the absence.
-------------------------------------------------------------------
Thu Feb 21 22:45:14 UTC 2019 - bjorn.lie@gmail.com
- Update to version 0.6.54:
+ Fix user state dirs.
- Changes from version 0.6.53:
+ Fix introspection.
- Changes from version 0.6.52:
+ Migrate to meson and gettext (instead of autogoo and intltool).
+ Add code of conduct.
+ Add new session and session type properties (to replace
XSession).
+ Try to handle misbehaving logind a little better.
+ Misc mixes and code modernization.
+ Add new "Saved" property to say whether a cached user is stored
on disk.
- Add accountsservice-upstream-fixes.patch: Add upstream bug fixes
commits, fix build.
- Switch to meson build system, add meson BuildRequires and macros.
- Drop obsolete intltool, gnome-common, vala, xmlto and xsltproc
BuildRequires: No longer needed.
- Replace gobject-introspection-devel with
pkgconfig(gobject-introspection-1.0) and add pkgconfig(dbus-1):
New depdendency.
- Disable the following patches that needs rebase:
+ accountsservice-sysconfig.patch.
+ accountsservice-lib-don-not-set-loaded-state-until-seat-fetched.patch.
+ accountsservice-read-root-user-cache.patch
-------------------------------------------------------------------
Mon Dec 10 05:48:13 UTC 2018 - xwang@suse.com
- Add accountsservice-read-root-user-cache.patch: Read root user
cache file (bsc#1114292 glfo#accountsservice/accountsservice#65).
-------------------------------------------------------------------
Sun Jul 22 20:39:59 UTC 2018 - bjorn.lie@gmail.com
- Update to version 0.6.50:
+ Fix insufficient path check on user icon files. (bsc#1099699
CVE-2018-14036)
+ Fix is-logged-in status for wayland sessions.
+ Fix user enumeration when system accounts are mixed in.
- Drop upstream fixed patches:
+ accountsservice-missing-users-on-gdm-login.patch.
+ accountsservice-lib-treat-session-type-wayland-as-graphical-session.patch
-------------------------------------------------------------------
Fri Jul 20 02:51:49 UTC 2018 - qkzhu@suse.com
- Add accountsservice-lib-don-not-set-loaded-state-until-seat-fetched.patch:
At the moment we set is-loaded on the user-manager object as soon
as we start fetching the seat, but we should waiting until the seat
is fetched, so that can_switch() will return the correct value if
the caller waited until the loaded signal to use it.
(boo#1100041 fdo#107298)
-------------------------------------------------------------------
Tue Jul 17 01:41:41 UTC 2018 - xwang@suse.com
- Add accountsservice-lib-treat-session-type-wayland-as-graphical-session.patch:
When user session type is wayland, act_user_is_logged_in can
return TRUE if the user is logged in (boo#1095918 fdo#106855).
-------------------------------------------------------------------
Wed Jul 11 07:33:21 UTC 2018 - mliska@suse.cz
- Make build verbose to see full command lines.
-------------------------------------------------------------------
Wed Jun 13 06:00:22 UTC 2018 - fezhang@suse.com
- Add accountsservice-missing-users-on-gdm-login.patch: Don't abort
loading users when an /etc/shadow entry found missing
(boo#1090003 fdo#106904).
-------------------------------------------------------------------
Sun May 13 23:59:22 UTC 2018 - luc14n0@linuxmail.org
- Update to version 0.6.49:
+ Fix crash on startup from previous compiler warning fix.
- Changes from version 0.6.48:
+ Fix crashes when adding admin user and when user is removed.
+ Performance improvements handling really large wtmp files.
- Changes from version 0.6.47:
+ Fix problem where libaccountsservice users weren't getting
property change updates.
+ Reduce memory usage of cached users in daemon process.
+ Drop premature user-added/user-removed signals that erroneously
get emitted before ListCachedUsers call finishes.
-------------------------------------------------------------------
Fri Apr 6 02:43:51 UTC 2018 - luc14n0@linuxmail.org
- Update to version 0.6.46:
+ Fix systemd unit file to use default standard output;
+ Performance improvements;
+ Leak fixes;
+ Crash fixes;
+ Support extra groups for admin users;
+ Add policy that allows admins to allow users to change their
own password;
+ Introspection fixes;
+ Elogind support;
+ Decruftification of username blacklist;
+ Updated translations.
- Add:
+ gio-2.0 and gio-unix-2.0 pkgconfig modules BuildRequires to
avoid implicit dependencies.
+ xmlto and xsltproc BuildRequires to enable documentation.
- Drop remove-no-longer-used-system-accounts.patch: fixed upstream.
- Rebase patches:
+ accountsservice-sysconfig.patch and
+ accountsservice-filter-suse-accounts.patch.
-------------------------------------------------------------------
Wed Feb 28 16:22:37 UTC 2018 - dimstar@opensuse.org
- Modernize spec-file by calling spec-cleaner
-------------------------------------------------------------------
Fri Dec 22 03:05:02 UTC 2017 - qzheng@suse.com
- Add remove-no-longer-used-system-accounts.patch:
Drop operator, nobody4 and noaccess from the blacklist
(bsc#1063794, fdo#103879).
-------------------------------------------------------------------
Thu Aug 10 09:33:16 UTC 2017 - yfjiang@suse.com
- Update specfile to build
as-fate318433-prevent-same-account-multi-logins.patch on SLE15.
-------------------------------------------------------------------
Tue Jul 4 09:20:34 UTC 2017 - jengelh@inai.de
- Remove redundant %clean section; use %_smp_mflags for build.
-------------------------------------------------------------------
Tue Apr 25 08:45:58 UTC 2017 - dimstar@opensuse.org
- Update to version 0.6.45:
+ Wrap password expiration info in libaccountsservice api.
- Changes from version 0.6.44:
+ Export password expiration info from shadow file.
+ Fix user classification logic.
+ Don't lose track of users when /etc/passwd is reloaded.
- Drop accountsservice-933083-load-root-setting.patch:
fixed upstream (177509 edac45).
-------------------------------------------------------------------
Wed Nov 30 15:42:14 UTC 2016 - dimstar@opensuse.org
- Rebase accountsservice-933083-load-root-setting.patch.
-------------------------------------------------------------------
Sat Sep 24 20:41:41 UTC 2016 - zaitor@opensuse.org
- Update to version 0.6.43:
+ Fix logout times in login-history.
+ Increase performance in large deployments.
+ Memory leak fix.
+ Exclude nologin users from user list.
-------------------------------------------------------------------
Sun Sep 11 14:12:01 UTC 2016 - fezhang@suse.com
- Update accountsservice-sysconfig.patch:
Flush the buffer before shut down the GIOChannel, otherwise we
get a truncated setting file. The problem has caused the
switching autologin in gnome-control-center breaking
/etc/sysconfig/displaymanager (bsc#998107).
-------------------------------------------------------------------
Wed Aug 24 08:14:06 UTC 2016 - fezhang@suse.com
- Enable as-fate318433-prevent-same-account-multi-logins.patch for
Leap as requested by the Leap Release Manager (boo#994876).
-------------------------------------------------------------------
Wed Jul 6 06:23:55 UTC 2016 - fbui@suse.com
- Remove pkgconfig(libsystemd-daemon). Nowadays
pkgconfig(libsystemd) is enough and replaces all libsystemd-*
libs which are obsolete.
-------------------------------------------------------------------
Wed Jun 15 08:49:03 UTC 2016 - zaitor@opensuse.org
- Update to version 0.6.42:
+ Wtmp fixes on solaris.
+ Allow a user to change his own data even if he's remote.
+ Add way to set password hint independent of password.
+ Conform to modern systemd library naming scheme.
+ Disable GVFS support in service, since it's not needed and has
bad side effects.
- Replace pkgconfig(libsystemd-login) for pkgconfig(libsystemd)
BuildRequires following upstream changes.
-------------------------------------------------------------------
Fri May 27 18:44:02 CST 2016 - cxiong@suse.com
- Add as-fate318433-prevent-same-account-multi-logins.patch
(fate#318433):
Prevent multiple simultaneous logins.
-------------------------------------------------------------------
Thu Apr 14 19:40:39 UTC 2016 - mgorse@suse.com
- Update to GNOME 3.20 Fate#318572
- Rebased accountsservice-933083-load-root-setting.patch.
-------------------------------------------------------------------
Mon Jan 11 08:25:13 UTC 2016 - michael@stroeder.com
- Updated Url.
-------------------------------------------------------------------
Thu Jun 4 03:48:25 UTC 2015 - dliang@suse.com
- Add accountsservice-933083-load-root-setting.patch (bnc#933083)
Load settings of an account which is not 'human' but can still be
able to login to the system. (like 'root')
-------------------------------------------------------------------
Tue Jan 27 18:01:50 UTC 2015 - zaitor@opensuse.org
- Update to version 0.6.40:
+ Support large UIDs better.
+ Don't require X11 display to fetch user with X11 session.
+ Ensure accountsservice doesn't start before NSS works.
-------------------------------------------------------------------
Sun Oct 19 19:56:53 UTC 2014 - zaitor@opensuse.org
- Update to version 0.6.39:
+ Fix ListCachedUsers race at startup.
+ Add new api for uncaching user.
+ Fix memory corruption bug.
+ Build goo changes.
-------------------------------------------------------------------
Sun Oct 5 15:34:00 UTC 2014 - zaitor@opensuse.org
- Pass --enable-user-heuristics to configure to ensure that legacy
users are still shown in GDM facebrowser.
-------------------------------------------------------------------
Thu Sep 25 08:34:16 UTC 2014 - dimstar@opensuse.org
- Update to version 0.6.38:
+ Fix polkit policy for non-desktop cases.
+ Fix for a race when new user appears.
+ Some clearer log and debug messages.
-------------------------------------------------------------------
Wed Apr 2 11:48:24 UTC 2014 - dimstar@opensuse.org
- Update to version 0.6.37:
+ BSD fixes.
- Changes from version 0.6.36:
+ Fixes for deleting users.
+ Leak fix.
+ Change user classification logic.
+ BSD fixes.
- Rebase accountsservice-sysconfig.patch and
accountsservice-filter-suse-accounts.patch.
-------------------------------------------------------------------
Wed Oct 16 06:42:07 UTC 2013 - dimstar@opensuse.org
- Update to version 0.6.35:
+ Handle non-existent users better.
+ Misc bug fixes.
+ Misc clean ups.
+ Emit "changed" signal when account type changes for user.
+ Stop shipping vapi files.
+ Avoid connecting to ConsoleKit on logind systems.
+ Add extension interface.
+ Add --enable-coverage option for gcov support.
- Rebase accountsservice-sysconfig.patch and
accountsservice-filter-suse-accounts.patch.
- Drop accountsservice-remotePW-verification.patch: fixed upstream.
-------------------------------------------------------------------
Wed Oct 9 11:51:08 UTC 2013 - dimstar@opensuse.org
- Add accountsservice-remotePW-verification.patch: treat NULL
shadow entry as "password handled remotely" (bnc#844933,
bgo#708997, fdo#70005).
-------------------------------------------------------------------
Fri Jun 21 17:39:36 UTC 2013 - dimstar@opensuse.org
- Update to version 0.6.34:
+ Try to sanitize automatic login setting when user account is
deleted or disabled (fdo#54506).
+ Fix build.
- Changes from version 0.6.33:
+ Keep track of non-graphical sessions (fdo#65160).
+ Forget obsolete sessions (fdo#65159).
+ Monitor wtmp for changes (fdo#63159).
+ Ignore non-user sessions (fdo#701514).
+ Rework system account handling (fdo#64769).
- Never treat cached users as system accounts.
- Add gdm, gnome-initial-setup users to blacklist.
- Store system-account bit in key file.
- Cache newly-created users explicitly.
- Rebase accountsservice-filter-suse-accounts.patch.
-------------------------------------------------------------------
Wed May 15 07:30:48 UTC 2013 - dimstar@opensuse.org
- Update to version 0.6.32:
+ Don't treat remote users as system accounts (fdo#64186).
+ Clean up spawn_with_login_uid error handling (fdo#55067).
+ Quit on SIGINT/SIGTERM (fdo#63869).
+ Make --debug work as expected (fdo#63870).
+ Remove newlines from debug output (fdo#63871).
+ Fix mismatched function signature (fdo#63873).
+ Fix gir/vapi warnings (fdo#63875).
+ Fix documentation warnings (fdo#63880).
-------------------------------------------------------------------
Wed Apr 17 06:53:12 UTC 2013 - dimstar@opensuse.org
- Update to version 0.6.31:
+ Check for logind, not systemd (bgo#62586).
+ Add --enable-admin-group configure option (bgo#62235).
+ Be more aggressive at excluding system accounts (bgo#48178).
+ Fix xsession property notification (bgo#58493).
+ Fix login history variant handling (bgo#58466).
- Rebase accountsservice-sysconfig.patch.
-------------------------------------------------------------------
Sun Dec 16 18:50:08 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.30:
+ Minor source clean ups.
+ Crasher fix on 32bit systems.
+ Add get_user_by_id.
+ Don't lose sessions list for users at startup.
+ Add API for detecting when accountsservice is unavailable.
-------------------------------------------------------------------
Fri Nov 23 11:48:03 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.29:
+ Translate D-Bus errors to local errors in libaccountsservice.
+ Fix a wrong property name in the login history support.
-------------------------------------------------------------------
Mon Nov 19 08:54:26 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.28:
+ Fix act_user_manager_delete_user_finish.
+ Fix handling of LoginTime and LoginHistory properties.
- Changes from version 0.6.27:
+ Fix warnings when the singleton user manager object is
finalized.
+ Generated docs for libaccountsservice.
+ Initialize local_acount to TRUE.
+ Add async api for user creation, caching and deletion.
-------------------------------------------------------------------
Wed Nov 14 13:08:48 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.26:
+ Require libsystemd-login 186.
+ Protect against deleting root user.
+ Add LoginTime and LoginHistory properties.
+ Fix crash consolekit code.
+ Fix has_multiple_user property after removing user.
-------------------------------------------------------------------
Tue Sep 25 14:26:38 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.25:
+ Uninitialized variable fix
+ Typo fix
+ Create data dirs just-in-time
+ Ignore closing sessions for is_logged_in test
+ Disable NULL user for delete_user call
+ Updated translations.
-------------------------------------------------------------------
Tue Aug 28 19:39:37 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.24:
+ add User.Local property for identifying local users.
-------------------------------------------------------------------
Wed Aug 8 12:26:10 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.23:
+ Fix up some debug output.
+ add new CacheUser and UncacheUser apis.
+ uncache user before deleting user.
-------------------------------------------------------------------
Wed Jul 18 18:14:47 UTC 2012 - dimstar@opensuse.org
- Add the user 'fax' to the exception list (bnc#771177).
-------------------------------------------------------------------
Thu Jun 28 20:14:58 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.22:
+ Correct CVE-2012-2737, local file disclosure
+ small memory leak fix
+ exclude system accounts from ListCachedUsers
+ make has-multiple-users properly only check non-system users
+ remove icon when deleting user
+ Revert usage of getpwent() as fallback for fgetpwent
+ support consolekit call cancellation to prevent crashes caused
by shortlived sessions
+ ignore built files in .gitignore
+ quiet down build goo nagging
- Drop accountsservice-CVE-2012-2737.patch: fixed upstream.
-------------------------------------------------------------------
Wed Jun 27 13:53:12 CEST 2012 - vuntz@opensuse.org
- Add accountsservice-CVE-2012-2737.patch: fix local file
disclosure flaw. Fix bnc#768807, CVE-2012-2737.
-------------------------------------------------------------------
Tue Jun 26 21:37:04 UTC 2012 - dimstar@opensuse.org
- Add users cyrus, ldap and mailman to the openSUSE specific users
to be excluded (accountsservice-filter-suse-accounts.patch).
Fixes bnc#765487.
-------------------------------------------------------------------
Fri May 18 06:56:47 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.21:
+ Detect old versions of systemd and fall back to ConsoleKit
+ Exclude users without a valid shell
+ Fix log spew
-------------------------------------------------------------------
Fri May 4 21:03:16 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.20:
+ Fix user listing which broke in previous release
- Changes from version 0.6.19:
+ Fix spurious warnings in logs
+ Make userdel succeed even if user is already logged in
+ Exclude users with no shell
+ Exclude "at" user
- Drop accountsservice-filter-more-accounts.patch and
accountsservice-filter-no-shell.patch: fixed upstream.
-------------------------------------------------------------------
Mon Apr 23 07:57:30 UTC 2012 - vuntz@opensuse.org
- Add back accountsservice-filter-more-accounts.patch to filter the
at user.
- Add accountsservice-filter-no-shell.patch to filter users with no
shell, which happens when NIS is setup.
- This should fix bnc#757662.
- Rebase accountsservice-filter-suse-accounts.patch.
-------------------------------------------------------------------
Sat Apr 14 16:29:42 UTC 2012 - dimstar@opensuse.org
- Update to version 0.6.18:
+ Fix systemd configure check
+ Add a few more common system accounts to the blacklist
+ Fix some issues in systemd session handling
- Drop accountsservice-filter-more-accounts.patch: fixed upstream.
- Drop accountsservice-fix-systemd-test-always-evaluating-true.patch:
fixed upstream.
-------------------------------------------------------------------
Tue Apr 3 11:45:58 UTC 2012 - vuntz@opensuse.org
- Add accountsservice-filter-more-accounts.patch: filter out ftp,
games, man and mysql system users too, taken from git.
- Add accountsservice-filter-suse-accounts.patch: filter out some
openSUSE-specific accounts (beagleindex, suse-ncc).
-------------------------------------------------------------------
Mon Apr 2 19:07:08 UTC 2012 - zaitor@opensuse.org
- Add accountsservice-fix-systemd-test-always-evaluating-true.patch
Make it possible to build accountsservice without systemd
(fdo#48190).
-------------------------------------------------------------------
Wed Mar 28 06:36:18 UTC 2012 - vuntz@opensuse.org
- Update to version 0.6.17:
+ Fix user filtering which was broken in 0.6.16
+ Fix double free in user code
-------------------------------------------------------------------
Tue Mar 27 09:29:20 UTC 2012 - vuntz@opensuse.org
- Update to version 0.6.16:
+ Don't filter out users below UID_MIN in login.defs
+ Filter out users with invalid shells
+ Use infinite timeout for ListCachedUsers calls
+ Port to GDBus
+ Add systemd support
+ Build fixes for srcdir != builddir
+ Vala support and introspection fixes
+ PPC32 fixes
+ Updated translations.
- Drop pkgconfig(dbus-glib-1) BuildRequires: dependency is gone
upstream.
- Enable support for systemd session tracking:
+ Note that it will fall back to ConsoleKit at runtime, so it's
fine to build it.
+ Add pkgconfig() BuildRequires: libsystemd-login,
libsystemd-daemon.
- Rebase accountsservice-sysconfig.patch.
- Add vala BuildRequires, which is now needed because of the
gnome-autogen.sh call.
-------------------------------------------------------------------
Mon Feb 27 13:21:43 UTC 2012 - vuntz@opensuse.org
- Fix systemd-related packaging:
+ Use %{?systemd_requires}.
+ Call %service_{add,del}_* macros in scriptlets for
accounts-daemon.service.
- Remove xz BuildRequires now that it comes for free in the build
system.
-------------------------------------------------------------------
Thu Dec 8 08:55:14 UTC 2011 - dimstar@opensuse.org
- Split typelib file into typelib-1_0-AccountsService-1_0
subpackage.
- Add typelib-1_0-AccountsService-1_0 Requires to devel subpackage.
-------------------------------------------------------------------
Tue Oct 18 06:54:27 UTC 2011 - vuntz@opensuse.org
- Update to version 0.6.15:
+ Only accept regular files as icons
+ Don't track non-graphical sessions
+ Fix wtmp handling
+ Fix build on FreeBSD and OpenBSD
- Drop accountsservice-regular-file-for-icon.patch: fixed upstream.
-------------------------------------------------------------------
Thu Sep 29 08:46:11 UTC 2011 - vuntz@opensuse.org
- Add accountsservice-regular-file-for-icon.patch: only use regular
files when setting user icon. Part of bnc#676638.
-------------------------------------------------------------------
Mon Sep 5 06:30:54 UTC 2011 - vuntz@opensuse.org
- Update to version 0.6.14:
+ Ignore extraneous SetAutomaticLogin(false) calls for a user
+ Monitor /etc/gdm/custom.conf for changes in autologin config
+ Fix fast user switching
+ Fix docs to build
+ Updated translations.
- Rebase accountsservice-sysconfig.patch, and add gnome-common
BuildRequires and call to gnome-autogen.sh since it's easier to
rebase the patch without Makefile.in.
- Add gobject-introspection-devel BuildRequires to build
introspection data.
-------------------------------------------------------------------
Wed Jul 20 16:51:05 CEST 2011 - vuntz@opensuse.org
- Add accountsservice-sysconfig.patch: read and write autologin
configuration from sysconfig, as done in gdm. Fix bnc#688071.
-------------------------------------------------------------------
Wed Jul 20 09:02:02 CEST 2011 - vuntz@opensuse.org
- Update to version 0.6.13:
+ Honor aclocal flags environment variable
+ Set log domain so it can be hushed
+ Use wtmp instead of consolekit for determining login frequency
+ Leak and warning fixes
+ Clean up polkit deprecation warnings
+ Add '--' before username to account helper programs
- Add xz BuildRequires because we can't build a package for a
xz-compressed tarball without explicitly specifying that... See
bnc#697467 for more details.
-------------------------------------------------------------------
Thu May 19 18:08:45 CEST 2011 - dimstar@opensuse.org
- Update to version 0.6.12:
+ The usual pile of race fixes
- Changes from version 0.6.11:
+ Add API for adding users to the library.
-------------------------------------------------------------------
Tue May 3 00:22:39 CEST 2011 - vuntz@opensuse.org
- Drop rpmlintrc as the necessary changes have now been done in
both rpmlint (for suse-dbus-unauthorized-service) and in
polkit-default-privs (for polkit-unauthorized-privilege).
-------------------------------------------------------------------
Fri Apr 29 15:04:09 UTC 2011 - fcrozat@novell.com
- Update to version 0.6.10:
+ An assortment of race fixes
+ Updated translations
- Changes from version 0.6.9:
+ Add a 'system-account' property to users
- Update download url for tarball.
-------------------------------------------------------------------
Mon Apr 11 13:41:00 UTC 2011 - fcrozat@novell.com
- Add pkgconfig(systemd) to BuildRequires and package systemd
configuration file for accountsservice.
-------------------------------------------------------------------
Tue Apr 5 11:18:12 UTC 2011 - fcrozat@novell.com
- Update to version 0.6.8:
+ use same rules for parsing booleans from gdm config as gdm.
-------------------------------------------------------------------
Wed Mar 23 10:25:27 UTC 2011 - fcrozat@novell.com
- Update to version 0.6.7:
+ Fix call to useradd for normal users
+ Correct free array of groups
+ Updated translations
- Changes from version 0.6.6:
+ Make it possible to disable user icon
+ Drop Supervised user role
+ Use "wheel" instead of "desktop_admin_r" as admin group
since that's what everyone uses for this purpose anyway.
+ Crasher fixes
+ Misc distro integration fixes
+ Updated translations
- Changes from version 0.6.5:
+ No longer return excluded users from cached listings
+ Add a --debug command line option
+ Use proper dbus proxy for settings api in client lib
+ Expose XSession property over bus
- Enforce dependency on main package in library package by changing
Recommends to Requires.
- Add a rpmlintrc to ignore security-related rpmlint warnings that
make the build fail on Factory. This needs to get removed when
entering Factory, though.
-------------------------------------------------------------------
Thu Mar 3 11:52:55 CET 2011 - vuntz@opensuse.org
- Cleanup for inclusion in Factory.
-------------------------------------------------------------------
Thu Feb 17 18:05:00 UTC 2011 - fcrozat@novell.com
- Update to version 0.6.4:
- fix typo in HomeDirectory property
- fix bug in asynchronous loading code
- drop some random g_print's
- Changes from version 0.6.3:
+ Add more getters to client library
+ Add an initial cut at a setter api
+ Add XSession property type
- Changes from version 0.6.2:
+ Remove the unused UserChanged signal
+ Add a small client library, based on code from gdm
+ Don't use gnome-common
+ Use the user-administration privilege for autologin changes
- Changes from version 0.6.1:
+ Always emit the changed signal when setting user photo
+ Install systemd unit files
+ Translation updates
- Changes from version 0.6:
+ Always require user-administration privilege when setting a
password or changing a username
+ Allow changing password mode and password even when the
account is locked, and unlock it as a side-effect
+ Use /etc/shadow to store account locking and 'set password at
next login' information and monitor /etc/shadow for changes
+ Set loginuid when runing commands on behalf of a user to
generate proper audit records
+ Drop SetIconData and make SetIconFile copy the file when
appropriate. As a consequence, the service no longer links
against image libraries.
+ Various other robustness and error-handling fixes
- Changes from version 0.5:
+ Make initial user list call work
+ Avoid extraneous commandline parsing
- Package directories used by daemon to store user data:
/var/lib/AccountsService and subdirectories.
-------------------------------------------------------------------
Sat Jan 30 13:12:53 CET 2010 - captain.magnus@opensuse.org
- New package (version 0.4).

196
accountsservice.spec Normal file
View File

@ -0,0 +1,196 @@
#
# spec file for package accountsservice
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# allow to not build vala binding
%bcond_without vala
Name: accountsservice
Version: 22.08.8
Release: 0
Summary: D-Bus Service to Manipulate User Account Information
License: GPL-3.0-or-later
Group: System/Daemons
URL: https://www.freedesktop.org/wiki/Software/AccountsService/
Source0: https://www.freedesktop.org/software/accountsservice/%{name}-%{version}.tar.xz
# WARNING: do not remove/significantly change patch0 without updating the relevant patch in gdm too
# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 vuntz@opensuse.org -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch) WAS PATCH-FIX-OPENSUSE
Patch0: accountsservice-sysconfig.patch
# PATCH-FIX-OPENSUSE accountsservice-filter-suse-accounts.patch vuntz@opensuse.org -- Filter out some system users that are specific to openSUSE
Patch1: accountsservice-filter-suse-accounts.patch
# PATCH-FIX-OPENSUSE harden_accounts-daemon.service.patch jsegitz@suse.com -- For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Patch2: harden_accounts-daemon.service.patch
## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login.
Patch1000: as-fate318433-prevent-same-account-multi-logins.patch
BuildRequires: gtk-doc
BuildRequires: meson
BuildRequires: pkgconfig
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(gio-2.0) >= 2.63.5
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(glib-2.0) >= 2.63.5
BuildRequires: pkgconfig(gobject-introspection-1.0)
BuildRequires: pkgconfig(libsystemd) >= 186
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(systemd)
%{?systemd_ordering}
%description
The accountsservice server provides a set of D-Bus interfaces for
querying and manipulating user account information.
The implementation is based on the useradd, usermod and userdel
commands.
%package -n libaccountsservice0
Summary: Client library for the user account information manipulation D-Bus service
# Clients do need the server to do something useful
Group: System/Libraries
Requires: %{name}
%description -n libaccountsservice0
The accountsservice server provides a set of D-Bus interfaces for
querying and manipulating user account information.
This package provides a client library for the service.
%package -n typelib-1_0-AccountsService-1_0
Summary: Introspection bindings for the user account information manipulation service
Group: System/Libraries
%description -n typelib-1_0-AccountsService-1_0
The accountsservice server provides a set of D-Bus interfaces for
querying and manipulating user account information.
This package provides the GObject Introspection bindings for the
client library.
%package devel
Summary: Header files for the user account information manipulation service
Group: Development/Libraries/C and C++
Requires: libaccountsservice0 = %{version}
Requires: typelib-1_0-AccountsService-1_0 = %{version}
%description devel
The accountsservice server provides a set of D-Bus interfaces for
querying and manipulating user account information.
%if %{with vala}
%package vala
Summary: Vala bindings for accountsservice
Group: Development/Libraries/C and C++
Requires: libaccountsservice0 = %{version}
Requires: typelib-1_0-AccountsService-1_0 = %{version}
BuildRequires: vala
%description vala
The accountsservice server provides a set of D-Bus interfaces for
querying and manipulating user account information.
This package contains the Vala bindings for accountservice.
%endif
%lang_package
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
# SLE and Leap patches start at 1000
%if 0%{?sle_version}
%patch1000 -p1
%endif
%build
%meson \
-Dintrospection=true \
-Dgtk_doc=true \
%if %{with vala}
-Dvapi=true \
%else
-Dvapi=false \
%endif
%{nil}
%meson_build
%install
%meson_install
%find_lang accounts-service
%pre
%service_add_pre accounts-daemon.service
%post
%service_add_post accounts-daemon.service
%preun
%service_del_preun accounts-daemon.service
%postun
%service_del_postun accounts-daemon.service
%post -n libaccountsservice0 -p /sbin/ldconfig
%postun -n libaccountsservice0 -p /sbin/ldconfig
%files
%license COPYING
%doc README.md
%{_unitdir}/accounts-daemon.service
%{_libexecdir}/accounts-daemon
%{_datadir}/dbus-1/system.d/org.freedesktop.Accounts.conf
%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.xml
%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.User.xml
%{_datadir}/dbus-1/system-services/org.freedesktop.Accounts.service
%{_datadir}/polkit-1/actions/org.freedesktop.accounts.policy
# User templates
%dir %{_datadir}/accountsservice
%{_datadir}/accountsservice/user-templates
# Directories where the server stores user data
%dir %{_localstatedir}/lib/AccountsService
%dir %{_localstatedir}/lib/AccountsService/users
%dir %{_localstatedir}/lib/AccountsService/icons
%files -n libaccountsservice0
%{_libdir}/*.so.0*
%files -n typelib-1_0-AccountsService-1_0
%{_libdir}/girepository-1.0/AccountsService-1.0.typelib
%files devel
%doc AUTHORS TODO
%doc %{_datadir}/gtk-doc/html/lib%{name}/
%{_libdir}/*.so
%{_libdir}/pkgconfig/accountsservice.pc
%{_includedir}/accountsservice-1.0/
%{_datadir}/gir-1.0/AccountsService-1.0.gir
%if %{with vala}
%files vala
%dir %{_datadir}/vala/vapi
%{_datadir}/vala/vapi/accountsservice.deps
%{_datadir}/vala/vapi/accountsservice.vapi
%endif
%files lang -f accounts-service.lang
%changelog

75
as-fate318433-prevent-same-account-multi-logins.patch Normal file
View File

@ -0,0 +1,75 @@
diff -Nur accountsservice-22.08.8/src/libaccountsservice/act-user.c new/src/libaccountsservice/act-user.c
--- accountsservice-22.08.8/src/libaccountsservice/act-user.c 2022-02-23 16:27:48.000000000 +0100
+++ new/src/libaccountsservice/act-user.c 2022-04-30 22:34:42.160346848 +0200
@@ -878,6 +878,8 @@
* (Currently, this function is only implemented for systemd-logind.
* For ConsoleKit, it is equivalent to act_user_is_logged_in.)
*
+ * (SLE-12 SP2: 'other_sessions' have been modified to contain only X sessions)
+ *
* Returns: %TRUE or %FALSE
*/
gboolean
@@ -906,6 +908,24 @@
}
/**
+ * act_user_is_x_logged_in_remotely:
+ * @user: a #ActUser
+ *
+ * Returns whether or not #ActUser is currently graphically logged in on a
+ * different seat or no seat.
+ *
+ * (For SLE12-SP2: fate#318433)
+ *
+ * Returns: %TRUE or %FALSE
+ */
+gboolean
+act_user_is_x_logged_in_remotely (ActUser *user)
+{
+ /* return user->remote_x_sessions; */
+ return (user->other_sessions != NULL);
+}
+
+/**
* act_user_get_locked:
* @user: a #ActUser
*
diff -Nur accountsservice-22.08.8/src/libaccountsservice/act-user.h new/src/libaccountsservice/act-user.h
--- accountsservice-22.08.8/src/libaccountsservice/act-user.h 2022-02-23 16:27:48.000000000 +0100
+++ new/src/libaccountsservice/act-user.h 2022-04-30 22:34:42.164346848 +0200
@@ -61,6 +61,7 @@
guint act_user_get_num_sessions_anywhere (ActUser *user);
gboolean act_user_is_logged_in (ActUser *user);
gboolean act_user_is_logged_in_anywhere (ActUser *user);
+gboolean act_user_is_x_logged_in_remotely (ActUser *user);
int act_user_get_login_frequency (ActUser *user);
gint64 act_user_get_login_time (ActUser *user);
const GVariant*act_user_get_login_history (ActUser *user);
diff -Nur accountsservice-22.08.8/src/libaccountsservice/act-user-manager.c new/src/libaccountsservice/act-user-manager.c
--- accountsservice-22.08.8/src/libaccountsservice/act-user-manager.c 2022-02-23 16:27:48.000000000 +0100
+++ new/src/libaccountsservice/act-user-manager.c 2022-04-30 22:34:42.160346848 +0200
@@ -1366,12 +1366,22 @@
if (new_session->x11_display == NULL) {
g_debug ("AcUserManager: (mostly) ignoring session '%s' since it's not graphical",
new_session->id);
- is_ours = FALSE;
+ /* SLE: ignore non-graphical session completely */
+ /* see `act_user_is_logged_in_anywhere` */
+ unload_new_session (new_session);
+ return;
} else if (session_is_login_window (manager, new_session->id)) {
new_session->state = ACT_USER_MANAGER_NEW_SESSION_STATE_LOADED;
unload_new_session (new_session);
return;
} else if (!session_is_on_our_seat (manager, new_session->id)) {
+ /**
+ * NOTE: if `manager->priv->seat.id` or `new_session->id` is
+ * either NULL, it's not on our seat: this is reasonable, as
+ * non-seat session is not switchable and thus no need to be
+ * ours. However, this nondiscrimination for all non-seated
+ * sessions is possibly a source for bugs.
+ */
is_ours = FALSE;
}

16
harden_accounts-daemon.service.patch Normal file
View File

@ -0,0 +1,16 @@
Index: accountsservice-22.08.8/data/accounts-daemon.service.in
===================================================================
--- accountsservice-22.08.8.orig/data/accounts-daemon.service.in 2022-02-23 16:27:48.000000000 +0100
+++ accountsservice-22.08.8/data/accounts-daemon.service.in 2022-08-02 09:17:14.424438207 +0200
@@ -8,6 +8,11 @@
Wants=nss-user-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelLogs=true
Type=dbus
BusName=org.freedesktop.Accounts
ExecStart=@libexecdir@/accounts-daemon