void
um_password_dialog_set_user (UmPasswordDialog *um,
ActUser *user)
{
GdkPixbuf *pixbuf;
GtkTreeModel *model;
if (um->user) {
g_object_unref (um->user);
um->user = NULL;
}
if (user) {
um->user = g_object_ref (user);
pixbuf = render_user_icon (user, UM_ICON_STYLE_NONE, 48);
gtk_image_set_from_pixbuf (GTK_IMAGE (um->user_icon), pixbuf);
g_object_unref (pixbuf);
gtk_label_set_label (GTK_LABEL (um->user_name),
act_user_get_real_name (user));
gtk_entry_set_text (GTK_ENTRY (um->password_entry), "");
gtk_entry_set_text (GTK_ENTRY (um->verify_entry), "");
gtk_entry_set_text (GTK_ENTRY (um->old_password_entry), "");
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (um->show_password_button), FALSE);
if (act_user_get_uid (um->user) == getuid () &&
act_user_get_password_mode (um->user) == ACT_USER_PASSWORD_MODE_REGULAR) {
gtk_widget_show (um->old_password_label);
gtk_widget_show (um->old_password_entry);
um->old_password_ok = FALSE;
}
else {
gtk_widget_hide (um->old_password_label);
gtk_widget_hide (um->old_password_entry);
um->old_password_ok = TRUE;
}
if (act_user_get_uid (um->user) == getuid()) {
if (um->passwd_handler != NULL)
passwd_destroy (um->passwd_handler);
um->passwd_handler = passwd_init ();
}
}
model = gtk_combo_box_get_model (GTK_COMBO_BOX (um->action_combo));
if (!GTK_IS_TREE_MODEL_FILTER (model)) {
model = gtk_tree_model_filter_new (model, NULL);
gtk_combo_box_set_model (GTK_COMBO_BOX (um->action_combo), model);
gtk_tree_model_filter_set_visible_func (GTK_TREE_MODEL_FILTER (model),
(GtkTreeModelFilterVisibleFunc) visible_func,
um, NULL);
}
gtk_tree_model_filter_refilter (GTK_TREE_MODEL_FILTER (model));
gtk_combo_box_set_active (GTK_COMBO_BOX (um->action_combo), 0);
}
void
um_password_dialog_set_user (UmPasswordDialog *um,
ActUser *user)
{
gboolean visible;
if (um->user) {
g_object_unref (um->user);
um->user = NULL;
}
if (user) {
um->user = g_object_ref (user);
gtk_entry_set_text (GTK_ENTRY (um->password_entry), "");
gtk_entry_set_text (GTK_ENTRY (um->verify_entry), "");
gtk_entry_set_text (GTK_ENTRY (um->old_password_entry), "");
gtk_entry_set_visibility (GTK_ENTRY (um->password_entry), FALSE);
gtk_entry_set_visibility (GTK_ENTRY (um->verify_entry), FALSE);
if (act_user_get_uid (um->user) == getuid ()) {
mode_change (um, ACT_USER_PASSWORD_MODE_REGULAR);
gtk_widget_hide (um->action_radio_box);
visible = (act_user_get_password_mode (user) != ACT_USER_PASSWORD_MODE_NONE);
gtk_widget_set_visible (um->old_password_label, visible);
gtk_widget_set_visible (um->old_password_entry, visible);
um->old_password_ok = !visible;
}
else {
mode_change (um, ACT_USER_PASSWORD_MODE_SET_AT_LOGIN);
gtk_widget_show (um->action_radio_box);
gtk_widget_hide (um->old_password_label);
gtk_widget_hide (um->old_password_entry);
um->old_password_ok = TRUE;
}
if (act_user_get_uid (um->user) == getuid()) {
if (um->passwd_handler != NULL)
passwd_destroy (um->passwd_handler);
um->passwd_handler = passwd_init ();
}
}
}
static gboolean
account_auth_check (CockpitAccount *object,
GDBusMethodInvocation *invocation,
Account *acc)
{
uid_t peer;
if (!daemon_get_sender_uid (daemon_get (), invocation, &peer))
return FALSE;
if (acc->u && act_user_get_uid (acc->u) == peer)
return TRUE;
if (!auth_check_uid_role (invocation, peer, COCKPIT_ROLE_USER_ADMIN))
return FALSE;
return TRUE;
}
static gboolean
handle_kill_sessions (CockpitAccount *object,
GDBusMethodInvocation *invocation)
{
Account *acc = ACCOUNT (object);
GError *error = NULL;
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
{
gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM,
NULL,
&error);
if (bus == NULL)
goto out;
gs_unref_variant GVariant *result =
g_dbus_connection_call_sync (bus,
"org.freedesktop.login1",
"/org/freedesktop/login1",
"org.freedesktop.login1.Manager",
"KillUser",
g_variant_new ("(ui)",
act_user_get_uid (acc->u),
SIGTERM),
NULL,
0,
-1,
NULL,
&error);
}
out:
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"Failed to kill sessions: %s", error->message);
g_error_free (error);
}
else
cockpit_account_complete_kill_sessions (object, invocation);
return TRUE;
}
static void
accept_password_dialog (GtkButton *button,
UmPasswordDialog *um)
{
const gchar *password;
password = gtk_entry_get_text (GTK_ENTRY (um->password_entry));
switch (um->password_mode) {
act_user_set_password_mode (um->user, ACT_USER_PASSWORD_MODE_REGULAR);
case ACT_USER_PASSWORD_MODE_REGULAR:
if (act_user_get_uid (um->user) == getuid ()) {
GdkDisplay *display;
GdkCursor *cursor;
/* When setting a password for the current user,
* use passwd directly, to preserve the audit trail
* and to e.g. update the keyring password.
*/
passwd_change_password (um->passwd_handler, password,
(PasswdCallback) password_changed_cb, um);
gtk_widget_set_sensitive (um->dialog, FALSE);
display = gtk_widget_get_display (um->dialog);
cursor = gdk_cursor_new_for_display (display, GDK_WATCH);
gdk_window_set_cursor (gtk_widget_get_window (um->dialog), cursor);
gdk_display_flush (display);
g_object_unref (cursor);
return;
}
act_user_set_password (um->user, password, "");
break;
case ACT_USER_PASSWORD_MODE_SET_AT_LOGIN:
act_user_set_password_mode (um->user, um->password_mode);
act_user_set_automatic_login (um->user, FALSE);
break;
default:
g_assert_not_reached ();
}
finish_password_change (um);
}
static void
log_user_in (GisSummaryPage *page)
{
GisSummaryPagePrivate *priv = gis_summary_page_get_instance_private (page);
GError *error = NULL;
GdmGreeter *greeter;
GdmUserVerifier *user_verifier;
if (!connect_to_gdm (&greeter, &user_verifier)) {
g_warning ("No GDM connection; not initiating login");
return;
}
g_signal_connect (user_verifier, "info",
G_CALLBACK (on_info), page);
g_signal_connect (user_verifier, "problem",
G_CALLBACK (on_problem), page);
g_signal_connect (user_verifier, "info-query",
G_CALLBACK (on_info_query), page);
g_signal_connect (user_verifier, "secret-info-query",
G_CALLBACK (on_secret_info_query), page);
g_signal_connect (greeter, "session-opened",
G_CALLBACK (on_session_opened), page);
/* We are in NEW_USER mode and we want to make it possible for third
* parties to find out which user ID we created.
*/
add_uid_file (act_user_get_uid (priv->user_account));
gdm_user_verifier_call_begin_verification_for_user_sync (user_verifier,
SERVICE_NAME,
act_user_get_user_name (priv->user_account),
NULL, &error);
if (error != NULL) {
g_warning ("Could not begin verification: %s", error->message);
return;
}
}
static void
accept_password_dialog (GtkButton *button,
UmPasswordDialog *um)
{
GtkTreeModel *model;
GtkTreeIter iter;
gint mode;
const gchar *hint;
const gchar *password;
model = gtk_combo_box_get_model (GTK_COMBO_BOX (um->action_combo));
gtk_combo_box_get_active_iter (GTK_COMBO_BOX (um->action_combo), &iter);
gtk_tree_model_get (model, &iter, 1, &mode, -1);
password = gtk_entry_get_text (GTK_ENTRY (um->password_entry));
hint = NULL;
switch (mode) {
case UM_PASSWORD_DIALOG_MODE_NORMAL:
if (act_user_get_uid (um->user) == getuid ()) {
GdkDisplay *display;
GdkCursor *cursor;
/* When setting a password for the current user,
* use passwd directly, to preserve the audit trail
* and to e.g. update the keyring password.
*/
passwd_change_password (um->passwd_handler, password,
(PasswdCallback) password_changed_cb, um);
gtk_widget_set_sensitive (um->dialog, FALSE);
display = gtk_widget_get_display (um->dialog);
cursor = gdk_cursor_new_for_display (display, GDK_WATCH);
gdk_window_set_cursor (gtk_widget_get_window (um->dialog), cursor);
gdk_display_flush (display);
g_object_unref (cursor);
return;
}
act_user_set_password (um->user, password, hint);
break;
case UM_PASSWORD_DIALOG_MODE_SET_AT_LOGIN:
act_user_set_password_mode (um->user, ACT_USER_PASSWORD_MODE_SET_AT_LOGIN);
break;
case UM_PASSWORD_DIALOG_MODE_NO_PASSWORD:
act_user_set_password_mode (um->user, ACT_USER_PASSWORD_MODE_NONE);
break;
case UM_PASSWORD_DIALOG_MODE_LOCK_ACCOUNT:
act_user_set_locked (um->user, TRUE);
break;
case UM_PASSWORD_DIALOG_MODE_UNLOCK_ACCOUNT:
act_user_set_locked (um->user, FALSE);
break;
default:
g_assert_not_reached ();
}
finish_password_change (um);
}
static gboolean
handle_kill_sessions (CockpitAccount *object,
GDBusMethodInvocation *invocation)
{
Account *acc = ACCOUNT (object);
GError *error = NULL;
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
{
gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM,
NULL,
&error);
if (bus == NULL)
goto out;
GVariant *result =
g_dbus_connection_call_sync (bus,
"org.freedesktop.login1",
"/org/freedesktop/login1",
"org.freedesktop.login1.Manager",
"KillUser",
g_variant_new ("(ui)",
act_user_get_uid (acc->u),
SIGTERM),
NULL,
0,
-1,
NULL,
&error);
if (!error)
{
g_variant_unref (result);
}
else
{
/* logind from systemd 208 is buggy, so we use systemd directly if it fails
https://bugs.freedesktop.org/show_bug.cgi?id=71092
*/
g_dbus_error_strip_remote_error (error);
g_warning ("logind.KillUser failed (%s), trying systemd.KillUnit", error->message);
g_clear_error (&error);
gs_free gchar *unit = g_strdup_printf ("user-%d.slice", act_user_get_uid (acc->u));
GVariant *result =
g_dbus_connection_call_sync (bus,
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
"org.freedesktop.systemd1.Manager",
"KillUnit",
g_variant_new ("(ssi)",
unit,
"all",
SIGTERM),
NULL,
0,
-1,
NULL,
&error);
if (!error)
{
g_info ("systemd.KillUnit worked");
g_variant_unref (result);
}
}
}
out:
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"Failed to kill sessions: %s", error->message);
g_error_free (error);
}
else
cockpit_account_complete_kill_sessions (object, invocation);
return TRUE;
}
