From 9873453ed963f67ff5869f058eb908ac03fe4a16 Mon Sep 17 00:00:00 2001 From: Giovanni Campagna Date: Fri, 15 Feb 2013 15:40:25 +0100 Subject: [PATCH 1/3] Remove deprecated and unsafe SetPassword We can retain backward compatibility at the library level by rewriting act_user_set_password() on top of act_user_set_multiple_passwords(). --- data/org.freedesktop.Accounts.User.xml | 43 --------------- src/libaccountsservice/act-user.c | 18 ++++--- src/user.c | 95 ---------------------------------- 3 files changed, 10 insertions(+), 146 deletions(-) diff --git a/data/org.freedesktop.Accounts.User.xml b/data/org.freedesktop.Accounts.User.xml index 8880052..2d16569 100644 --- a/data/org.freedesktop.Accounts.User.xml +++ b/data/org.freedesktop.Accounts.User.xml @@ -455,49 +455,6 @@ - - - - - - The plain-text password. - This method is deprecated and unsafe. Use BeginSetPassword instead. - - - - - - - The password hint. - - - - - - - Sets a new password for this user. - - - Note that setting a password has the side-effect of - unlocking the account. - - - - The caller needs one of the following PolicyKit authorizations: - - - org.freedesktop.accounts.user-administration - To change the password of a user - - - - - if the caller lacks the appropriate PolicyKit authorization - if the operation failed - - - - diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c index 692b5db..bc2bcbb 100644 --- a/src/libaccountsservice/act-user.c +++ b/src/libaccountsservice/act-user.c @@ -1656,19 +1656,21 @@ act_user_set_password (ActUser *user, { GError *error = NULL; gchar *crypted; + GHashTable *table; g_return_if_fail (ACT_IS_USER (user)); g_return_if_fail (password != NULL); g_return_if_fail (ACCOUNTS_IS_USER (user->accounts_proxy)); - if (!accounts_user_call_set_password_sync (user->accounts_proxy, - password, - hint, - NULL, - &error)) { - g_warning ("SetPassword call failed: %s", error->message); - g_error_free (error); - } + table = g_hash_table_new (g_direct_hash, g_direct_equal); + g_hash_table_insert (table, GINT_TO_POINTER (ACT_USER_PASSWORD_REGULAR), + (gpointer) password); + g_hash_table_insert (table, GINT_TO_POINTER (ACT_USER_PASSWORD_HINT), + (gpointer) hint); + + act_user_set_multiple_passwords (user, table); + + g_hash_table_unref (table); } /** diff --git a/src/user.c b/src/user.c index 361e63a..c085a9b 100644 --- a/src/user.c +++ b/src/user.c @@ -1524,100 +1524,6 @@ build_pam_helper_stdin (const char *password, } static void -user_change_password_authorized_cb (Daemon *daemon, - User *user, - GDBusMethodInvocation *context, - gpointer data) - -{ - gchar **strings = data; - GError *error; - const gchar *argv[6]; - char *stdin; - - sys_log (context, - "set password and hint of user '%s' (%d)", - user->user_name, user->uid); - - g_object_freeze_notify (G_OBJECT (user)); - - argv[0] = LIBEXECDIR "/accounts-daemon-pam-password-helper"; - argv[1] = user->user_name; - argv[2] = NULL; - - stdin = build_pam_helper_stdin (strings[0], NULL); - error = NULL; - - if (!spawn_with_login_uid_and_stdin (context, argv, stdin, &error)) { - throw_error (context, ERROR_FAILED, "running '%s' failed: %s", argv[0], error->message); - g_error_free (error); - g_free (stdin); - return; - } - - g_free (stdin); - - if (user->password_mode != PASSWORD_MODE_REGULAR) { - user->password_mode = PASSWORD_MODE_REGULAR; - g_object_notify (G_OBJECT (user), "password-mode"); - } - - if (user->locked) { - user->locked = FALSE; - g_object_notify (G_OBJECT (user), "locked"); - } - - if (g_strcmp0 (user->password_hint, strings[1]) != 0) { - g_free (user->password_hint); - user->password_hint = g_strdup (strings[1]); - g_object_notify (G_OBJECT (user), "password-hint"); - } - - save_extra_data (user); - - g_object_thaw_notify (G_OBJECT (user)); - - accounts_user_emit_changed (ACCOUNTS_USER (user)); - - accounts_user_complete_set_password (ACCOUNTS_USER (user), context); -} - -static void -free_passwords (gchar **strings) -{ - memset (strings[0], 0, strlen (strings[0])); - g_strfreev (strings); -} - -static gboolean -user_set_password (AccountsUser *auser, - GDBusMethodInvocation *context, - const gchar *password, - const gchar *hint) -{ - User *user = (User*)auser; - gchar **data; - - data = g_new (gchar *, 3); - data[0] = g_strdup (password); - data[1] = g_strdup (hint); - data[2] = NULL; - - daemon_local_check_auth (user->daemon, - user, - "org.freedesktop.accounts.user-administration", - TRUE, - user_change_password_authorized_cb, - context, - data, - (GDestroyNotify)free_passwords); - - memset ((char*)password, 0, strlen (password)); - - return TRUE; -} - -static void user_continue_change_password_authorized_cb (Daemon *daemon, User *user, GDBusMethodInvocation *context, @@ -2131,7 +2037,6 @@ user_accounts_user_iface_init (AccountsUserIface *iface) iface->handle_set_language = user_set_language; iface->handle_set_location = user_set_location; iface->handle_set_locked = user_set_locked; - iface->handle_set_password = user_set_password; iface->handle_continue_set_password = user_continue_set_password; iface->handle_begin_set_password = user_begin_set_password; iface->handle_set_password_mode = user_set_password_mode; -- 1.8.1.2