freedesktop - May 2012 - [fdo] [PATCH 0/2] Stricter checking for system accounts

From: Matthew Monaco <matthew.monaco at 0x01b.net>

I (and others) have been seeing the LightDM user leak through to the user
list in the greeter. This additional check for a valid shell clears it up.

Matthew Monaco (2):
  Add user_local_get_shell()
  Check shell when building cached list

 src/daemon.c |    5 ++++-
 src/user.c   |    6 ++++++
 src/user.h   |    1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

-- 
1.7.10.1

From: Matthew Monaco <matthew.monaco at 0x01b.net>

---
 src/user.c |    6 ++++++
 src/user.h |    1 +
 2 files changed, 7 insertions(+)

diff --git a/src/user.c b/src/user.c
index 4703883..01507fe 100644
--- a/src/user.c
+++ b/src/user.c
@@ -483,6 +483,12 @@ user_local_get_uid (User *user)
         return user->uid;
 }
 
+const gchar *
+user_local_get_shell(User *user)
+{
+	return user->shell;
+}
+
 static void
 throw_error (GDBusMethodInvocation *context,
              gint                   error_code,
diff --git a/src/user.h b/src/user.h
index 06523d7..fd6dc99 100644
--- a/src/user.h
+++ b/src/user.h
@@ -65,6 +65,7 @@ const gchar *user_local_get_user_name       (User         
*user);
 const gchar *user_local_get_user_name       (User          *user);
 const gchar *user_local_get_object_path     (User          *user);
 uid_t        user_local_get_uid             (User          *user);
+const gchar *user_local_get_shell           (User          *user);
 
 G_END_DECLS
 
-- 
1.7.10.1

From: Matthew Monaco <matthew.monaco at 0x01b.net>

---
 src/daemon.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/daemon.c b/src/daemon.c
index bff139e..c2fc563 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -835,13 +835,16 @@ finish_list_cached_users (gpointer user_data)
         const gchar *name;
         User *user;
         uid_t uid;
+        gchar *shell;
 
         object_paths = g_ptr_array_new ();
 
         g_hash_table_iter_init (&iter, data->daemon->priv->users);
         while (g_hash_table_iter_next (&iter, (gpointer *)&name,
(gpointer *)&user)) {
                 uid = user_local_get_uid (user);
-                if (!daemon_local_user_is_excluded (data->daemon, name,
NULL)) {
+                shell = user_local_get_shell (user);
+                printf("Inspecting user id: %u... ", uid);
+                if (!daemon_local_user_is_excluded (data->daemon, name,
shell)) {
                         g_debug ("user %s %ld not excluded\n", name,
(long) uid);
                         g_ptr_array_add (object_paths, (gpointer)
user_local_get_object_path (user));
                 }
-- 
1.7.10.1

Oops, I should mention that this is for AccountsService.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freedesktop.org/archives/freedesktop/attachments/20120507/0d86b323/attachment.pgp>

From: Matthew Monaco <matthew.monaco at 0x01b.net>

---
 src/daemon.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/daemon.c b/src/daemon.c
index bff139e..d5c0ba1 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -835,13 +835,15 @@ finish_list_cached_users (gpointer user_data)
         const gchar *name;
         User *user;
         uid_t uid;
+        gchar *shell;
 
         object_paths = g_ptr_array_new ();
 
         g_hash_table_iter_init (&iter, data->daemon->priv->users);
         while (g_hash_table_iter_next (&iter, (gpointer *)&name,
(gpointer *)&user)) {
                 uid = user_local_get_uid (user);
-                if (!daemon_local_user_is_excluded (data->daemon, name,
NULL)) {
+                shell = user_local_get_shell (user);
+                if (!daemon_local_user_is_excluded (data->daemon, name,
shell)) {
                         g_debug ("user %s %ld not excluded\n", name,
(long) uid);
                         g_ptr_array_add (object_paths, (gpointer)
user_local_get_object_path (user));
                 }
-- 
1.7.10.1