From b6af9225f7c6f5ca4fbc90c61f47b5ef8a851e97 Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Wed, 7 Mar 2012 12:36:44 +0100
Subject: [PATCH] Filter users on nologin rather than minimal UID

https://bugs.freedesktop.org/show_bug.cgi?id=44408
---
 src/daemon.c |   14 +++++++++-----
 src/daemon.h |    2 +-
 src/user.c   |    2 +-
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/daemon.c b/src/daemon.c
index 8e52f02..5fe6aed 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -48,6 +48,7 @@
 
 #define PATH_PASSWD "/etc/passwd"
 #define PATH_SHADOW "/etc/shadow"
+#define PATH_NOLOGIN "/sbin/nologin"
 #define PATH_GDM_CUSTOM "/etc/gdm/custom.conf"
 
 #define USERDIR LOCALSTATEDIR "/lib/AccountsService/users"
@@ -152,8 +153,11 @@ error_get_type (void)
 }
 
 gboolean
-daemon_local_user_is_excluded (Daemon *daemon, const gchar *username, uid_t uid)
+daemon_local_user_is_excluded (Daemon *daemon, const gchar *username, const gchar *shell)
 {
+        if (g_strcmp0 (shell, PATH_NOLOGIN) == 0) {
+                return TRUE;
+        }
         if (g_hash_table_lookup (daemon->priv->exclusions, username)) {
                 return TRUE;
         }
@@ -189,7 +193,7 @@ reload_wtmp_history (Daemon *daemon)
 
                 if (daemon_local_user_is_excluded (daemon,
                                                    wtmp_entry->ut_user,
-                                                   wtmp_entry->ut_pid)) {
+                                                   NULL)) {
                         g_debug ("excluding user '%s'", wtmp_entry->ut_user);
                         continue;
                 }
@@ -285,8 +289,8 @@ reload_passwd (Daemon *daemon)
 #else
         while ((pwent = getpwent ()) != NULL) {
 #endif
-                /* Skip users below MINIMAL_UID... */
-                if (daemon_local_user_is_excluded (daemon, pwent->pw_name, pwent->pw_uid)) {
+                /* Skip system users... */
+                if (daemon_local_user_is_excluded (daemon, pwent->pw_name, pwent->pw_shell)) {
                         g_debug ("skipping user: %s", pwent->pw_name);
                         continue;
                 }
@@ -814,7 +818,7 @@ finish_list_cached_users (gpointer user_data)
         g_hash_table_iter_init (&iter, data->daemon->priv->users);
         while (g_hash_table_iter_next (&iter, (gpointer *)&name, (gpointer *)&user)) {
                 uid = user_local_get_uid (user);
-                if (!daemon_local_user_is_excluded (data->daemon, name, uid)) {
+                if (!daemon_local_user_is_excluded (data->daemon, name, NULL)) {
                         g_debug ("user %s %ld not excluded\n", name, (long) uid);
                         g_ptr_array_add (object_paths, (gpointer) user_local_get_object_path (user));
                 }
diff --git a/src/daemon.h b/src/daemon.h
index 441609f..996b452 100644
--- a/src/daemon.h
+++ b/src/daemon.h
@@ -77,7 +77,7 @@ User *daemon_local_find_user_by_name (Daemon                *daemon,
                                       const gchar           *name);
 gboolean daemon_local_user_is_excluded (Daemon              *daemon,
                                         const gchar         *name,
-                                        uid_t                uid);
+                                        const gchar         *shell);
 
 typedef void (*AuthorizedCallback)   (Daemon                *daemon,
                                       User                  *user,
diff --git a/src/user.c b/src/user.c
index 8e3ef37..6cc54e1 100644
--- a/src/user.c
+++ b/src/user.c
@@ -283,7 +283,7 @@ user_local_update_from_pwent (User          *user,
 
         user->system_account = daemon_local_user_is_excluded (user->daemon,
                                                               user->user_name,
-                                                              user->uid);
+                                                              pwent->pw_shell);
 
         g_object_thaw_notify (G_OBJECT (user));
 
-- 
1.7.7.6