From b80dc79f00e921bac7bd2d46538c23deb569ff33402f5ffe9cb6903c2a00b522 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= Date: Mon, 12 Aug 2024 19:03:55 +0000 Subject: [PATCH] - Drop as-fate318433-prevent-same-account-multi-logins.patch. Gnome-shell now has similar functionality upstream. OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/accountsservice?expand=0&rev=177 --- .gitattributes | 23 + .gitignore | 1 + accountsservice-23.13.9.tar.xz | 3 + accountsservice-filter-suse-accounts.patch | 18 + accountsservice-mocklib-gcc14.patch | 13 + accountsservice-sysconfig.patch | 674 +++++++++++++ accountsservice.changes | 929 ++++++++++++++++++ accountsservice.spec | 195 ++++ ...33-prevent-same-account-multi-logins.patch | 78 ++ harden_accounts-daemon.service.patch | 16 + mocklibc-1.0.tar.gz | 3 + 11 files changed, 1953 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 accountsservice-23.13.9.tar.xz create mode 100644 accountsservice-filter-suse-accounts.patch create mode 100644 accountsservice-mocklib-gcc14.patch create mode 100644 accountsservice-sysconfig.patch create mode 100644 accountsservice.changes create mode 100644 accountsservice.spec create mode 100644 as-fate318433-prevent-same-account-multi-logins.patch create mode 100644 harden_accounts-daemon.service.patch create mode 100644 mocklibc-1.0.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/accountsservice-23.13.9.tar.xz b/accountsservice-23.13.9.tar.xz new file mode 100644 index 0000000..57c5349 --- /dev/null +++ b/accountsservice-23.13.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:adda4cdeae24fa0992e7df3ffff9effa7090be3ac233a3edfdf69d5a9c9b924f +size 636064 diff --git a/accountsservice-filter-suse-accounts.patch b/accountsservice-filter-suse-accounts.patch new file mode 100644 index 0000000..370e9e0 --- /dev/null +++ b/accountsservice-filter-suse-accounts.patch @@ -0,0 +1,18 @@ +diff -Nur old/src/user-classify.c new/src/user-classify.c +--- old/src/user-classify.c 2023-06-21 16:19:26.984665518 +0200 ++++ new/src/user-classify.c 2023-06-21 16:19:33.793285366 +0200 +@@ -53,7 +53,13 @@ + "gdm", + "lightdm", + "gnome-initial-setup", +- "git" ++ "git", ++ "beagleindex", ++ "fax", ++ "suse-ncc", ++ "mailman", ++ "ldap", ++ "cyrus" + }; + + static gboolean diff --git a/accountsservice-mocklib-gcc14.patch b/accountsservice-mocklib-gcc14.patch new file mode 100644 index 0000000..497cf2c --- /dev/null +++ b/accountsservice-mocklib-gcc14.patch @@ -0,0 +1,13 @@ +Index: accountsservice-23.13.9/subprojects/mocklibc.wrap +=================================================================== +--- accountsservice-23.13.9.orig/subprojects/mocklibc.wrap ++++ accountsservice-23.13.9/subprojects/mocklibc.wrap +@@ -3,7 +3,7 @@ directory = mocklibc-1.0 + + source_url = https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/mocklibc/mocklibc-1.0.tar.gz + source_filename = mocklibc-1.0.tar.gz +-source_hash = b2236a6af1028414783e9734a46ea051916ec226479d6a55a3bb823bff68f120 ++source_hash = 48966f7a5d3f2139ffdc1e700de7deb9390f852cd4f2a7b97e55029c14097c6e + + patch_url = https://wrapdb.mesonbuild.com/v1/projects/mocklibc/1.0/2/get_zip + patch_filename = mocklibc-1.0-2-wrap.zip diff --git a/accountsservice-sysconfig.patch b/accountsservice-sysconfig.patch new file mode 100644 index 0000000..2d7aa4e --- /dev/null +++ b/accountsservice-sysconfig.patch @@ -0,0 +1,674 @@ +commit c3360e3878722b0fefdda02a320f6fb76a41b7da +Author: Vincent Untz +Date: Wed Jul 20 16:48:41 2011 +0200 + + Use autologin configuration from sysconfig (SUSE-ism) + + +Index: accountsservice-23.13.9/src/daemon.c +=================================================================== +--- accountsservice-23.13.9.orig/src/daemon.c ++++ accountsservice-23.13.9/src/daemon.c +@@ -51,6 +51,7 @@ + #include "util.h" + #include "user.h" + #include "accounts-user-generated.h" ++#include "gdm-sysconfig.h" + + #define PATH_PASSWD "passwd" + #define PATH_SHADOW "shadow" +@@ -1789,6 +1790,43 @@ load_autologin_lightdm (Daemon *daemon + return TRUE; + } + ++#define SYSCONFIG_FILE "/etc/sysconfig/displaymanager" ++#define SYSCONFIG_AUTOLOGIN_KEY "DISPLAYMANAGER_AUTOLOGIN" ++ ++gboolean ++load_autologin_suse (Daemon *daemon, ++ gchar **name, ++ gboolean *enabled, ++ GError **error) ++{ ++ *name = gdm_sysconfig_load_value (SYSCONFIG_FILE, SYSCONFIG_AUTOLOGIN_KEY); ++ *enabled = (name && *name); ++ ++ return TRUE; ++} ++ ++static gboolean ++save_autologin_suse (Daemon *daemon, ++ const gchar *name, ++ gboolean enabled, ++ GError **error) ++{ ++ const gchar *user; ++ gboolean result; ++ ++ if (enabled && name) ++ user = name; ++ else ++ user = ""; ++ ++ result = gdm_sysconfig_save_value (SYSCONFIG_FILE, SYSCONFIG_AUTOLOGIN_KEY, user); ++ ++ if (!result) ++ g_set_error (error, ERROR, ERROR_FAILED, "Could not save autologin configuration in sysconfig"); ++ ++ return result; ++} ++ + gboolean + load_autologin (Daemon *daemon, + gchar **name, +@@ -1797,6 +1835,8 @@ load_autologin (Daemon *daemon, + { + DisplayManagerType dm_type; + ++ return load_autologin_suse (daemon, name, enabled, error); ++ + dm_type = get_current_system_dm_type (); + if (dm_type == DISPLAY_MANAGER_TYPE_LIGHTDM) + return load_autologin_lightdm (daemon, name, enabled, error); +@@ -1819,6 +1859,8 @@ save_autologin_gdm (Daemon *daemon, + gboolean result; + g_autoptr (GError) local_error = NULL; + ++ return save_autologin_suse (daemon, name, enabled, error); ++ + keyfile = g_key_file_new (); + if (!g_key_file_load_from_file (keyfile, + PATH_GDM_CUSTOM, +@@ -1851,6 +1893,8 @@ save_autologin_lightdm (Daemon *dae + gboolean result; + g_autoptr (GError) local_error = NULL; + ++ return save_autologin_suse (daemon, name, enabled, error); ++ + keyfile = g_key_file_new (); + if (!g_key_file_load_from_file (keyfile, + PATH_LIGHTDM_CONF, +@@ -1879,6 +1923,8 @@ save_autologin (Daemon *daemon, + { + DisplayManagerType dm_type; + ++ return save_autologin_suse (daemon, name, enabled, error); ++ + dm_type = get_current_system_dm_type (); + if (dm_type == DISPLAY_MANAGER_TYPE_LIGHTDM) + return save_autologin_lightdm (daemon, name, enabled, error); +Index: accountsservice-23.13.9/src/gdm-sysconfig.c +=================================================================== +--- /dev/null ++++ accountsservice-23.13.9/src/gdm-sysconfig.c +@@ -0,0 +1,509 @@ ++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- ++ * ++ * Copyright (C) 2008 Hans Petter Jansson ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ */ ++ ++/* Parser for shell-script-like key-value files. Far from complete, but ++ * deals with a couple of common shell oddities. For instance, the following ++ * are parsed correctly: ++ * ++ * KEY=value\0 ++ * KEY = value#comment\0 ++ * KEY = " value with spaces" \0 ++ * KEY = ' it\'s a value with "embedded" quotes'\0 ++ * KEY = "if quotes aren't closed, we assume the string ends at EOL\0 ++ * ++ * It should be good enough for the config files in /etc/sysconfig/. ++ */ ++ ++#include "config.h" ++ ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "gdm-sysconfig.h" ++ ++#define SPACE_CHARS " \t" ++#define KEY_ALLOW_CHARS "_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ++ ++static gchar ** ++load_settings_file (const gchar *file_name) ++{ ++ GIOChannel *channel; ++ GPtrArray *lines; ++ gchar *str; ++ ++ g_debug ("Loading settings from %s", file_name); ++ ++ channel = g_io_channel_new_file (file_name, "r", NULL); ++ if (!channel) { ++ g_debug ("Failed to open %s", file_name); ++ return NULL; ++ } ++ ++ lines = g_ptr_array_new (); ++ ++ while (g_io_channel_read_line (channel, &str, NULL, NULL, NULL) != G_IO_STATUS_EOF) { ++ if (str) { ++ gchar *p0; ++ ++ /* Remove line separators */ ++ ++ for (p0 = str + strlen (str) - 1; p0 >= str && strchr ("\r\n", *p0); p0--) ++ *p0 = '\0'; ++ ++ g_ptr_array_add (lines, str); ++ g_debug ("%s", str); ++ } else { ++ g_ptr_array_add (lines, g_strdup ("")); ++ g_debug ("%s", ""); ++ } ++ } ++ ++ g_io_channel_shutdown (channel, FALSE, NULL); ++ g_io_channel_unref (channel); ++ ++ g_ptr_array_add (lines, NULL); ++ ++ return (gchar **) g_ptr_array_free (lines, FALSE); ++} ++ ++static gboolean ++save_settings_file (const gchar *file_name, gchar **lines) ++{ ++ GIOStatus last_status = G_IO_STATUS_ERROR; ++ GIOChannel *channel = NULL; ++ g_autofree gchar *temp_file_name = NULL; ++ gint i; ++ gchar *path = NULL; ++ g_autofree char *template = NULL; ++ ++ template = g_strdup_printf ("/run/sysconfig.XXXXXX"); ++ path = g_mkdtemp (template); ++ if (path == NULL) ++ goto out; ++ ++ temp_file_name = g_strdup_printf ("%s/%s.new",path, g_path_get_basename(file_name)); ++ ++ channel = g_io_channel_new_file (temp_file_name, "w", NULL); ++ if (!channel) ++ goto out; ++ ++ if (!lines) ++ goto out; ++ ++ for (i = 0; lines [i]; i++) { ++ gsize bytes_written; ++ ++ if (lines [i] [0] != '\0') ++ last_status = g_io_channel_write_chars (channel, ++ lines [i], strlen (lines [i]), ++ &bytes_written, ++ NULL); ++ ++ if (last_status != G_IO_STATUS_NORMAL) ++ break; ++ ++ last_status = g_io_channel_write_unichar (channel, '\n', NULL); ++ ++ if (last_status != G_IO_STATUS_NORMAL) ++ break; ++ } ++ ++out: ++ if (channel) { ++ g_io_channel_shutdown (channel, TRUE, NULL); ++ g_io_channel_unref (channel); ++ } ++ ++ gboolean result = FALSE; ++ if (last_status == G_IO_STATUS_NORMAL && temp_file_name) { ++ g_autoptr (GFile) old_file = g_file_new_for_path(temp_file_name); ++ g_autoptr (GFile) new_file = g_file_new_for_path(file_name); ++ g_remove(file_name); ++ result = g_file_move (old_file, ++ new_file, ++ G_FILE_COPY_OVERWRITE, ++ NULL, ++ NULL, ++ NULL, ++ NULL); ++ } ++ ++ if (last_status == G_IO_STATUS_NORMAL && !result) ++ last_status = G_IO_STATUS_ERROR; ++ ++ if (path) { ++ g_rmdir(path); ++ } ++ ++ return last_status == G_IO_STATUS_NORMAL ? TRUE : FALSE; ++} ++ ++static const gchar * ++skip_from_start_to_key (const gchar *line) ++{ ++ const gchar *p0; ++ ++ /* Skip initial space */ ++ ++ p0 = line + strspn (line, SPACE_CHARS); ++ ++ /* Ignore comments and other junk */ ++ ++ if (*p0 && strchr (KEY_ALLOW_CHARS, *p0)) ++ return p0; ++ ++ return NULL; ++} ++ ++static const gchar * ++skip_from_start_to_value_of_key (const gchar *line, const gchar *key_normal, gint key_len) ++{ ++ const gchar *p0, *p1; ++ gchar *potential_key_normal; ++ gboolean result; ++ ++ p0 = skip_from_start_to_key (line); ++ if (!p0) ++ return NULL; ++ ++ /* There's at least one key-like character, figure out how many */ ++ ++ p1 = p0 + strspn (p0, KEY_ALLOW_CHARS); ++ ++ /* Is this the key we're looking for? */ ++ ++ if (p1 - p0 != key_len) ++ return NULL; ++ ++ potential_key_normal = g_ascii_strdown (p0, p1 - p0); ++ result = strcmp (key_normal, potential_key_normal) == 0 ? TRUE : FALSE; ++ g_free (potential_key_normal); ++ ++ if (!result) ++ return NULL; ++ ++ /* It's the right key; skip over key-value separator */ ++ ++ p0 = p1 + strspn (p1, SPACE_CHARS); ++ if (*p0 != '=') ++ return NULL; ++ ++ p0++; ++ p0 += strspn (p0, SPACE_CHARS); ++ ++ return p0; ++} ++ ++static const gchar * ++skip_over_value (const gchar *value_start, gchar *quotes_out) ++{ ++ const gchar *p0 = value_start; ++ const gchar *p1; ++ gchar quotes; ++ ++ /* Is the value quoted? */ ++ ++ quotes = *p0; ++ if (quotes == '\'' || quotes == '"') { ++ /* Quoted sequence opened; find closing quote, but skip over escaped ones. If ++ * there's no closing quote on this line, assume the EOL closes it. */ ++ ++ *quotes_out = quotes; ++ ++ p1 = p0; ++ do { ++ p1++; ++ p1 = strchr (p1, quotes); ++ if (!p1) { ++ /* Hit EOL */ ++ ++ p1 = p0 + strlen (p0) - 1; ++ break; ++ } ++ } while (*(p1 - 1) == '\\'); ++ } else { ++ /* No quotes; look for comment or EOL */ ++ ++ *quotes_out = 0; ++ ++ p1 = strchr (p0, '#'); ++ if (!p1) ++ p1 = p0 + strlen (p0); ++ ++ for (p1--; p1 >= p0; p1--) ++ if (!strchr (SPACE_CHARS, *p1)) ++ break; ++ } ++ ++ return p1 + 1; ++} ++ ++static gchar * ++get_value_of_key (const gchar *line, const gchar *key_normal, gint key_len) ++{ ++ const gchar *p0, *p1; ++ gchar quotes; ++ gchar *value; ++ gchar *temp; ++ ++ p0 = skip_from_start_to_value_of_key (line, key_normal, key_len); ++ if (!p0) ++ return NULL; ++ ++ p1 = skip_over_value (p0, "es); ++ ++ if (quotes != 0) { ++ if (p1 - p0 > 2) { ++ temp = g_strndup (p0 + 1, p1 - p0 - 2); ++ value = g_strcompress (temp); ++ g_free (temp); ++ } else { ++ value = g_strdup (""); ++ } ++ } else { ++ temp = g_strndup (p0, p1 - p0); ++ value = g_strcompress (temp); ++ g_free (temp); ++ g_strchomp (value); ++ } ++ ++ return value; ++} ++ ++static gchar * ++get_value (gchar **lines, const gchar *key) ++{ ++ gchar *value = NULL; ++ gchar *key_normal; ++ gint key_len; ++ gint i; ++ ++ g_debug ("Getting value of %s", key); ++ ++ if (!lines) { ++ g_debug ("Missing configuration data"); ++ return NULL; ++ } ++ ++ key_normal = g_ascii_strdown (key, -1); ++ key_len = strlen (key_normal); ++ ++ for (i = 0; lines [i]; i++) { ++ value = get_value_of_key (lines [i], key_normal, key_len); ++ if (value) ++ break; ++ } ++ ++ g_free (key_normal); ++ ++ g_debug ("Got value of %s: %s", key, value); ++ ++ return value; ++} ++ ++static gchar * ++set_value_of_key (const gchar *line, const gchar *key_normal, gint key_len, const gchar *key, const gchar *value) ++{ ++ const gchar *p0, *p1, *p2; ++ gchar quotes; ++ gchar *escaped_value; ++ gchar *quoted_escaped_value; ++ gint quoted_escaped_value_len; ++ gchar *new_line; ++ gint len; ++ ++ p0 = skip_from_start_to_value_of_key (line, key_normal, key_len); ++ if (!p0) ++ return NULL; ++ ++ escaped_value = g_strescape (value, ""); ++ quoted_escaped_value = g_strdup_printf ("\"%s\"", escaped_value); ++ g_free (escaped_value); ++ quoted_escaped_value_len = strlen (quoted_escaped_value); ++ ++ p1 = skip_over_value (p0, "es); ++ p2 = p1 + strlen (p1); ++ len = (p0 - line) + quoted_escaped_value_len + (p2 - p1); ++ ++ new_line = g_malloc (len + 1); ++ memcpy (new_line, line, p0 - line); ++ memcpy (new_line + (p0 - line), quoted_escaped_value, quoted_escaped_value_len); ++ memcpy (new_line + (p0 - line) + quoted_escaped_value_len, p1, p2 - p1); ++ ++ *(new_line + len) = '\0'; ++ ++ g_free (quoted_escaped_value); ++ ++ return new_line; ++} ++ ++static gboolean ++set_value (gchar **lines, const gchar *key, const gchar *value) ++{ ++ gboolean result = FALSE; ++ gchar *key_normal; ++ gint key_len; ++ gint i; ++ ++ if (!lines) ++ return FALSE; ++ ++ key_normal = g_ascii_strdown (key, -1); ++ key_len = strlen (key_normal); ++ ++ for (i = 0; lines [i]; i++) { ++ gchar *new_line; ++ ++ new_line = set_value_of_key (lines [i], key_normal, key_len, key, value); ++ if (new_line) { ++ g_free (lines [i]); ++ lines [i] = new_line; ++ result = TRUE; ++ break; ++ } ++ } ++ ++ g_free (key_normal); ++ ++ return result; ++} ++ ++gchar ** ++gdm_sysconfig_load_file (const gchar *file_name) ++{ ++ g_return_val_if_fail (file_name != NULL, NULL); ++ ++ return load_settings_file (file_name); ++} ++ ++gboolean ++gdm_sysconfig_save_file (const gchar *file_name, const gchar **sysconfig) ++{ ++ g_return_val_if_fail (file_name != NULL, FALSE); ++ g_return_val_if_fail (sysconfig != NULL, FALSE); ++ ++ return save_settings_file (file_name, (gchar **)sysconfig); ++} ++ ++gchar * ++gdm_sysconfig_get_value (const gchar **sysconfig, const gchar *key) ++{ ++ g_return_val_if_fail (sysconfig != NULL, NULL); ++ g_return_val_if_fail (key != NULL, NULL); ++ ++ return get_value ((gchar **)sysconfig, key); ++} ++ ++gboolean ++gdm_sysconfig_set_value (gchar **sysconfig, const gchar *key, const gchar *value) ++{ ++ g_return_val_if_fail (sysconfig != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ g_return_val_if_fail (value != NULL, FALSE); ++ ++ return set_value (sysconfig, key, value); ++} ++ ++gboolean ++gdm_sysconfig_get_value_boolean (const gchar **sysconfig, const gchar *key, gboolean *value) ++{ ++ char *val; ++ gboolean val_bool; ++ ++ g_return_val_if_fail (sysconfig != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ ++ val = get_value ((gchar **)sysconfig, key); ++ if (val == NULL) { ++ return FALSE; ++ } ++ ++ if (!strcasecmp (val, "yes")) { ++ val_bool = TRUE; ++ } else if (!strcasecmp (val, "no")) { ++ val_bool = FALSE; ++ } else { ++ g_free (val); ++ return FALSE; ++ } ++ ++ g_free (val); ++ ++ if (value != NULL) { ++ *value = val_bool; ++ } ++ ++ return TRUE; ++} ++ ++gboolean ++gdm_sysconfig_set_value_boolean (gchar **sysconfig, const gchar *key, gboolean value) ++{ ++ g_return_val_if_fail (sysconfig != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ ++ return set_value (sysconfig, key, value ? "yes" : "no"); ++} ++ ++gchar * ++gdm_sysconfig_load_value (const gchar *file_name, const gchar *key) ++{ ++ gchar **lines; ++ gchar *value; ++ ++ g_return_val_if_fail (file_name != NULL, NULL); ++ g_return_val_if_fail (key != NULL, NULL); ++ ++ lines = load_settings_file (file_name); ++ if (!lines) ++ return NULL; ++ ++ value = get_value (lines, key); ++ ++ g_strfreev (lines); ++ return value; ++} ++ ++gboolean ++gdm_sysconfig_save_value (const gchar *file_name, const gchar *key, const gchar *value) ++{ ++ gchar **lines; ++ gboolean result; ++ ++ g_return_val_if_fail (file_name != NULL, FALSE); ++ g_return_val_if_fail (key != NULL, FALSE); ++ g_return_val_if_fail (value != NULL, FALSE); ++ ++ lines = load_settings_file (file_name); ++ if (!lines) ++ return FALSE; ++ ++ result = set_value (lines, key, value); ++ if (result) ++ result = save_settings_file (file_name, lines); ++ ++ g_strfreev (lines); ++ return result; ++} +Index: accountsservice-23.13.9/src/gdm-sysconfig.h +=================================================================== +--- /dev/null ++++ accountsservice-23.13.9/src/gdm-sysconfig.h +@@ -0,0 +1,43 @@ ++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- ++ * ++ * Copyright (C) 2008 Hans Petter Jansson ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++ * ++ */ ++ ++ ++#ifndef __GDM_SYSCONFIG_H ++#define __GDM_SYSCONFIG_H ++ ++#include ++ ++G_BEGIN_DECLS ++ ++gchar **gdm_sysconfig_load_file (const gchar *file_name); ++gboolean gdm_sysconfig_save_file (const gchar *file_name, const gchar **sysconfig); ++ ++gchar *gdm_sysconfig_get_value (const gchar **sysconfig, const gchar *key); ++gboolean gdm_sysconfig_set_value (gchar **sysconfig, const gchar *key, const gchar *value); ++ ++gboolean gdm_sysconfig_get_value_boolean (const gchar **sysconfig, const gchar *key, gboolean *value); ++gboolean gdm_sysconfig_set_value_boolean (gchar **sysconfig, const gchar *key, gboolean value); ++ ++gchar *gdm_sysconfig_load_value (const gchar *file_name, const gchar *key); ++gboolean gdm_sysconfig_save_value (const gchar *file_name, const gchar *key, const gchar *value); ++ ++G_END_DECLS ++ ++#endif /* __GDM_SYSCONFIG_H */ +Index: accountsservice-23.13.9/src/meson.build +=================================================================== +--- accountsservice-23.13.9.orig/src/meson.build ++++ accountsservice-23.13.9/src/meson.build +@@ -48,6 +48,8 @@ libaccounts_generated_dep = declare_depe + ) + + sources = files( ++ 'gdm-sysconfig.c', ++ 'gdm-sysconfig.h', + 'daemon.c', + 'extensions.c', + 'main.c', diff --git a/accountsservice.changes b/accountsservice.changes new file mode 100644 index 0000000..4493375 --- /dev/null +++ b/accountsservice.changes @@ -0,0 +1,929 @@ +------------------------------------------------------------------- +Mon Aug 12 17:48:05 UTC 2024 - Michael Gorse + +- Drop as-fate318433-prevent-same-account-multi-logins.patch. + Gnome-shell now has similar functionality upstream. + +------------------------------------------------------------------- +Wed Jun 19 01:14:06 UTC 2024 - Xiaoguang Wang + +- Update accountsservice-sysconfig.patch: work with SELinux policy + (bsc#1222978). + +------------------------------------------------------------------- +Tue May 7 13:45:31 UTC 2024 - Dominique Leuenberger + +- Keep en and en_GB 'translations' in the main package: do not + force -lang packages onto all users. + +------------------------------------------------------------------- +Tue Feb 27 06:23:31 UTC 2024 - xiaoguang wang + +- Rebase accountsservice-sysconfig.patch: to fix build with GCC 14 + (bsc#1219909). + +------------------------------------------------------------------- +Wed Feb 14 10:39:36 UTC 2024 - Dominique Leuenberger + +- First part to fix build with GCC 14: + + Inject patched mocklibc-1.0.tar.gz: only some header + modifications to address implicit declaration of print_indent. + + Add accountsservice-mocklib-gcc14.patch: patch meson' + subproject definition to validate the injected tarball. + +------------------------------------------------------------------- +Tue Nov 28 11:56:40 UTC 2023 - Dominique Leuenberger + +- Use %patch -p N instead of deprecated %patchN. + +------------------------------------------------------------------- +Wed Aug 9 01:27:12 UTC 2023 - Xiaoguang Wang + +- Rebase as-fate318433-prevent-same-account-multi-logins.patch: + (bsc#1213884). + +------------------------------------------------------------------- +Wed Jul 5 03:07:00 UTC 2023 - Xiaoguang Wang + +- Rebase accountsservice-sysconfig.patch: (boo#1212675 boo#1212973). +- Remove accountsservice-assume-gdm.patch: Fixed by new rebasing + of accountsservice-sysconfig.patch. + +------------------------------------------------------------------- +Sat Jun 24 10:36:17 UTC 2023 - Dominique Leuenberger + +- Add accountsservice-assume-gdm.patch: assume gdm when not being + able to detect the used display manager. This is basically the + same as was in place before we gained support for multiple DMs + (boo#1212675). + +------------------------------------------------------------------- +Wed Jun 21 14:07:07 UTC 2023 - Ferdinand Thiessen + +- Update to version 23.13.9: + + daemon: Fix boot delay + + user-manager: + - Add cancellable to fetch user requests + - Track non-existent users +- Changes from version 23.11.69: + + Add lightdm autologin support + + user: + - Return an error when setting invalid language + - Throw a warning for invalid locales + - Support new LocalAccount property in cache file + - Replace usermod -p with chpasswd -e + + main: + - Use new overridable USERDIR + - Use new overridable ICONDIR + - Use new overridable sysconfdir + + daemon: + - Add GetUsersLanguages() function + - Don't crash if /etc/shadow doesn't exist + + Updated translations. +- Rebase patches: + + accountsservice-sysconfig.patch + + accountsservice-filter-suse-accounts.patch + +------------------------------------------------------------------- +Mon Aug 1 12:01:59 UTC 2022 - Matthias Gerstner + +- Remove BuildIgnore for rpmlint-mini. This is a violation of the + security policies applying to SUSE products as it circumvents the + SUSE security team's control over what enters Factory and what + not. + +------------------------------------------------------------------- +Fri Jul 29 13:11:50 UTC 2022 - Frederic Crozat + +- Allow to build without vala support. +- Refresh harden_accounts-daemon.service.patch to not duplicate + existing entries. + +------------------------------------------------------------------- +Sat Apr 30 20:16:58 UTC 2022 - Ferdinand Thiessen + +- Update to version 22.08.8 + + Handle missing admin groups when changing account types + + Set PrivateTmp to false in the systemd service + + Add function to set user password expiration policy +- Update to version 22.04.62 + + Updated Swedish translation + + Updated Indonesian translation + + Updated German translation + + Updated slovak translation + + Update Ukrainian translation + + Updated Brazilian Portuguese translation + + act-user: Use stronger hashing methods in make_crypted() if available. + + act-user-manager: Watch for the daemon going away and coming back + + user-manager: Update users tables on username changes + + user: Translate property x-session property name to match the proxy one + + Check GDBusMessage for INTERACTIVE_AUTHORIZATION flag + + daemon: Fix error check in save_autologin() + + Never delete the root filesystem when removing users + + Remove user heuristics + + user-classify: Add git to username blacklist + + daemon: ensure cache files for system users are processed + + daemon: Don't try to add admin users to non existing groups + + Move D-Bus conf file to $(datadir)/dbus-1/system.d +- Rebased patches: + + accountsservice-sysconfig.patch + + accountsservice-filter-suse-accounts.patch + + as-fate318433-prevent-same-account-multi-logins.patch +- Drop upstream fixed patches: + + ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch + + accountsservice-fix-gdm-crash.patch + + accountsservice-read-root-user-cache.patch + + accountsservice-wtmp-io-improvements.patch + +------------------------------------------------------------------- +Tue Feb 1 09:20:24 UTC 2022 - Bjørn Lie + +- Add ac9b14f1c1bbca413987d0bbfeaad05804107e9a.patch: Fix build + with meson 0.61.0. + +------------------------------------------------------------------- +Thu Nov 4 10:39:37 UTC 2021 - Bjørn Lie + +- Stop passing the no longer used nor recognized option + user-heuristics=true to meson. + +------------------------------------------------------------------- +Thu Aug 26 15:07:51 UTC 2021 - Dominique Leuenberger + +- Update harden_accounts-daemon.service.patch: Do not proect home + directories: the accounts daemon is used to create home + directories upon user creation (boo#1189853). + +------------------------------------------------------------------- +Mon Aug 9 09:36:20 UTC 2021 - Yifan Jiang + +- Spec layout cleaning up for harden_accounts-daemon.service.patch. + +------------------------------------------------------------------- +Tue Jul 27 11:53:56 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s). Added patch(es): + * harden_accounts-daemon.service.patch + +------------------------------------------------------------------- +Tue Mar 2 21:05:33 UTC 2021 - Antoine Belvire + +- Add accountsservice-fix-gdm-crash.patch: Prevent crash of gdm + upon service restart when automatic login is enabled + (glfo#accountsservice/accountsservice#55). + +------------------------------------------------------------------- +Tue Apr 14 00:28:10 UTC 2020 - Yifan Jiang + +- Apply as-fate318433-prevent-same-account-multi-logins.patch to Leap. + +------------------------------------------------------------------- +Sat Jan 25 14:05:06 UTC 2020 - Dominique Leuenberger + +- No longer recommend -lang: supplements are in use + +------------------------------------------------------------------- +Wed Sep 11 08:10:52 UTC 2019 - Felix Zhang + +- Add accountsservice-wtmp-io-improvements.patch: Backports that + improve wtmp io performance (boo#1139487). +- Refresh as-fate318433-prevent-same-account-multi-logins.patch. + +------------------------------------------------------------------- +Wed May 29 21:28:30 UTC 2019 - Bjørn Lie + +- Update to version 0.6.55: + + Memory leak fix. + + Improved heuristics for identifying user session. + + Export interfaces directory to pkgconfig. + + Lock down state directory from prying eyes to be more friendly to + accountsservice extensions that require privacy. + + Misc fixes. + + Updated translations. +- Drop accountsservice-upstream-fixes.patch: Fixed upstream. +- Refresh patches with refresh_patches osc service. + +------------------------------------------------------------------- +Wed May 8 01:25:32 UTC 2019 - xwang@suse.com + +- Update accountsservice-read-root-user-cache.patch. + upstream commit d8b77951 + (bsc#1114292 glfo#accountsservice/accountsservice#65). + +------------------------------------------------------------------- +Wed Apr 3 02:54:51 UTC 2019 - xwang@suse.com + +- Drop upstream fixed patches: + + accountsservice-lib-don-not-set-loaded-state-until-seat-fetched.patch +- Update patches: + + accountsservice-read-root-user-cache.patch + + accountsservice-sysconfig.patch + +------------------------------------------------------------------- +Sun Mar 17 10:52:44 UTC 2019 - Jan Engelhardt + +- Redo summaries without em dashes. +- Reduce %systemd_requires to %systemd_ordering: + %service_* can handle the absence. + +------------------------------------------------------------------- +Thu Feb 21 22:45:14 UTC 2019 - bjorn.lie@gmail.com + +- Update to version 0.6.54: + + Fix user state dirs. +- Changes from version 0.6.53: + + Fix introspection. +- Changes from version 0.6.52: + + Migrate to meson and gettext (instead of autogoo and intltool). + + Add code of conduct. + + Add new session and session type properties (to replace + XSession). + + Try to handle misbehaving logind a little better. + + Misc mixes and code modernization. + + Add new "Saved" property to say whether a cached user is stored + on disk. +- Add accountsservice-upstream-fixes.patch: Add upstream bug fixes + commits, fix build. +- Switch to meson build system, add meson BuildRequires and macros. +- Drop obsolete intltool, gnome-common, vala, xmlto and xsltproc + BuildRequires: No longer needed. +- Replace gobject-introspection-devel with + pkgconfig(gobject-introspection-1.0) and add pkgconfig(dbus-1): + New depdendency. +- Disable the following patches that needs rebase: + + accountsservice-sysconfig.patch. + + accountsservice-lib-don-not-set-loaded-state-until-seat-fetched.patch. + + accountsservice-read-root-user-cache.patch + +------------------------------------------------------------------- +Mon Dec 10 05:48:13 UTC 2018 - xwang@suse.com + +- Add accountsservice-read-root-user-cache.patch: Read root user + cache file (bsc#1114292 glfo#accountsservice/accountsservice#65). + +------------------------------------------------------------------- +Sun Jul 22 20:39:59 UTC 2018 - bjorn.lie@gmail.com + +- Update to version 0.6.50: + + Fix insufficient path check on user icon files. (bsc#1099699 + CVE-2018-14036) + + Fix is-logged-in status for wayland sessions. + + Fix user enumeration when system accounts are mixed in. +- Drop upstream fixed patches: + + accountsservice-missing-users-on-gdm-login.patch. + + accountsservice-lib-treat-session-type-wayland-as-graphical-session.patch + +------------------------------------------------------------------- +Fri Jul 20 02:51:49 UTC 2018 - qkzhu@suse.com + +- Add accountsservice-lib-don-not-set-loaded-state-until-seat-fetched.patch: + At the moment we set is-loaded on the user-manager object as soon + as we start fetching the seat, but we should waiting until the seat + is fetched, so that can_switch() will return the correct value if + the caller waited until the loaded signal to use it. + (boo#1100041 fdo#107298) + +------------------------------------------------------------------- +Tue Jul 17 01:41:41 UTC 2018 - xwang@suse.com + +- Add accountsservice-lib-treat-session-type-wayland-as-graphical-session.patch: + When user session type is wayland, act_user_is_logged_in can + return TRUE if the user is logged in (boo#1095918 fdo#106855). + +------------------------------------------------------------------- +Wed Jul 11 07:33:21 UTC 2018 - mliska@suse.cz + +- Make build verbose to see full command lines. + +------------------------------------------------------------------- +Wed Jun 13 06:00:22 UTC 2018 - fezhang@suse.com + +- Add accountsservice-missing-users-on-gdm-login.patch: Don't abort + loading users when an /etc/shadow entry found missing + (boo#1090003 fdo#106904). + +------------------------------------------------------------------- +Sun May 13 23:59:22 UTC 2018 - luc14n0@linuxmail.org + +- Update to version 0.6.49: + + Fix crash on startup from previous compiler warning fix. +- Changes from version 0.6.48: + + Fix crashes when adding admin user and when user is removed. + + Performance improvements handling really large wtmp files. +- Changes from version 0.6.47: + + Fix problem where libaccountsservice users weren't getting + property change updates. + + Reduce memory usage of cached users in daemon process. + + Drop premature user-added/user-removed signals that erroneously + get emitted before ListCachedUsers call finishes. + +------------------------------------------------------------------- +Fri Apr 6 02:43:51 UTC 2018 - luc14n0@linuxmail.org + +- Update to version 0.6.46: + + Fix systemd unit file to use default standard output; + + Performance improvements; + + Leak fixes; + + Crash fixes; + + Support extra groups for admin users; + + Add policy that allows admins to allow users to change their + own password; + + Introspection fixes; + + Elogind support; + + Decruftification of username blacklist; + + Updated translations. +- Add: + + gio-2.0 and gio-unix-2.0 pkgconfig modules BuildRequires to + avoid implicit dependencies. + + xmlto and xsltproc BuildRequires to enable documentation. +- Drop remove-no-longer-used-system-accounts.patch: fixed upstream. +- Rebase patches: + + accountsservice-sysconfig.patch and + + accountsservice-filter-suse-accounts.patch. + +------------------------------------------------------------------- +Wed Feb 28 16:22:37 UTC 2018 - dimstar@opensuse.org + +- Modernize spec-file by calling spec-cleaner + +------------------------------------------------------------------- +Fri Dec 22 03:05:02 UTC 2017 - qzheng@suse.com + +- Add remove-no-longer-used-system-accounts.patch: + Drop operator, nobody4 and noaccess from the blacklist + (bsc#1063794, fdo#103879). + +------------------------------------------------------------------- +Thu Aug 10 09:33:16 UTC 2017 - yfjiang@suse.com + +- Update specfile to build + as-fate318433-prevent-same-account-multi-logins.patch on SLE15. + +------------------------------------------------------------------- +Tue Jul 4 09:20:34 UTC 2017 - jengelh@inai.de + +- Remove redundant %clean section; use %_smp_mflags for build. + +------------------------------------------------------------------- +Tue Apr 25 08:45:58 UTC 2017 - dimstar@opensuse.org + +- Update to version 0.6.45: + + Wrap password expiration info in libaccountsservice api. +- Changes from version 0.6.44: + + Export password expiration info from shadow file. + + Fix user classification logic. + + Don't lose track of users when /etc/passwd is reloaded. +- Drop accountsservice-933083-load-root-setting.patch: + fixed upstream (177509 edac45). + +------------------------------------------------------------------- +Wed Nov 30 15:42:14 UTC 2016 - dimstar@opensuse.org + +- Rebase accountsservice-933083-load-root-setting.patch. + +------------------------------------------------------------------- +Sat Sep 24 20:41:41 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.6.43: + + Fix logout times in login-history. + + Increase performance in large deployments. + + Memory leak fix. + + Exclude nologin users from user list. + +------------------------------------------------------------------- +Sun Sep 11 14:12:01 UTC 2016 - fezhang@suse.com + +- Update accountsservice-sysconfig.patch: + Flush the buffer before shut down the GIOChannel, otherwise we + get a truncated setting file. The problem has caused the + switching autologin in gnome-control-center breaking + /etc/sysconfig/displaymanager (bsc#998107). + +------------------------------------------------------------------- +Wed Aug 24 08:14:06 UTC 2016 - fezhang@suse.com + +- Enable as-fate318433-prevent-same-account-multi-logins.patch for + Leap as requested by the Leap Release Manager (boo#994876). + +------------------------------------------------------------------- +Wed Jul 6 06:23:55 UTC 2016 - fbui@suse.com + +- Remove pkgconfig(libsystemd-daemon). Nowadays + pkgconfig(libsystemd) is enough and replaces all libsystemd-* + libs which are obsolete. + +------------------------------------------------------------------- +Wed Jun 15 08:49:03 UTC 2016 - zaitor@opensuse.org + +- Update to version 0.6.42: + + Wtmp fixes on solaris. + + Allow a user to change his own data even if he's remote. + + Add way to set password hint independent of password. + + Conform to modern systemd library naming scheme. + + Disable GVFS support in service, since it's not needed and has + bad side effects. +- Replace pkgconfig(libsystemd-login) for pkgconfig(libsystemd) + BuildRequires following upstream changes. + +------------------------------------------------------------------- +Fri May 27 18:44:02 CST 2016 - cxiong@suse.com + +- Add as-fate318433-prevent-same-account-multi-logins.patch + (fate#318433): + Prevent multiple simultaneous logins. + +------------------------------------------------------------------- +Thu Apr 14 19:40:39 UTC 2016 - mgorse@suse.com + +- Update to GNOME 3.20 Fate#318572 +- Rebased accountsservice-933083-load-root-setting.patch. + +------------------------------------------------------------------- +Mon Jan 11 08:25:13 UTC 2016 - michael@stroeder.com + +- Updated Url. + +------------------------------------------------------------------- +Thu Jun 4 03:48:25 UTC 2015 - dliang@suse.com + +- Add accountsservice-933083-load-root-setting.patch (bnc#933083) + Load settings of an account which is not 'human' but can still be + able to login to the system. (like 'root') + +------------------------------------------------------------------- +Tue Jan 27 18:01:50 UTC 2015 - zaitor@opensuse.org + +- Update to version 0.6.40: + + Support large UIDs better. + + Don't require X11 display to fetch user with X11 session. + + Ensure accountsservice doesn't start before NSS works. + +------------------------------------------------------------------- +Sun Oct 19 19:56:53 UTC 2014 - zaitor@opensuse.org + +- Update to version 0.6.39: + + Fix ListCachedUsers race at startup. + + Add new api for uncaching user. + + Fix memory corruption bug. + + Build goo changes. + +------------------------------------------------------------------- +Sun Oct 5 15:34:00 UTC 2014 - zaitor@opensuse.org + +- Pass --enable-user-heuristics to configure to ensure that legacy + users are still shown in GDM facebrowser. + +------------------------------------------------------------------- +Thu Sep 25 08:34:16 UTC 2014 - dimstar@opensuse.org + +- Update to version 0.6.38: + + Fix polkit policy for non-desktop cases. + + Fix for a race when new user appears. + + Some clearer log and debug messages. + +------------------------------------------------------------------- +Wed Apr 2 11:48:24 UTC 2014 - dimstar@opensuse.org + +- Update to version 0.6.37: + + BSD fixes. +- Changes from version 0.6.36: + + Fixes for deleting users. + + Leak fix. + + Change user classification logic. + + BSD fixes. +- Rebase accountsservice-sysconfig.patch and + accountsservice-filter-suse-accounts.patch. + +------------------------------------------------------------------- +Wed Oct 16 06:42:07 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.6.35: + + Handle non-existent users better. + + Misc bug fixes. + + Misc clean ups. + + Emit "changed" signal when account type changes for user. + + Stop shipping vapi files. + + Avoid connecting to ConsoleKit on logind systems. + + Add extension interface. + + Add --enable-coverage option for gcov support. +- Rebase accountsservice-sysconfig.patch and + accountsservice-filter-suse-accounts.patch. +- Drop accountsservice-remotePW-verification.patch: fixed upstream. + +------------------------------------------------------------------- +Wed Oct 9 11:51:08 UTC 2013 - dimstar@opensuse.org + +- Add accountsservice-remotePW-verification.patch: treat NULL + shadow entry as "password handled remotely" (bnc#844933, + bgo#708997, fdo#70005). + +------------------------------------------------------------------- +Fri Jun 21 17:39:36 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.6.34: + + Try to sanitize automatic login setting when user account is + deleted or disabled (fdo#54506). + + Fix build. +- Changes from version 0.6.33: + + Keep track of non-graphical sessions (fdo#65160). + + Forget obsolete sessions (fdo#65159). + + Monitor wtmp for changes (fdo#63159). + + Ignore non-user sessions (fdo#701514). + + Rework system account handling (fdo#64769). + - Never treat cached users as system accounts. + - Add gdm, gnome-initial-setup users to blacklist. + - Store system-account bit in key file. + - Cache newly-created users explicitly. +- Rebase accountsservice-filter-suse-accounts.patch. + +------------------------------------------------------------------- +Wed May 15 07:30:48 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.6.32: + + Don't treat remote users as system accounts (fdo#64186). + + Clean up spawn_with_login_uid error handling (fdo#55067). + + Quit on SIGINT/SIGTERM (fdo#63869). + + Make --debug work as expected (fdo#63870). + + Remove newlines from debug output (fdo#63871). + + Fix mismatched function signature (fdo#63873). + + Fix gir/vapi warnings (fdo#63875). + + Fix documentation warnings (fdo#63880). + +------------------------------------------------------------------- +Wed Apr 17 06:53:12 UTC 2013 - dimstar@opensuse.org + +- Update to version 0.6.31: + + Check for logind, not systemd (bgo#62586). + + Add --enable-admin-group configure option (bgo#62235). + + Be more aggressive at excluding system accounts (bgo#48178). + + Fix xsession property notification (bgo#58493). + + Fix login history variant handling (bgo#58466). +- Rebase accountsservice-sysconfig.patch. + +------------------------------------------------------------------- +Sun Dec 16 18:50:08 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.30: + + Minor source clean ups. + + Crasher fix on 32bit systems. + + Add get_user_by_id. + + Don't lose sessions list for users at startup. + + Add API for detecting when accountsservice is unavailable. + +------------------------------------------------------------------- +Fri Nov 23 11:48:03 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.29: + + Translate D-Bus errors to local errors in libaccountsservice. + + Fix a wrong property name in the login history support. + +------------------------------------------------------------------- +Mon Nov 19 08:54:26 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.28: + + Fix act_user_manager_delete_user_finish. + + Fix handling of LoginTime and LoginHistory properties. +- Changes from version 0.6.27: + + Fix warnings when the singleton user manager object is + finalized. + + Generated docs for libaccountsservice. + + Initialize local_acount to TRUE. + + Add async api for user creation, caching and deletion. + +------------------------------------------------------------------- +Wed Nov 14 13:08:48 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.26: + + Require libsystemd-login 186. + + Protect against deleting root user. + + Add LoginTime and LoginHistory properties. + + Fix crash consolekit code. + + Fix has_multiple_user property after removing user. + +------------------------------------------------------------------- +Tue Sep 25 14:26:38 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.25: + + Uninitialized variable fix + + Typo fix + + Create data dirs just-in-time + + Ignore closing sessions for is_logged_in test + + Disable NULL user for delete_user call + + Updated translations. + +------------------------------------------------------------------- +Tue Aug 28 19:39:37 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.24: + + add User.Local property for identifying local users. + +------------------------------------------------------------------- +Wed Aug 8 12:26:10 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.23: + + Fix up some debug output. + + add new CacheUser and UncacheUser apis. + + uncache user before deleting user. + +------------------------------------------------------------------- +Wed Jul 18 18:14:47 UTC 2012 - dimstar@opensuse.org + +- Add the user 'fax' to the exception list (bnc#771177). + +------------------------------------------------------------------- +Thu Jun 28 20:14:58 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.22: + + Correct CVE-2012-2737, local file disclosure + + small memory leak fix + + exclude system accounts from ListCachedUsers + + make has-multiple-users properly only check non-system users + + remove icon when deleting user + + Revert usage of getpwent() as fallback for fgetpwent + + support consolekit call cancellation to prevent crashes caused + by shortlived sessions + + ignore built files in .gitignore + + quiet down build goo nagging +- Drop accountsservice-CVE-2012-2737.patch: fixed upstream. + +------------------------------------------------------------------- +Wed Jun 27 13:53:12 CEST 2012 - vuntz@opensuse.org + +- Add accountsservice-CVE-2012-2737.patch: fix local file + disclosure flaw. Fix bnc#768807, CVE-2012-2737. + +------------------------------------------------------------------- +Tue Jun 26 21:37:04 UTC 2012 - dimstar@opensuse.org + +- Add users cyrus, ldap and mailman to the openSUSE specific users + to be excluded (accountsservice-filter-suse-accounts.patch). + Fixes bnc#765487. + +------------------------------------------------------------------- +Fri May 18 06:56:47 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.21: + + Detect old versions of systemd and fall back to ConsoleKit + + Exclude users without a valid shell + + Fix log spew + +------------------------------------------------------------------- +Fri May 4 21:03:16 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.20: + + Fix user listing which broke in previous release +- Changes from version 0.6.19: + + Fix spurious warnings in logs + + Make userdel succeed even if user is already logged in + + Exclude users with no shell + + Exclude "at" user +- Drop accountsservice-filter-more-accounts.patch and + accountsservice-filter-no-shell.patch: fixed upstream. + +------------------------------------------------------------------- +Mon Apr 23 07:57:30 UTC 2012 - vuntz@opensuse.org + +- Add back accountsservice-filter-more-accounts.patch to filter the + at user. +- Add accountsservice-filter-no-shell.patch to filter users with no + shell, which happens when NIS is setup. +- This should fix bnc#757662. +- Rebase accountsservice-filter-suse-accounts.patch. + +------------------------------------------------------------------- +Sat Apr 14 16:29:42 UTC 2012 - dimstar@opensuse.org + +- Update to version 0.6.18: + + Fix systemd configure check + + Add a few more common system accounts to the blacklist + + Fix some issues in systemd session handling +- Drop accountsservice-filter-more-accounts.patch: fixed upstream. +- Drop accountsservice-fix-systemd-test-always-evaluating-true.patch: + fixed upstream. + +------------------------------------------------------------------- +Tue Apr 3 11:45:58 UTC 2012 - vuntz@opensuse.org + +- Add accountsservice-filter-more-accounts.patch: filter out ftp, + games, man and mysql system users too, taken from git. +- Add accountsservice-filter-suse-accounts.patch: filter out some + openSUSE-specific accounts (beagleindex, suse-ncc). + +------------------------------------------------------------------- +Mon Apr 2 19:07:08 UTC 2012 - zaitor@opensuse.org + +- Add accountsservice-fix-systemd-test-always-evaluating-true.patch + Make it possible to build accountsservice without systemd + (fdo#48190). + +------------------------------------------------------------------- +Wed Mar 28 06:36:18 UTC 2012 - vuntz@opensuse.org + +- Update to version 0.6.17: + + Fix user filtering which was broken in 0.6.16 + + Fix double free in user code + +------------------------------------------------------------------- +Tue Mar 27 09:29:20 UTC 2012 - vuntz@opensuse.org + +- Update to version 0.6.16: + + Don't filter out users below UID_MIN in login.defs + + Filter out users with invalid shells + + Use infinite timeout for ListCachedUsers calls + + Port to GDBus + + Add systemd support + + Build fixes for srcdir != builddir + + Vala support and introspection fixes + + PPC32 fixes + + Updated translations. +- Drop pkgconfig(dbus-glib-1) BuildRequires: dependency is gone + upstream. +- Enable support for systemd session tracking: + + Note that it will fall back to ConsoleKit at runtime, so it's + fine to build it. + + Add pkgconfig() BuildRequires: libsystemd-login, + libsystemd-daemon. +- Rebase accountsservice-sysconfig.patch. +- Add vala BuildRequires, which is now needed because of the + gnome-autogen.sh call. + +------------------------------------------------------------------- +Mon Feb 27 13:21:43 UTC 2012 - vuntz@opensuse.org + +- Fix systemd-related packaging: + + Use %{?systemd_requires}. + + Call %service_{add,del}_* macros in scriptlets for + accounts-daemon.service. +- Remove xz BuildRequires now that it comes for free in the build + system. + +------------------------------------------------------------------- +Thu Dec 8 08:55:14 UTC 2011 - dimstar@opensuse.org + +- Split typelib file into typelib-1_0-AccountsService-1_0 + subpackage. +- Add typelib-1_0-AccountsService-1_0 Requires to devel subpackage. + +------------------------------------------------------------------- +Tue Oct 18 06:54:27 UTC 2011 - vuntz@opensuse.org + +- Update to version 0.6.15: + + Only accept regular files as icons + + Don't track non-graphical sessions + + Fix wtmp handling + + Fix build on FreeBSD and OpenBSD +- Drop accountsservice-regular-file-for-icon.patch: fixed upstream. + +------------------------------------------------------------------- +Thu Sep 29 08:46:11 UTC 2011 - vuntz@opensuse.org + +- Add accountsservice-regular-file-for-icon.patch: only use regular + files when setting user icon. Part of bnc#676638. + +------------------------------------------------------------------- +Mon Sep 5 06:30:54 UTC 2011 - vuntz@opensuse.org + +- Update to version 0.6.14: + + Ignore extraneous SetAutomaticLogin(false) calls for a user + + Monitor /etc/gdm/custom.conf for changes in autologin config + + Fix fast user switching + + Fix docs to build + + Updated translations. +- Rebase accountsservice-sysconfig.patch, and add gnome-common + BuildRequires and call to gnome-autogen.sh since it's easier to + rebase the patch without Makefile.in. +- Add gobject-introspection-devel BuildRequires to build + introspection data. + +------------------------------------------------------------------- +Wed Jul 20 16:51:05 CEST 2011 - vuntz@opensuse.org + +- Add accountsservice-sysconfig.patch: read and write autologin + configuration from sysconfig, as done in gdm. Fix bnc#688071. + +------------------------------------------------------------------- +Wed Jul 20 09:02:02 CEST 2011 - vuntz@opensuse.org + +- Update to version 0.6.13: + + Honor aclocal flags environment variable + + Set log domain so it can be hushed + + Use wtmp instead of consolekit for determining login frequency + + Leak and warning fixes + + Clean up polkit deprecation warnings + + Add '--' before username to account helper programs +- Add xz BuildRequires because we can't build a package for a + xz-compressed tarball without explicitly specifying that... See + bnc#697467 for more details. + +------------------------------------------------------------------- +Thu May 19 18:08:45 CEST 2011 - dimstar@opensuse.org + +- Update to version 0.6.12: + + The usual pile of race fixes +- Changes from version 0.6.11: + + Add API for adding users to the library. + +------------------------------------------------------------------- +Tue May 3 00:22:39 CEST 2011 - vuntz@opensuse.org + +- Drop rpmlintrc as the necessary changes have now been done in + both rpmlint (for suse-dbus-unauthorized-service) and in + polkit-default-privs (for polkit-unauthorized-privilege). + +------------------------------------------------------------------- +Fri Apr 29 15:04:09 UTC 2011 - fcrozat@novell.com + +- Update to version 0.6.10: + + An assortment of race fixes + + Updated translations +- Changes from version 0.6.9: + + Add a 'system-account' property to users +- Update download url for tarball. + +------------------------------------------------------------------- +Mon Apr 11 13:41:00 UTC 2011 - fcrozat@novell.com + +- Add pkgconfig(systemd) to BuildRequires and package systemd + configuration file for accountsservice. + +------------------------------------------------------------------- +Tue Apr 5 11:18:12 UTC 2011 - fcrozat@novell.com + +- Update to version 0.6.8: + + use same rules for parsing booleans from gdm config as gdm. + +------------------------------------------------------------------- +Wed Mar 23 10:25:27 UTC 2011 - fcrozat@novell.com + +- Update to version 0.6.7: + + Fix call to useradd for normal users + + Correct free array of groups + + Updated translations +- Changes from version 0.6.6: + + Make it possible to disable user icon + + Drop Supervised user role + + Use "wheel" instead of "desktop_admin_r" as admin group + since that's what everyone uses for this purpose anyway. + + Crasher fixes + + Misc distro integration fixes + + Updated translations +- Changes from version 0.6.5: + + No longer return excluded users from cached listings + + Add a --debug command line option + + Use proper dbus proxy for settings api in client lib + + Expose XSession property over bus +- Enforce dependency on main package in library package by changing + Recommends to Requires. +- Add a rpmlintrc to ignore security-related rpmlint warnings that + make the build fail on Factory. This needs to get removed when + entering Factory, though. + +------------------------------------------------------------------- +Thu Mar 3 11:52:55 CET 2011 - vuntz@opensuse.org + +- Cleanup for inclusion in Factory. + +------------------------------------------------------------------- +Thu Feb 17 18:05:00 UTC 2011 - fcrozat@novell.com + +- Update to version 0.6.4: + - fix typo in HomeDirectory property + - fix bug in asynchronous loading code + - drop some random g_print's +- Changes from version 0.6.3: + + Add more getters to client library + + Add an initial cut at a setter api + + Add XSession property type +- Changes from version 0.6.2: + + Remove the unused UserChanged signal + + Add a small client library, based on code from gdm + + Don't use gnome-common + + Use the user-administration privilege for autologin changes +- Changes from version 0.6.1: + + Always emit the changed signal when setting user photo + + Install systemd unit files + + Translation updates +- Changes from version 0.6: + + Always require user-administration privilege when setting a + password or changing a username + + Allow changing password mode and password even when the + account is locked, and unlock it as a side-effect + + Use /etc/shadow to store account locking and 'set password at + next login' information and monitor /etc/shadow for changes + + Set loginuid when runing commands on behalf of a user to + generate proper audit records + + Drop SetIconData and make SetIconFile copy the file when + appropriate. As a consequence, the service no longer links + against image libraries. + + Various other robustness and error-handling fixes +- Changes from version 0.5: + + Make initial user list call work + + Avoid extraneous commandline parsing +- Package directories used by daemon to store user data: + /var/lib/AccountsService and subdirectories. + +------------------------------------------------------------------- +Sat Jan 30 13:12:53 CET 2010 - captain.magnus@opensuse.org + +- New package (version 0.4). + diff --git a/accountsservice.spec b/accountsservice.spec new file mode 100644 index 0000000..888b875 --- /dev/null +++ b/accountsservice.spec @@ -0,0 +1,195 @@ +# +# spec file for package accountsservice +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +# allow to not build vala binding +%bcond_without vala + +Name: accountsservice +Version: 23.13.9 +Release: 0 +Summary: D-Bus Service to Manipulate User Account Information +License: GPL-3.0-or-later +Group: System/Daemons +URL: https://www.freedesktop.org/wiki/Software/AccountsService/ +Source0: https://www.freedesktop.org/software/accountsservice/%{name}-%{version}.tar.xz +# Patched mocklibc source to fix build with GCC 14 +Source1: mocklibc-1.0.tar.gz +# PATCH-FIX-UPSTREAM accountsservice-mocklib-gcc14.patch -- Fix meson checksum to accept patched tarball +Patch0: accountsservice-mocklib-gcc14.patch + +# WARNING: do not remove/significantly change patch1 without updating the relevant patch in gdm too +# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 vuntz@opensuse.org -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch) WAS PATCH-FIX-OPENSUSE +Patch1: accountsservice-sysconfig.patch +# PATCH-FIX-OPENSUSE accountsservice-filter-suse-accounts.patch vuntz@opensuse.org -- Filter out some system users that are specific to openSUSE +Patch2: accountsservice-filter-suse-accounts.patch +# PATCH-FIX-OPENSUSE harden_accounts-daemon.service.patch jsegitz@suse.com -- For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +Patch3: harden_accounts-daemon.service.patch + +BuildRequires: gtk-doc +BuildRequires: meson +BuildRequires: pkgconfig +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(gio-2.0) >= 2.63.5 +BuildRequires: pkgconfig(gio-unix-2.0) +BuildRequires: pkgconfig(glib-2.0) >= 2.63.5 +BuildRequires: pkgconfig(gobject-introspection-1.0) +BuildRequires: pkgconfig(libsystemd) >= 186 +BuildRequires: pkgconfig(polkit-gobject-1) +BuildRequires: pkgconfig(systemd) +%{?systemd_ordering} + +%description +The accountsservice server provides a set of D-Bus interfaces for +querying and manipulating user account information. + +The implementation is based on the useradd, usermod and userdel +commands. + +%package -n libaccountsservice0 +Summary: Client library for the user account information manipulation D-Bus service +# Clients do need the server to do something useful +Group: System/Libraries +Requires: %{name} + +%description -n libaccountsservice0 +The accountsservice server provides a set of D-Bus interfaces for +querying and manipulating user account information. + +This package provides a client library for the service. + +%package -n typelib-1_0-AccountsService-1_0 +Summary: Introspection bindings for the user account information manipulation service +Group: System/Libraries + +%description -n typelib-1_0-AccountsService-1_0 +The accountsservice server provides a set of D-Bus interfaces for +querying and manipulating user account information. + +This package provides the GObject Introspection bindings for the +client library. + +%package devel +Summary: Header files for the user account information manipulation service +Group: Development/Libraries/C and C++ +Requires: libaccountsservice0 = %{version} +Requires: typelib-1_0-AccountsService-1_0 = %{version} + +%description devel +The accountsservice server provides a set of D-Bus interfaces for +querying and manipulating user account information. + +%if %{with vala} +%package vala +Summary: Vala bindings for accountsservice +Group: Development/Libraries/C and C++ +BuildRequires: vala +Requires: libaccountsservice0 = %{version} +Requires: typelib-1_0-AccountsService-1_0 = %{version} + +%description vala +The accountsservice server provides a set of D-Bus interfaces for +querying and manipulating user account information. + +This package contains the Vala bindings for accountservice. +%endif + +%lang_package + +%prep +%setup -q +# inject patched mocklibc tarball into package cache +cp %{SOURCE1} subprojects/packagecache/ +%autopatch -p1 + +%build +%meson \ + -Dintrospection=true \ + -Dgtk_doc=true \ +%if %{with vala} + -Dvapi=true \ +%else + -Dvapi=false \ +%endif + %{nil} +%meson_build + +%install +%meson_install +%find_lang accounts-service + +%pre +%service_add_pre accounts-daemon.service + +%post +%service_add_post accounts-daemon.service + +%preun +%service_del_preun accounts-daemon.service + +%postun +%service_del_postun accounts-daemon.service + +%post -n libaccountsservice0 -p /sbin/ldconfig +%postun -n libaccountsservice0 -p /sbin/ldconfig + +%files +%license COPYING +%doc README.md +%{_unitdir}/accounts-daemon.service +%{_libexecdir}/accounts-daemon +%{_datadir}/dbus-1/system.d/org.freedesktop.Accounts.conf +%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.xml +%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.User.xml +%{_datadir}/dbus-1/system-services/org.freedesktop.Accounts.service +%{_datadir}/polkit-1/actions/org.freedesktop.accounts.policy +# User templates +%dir %{_datadir}/accountsservice +%{_datadir}/accountsservice/user-templates +# Directories where the server stores user data +%dir %{_localstatedir}/lib/AccountsService +%dir %{_localstatedir}/lib/AccountsService/users +%dir %{_localstatedir}/lib/AccountsService/icons +%{_datadir}/locale/en/LC_MESSAGES/accounts-service.mo +%{_datadir}/locale/en_GB/LC_MESSAGES/accounts-service.mo + +%files -n libaccountsservice0 +%{_libdir}/*.so.0* + +%files -n typelib-1_0-AccountsService-1_0 +%{_libdir}/girepository-1.0/AccountsService-1.0.typelib + +%files devel +%doc AUTHORS TODO +%doc %{_datadir}/gtk-doc/html/lib%{name}/ +%{_libdir}/*.so +%{_libdir}/pkgconfig/accountsservice.pc +%{_includedir}/accountsservice-1.0/ +%{_datadir}/gir-1.0/AccountsService-1.0.gir + +%if %{with vala} +%files vala +%dir %{_datadir}/vala/vapi +%{_datadir}/vala/vapi/accountsservice.deps +%{_datadir}/vala/vapi/accountsservice.vapi +%endif + +%files lang -f accounts-service.lang +%exclude %{_datadir}/locale/en/LC_MESSAGES/accounts-service.mo +%exclude %{_datadir}/locale/en_GB/LC_MESSAGES/accounts-service.mo + +%changelog diff --git a/as-fate318433-prevent-same-account-multi-logins.patch b/as-fate318433-prevent-same-account-multi-logins.patch new file mode 100644 index 0000000..1fd9255 --- /dev/null +++ b/as-fate318433-prevent-same-account-multi-logins.patch @@ -0,0 +1,78 @@ +Index: accountsservice-23.13.9/src/libaccountsservice/act-user.c +=================================================================== +--- accountsservice-23.13.9.orig/src/libaccountsservice/act-user.c ++++ accountsservice-23.13.9/src/libaccountsservice/act-user.c +@@ -878,6 +878,8 @@ act_user_is_logged_in (ActUser *user) + * (Currently, this function is only implemented for systemd-logind. + * For ConsoleKit, it is equivalent to act_user_is_logged_in.) + * ++ * (SLE-12 SP2: 'other_sessions' have been modified to contain only X sessions) ++ * + * Returns: %TRUE or %FALSE + */ + gboolean +@@ -906,6 +908,24 @@ act_user_get_saved (ActUser *user) + } + + /** ++ * act_user_is_x_logged_in_remotely: ++ * @user: a #ActUser ++ * ++ * Returns whether or not #ActUser is currently graphically logged in on a ++ * different seat or no seat. ++ * ++ * (For SLE12-SP2: fate#318433) ++ * ++ * Returns: %TRUE or %FALSE ++ */ ++gboolean ++act_user_is_x_logged_in_remotely (ActUser *user) ++{ ++ /* return user->remote_x_sessions; */ ++ return (user->other_sessions != NULL); ++} ++ ++/** + * act_user_get_locked: + * @user: a #ActUser + * +Index: accountsservice-23.13.9/src/libaccountsservice/act-user.h +=================================================================== +--- accountsservice-23.13.9.orig/src/libaccountsservice/act-user.h ++++ accountsservice-23.13.9/src/libaccountsservice/act-user.h +@@ -60,6 +60,7 @@ guint act_user_get_num_sessions + guint act_user_get_num_sessions_anywhere (ActUser *user); + gboolean act_user_is_logged_in (ActUser *user); + gboolean act_user_is_logged_in_anywhere (ActUser *user); ++gboolean act_user_is_x_logged_in_remotely (ActUser *user); + int act_user_get_login_frequency (ActUser *user); + gint64 act_user_get_login_time (ActUser *user); + const GVariant *act_user_get_login_history (ActUser *user); +Index: accountsservice-23.13.9/src/libaccountsservice/act-user-manager.c +=================================================================== +--- accountsservice-23.13.9.orig/src/libaccountsservice/act-user-manager.c ++++ accountsservice-23.13.9/src/libaccountsservice/act-user-manager.c +@@ -1425,12 +1425,22 @@ maybe_add_new_session (ActUserManagerNew + if (new_session->x11_display == NULL) { + g_debug ("AcUserManager: (mostly) ignoring session '%s' since it's not graphical", + new_session->id); +- is_ours = FALSE; ++ /* SLE: ignore non-graphical session completely */ ++ /* see `act_user_is_logged_in_anywhere` */ ++ unload_new_session (new_session); ++ return; + } else if (session_is_login_window (manager, new_session->id)) { + new_session->state = ACT_USER_MANAGER_NEW_SESSION_STATE_LOADED; + unload_new_session (new_session); + return; + } else if (!session_is_on_our_seat (manager, new_session->id)) { ++ /** ++ * NOTE: if `manager->priv->seat.id` or `new_session->id` is ++ * either NULL, it's not on our seat: this is reasonable, as ++ * non-seat session is not switchable and thus no need to be ++ * ours. However, this nondiscrimination for all non-seated ++ * sessions is possibly a source for bugs. ++ */ + is_ours = FALSE; + } + diff --git a/harden_accounts-daemon.service.patch b/harden_accounts-daemon.service.patch new file mode 100644 index 0000000..9df8a2d --- /dev/null +++ b/harden_accounts-daemon.service.patch @@ -0,0 +1,16 @@ +Index: accountsservice-22.08.8/data/accounts-daemon.service.in +=================================================================== +--- accountsservice-22.08.8.orig/data/accounts-daemon.service.in 2022-02-23 16:27:48.000000000 +0100 ++++ accountsservice-22.08.8/data/accounts-daemon.service.in 2022-08-02 09:17:14.424438207 +0200 +@@ -8,6 +8,11 @@ + Wants=nss-user-lookup.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectHostname=true ++ProtectClock=true ++ProtectKernelLogs=true + Type=dbus + BusName=org.freedesktop.Accounts + ExecStart=@libexecdir@/accounts-daemon diff --git a/mocklibc-1.0.tar.gz b/mocklibc-1.0.tar.gz new file mode 100644 index 0000000..2e6d93b --- /dev/null +++ b/mocklibc-1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:48966f7a5d3f2139ffdc1e700de7deb9390f852cd4f2a7b97e55029c14097c6e +size 223730