From 34b9679959d86565f87406adb5b254a6025ab72d Mon Sep 17 00:00:00 2001
From: Giovanni Campagna <gcampagna@src.gnome.org>
Date: Fri, 15 Feb 2013 15:40:25 +0100
Subject: [PATCH 5/7] Remove deprecated and unsafe SetPassword

We can retain backward compatibility at the library level by rewriting
act_user_set_password() on top of act_user_set_multiple_passwords().
---
 data/org.freedesktop.Accounts.User.xml | 43 ---------------
 src/libaccountsservice/act-user.c      | 21 ++++----
 src/user.c                             | 95 ----------------------------------
 3 files changed, 10 insertions(+), 149 deletions(-)

diff --git a/data/org.freedesktop.Accounts.User.xml b/data/org.freedesktop.Accounts.User.xml
index 8880052..2d16569 100644
--- a/data/org.freedesktop.Accounts.User.xml
+++ b/data/org.freedesktop.Accounts.User.xml
@@ -455,49 +455,6 @@
     </doc:doc>
   </method>
 
-  <method name="SetPassword">
-    <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
-    <arg name="password" direction="in" type="s">
-      <doc:doc>
-        <doc:summary>
-          The plain-text password.
-          This method is deprecated and unsafe. Use BeginSetPassword instead.
-        </doc:summary>
-      </doc:doc>
-    </arg>
-    <arg name="hint" direction="in" type="s">
-      <doc:doc>
-        <doc:summary>
-          The password hint.
-        </doc:summary>
-      </doc:doc>
-    </arg>
-    <doc:doc>
-      <doc:description>
-        <doc:para>
-          Sets a new password for this user.
-        </doc:para>
-        <doc:para>
-          Note that setting a password has the side-effect of
-          unlocking the account.
-        </doc:para>
-      </doc:description>
-      <doc:permission>
-        The caller needs one of the following PolicyKit authorizations:
-        <doc:list>
-          <doc:item>
-            <doc:term>org.freedesktop.accounts.user-administration</doc:term>
-            <doc:definition>To change the password of a user</doc:definition>
-          </doc:item>
-        </doc:list>
-      </doc:permission>
-      <doc:errors>
-        <doc:error name="org.freedesktop.Accounts.Error.PermissionDenied">if the caller lacks the appropriate PolicyKit authorization</doc:error>
-        <doc:error name="org.freedesktop.Accounts.Error.Failed">if the operation failed</doc:error>
-      </doc:errors>
-    </doc:doc>
-  </method>
-
   <method name="BeginSetPassword">
     <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
     <arg name="data" direction="out" type="s">
diff --git a/src/libaccountsservice/act-user.c b/src/libaccountsservice/act-user.c
index 692b5db..9c5c400 100644
--- a/src/libaccountsservice/act-user.c
+++ b/src/libaccountsservice/act-user.c
@@ -1654,21 +1654,20 @@ act_user_set_password (ActUser             *user,
                        const gchar         *password,
                        const gchar         *hint)
 {
-        GError *error = NULL;
-        gchar *crypted;
+        GHashTable *table;
 
         g_return_if_fail (ACT_IS_USER (user));
         g_return_if_fail (password != NULL);
-        g_return_if_fail (ACCOUNTS_IS_USER (user->accounts_proxy));
 
-        if (!accounts_user_call_set_password_sync (user->accounts_proxy,
-                                                   password,
-                                                   hint,
-                                                   NULL,
-                                                   &error)) {
-                g_warning ("SetPassword call failed: %s", error->message);
-                g_error_free (error);
-        }
+        table = g_hash_table_new (g_direct_hash, g_direct_equal);
+        g_hash_table_insert (table, GINT_TO_POINTER (ACT_USER_PASSWORD_REGULAR),
+                             (gpointer) password);
+        g_hash_table_insert (table, GINT_TO_POINTER (ACT_USER_PASSWORD_HINT),
+                             (gpointer) hint);
+
+        act_user_set_multiple_passwords (user, table);
+
+        g_hash_table_unref (table);
 }
 
 /**
diff --git a/src/user.c b/src/user.c
index 361e63a..c085a9b 100644
--- a/src/user.c
+++ b/src/user.c
@@ -1524,100 +1524,6 @@ build_pam_helper_stdin (const char *password,
 }
 
 static void
-user_change_password_authorized_cb (Daemon                *daemon,
-                                    User                  *user,
-                                    GDBusMethodInvocation *context,
-                                    gpointer               data)
-
-{
-        gchar **strings = data;
-        GError *error;
-        const gchar *argv[6];
-        char *stdin;
-
-        sys_log (context,
-                 "set password and hint of user '%s' (%d)",
-                 user->user_name, user->uid);
-
-        g_object_freeze_notify (G_OBJECT (user));
-
-        argv[0] = LIBEXECDIR "/accounts-daemon-pam-password-helper";
-        argv[1] = user->user_name;
-        argv[2] = NULL;
-
-        stdin = build_pam_helper_stdin (strings[0], NULL);
-        error = NULL;
-
-        if (!spawn_with_login_uid_and_stdin (context, argv, stdin, &error)) {
-                throw_error (context, ERROR_FAILED, "running '%s' failed: %s", argv[0], error->message);
-                g_error_free (error);
-                g_free (stdin);
-                return;
-        }
-
-        g_free (stdin);
-
-        if (user->password_mode != PASSWORD_MODE_REGULAR) {
-                user->password_mode = PASSWORD_MODE_REGULAR;
-                g_object_notify (G_OBJECT (user), "password-mode");
-        }
-
-        if (user->locked) {
-                user->locked = FALSE;
-                g_object_notify (G_OBJECT (user), "locked");
-        }
-
-        if (g_strcmp0 (user->password_hint, strings[1]) != 0) {
-                g_free (user->password_hint);
-                user->password_hint = g_strdup (strings[1]);
-                g_object_notify (G_OBJECT (user), "password-hint");
-        }
-
-        save_extra_data (user);
-
-        g_object_thaw_notify (G_OBJECT (user));
-
-        accounts_user_emit_changed (ACCOUNTS_USER (user));
-
-        accounts_user_complete_set_password (ACCOUNTS_USER (user), context);
-}
-
-static void
-free_passwords (gchar **strings)
-{
-        memset (strings[0], 0, strlen (strings[0]));
-        g_strfreev (strings);
-}
-
-static gboolean
-user_set_password (AccountsUser          *auser,
-                   GDBusMethodInvocation *context,
-                   const gchar           *password,
-                   const gchar           *hint)
-{
-        User *user = (User*)auser;
-        gchar **data;
-
-        data = g_new (gchar *, 3);
-        data[0] = g_strdup (password);
-        data[1] = g_strdup (hint);
-        data[2] = NULL;
-
-        daemon_local_check_auth (user->daemon,
-                                 user,
-                                 "org.freedesktop.accounts.user-administration",
-                                 TRUE,
-                                 user_change_password_authorized_cb,
-                                 context,
-                                 data,
-                                 (GDestroyNotify)free_passwords);
-
-        memset ((char*)password, 0, strlen (password));
-
-        return TRUE;
-}
-
-static void
 user_continue_change_password_authorized_cb (Daemon                *daemon,
                                              User                  *user,
                                              GDBusMethodInvocation *context,
@@ -2131,7 +2037,6 @@ user_accounts_user_iface_init (AccountsUserIface *iface)
         iface->handle_set_language = user_set_language;
         iface->handle_set_location = user_set_location;
         iface->handle_set_locked = user_set_locked;
-        iface->handle_set_password = user_set_password;
         iface->handle_continue_set_password = user_continue_set_password;
         iface->handle_begin_set_password = user_begin_set_password;
         iface->handle_set_password_mode = user_set_password_mode;
-- 
1.8.1.2