Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-apps/accountsservice
diff options
context:
space:
mode:
authorPacho Ramos <pacho@gentoo.org>2013-12-04 19:38:30 +0000
committerPacho Ramos <pacho@gentoo.org>2013-12-04 19:38:30 +0000
commit0612130dbba50b3813f28a5c73f6218c54f093fc (patch)
treeeca82a4a38c207b1b32cfb4fc0a3bf94a0b674c3 /sys-apps/accountsservice
parentVersion bump for security bug 493284. (diff)
downloadgentoo-2-0612130dbba50b3813f28a5c73f6218c54f093fc.tar.gz
gentoo-2-0612130dbba50b3813f28a5c73f6218c54f093fc.tar.bz2
gentoo-2-0612130dbba50b3813f28a5c73f6218c54f093fc.zip
Version bump, drop old
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key A188FBD4)
Diffstat (limited to 'sys-apps/accountsservice')
-rw-r--r--sys-apps/accountsservice/ChangeLog14
-rw-r--r--sys-apps/accountsservice/accountsservice-0.6.35.ebuild (renamed from sys-apps/accountsservice/accountsservice-0.6.30.ebuild)40
-rw-r--r--sys-apps/accountsservice/files/accountsservice-0.6.30-login-history-variant.patch43
-rw-r--r--sys-apps/accountsservice/files/accountsservice-0.6.30-xsession-typo.patch28
-rw-r--r--sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch51
-rw-r--r--sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch47
-rw-r--r--sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch396
-rw-r--r--sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch211
8 files changed, 739 insertions, 91 deletions
diff --git a/sys-apps/accountsservice/ChangeLog b/sys-apps/accountsservice/ChangeLog
index 1ff48ce3bce3..4416e7efa22e 100644
--- a/sys-apps/accountsservice/ChangeLog
+++ b/sys-apps/accountsservice/ChangeLog
@@ -1,6 +1,18 @@
# ChangeLog for sys-apps/accountsservice
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/accountsservice/ChangeLog,v 1.32 2013/11/30 19:55:23 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/accountsservice/ChangeLog,v 1.33 2013/12/04 19:38:30 pacho Exp $
+
+*accountsservice-0.6.35 (04 Dec 2013)
+
+ 04 Dec 2013; Pacho Ramos <pacho@gentoo.org> +accountsservice-0.6.35.ebuild,
+ +files/accountsservice-0.6.35-gentoo-system-users.patch,
+ +files/accountsservice-0.6.35-nondelete-root.patch,
+ +files/accountsservice-0.6.35-older-glib.patch,
+ +files/accountsservice-0.6.35-user-logic.patch,
+ -accountsservice-0.6.30.ebuild,
+ -files/accountsservice-0.6.30-login-history-variant.patch,
+ -files/accountsservice-0.6.30-xsession-typo.patch:
+ Version bump, drop old
30 Nov 2013; Pacho Ramos <pacho@gentoo.org> accountsservice-0.6.34.ebuild:
amd64 stable, bug #478252
diff --git a/sys-apps/accountsservice/accountsservice-0.6.30.ebuild b/sys-apps/accountsservice/accountsservice-0.6.35.ebuild
index c5257e4a870e..d7c24be1b3bb 100644
--- a/sys-apps/accountsservice/accountsservice-0.6.30.ebuild
+++ b/sys-apps/accountsservice/accountsservice-0.6.35.ebuild
@@ -1,31 +1,30 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/accountsservice/accountsservice-0.6.30.ebuild,v 1.2 2013/03/24 18:13:49 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/accountsservice/accountsservice-0.6.35.ebuild,v 1.1 2013/12/04 19:38:30 pacho Exp $
EAPI="5"
GCONF_DEBUG="no"
-GNOME2_LA_PUNT="yes"
-VALA_MIN_API_VERSION="0.16"
-VALA_USE_DEPEND="vapigen"
-inherit eutils gnome2 systemd vala
+inherit autotools eutils gnome2 systemd
DESCRIPTION="D-Bus interfaces for querying and manipulating user account information"
-HOMEPAGE="http://www.fedoraproject.org/wiki/Features/UserAccountDialog"
+HOMEPAGE="http://www.freedesktop.org/wiki/Software/AccountsService/"
SRC_URI="http://www.freedesktop.org/software/${PN}/${P}.tar.xz"
LICENSE="GPL-3+"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86"
-IUSE="doc +introspection systemd vala"
-REQUIRED_USE="vala? ( introspection )"
+
+IUSE="doc +introspection systemd"
# Want glib-2.34 for g_clear_pointer, bug #462938
-RDEPEND=">=dev-libs/glib-2.34.0:2
+RDEPEND="
+ >=dev-libs/glib-2.34.0:2
sys-auth/polkit
introspection? ( >=dev-libs/gobject-introspection-0.9.12 )
systemd? ( >=sys-apps/systemd-186 )
- !systemd? ( sys-auth/consolekit )"
+ !systemd? ( sys-auth/consolekit )
+"
DEPEND="${RDEPEND}
dev-libs/libxslt
dev-util/gdbus-codegen
@@ -36,18 +35,21 @@ DEPEND="${RDEPEND}
doc? (
app-text/docbook-xml-dtd:4.1.2
app-text/xmlto )
- vala? (
- >=dev-lang/vala-0.16.1-r1
- $(vala_depend) )"
+"
src_prepare() {
- epatch "${FILESDIR}/${PN}-0.6.21-gentoo-system-users.patch"
+ epatch "${FILESDIR}/${PN}-0.6.35-gentoo-system-users.patch"
+
+ # Daemon: rip out extension interface as it needs glib-2.37
+ epatch "${FILESDIR}/${PN}-0.6.35-older-glib.patch"
+
+ # Avoid deleting the root user (from 'master')
+ epatch "${FILESDIR}/${PN}-0.6.35-nondelete-root.patch"
- # Patches from 0.6.31
- epatch "${FILESDIR}/${P}-login-history-variant.patch"
- epatch "${FILESDIR}/${P}-xsession-typo.patch"
+ # Change up user classification logic again (from 'master')
+ epatch "${FILESDIR}/${PN}-0.6.35-user-logic.patch"
- use vala && vala_src_prepare
+ eautoreconf
gnome2_src_prepare
}
@@ -57,9 +59,9 @@ src_configure() {
--disable-more-warnings \
--localstatedir="${EPREFIX}"/var \
--docdir="${EPREFIX}"/usr/share/doc/${PF} \
+ --enable-admin-group="wheel" \
$(use_enable doc docbook-docs) \
$(use_enable introspection) \
- $(use_enable vala) \
$(use_enable systemd) \
$(systemd_with_unitdir)
}
diff --git a/sys-apps/accountsservice/files/accountsservice-0.6.30-login-history-variant.patch b/sys-apps/accountsservice/files/accountsservice-0.6.30-login-history-variant.patch
deleted file mode 100644
index 39891287b2d5..000000000000
--- a/sys-apps/accountsservice/files/accountsservice-0.6.30-login-history-variant.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From f950d51aa018c171b98602787598e6b841ab1f6c Mon Sep 17 00:00:00 2001
-From: Giovanni Campagna <gcampagna@src.gnome.org>
-Date: Tue, 18 Dec 2012 16:36:12 +0100
-Subject: [PATCH] Fix login history variant handling
-
-g_variant_compare() returns 0 when the values are equal, and non-zero
-otherwise, which is the opposite of what the check wants.
-Also, it is valid for the login history variant to be null, when the
-library is working with an older daemon. Don't emit a critical in that
-case.
-
-See: https://bugzilla.gnome.org/show_bug.cgi?id=690413
-
-https://bugs.freedesktop.org/show_bug.cgi?id=58466
----
- src/libaccountsservice/act-user.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c
-index 2c1fcb8..80db669 100644
---- a/src/libaccountsservice/act-user.c
-+++ b/src/libaccountsservice/act-user.c
-@@ -1120,7 +1120,7 @@ collect_props (const gchar *key,
- GVariant *new_login_history = value;
-
- if (user->login_history == NULL ||
-- !g_variant_compare (user->login_history, new_login_history)) {
-+ !g_variant_equal (user->login_history, new_login_history)) {
- if (user->login_history)
- g_variant_unref (user->login_history);
- user->login_history = g_variant_ref (new_login_history);
-@@ -1375,7 +1375,7 @@ _act_user_load_from_user (ActUser *user,
- user->login_time = user_to_copy->login_time;
- g_object_notify (G_OBJECT (user), "login-time");
-
-- user->login_history = g_variant_ref (user_to_copy->login_history);
-+ user->login_history = user_to_copy->login_history ? g_variant_ref (user_to_copy->login_history) : NULL;
- g_object_notify (G_OBJECT (user), "login-history");
-
- user->account_type = user_to_copy->account_type;
---
-1.8.1
-
diff --git a/sys-apps/accountsservice/files/accountsservice-0.6.30-xsession-typo.patch b/sys-apps/accountsservice/files/accountsservice-0.6.30-xsession-typo.patch
deleted file mode 100644
index 6ad17327437b..000000000000
--- a/sys-apps/accountsservice/files/accountsservice-0.6.30-xsession-typo.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 5b2b8e554d19a37ea5b5e0a1ba2d1b67328863f5 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Tue, 18 Dec 2012 19:09:15 -0500
-Subject: [PATCH] user: Fix x-session -> xsession property notification
-
-Introduced by commit 9982e50b891074a711c43c5d7acc71cb793eb14d
-
-https://bugs.freedesktop.org/show_bug.cgi?id=58493
----
- src/user.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/user.c b/src/user.c
-index 9d84e11..bc54a38 100644
---- a/src/user.c
-+++ b/src/user.c
-@@ -315,7 +315,7 @@ user_update_from_keyfile (User *user,
- if (s != NULL) {
- g_free (user->x_session);
- user->x_session = s;
-- g_object_notify (G_OBJECT (user), "x-session");
-+ g_object_notify (G_OBJECT (user), "xsession");
- }
-
- s = g_key_file_get_string (keyfile, "User", "Email", NULL);
---
-1.8.1
-
diff --git a/sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch b/sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch
new file mode 100644
index 000000000000..9868e26ea39c
--- /dev/null
+++ b/sys-apps/accountsservice/files/accountsservice-0.6.35-gentoo-system-users.patch
@@ -0,0 +1,51 @@
+--- src/user-classify.c.old 2013-12-04 20:29:48.944454769 +0100
++++ src/user-classify.c 2013-12-04 20:32:59.728283477 +0100
+@@ -55,6 +55,48 @@
+ "at",
+ "gdm",
+ "gnome-initial-setup"
++ /* Additional Gentoo system users with non-trivial login shell */
++ "amanda",
++ "backuppc",
++ "drqueue",
++ "firebird",
++ "flexlm",
++ "foldingathome",
++ "geneweb",
++ "git",
++ "gnump3d",
++ "hacluster",
++ "hg",
++ "hsqldb",
++ "infinote",
++ "foldingathome",
++ "geneweb",
++ "git",
++ "gnump3d",
++ "hacluster",
++ "hg",
++ "hsqldb",
++ "infinote",
++ "jffnms",
++ "klive",
++ "mailman",
++ "mpd",
++ "mythtv",
++ "nagios",
++ "nx",
++ "oneadmin",
++ "openvpn",
++ "p2p",
++ "phxd",
++ "resin",
++ "rplayd",
++ "scponly",
++ "secoff",
++ "tinyproxy",
++ "ttrssd",
++ "vboxguest",
++ "vdr",
++ "vdradmin",
+ };
+
+ #define PATH_NOLOGIN "/sbin/nologin"
diff --git a/sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch b/sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch
new file mode 100644
index 000000000000..b8dfaa931935
--- /dev/null
+++ b/sys-apps/accountsservice/files/accountsservice-0.6.35-nondelete-root.patch
@@ -0,0 +1,47 @@
+From 980692e6b9cfe4a34e22f566e0981a8c549e4348 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 01 Nov 2013 21:09:25 +0000
+Subject: Avoid deleting the root user
+
+The check we have in place against deleting the root user can
+be tricked by exploiting the fact that we are checking a gint64,
+and then later cast it to a uid_t. This can be seen with the
+following test, which will delete your root account:
+
+qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \
+ org.freedesktop.Accounts.DeleteUser -9223372036854775808 true
+
+Found with the dfuzzer tool,
+https://github.com/matusmarhefka/dfuzzer
+---
+diff --git a/src/daemon.c b/src/daemon.c
+index ea75190..9c7001b 100644
+--- a/src/daemon.c
++++ b/src/daemon.c
+@@ -1227,7 +1227,7 @@ daemon_uncache_user (AccountsAccounts *accounts,
+ }
+
+ typedef struct {
+- gint64 uid;
++ uid_t uid;
+ gboolean remove_files;
+ } DeleteUserData;
+
+@@ -1309,13 +1309,13 @@ daemon_delete_user (AccountsAccounts *accounts,
+ Daemon *daemon = (Daemon*)accounts;
+ DeleteUserData *data;
+
+- if (uid == 0) {
++ if ((uid_t)uid == 0) {
+ throw_error (context, ERROR_FAILED, "Refuse to delete root user");
+ return TRUE;
+ }
+
+ data = g_new0 (DeleteUserData, 1);
+- data->uid = uid;
++ data->uid = (uid_t)uid;
+ data->remove_files = remove_files;
+
+ daemon_local_check_auth (daemon,
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch b/sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch
new file mode 100644
index 000000000000..64f21777aa73
--- /dev/null
+++ b/sys-apps/accountsservice/files/accountsservice-0.6.35-older-glib.patch
@@ -0,0 +1,396 @@
+From f86c93014e698d81d43fe1ebaf805fa794e5a984 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Tue, 22 Oct 2013 19:42:16 +0000
+Subject: daemon: rip out extension interface
+
+It requires newer glib than we're shipping
+---
+diff --git a/configure.ac b/configure.ac
+index cb1fcda..a7f4e20 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -25,7 +25,7 @@ AC_SUBST(LT_CURRENT)
+ AC_SUBST(LT_REVISION)
+ AC_SUBST(LT_AGE)
+
+-PKG_CHECK_MODULES(GIO, gio-2.0 >= 2.37.3 gio-unix-2.0)
++PKG_CHECK_MODULES(GIO, gio-2.0 gio-unix-2.0)
+ PKG_CHECK_MODULES(POLKIT, gio-unix-2.0 polkit-gobject-1)
+
+ AM_MAINTAINER_MODE([enable])
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 6940f2d..de57e7a 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -34,7 +34,6 @@ accounts_daemon_SOURCES = \
+ types.h \
+ daemon.h \
+ daemon.c \
+- extensions.c \
+ user-classify.h \
+ user-classify.c \
+ user.h \
+diff --git a/src/daemon.c b/src/daemon.c
+index 9c9f617..ea75190 100644
+--- a/src/daemon.c
++++ b/src/daemon.c
+@@ -80,7 +80,6 @@ struct DaemonPrivate {
+ guint autologin_id;
+
+ PolkitAuthority *authority;
+- GHashTable *extension_ifaces;
+ };
+
+ typedef struct passwd * (* EntryGeneratorFunc) (GHashTable *, gpointer *);
+@@ -683,8 +682,6 @@ daemon_init (Daemon *daemon)
+ {
+ daemon->priv = DAEMON_GET_PRIVATE (daemon);
+
+- daemon->priv->extension_ifaces = daemon_read_extension_ifaces ();
+-
+ daemon->priv->users = create_users_hash_table ();
+
+ daemon->priv->passwd_monitor = setup_monitor (daemon,
+@@ -728,8 +725,6 @@ daemon_finalize (GObject *object)
+
+ g_hash_table_destroy (daemon->priv->users);
+
+- g_hash_table_unref (daemon->priv->extension_ifaces);
+-
+ G_OBJECT_CLASS (daemon_parent_class)->finalize (object);
+ }
+
+@@ -1553,12 +1548,6 @@ daemon_local_set_automatic_login (Daemon *daemon,
+ return TRUE;
+ }
+
+-GHashTable *
+-daemon_get_extension_ifaces (Daemon *daemon)
+-{
+- return daemon->priv->extension_ifaces;
+-}
+-
+ static void
+ get_property (GObject *object,
+ guint prop_id,
+diff --git a/src/daemon.h b/src/daemon.h
+index b7e072e..e036407 100644
+--- a/src/daemon.h
++++ b/src/daemon.h
+@@ -96,9 +96,6 @@ gboolean daemon_local_set_automatic_login (Daemon *daemon,
+ gboolean enabled,
+ GError **error);
+
+-GHashTable * daemon_read_extension_ifaces (void);
+-GHashTable * daemon_get_extension_ifaces (Daemon *daemon);
+-
+ G_END_DECLS
+
+ #endif /* __DAEMON_H__ */
+diff --git a/src/user.c b/src/user.c
+index 1698eeb..163d136 100644
+--- a/src/user.c
++++ b/src/user.c
+@@ -104,9 +104,6 @@ struct User {
+ gboolean automatic_login;
+ gboolean system_account;
+ gboolean local_account;
+-
+- guint *extension_ids;
+- guint n_extension_ids;
+ };
+
+ typedef struct UserClass
+@@ -463,259 +460,6 @@ move_extra_data (const gchar *old_name,
+ g_free (new_filename);
+ }
+
+-static GVariant *
+-user_extension_get_value (User *user,
+- GDBusInterfaceInfo *interface,
+- const GDBusPropertyInfo *property)
+-{
+- const GVariantType *type = G_VARIANT_TYPE (property->signature);
+- GVariant *value;
+- gchar *printed;
+- gint i;
+-
+- /* First, try to get the value from the keyfile */
+- printed = g_key_file_get_value (user->keyfile, interface->name, property->name, NULL);
+- if (printed) {
+- value = g_variant_parse (type, printed, NULL, NULL, NULL);
+- g_free (printed);
+-
+- if (value != NULL)
+- return value;
+- }
+-
+- /* If that didn't work, try for a default value annotation */
+- for (i = 0; property->annotations && property->annotations[i]; i++) {
+- GDBusAnnotationInfo *annotation = property->annotations[i];
+-
+- if (g_str_equal (annotation->key, "org.freedesktop.Accounts.DefaultValue.String")) {
+- if (g_str_equal (property->signature, "s"))
+- return g_variant_ref_sink (g_variant_new_string (annotation->value));
+- }
+- else if (g_str_equal (annotation->key, "org.freedesktop.Accounts.DefaultValue")) {
+- value = g_variant_parse (type, annotation->value, NULL, NULL, NULL);
+- if (value != NULL)
+- return value;
+- }
+- }
+-
+- /* Nothing found... */
+- return NULL;
+-}
+-
+-static void
+-user_extension_get_property (User *user,
+- Daemon *daemon,
+- GDBusInterfaceInfo *interface,
+- GDBusMethodInvocation *invocation)
+-{
+- const GDBusPropertyInfo *property = g_dbus_method_invocation_get_property_info (invocation);
+- GVariant *value;
+-
+- value = user_extension_get_value (user, interface, property);
+-
+- if (value) {
+- g_dbus_method_invocation_return_value (invocation, g_variant_new ("(v)", value));
+- g_variant_unref (value);
+- }
+- else {
+- g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
+- "Key '%s' is not set and has no default value",
+- property->name);
+- }
+-}
+-
+-static void
+-user_extension_get_all_properties (User *user,
+- Daemon *daemon,
+- GDBusInterfaceInfo *interface,
+- GDBusMethodInvocation *invocation)
+-{
+- GVariantBuilder builder;
+- gint i;
+-
+- g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT);
+- for (i = 0; interface->properties && interface->properties[i]; i++) {
+- GDBusPropertyInfo *property = interface->properties[i];
+- GVariant *value;
+-
+- value = user_extension_get_value (user, interface, property);
+-
+- if (value) {
+- g_variant_builder_add (&builder, "{sv}", property->name, value);
+- g_variant_unref (value);
+- }
+- }
+-
+- g_dbus_method_invocation_return_value (invocation, g_variant_new ("(a{sv})", &builder));
+-}
+-
+-static void
+-user_extension_set_property (User *user,
+- Daemon *daemon,
+- GDBusInterfaceInfo *interface,
+- GDBusMethodInvocation *invocation)
+-{
+- const GDBusPropertyInfo *property = g_dbus_method_invocation_get_property_info (invocation);
+- GVariant *value;
+- gchar *printed;
+- gchar *prev;
+-
+- g_variant_get_child (g_dbus_method_invocation_get_parameters (invocation), 2, "v", &value);
+-
+- /* We'll always have the type when we parse it back so
+- * we don't need it to be printed with annotations.
+- */
+- printed = g_variant_print (value, FALSE);
+-
+- /* May as well try to avoid the thrashing... */
+- prev = g_key_file_get_value (user->keyfile, interface->name, property->name, NULL);
+-
+- if (!prev || !g_str_equal (printed, prev)) {
+- g_key_file_set_value (user->keyfile, interface->name, property->name, printed);
+-
+- /* Emit a change signal. Use invalidation
+- * because the data may not be world-readable.
+- */
+- g_dbus_connection_emit_signal (g_dbus_method_invocation_get_connection (invocation),
+- NULL, /* destination_bus_name */
+- g_dbus_method_invocation_get_object_path (invocation),
+- "org.freedesktop.DBus.Properties", "PropertiesChanged",
+- g_variant_new_parsed ("( %s, %a{sv}, [ %s ] )",
+- interface->name, NULL, property->name),
+- NULL);
+-
+- accounts_user_emit_changed (ACCOUNTS_USER (user));
+- save_extra_data (user);
+- }
+-
+- g_variant_unref (value);
+- g_free (printed);
+- g_free (prev);
+-
+- g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
+-}
+-
+-static void
+-user_extension_authentication_done (Daemon *daemon,
+- User *user,
+- GDBusMethodInvocation *invocation,
+- gpointer user_data)
+-{
+- GDBusInterfaceInfo *interface = user_data;
+- const gchar *method_name;
+-
+- method_name = g_dbus_method_invocation_get_method_name (invocation);
+-
+- if (g_str_equal (method_name, "Get"))
+- user_extension_get_property (user, daemon, interface, invocation);
+- else if (g_str_equal (method_name, "GetAll"))
+- user_extension_get_all_properties (user, daemon, interface, invocation);
+- else if (g_str_equal (method_name, "Set"))
+- user_extension_set_property (user, daemon, interface, invocation);
+- else
+- g_assert_not_reached ();
+-}
+-
+-static void
+-user_extension_method_call (GDBusConnection *connection,
+- const gchar *sender,
+- const gchar *object_path,
+- const gchar *interface_name,
+- const gchar *method_name,
+- GVariant *parameters,
+- GDBusMethodInvocation *invocation,
+- gpointer user_data)
+-{
+- User *user = user_data;
+- GDBusInterfaceInfo *iface_info;
+- const gchar *annotation_name;
+- const gchar *action_id;
+- gint uid;
+- gint i;
+-
+- /* We don't allow method calls on extension interfaces, so we
+- * should only ever see property calls here.
+- */
+- g_assert_cmpstr (interface_name, ==, "org.freedesktop.DBus.Properties");
+-
+- /* Now get the real interface name */
+- g_variant_get_child (parameters, 0, "&s", &interface_name);
+-
+- if (get_caller_uid (invocation, &uid) && (uid_t) uid == user->uid) {
+- /* Operation on sender's own User object */
+- if (g_str_equal (method_name, "Set")) {
+- annotation_name = "org.freedesktop.Accounts.Authentication.ChangeOwn";
+- action_id = "org.freedesktop.accounts.change-own-user-data";
+- }
+- else {
+- annotation_name = "org.freedesktop.Accounts.Authentication.ReadOwn";
+- action_id = ""; /* reading allowed by default */
+- }
+- }
+- else {
+- /* Operation on someone else's User object */
+- if (g_str_equal (method_name, "Set")) {
+- annotation_name = "org.freedesktop.Accounts.Authentication.ChangeAny";
+- action_id = "org.freedesktop.accounts.user-administration";
+- }
+- else {
+- annotation_name = "org.freedesktop.Accounts.Authentication.ReadAny";
+- action_id = ""; /* reading allowed by default */
+- }
+- }
+-
+- iface_info = g_hash_table_lookup (daemon_get_extension_ifaces (user->daemon), interface_name);
+- g_assert (iface_info != NULL);
+-
+- for (i = 0; iface_info->annotations && iface_info->annotations[i]; i++) {
+- if (g_str_equal (iface_info->annotations[i]->key, annotation_name)) {
+- action_id = iface_info->annotations[i]->value;
+- break;
+- }
+- }
+-
+- if (action_id[0] == '\0') {
+- /* Should always allow this call, so just do it now */
+- user_extension_authentication_done (user->daemon, user, invocation, iface_info);
+- }
+- else {
+- daemon_local_check_auth (user->daemon, user, action_id, TRUE,
+- user_extension_authentication_done,
+- invocation, iface_info, NULL);
+- }
+-}
+-
+-static void
+-user_register_extensions (User *user)
+-{
+- static const GDBusInterfaceVTable vtable = {
+- user_extension_method_call,
+- NULL /* get_property */,
+- NULL /* set_property */
+- };
+- GHashTable *extensions;
+- GHashTableIter iter;
+- gpointer iface;
+- gint i = 0;
+-
+- g_assert (user->extension_ids == NULL);
+- g_assert (user->n_extension_ids == 0);
+-
+- extensions = daemon_get_extension_ifaces (user->daemon);
+- user->n_extension_ids = g_hash_table_size (extensions);
+- user->extension_ids = g_new (guint, user->n_extension_ids);
+- g_hash_table_iter_init (&iter, extensions);
+-
+- /* Ignore errors when registering more interfaces because (a)
+- * they won't happen and (b) even if they do, we still want to
+- * publish the main user interface.
+- */
+- while (g_hash_table_iter_next (&iter, NULL, &iface))
+- user->extension_ids[i++] = g_dbus_connection_register_object (user->system_bus_connection,
+- user->object_path, iface,
+- &vtable, user, NULL, NULL);
+-}
+-
+ static gchar *
+ compute_object_path (User *user)
+ {
+@@ -753,8 +497,6 @@ user_register (User *user)
+ }
+ return;
+ }
+-
+- user_register_extensions (user);
+ }
+
+ void
+@@ -767,21 +509,6 @@ void
+ user_unregister (User *user)
+ {
+ g_dbus_interface_skeleton_unexport (G_DBUS_INTERFACE_SKELETON (user));
+-
+- if (user->extension_ids) {
+- guint i;
+-
+- for (i = 0; i < user->n_extension_ids; i++) {
+- /* In theory, if an error happened during registration, we could have 0 here. */
+- if (user->extension_ids[i] == 0)
+- continue;
+-
+- g_dbus_connection_unregister_object (user->system_bus_connection, user->extension_ids[i]);
+- }
+-
+- g_clear_pointer (&user->extension_ids, g_free);
+- user->n_extension_ids = 0;
+- }
+ }
+
+ void
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch b/sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch
new file mode 100644
index 000000000000..8de3cfcffef1
--- /dev/null
+++ b/sys-apps/accountsservice/files/accountsservice-0.6.35-user-logic.patch
@@ -0,0 +1,211 @@
+From ba13b59cb91ec67c86b3e3fb390d91db01df8963 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Fri, 15 Nov 2013 15:11:15 +0000
+Subject: Change up user classification logic again
+
+relying on login.defs is fragile, and the
+user heuristics are fragile.
+
+This commit requires an explicit uid minimum
+get configured, and heuristics now only get
+applied to the specific problematic range
+they were added to address.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=71801
+---
+diff --git a/configure.ac b/configure.ac
+index cb1fcda..39c5b92 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -55,11 +55,17 @@ AS_IF([test x$enable_admin_group = xauto], [
+ AC_DEFINE_UNQUOTED([ADMIN_GROUP], ["$enable_admin_group"], [Define to the group for administrator users])
+
+ AC_ARG_ENABLE(user-heuristics,
+- [AS_HELP_STRING([--enable-user-heuristics],[Enable heuristics for guessing system vs. human users])],
++ [AS_HELP_STRING([--enable-user-heuristics],[Enable heuristics for guessing system vs. human users in the range 500-minimum-uid])],
+ [if test "$enableval" = yes; then
+ AC_DEFINE([ENABLE_USER_HEURISTICS], , [System vs. human user heuristics enabled])
+ fi])
+
++AC_ARG_WITH(minimum-uid,
++ [AS_HELP_STRING([--with-minimum-uid],[Set minimum uid for human users])],
++ ,with_minimum_uid=1000)
++
++AC_DEFINE_UNQUOTED([MINIMUM_UID], $with_minimum_uid, [Define to the minumum UID of human users])
++
+ dnl ---------------------------------------------------------------------------
+ dnl - coverage
+ dnl ---------------------------------------------------------------------------
+diff --git a/src/user-classify.c b/src/user-classify.c
+index b68c9ae..69e6809 100644
+--- a/src/user-classify.c
++++ b/src/user-classify.c
+@@ -26,7 +26,6 @@
+
+ #include <string.h>
+
+-#ifdef ENABLE_USER_HEURISTICS
+ static const char *default_excludes[] = {
+ "bin",
+ "root",
+@@ -57,16 +56,10 @@ static const char *default_excludes[] = {
+ "gnome-initial-setup"
+ };
+
+-#define PATH_NOLOGIN "/sbin/nologin"
+-#define PATH_FALSE "/bin/false"
+-
+ static gboolean
+-user_classify_is_excluded_by_heuristics (const gchar *username,
+- const gchar *shell,
+- const gchar *password_hash)
++user_classify_is_blacklisted (const char *username)
+ {
+ static GHashTable *exclusions;
+- gboolean ret = FALSE;
+
+ if (exclusions == NULL) {
+ guint i;
+@@ -82,6 +75,20 @@ user_classify_is_excluded_by_heuristics (const gchar *username,
+ return TRUE;
+ }
+
++ return FALSE;
++}
++
++#define PATH_NOLOGIN "/sbin/nologin"
++#define PATH_FALSE "/bin/false"
++
++#ifdef ENABLE_USER_HEURISTICS
++static gboolean
++user_classify_is_excluded_by_heuristics (const gchar *username,
++ const gchar *shell,
++ const gchar *password_hash)
++{
++ gboolean ret = FALSE;
++
+ if (shell != NULL) {
+ char *basename, *nologin_basename, *false_basename;
+
+@@ -139,99 +146,6 @@ user_classify_is_excluded_by_heuristics (const gchar *username,
+
+ return ret;
+ }
+-
+-#else /* ENABLE_USER_HEURISTICS */
+-
+-static gboolean
+-user_classify_parse_login_defs_field (const gchar *contents,
+- const gchar *key,
+- uid_t *result)
+-{
+- gsize key_len;
+- gint64 value;
+- gchar *end;
+-
+- key_len = strlen (key);
+-
+- for (;;) {
+- /* Our key has to be at the start of the line, followed by whitespace */
+- if (strncmp (contents, key, key_len) == 0 && g_ascii_isspace (contents[key_len])) {
+- /* Found it. Move contents past the key itself and break out. */
+- contents += key_len;
+- break;
+- }
+-
+- /* Didn't find it. Find the end of the line. */
+- contents = strchr (contents, '\n');
+-
+- /* EOF? */
+- if (!contents) {
+- /* We didn't find the field... */
+- return FALSE;
+- }
+-
+- /* Start at the beginning of the next line on next iteration. */
+- contents++;
+- }
+-
+- /* 'contents' now points at the whitespace character just after
+- * the field name. strtoll can deal with that.
+- */
+- value = g_ascii_strtoll (contents, &end, 10);
+-
+- if (*end && !g_ascii_isspace (*end)) {
+- g_warning ("Trailing junk after '%s' field in login.defs", key);
+- return FALSE;
+- }
+-
+- if (value <= 0 || value >= G_MAXINT32) {
+- g_warning ("Value for '%s' field out of range", key);
+- return FALSE;
+- }
+-
+- *result = value;
+-
+- return TRUE;
+-}
+-
+-static void
+-user_classify_read_login_defs (uid_t *min_uid,
+- uid_t *max_uid)
+-{
+- GError *error = NULL;
+- char *contents;
+-
+- if (!g_file_get_contents ("/etc/login.defs", &contents, NULL, &error)) {
+- g_warning ("Could not open /etc/login.defs: %s. Falling back to default human uid range of %d to %d",
+- error->message, (int) *min_uid, (int) *max_uid);
+- g_error_free (error);
+- return;
+- }
+-
+- if (!user_classify_parse_login_defs_field (contents, "UID_MIN", min_uid)) {
+- g_warning ("Could not find UID_MIN value in login.defs. Using default of %d", (int) *min_uid);
+- }
+-
+- if (!user_classify_parse_login_defs_field (contents, "UID_MAX", max_uid)) {
+- g_warning ("Could not find UID_MIN value in login.defs. Using default of %d", (int) *max_uid);
+- }
+-
+- g_free (contents);
+-}
+-
+-static gboolean
+-user_classify_is_in_human_range (uid_t uid)
+-{
+- static uid_t min_uid = 1000, max_uid = 60000;
+- static gboolean initialised;
+-
+- if (!initialised) {
+- user_classify_read_login_defs (&min_uid, &max_uid);
+- initialised = TRUE;
+- }
+-
+- return min_uid <= uid && uid <= max_uid;
+-}
+ #endif /* ENABLE_USER_HEURISTICS */
+
+ gboolean
+@@ -240,9 +154,16 @@ user_classify_is_human (uid_t uid,
+ const gchar *shell,
+ const gchar *password_hash)
+ {
++ if (user_classify_is_blacklisted (username))
++ return FALSE;
++
+ #ifdef ENABLE_USER_HEURISTICS
+- return !user_classify_is_excluded_by_heuristics (username, shell, password_hash);
+-#else
+- return user_classify_is_in_human_range (uid);
++ /* only do heuristics on the range 500-1000 to catch one off migration problems in Fedora */
++ if (uid >= 500 && uid < MINIMUM_UID) {
++ if (!user_classify_is_excluded_by_heuristics (username, shell, password_hash))
++ return TRUE;
++ }
+ #endif
++
++ return uid >= MINIMUM_UID;
+ }
+--
+cgit v0.9.0.2-2-gbebe