diff --git a/.accountsservice.metadata b/.accountsservice.metadata new file mode 100644 index 0000000..9ffdd86 --- /dev/null +++ b/.accountsservice.metadata @@ -0,0 +1 @@ +8d59b9cdc4121b34748442ee653b92d60607f2cb SOURCES/accountsservice-0.6.50.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..32db008 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/accountsservice-0.6.50.tar.xz diff --git a/SOURCES/0001-daemon-ensure-cache-files-for-system-users-are-proce.patch b/SOURCES/0001-daemon-ensure-cache-files-for-system-users-are-proce.patch new file mode 100644 index 0000000..fe5f8eb --- /dev/null +++ b/SOURCES/0001-daemon-ensure-cache-files-for-system-users-are-proce.patch @@ -0,0 +1,87 @@ +From e17df355b90243278cc08d1709caab79afc5ed99 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Mon, 29 Apr 2019 10:14:12 -0400 +Subject: [PATCH] daemon: ensure cache files for system users are processed + +At the moment we skip cache files for system users. That +doesn't make much sense; if there's a cache file we should +be using it. + +This commit changes the code to read cache files, even for +system users, and so lets root have a non-default session. + +Closes: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/65 +--- + src/daemon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/daemon.c b/src/daemon.c +index 2851ed6..b81c802 100644 +--- a/src/daemon.c ++++ b/src/daemon.c +@@ -446,61 +446,61 @@ reload_users (Daemon *daemon) + AccountsAccounts *accounts = ACCOUNTS_ACCOUNTS (daemon); + gboolean had_no_users, has_no_users, had_multiple_users, has_multiple_users; + GHashTable *users; + GHashTable *old_users; + GHashTable *local; + GHashTableIter iter; + gsize number_of_normal_users = 0; + gpointer name; + User *user; + + /* Track the users that we saw during our (re)load */ + users = create_users_hash_table (); + + /* + * NOTE: As we load data from all the sources, notifies are + * frozen in load_entries() and then thawed as we process + * them below. + */ + + /* Load the local users into our hash table */ + load_entries (daemon, users, FALSE, entry_generator_fgetpwent); + local = g_hash_table_new (g_str_hash, g_str_equal); + g_hash_table_iter_init (&iter, users); + while (g_hash_table_iter_next (&iter, &name, NULL)) + g_hash_table_add (local, name); + + /* and add users to hash table that were explicitly requested */ + load_entries (daemon, users, TRUE, entry_generator_requested_users); + + /* Now add/update users from other sources, possibly non-local */ +- load_entries (daemon, users, FALSE, entry_generator_cachedir); ++ load_entries (daemon, users, TRUE, entry_generator_cachedir); + + wtmp_helper_update_login_frequencies (users); + + /* Count the non-system users. Mark which users are local, which are not. */ + g_hash_table_iter_init (&iter, users); + while (g_hash_table_iter_next (&iter, &name, (gpointer *)&user)) { + if (!user_get_system_account (user)) + number_of_normal_users++; + user_update_local_account_property (user, g_hash_table_lookup (local, name) != NULL); + } + g_hash_table_destroy (local); + + had_no_users = accounts_accounts_get_has_no_users (accounts); + has_no_users = number_of_normal_users == 0; + + if (had_no_users != has_no_users) + accounts_accounts_set_has_no_users (accounts, has_no_users); + + had_multiple_users = accounts_accounts_get_has_multiple_users (accounts); + has_multiple_users = number_of_normal_users > 1; + + if (had_multiple_users != has_multiple_users) + accounts_accounts_set_has_multiple_users (accounts, has_multiple_users); + + /* Swap out the users */ + old_users = daemon->priv->users; + daemon->priv->users = users; + + /* Remove all the old users */ + g_hash_table_iter_init (&iter, old_users); +-- +2.21.0 + diff --git a/SOURCES/0001-data-don-t-send-change-updates-for-login-history.patch b/SOURCES/0001-data-don-t-send-change-updates-for-login-history.patch new file mode 100644 index 0000000..c17836b --- /dev/null +++ b/SOURCES/0001-data-don-t-send-change-updates-for-login-history.patch @@ -0,0 +1,88 @@ +From efaf411c9159364c248fc44ccc6d6403875665a2 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Thu, 9 May 2019 14:58:34 -0400 +Subject: [PATCH] data: don't send change updates for login-history + +The login-history property of user objects can be quite large. +If wtmp is changed frequently, that can lead to memory fragmentation +in clients. + +Furthermore, most clients never check login-history, so it's +wasted memory and wasted cpu. + +This commit disables change notification for that property. If +a client really needs to get updates, they can manually refresh +their cache when appropriate. +--- + data/org.freedesktop.Accounts.User.xml | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/org.freedesktop.Accounts.User.xml b/data/org.freedesktop.Accounts.User.xml +index 4ab989a..bf0d60b 100644 +--- a/data/org.freedesktop.Accounts.User.xml ++++ b/data/org.freedesktop.Accounts.User.xml +@@ -682,60 +682,61 @@ + + + + The users location. + + + + + + + + + + How often the user has logged in. + + + + + + + + + + The last login time. + + + + + + ++ + + + + The login history for this user. + Each entry in the array represents a login session. The first two + members are the login time and logout time, as timestamps (seconds since the epoch). If the session is still running, the logout time + is 0. + + + The a{sv} member is a dictionary containing additional information + about the session. Possible members include 'type' (with values like ':0', 'tty0', 'pts/0' etc). + + + + + + + + + + The filename of a png file containing the users icon. + + + + + + + + + +-- +2.21.0 + diff --git a/SOURCES/0001-lib-don-t-set-loaded-state-until-seat-is-fetched.patch b/SOURCES/0001-lib-don-t-set-loaded-state-until-seat-is-fetched.patch new file mode 100644 index 0000000..5d6777d --- /dev/null +++ b/SOURCES/0001-lib-don-t-set-loaded-state-until-seat-is-fetched.patch @@ -0,0 +1,90 @@ +From c7fa612023a163e8b2352e1170c6df3fceb19b27 Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Thu, 19 Jul 2018 13:14:09 -0400 +Subject: [PATCH] lib: don't set loaded state until seat is fetched + +At the moment we set is-loaded on the user-manager +object as soon as we start fetching the seat, but +we should waiting until the seat is fetched, so +that can_switch() will return the correct value +if the caller waited until the loaded signal +to use it. + +This commit changes the >= to > which I believe +was the original intention anyway. + +https://bugs.freedesktop.org/show_bug.cgi?id=107298 +--- + src/libaccountsservice/act-user-manager.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libaccountsservice/act-user-manager.c b/src/libaccountsservice/act-user-manager.c +index 325421b..e7e26b1 100644 +--- a/src/libaccountsservice/act-user-manager.c ++++ b/src/libaccountsservice/act-user-manager.c +@@ -2355,61 +2355,61 @@ act_user_manager_list_users (ActUserManager *manager) + queue_load_seat_incrementally (manager); + } + + retval = NULL; + g_hash_table_foreach (manager->priv->normal_users_by_name, listify_hash_values_hfunc, &retval); + + return g_slist_sort (retval, (GCompareFunc) act_user_collate); + } + + static void + maybe_set_is_loaded (ActUserManager *manager) + { + if (manager->priv->is_loaded) { + g_debug ("ActUserManager: already loaded, so not setting loaded property"); + return; + } + + if (manager->priv->getting_sessions) { + g_debug ("ActUserManager: GetSessions call pending, so not setting loaded property"); + return; + } + + if (manager->priv->new_users_inhibiting_load != NULL) { + g_debug ("ActUserManager: Loading new users, so not setting loaded property"); + return; + } + + /* Don't set is_loaded yet unless the seat is already loaded enough + * or failed to load. + */ +- if (manager->priv->seat.state >= ACT_USER_MANAGER_SEAT_STATE_GET_ID) { ++ if (manager->priv->seat.state > ACT_USER_MANAGER_SEAT_STATE_GET_ID) { + g_debug ("ActUserManager: Seat loaded, so now setting loaded property"); + } else if (manager->priv->seat.state == ACT_USER_MANAGER_SEAT_STATE_UNLOADED) { + g_debug ("ActUserManager: Seat wouldn't load, so giving up on it and setting loaded property"); + } else { + g_debug ("ActUserManager: Seat still actively loading, so not setting loaded property"); + return; + } + + set_is_loaded (manager, TRUE); + } + + + static GSList * + slist_deep_copy (const GSList *list) + { + GSList *retval; + GSList *l; + + if (list == NULL) + return NULL; + + retval = g_slist_copy ((GSList *) list); + for (l = retval; l != NULL; l = l->next) { + l->data = g_strdup (l->data); + } + + return retval; + } + + static void +-- +2.17.1 + diff --git a/SPECS/accountsservice.spec b/SPECS/accountsservice.spec new file mode 100644 index 0000000..11ce457 --- /dev/null +++ b/SPECS/accountsservice.spec @@ -0,0 +1,345 @@ +%global _hardened_build 1 + +Name: accountsservice +Version: 0.6.50 +Release: 7%{?dist} +Summary: D-Bus interfaces for querying and manipulating user account information +License: GPLv3+ +URL: https://www.freedesktop.org/wiki/Software/AccountsService/ + +#VCS: git:git://git.freedesktop.org/accountsservice +Source0: http://www.freedesktop.org/software/accountsservice/accountsservice-%{version}.tar.xz + +BuildRequires: glib2-devel +BuildRequires: polkit-devel +BuildRequires: intltool +BuildRequires: systemd-units +BuildRequires: systemd-devel +BuildRequires: gobject-introspection-devel +BuildRequires: gtk-doc +BuildRequires: git + +Requires: polkit +Requires: shadow-utils + +Patch0: 0001-lib-don-t-set-loaded-state-until-seat-is-fetched.patch + +Patch10001: 0001-data-don-t-send-change-updates-for-login-history.patch + +Patch20001: 0001-daemon-ensure-cache-files-for-system-users-are-proce.patch + +%description +The accountsservice project provides a set of D-Bus interfaces for +querying and manipulating user account information and an implementation +of these interfaces, based on the useradd, usermod and userdel commands. + +%package libs +Summary: Client-side library to talk to accountsservice +Requires: %{name} = %{version}-%{release} + +%description libs +The accountsservice-libs package contains a library that can +be used by applications that want to interact with the accountsservice +daemon. + +%package devel +Summary: Development files for accountsservice-libs +Requires: %{name}-libs = %{version}-%{release} + +%description devel +The accountsservice-devel package contains headers and other +files needed to build applications that use accountsservice-libs. + + +%prep +%autosetup -S git + +%build +%configure --enable-user-heuristics +make %{?_smp_mflags} + + +%install +make install DESTDIR=$RPM_BUILD_ROOT +rm $RPM_BUILD_ROOT%{_libdir}/*.la +rm $RPM_BUILD_ROOT%{_libdir}/*.a +%find_lang accounts-service + + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%post +%systemd_post accounts-daemon.service + +%preun +%systemd_preun accounts-daemon.service + +%postun +%systemd_postun accounts-daemon.service + +%files -f accounts-service.lang +%doc COPYING README AUTHORS +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.Accounts.conf +%{_libexecdir}/accounts-daemon +%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.xml +%{_datadir}/dbus-1/interfaces/org.freedesktop.Accounts.User.xml +%{_datadir}/dbus-1/system-services/org.freedesktop.Accounts.service +%{_datadir}/polkit-1/actions/org.freedesktop.accounts.policy +%dir %{_localstatedir}/lib/AccountsService/ +%dir %{_localstatedir}/lib/AccountsService/users +%dir %{_localstatedir}/lib/AccountsService/icons +%{_unitdir}/accounts-daemon.service + +%files libs +%{_libdir}/libaccountsservice.so.* +%{_libdir}/girepository-1.0/AccountsService-1.0.typelib + +%files devel +%{_includedir}/accountsservice-1.0 +%{_libdir}/libaccountsservice.so +%{_libdir}/pkgconfig/accountsservice.pc +%{_datadir}/gir-1.0/AccountsService-1.0.gir +%dir %{_datadir}/gtk-doc/html/libaccountsservice +%{_datadir}/gtk-doc/html/libaccountsservice/* + +%changelog +* Wed Oct 02 2019 Tomas Pelka - 0.6.50-7 +- version bump to prevent future update path introduced by RHBA-2019:45836 + Resolves: #1721562 + +* Mon Jun 17 2019 Ray Strode - 0.6.50-6 +- Make sure cache file is read for root user + Resolves: #1721562 + +* Fri May 10 2019 Ray Strode - 0.6.50-5 +- Don't send change updates for login-history + Resolves: #1708741 + +* Thu Jul 19 2018 Ray Strode - 0.6.50-2 +- Fix user switching + Resolves: #1597350 + +* Thu Jul 19 2018 Ray Strode - 0.6.50-1 +- Update to 0.6.50 + Related: #1576538 + Related: 1596735 + Related: 1602918 + +* Fri Jun 01 2018 Richard Hughes - 0.6.49-1 +- Update to 0.6.49 + Resolves: #1576538 + +* Wed Feb 14 2018 Ray Strode - 0.6.45-7 +- Fix bug leading to harmless error in log + Resolves: #1544640 + +* Wed Feb 07 2018 Ray Strode - 0.6.45-6 +- Don't return bogus password expiration policy when + shadow file is unavailable + Resolves: #1530659 + +* Tue Jan 30 2018 Ray Strode - 0.6.45-5 +- Fix other crasher introduced in -3 + Resolves: #1532252 + +* Fri Nov 03 2017 Ray Strode - 0.6.45-4 +- Fix crasher introduced in -3 + Related: #1474579, 1509261 + +* Wed Sep 27 2017 Ray Strode - 0.6.45-3 +- Various fixes to increase scalability + Related: #1474579 + +* Mon May 15 2017 Ray Strode - 0.6.45-2 +- Don't tread explicitly requested users as cached + Fixes UncacheUser operation. + Resolves: 1446620 + Related: #1432602 + +* Mon Mar 27 2017 Ray Strode - 0.6.45-1 +- Update to 0.6.45 so password expiration policy is wrapped by libaccountsservice + Related: #1424623 #1334464 + +* Mon Mar 27 2017 Ray Strode - 0.6.42-2 +- Update to 0.6.44 + Related: #1424623 +- export password expiration policy from shadow + Resolves: #1334464 + +* Thu Oct 20 2016 Kalev Lember - 0.6.42-1 +- Update to 0.6.42 +- Resolves: #1424623 + +* Tue Sep 06 2016 Ray Strode - 0.6.35-12 +- hide users with /sbin/nologin shell + Resolves: #1341276 + +* Fri Jul 01 2016 Ray Strode - 0.6.35-11 +- address minor bug in previous patch + Related: #1220904 + +- fix memory leak in log handler + Resolves: #1292543 + +* Thu Jun 30 2016 Ray Strode - 0.6.35-10 +- scale to a large number of remote users better + Resolves: #1220904 + +* Mon Jun 08 2015 Ray Strode 0.6.35-9 +- Start after nsswitch and ypbind + Resolves: #1217439 + +* Tue Jun 2 2015 Ondrej Holy 0.6.35-8 +- Add asynchronous api for user uncaching + Resolves: #1147999 + +* Wed Jan 29 2014 Ray Strode 0.6.35-7 +- Fix memory leak + Resolves: #1003033 + +* Tue Jan 28 2014 Daniel Mach - 0.6.35-6 +- Mass rebuild 2014-01-24 + +* Fri Jan 10 2014 Matthias Clasen 0.6.35-5 +- Consistently call userdel -f +Resolves: #1051629 + +* Fri Dec 27 2013 Daniel Mach - 0.6.35-4 +- Mass rebuild 2013-12-27 + +* Tue Nov 19 2013 Ray Strode 0.6.35-3 +- Fix up user classification logic to work better with + remote users. + Resolves: #1029195 + +* Fri Nov 1 2013 Matthias Clasen 0.6.35-2 +- Refuse to delete the root user +- Resolves: #1002973 + +* Tue Oct 22 2013 Ray Strode 0.6.35-1 +- Update to 0.6.35 + Resolves: #1019488 + +* Tue Jun 11 2013 Ray Strode 0.6.34-1 +- Update to 0.6.34 + +* Tue Jun 11 2013 Matthias Clasen - 0.6.33-1 +- Update to 0.6.33 + +* Tue May 14 2013 Matthias Clasen - 0.6.32-1 +- Update to 0.6.32 + +* Thu Apr 18 2013 Matthias Clasen - 0.6.31-2 +- Hardened build + +* Tue Apr 16 2013 Matthias Clasen - 0.6.31-1 +- Update to 0.6.31 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.6.30-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 16 2013 Richard Hughes - 0.6.30-1 +- Update to 0.6.30 + +* Fri Nov 16 2012 Matthias Clasen - 0.6.26-1 +- Update to 0.6.26 + +* Tue Oct 2 2012 Matthias Clasen - 0.6.25-2 +- Update to 0.6.25 +- Use systemd scriptlets (#856649) + +* Wed Jul 18 2012 Fedora Release Engineering - 0.6.22-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Jul 14 2012 Ville Skyttä - 0.6.22-2 +- Add ldconfig scriptlets to -libs. + +* Thu Jun 28 2012 Ray Strode 0.6.22-1 +- Update to 0.6.22. +- Fixes CVE-2012-2737 - local file disclosure + Related: #832532 + +* Thu May 30 2012 Matthias Clasen 0.6.21-1 +- Update to 0.6.21 + +* Fri May 04 2012 Ray Strode 0.6.20-1 +- Update to 0.6.20. Should fix user list. + Related: #814690 + +* Thu May 03 2012 Ray Strode 0.6.19-1 +- Update to 0.6.19 + Allows user deletion of logged in users + Related: #814690 + +* Wed Apr 11 2012 Matthias Clasen - 0.6.18-1 +- Update to 0.6.18 + +* Tue Mar 27 2012 Ray Strode 0.6.17-1 +- Update to latest release + +* Sun Mar 4 2012 Peter Robinson - 0.6.15-4 +- Fix unitdir with usrmove + +* Thu Jan 12 2012 Fedora Release Engineering - 0.6.15-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 29 2011 Matthias Clasen 0.6.15-2 +- Make resetting user icons work +- Update to 0.6.15 +- Fixes session chooser at login screen when logged into vt + +* Wed Sep 21 2011 Ray Strode 0.6.14-2 +- Fix wtmp loading so users coming from the network are + remembered in the user list in subsequent boots + +* Wed Sep 21 2011 Ray Strode 0.6.14-1 +- Update to 0.6.14 + +* Sun Sep 4 2011 Matthias Clasen - 0.6.13-3 +- Fix fast user switching + +* Mon Aug 15 2011 Kalev Lember - 0.6.13-2 +- Rebuilt for rpm bug #728707 + +* Tue Jul 19 2011 Matthias Clasen - 0.6.13-1 +- Update to 0.6.13 +- Drop ConsoleKit dependency + +* Mon Jun 06 2011 Ray Strode 0.6.12-1 +- Update to latest release + +* Wed May 18 2011 Matthias Clasen 0.6.11-1 +- Update to 0.6.11 + +* Mon Feb 07 2011 Fedora Release Engineering - 0.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Feb 02 2011 Ray Strode 0.6.3-1 +- Update to 0.6.3 + +* Thu Jan 27 2011 Matthias Clasen 0.6.2-1 +- Update to 0.6.2 + +* Wed Jul 21 2010 Matthias Clasen 0.6.1-1 +- Update to 0.6.1 +- Install systemd unit file + +* Mon Apr 5 2010 Matthias Clasen 0.6-2 +- Always emit changed signal on icon change + +* Tue Mar 30 2010 Matthias Clasen 0.6-1 +- Update to 0.6 + +* Mon Mar 22 2010 Matthias Clasen 0.5-1 +- Update to 0.5 + +* Mon Feb 22 2010 Bastien Nocera 0.4-3 +- Fix directory ownership + +* Mon Feb 22 2010 Bastien Nocera 0.4-2 +- Add missing directories to the filelist + +* Fri Jan 29 2010 Matthias Clasen 0.4-1 +- Initial packaging, based on work by Richard Hughes