void um_password_dialog_set_user (UmPasswordDialog *um, ActUser *user) { GdkPixbuf *pixbuf; GtkTreeModel *model; if (um->user) { g_object_unref (um->user); um->user = NULL; } if (user) { um->user = g_object_ref (user); pixbuf = render_user_icon (user, UM_ICON_STYLE_NONE, 48); gtk_image_set_from_pixbuf (GTK_IMAGE (um->user_icon), pixbuf); g_object_unref (pixbuf); gtk_label_set_label (GTK_LABEL (um->user_name), act_user_get_real_name (user)); gtk_entry_set_text (GTK_ENTRY (um->password_entry), ""); gtk_entry_set_text (GTK_ENTRY (um->verify_entry), ""); gtk_entry_set_text (GTK_ENTRY (um->old_password_entry), ""); gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (um->show_password_button), FALSE); if (act_user_get_uid (um->user) == getuid () && act_user_get_password_mode (um->user) == ACT_USER_PASSWORD_MODE_REGULAR) { gtk_widget_show (um->old_password_label); gtk_widget_show (um->old_password_entry); um->old_password_ok = FALSE; } else { gtk_widget_hide (um->old_password_label); gtk_widget_hide (um->old_password_entry); um->old_password_ok = TRUE; } if (act_user_get_uid (um->user) == getuid()) { if (um->passwd_handler != NULL) passwd_destroy (um->passwd_handler); um->passwd_handler = passwd_init (); } } model = gtk_combo_box_get_model (GTK_COMBO_BOX (um->action_combo)); if (!GTK_IS_TREE_MODEL_FILTER (model)) { model = gtk_tree_model_filter_new (model, NULL); gtk_combo_box_set_model (GTK_COMBO_BOX (um->action_combo), model); gtk_tree_model_filter_set_visible_func (GTK_TREE_MODEL_FILTER (model), (GtkTreeModelFilterVisibleFunc) visible_func, um, NULL); } gtk_tree_model_filter_refilter (GTK_TREE_MODEL_FILTER (model)); gtk_combo_box_set_active (GTK_COMBO_BOX (um->action_combo), 0); }
void um_password_dialog_set_user (UmPasswordDialog *um, ActUser *user) { gboolean visible; if (um->user) { g_object_unref (um->user); um->user = NULL; } if (user) { um->user = g_object_ref (user); gtk_entry_set_text (GTK_ENTRY (um->password_entry), ""); gtk_entry_set_text (GTK_ENTRY (um->verify_entry), ""); gtk_entry_set_text (GTK_ENTRY (um->old_password_entry), ""); gtk_entry_set_visibility (GTK_ENTRY (um->password_entry), FALSE); gtk_entry_set_visibility (GTK_ENTRY (um->verify_entry), FALSE); if (act_user_get_uid (um->user) == getuid ()) { mode_change (um, ACT_USER_PASSWORD_MODE_REGULAR); gtk_widget_hide (um->action_radio_box); visible = (act_user_get_password_mode (user) != ACT_USER_PASSWORD_MODE_NONE); gtk_widget_set_visible (um->old_password_label, visible); gtk_widget_set_visible (um->old_password_entry, visible); um->old_password_ok = !visible; } else { mode_change (um, ACT_USER_PASSWORD_MODE_SET_AT_LOGIN); gtk_widget_show (um->action_radio_box); gtk_widget_hide (um->old_password_label); gtk_widget_hide (um->old_password_entry); um->old_password_ok = TRUE; } if (act_user_get_uid (um->user) == getuid()) { if (um->passwd_handler != NULL) passwd_destroy (um->passwd_handler); um->passwd_handler = passwd_init (); } } }
static gboolean account_auth_check (CockpitAccount *object, GDBusMethodInvocation *invocation, Account *acc) { uid_t peer; if (!daemon_get_sender_uid (daemon_get (), invocation, &peer)) return FALSE; if (acc->u && act_user_get_uid (acc->u) == peer) return TRUE; if (!auth_check_uid_role (invocation, peer, COCKPIT_ROLE_USER_ADMIN)) return FALSE; return TRUE; }
static gboolean handle_kill_sessions (CockpitAccount *object, GDBusMethodInvocation *invocation) { Account *acc = ACCOUNT (object); GError *error = NULL; if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) { gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); if (bus == NULL) goto out; gs_unref_variant GVariant *result = g_dbus_connection_call_sync (bus, "org.freedesktop.login1", "/org/freedesktop/login1", "org.freedesktop.login1.Manager", "KillUser", g_variant_new ("(ui)", act_user_get_uid (acc->u), SIGTERM), NULL, 0, -1, NULL, &error); } out: if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "Failed to kill sessions: %s", error->message); g_error_free (error); } else cockpit_account_complete_kill_sessions (object, invocation); return TRUE; }
static void accept_password_dialog (GtkButton *button, UmPasswordDialog *um) { const gchar *password; password = gtk_entry_get_text (GTK_ENTRY (um->password_entry)); switch (um->password_mode) { act_user_set_password_mode (um->user, ACT_USER_PASSWORD_MODE_REGULAR); case ACT_USER_PASSWORD_MODE_REGULAR: if (act_user_get_uid (um->user) == getuid ()) { GdkDisplay *display; GdkCursor *cursor; /* When setting a password for the current user, * use passwd directly, to preserve the audit trail * and to e.g. update the keyring password. */ passwd_change_password (um->passwd_handler, password, (PasswdCallback) password_changed_cb, um); gtk_widget_set_sensitive (um->dialog, FALSE); display = gtk_widget_get_display (um->dialog); cursor = gdk_cursor_new_for_display (display, GDK_WATCH); gdk_window_set_cursor (gtk_widget_get_window (um->dialog), cursor); gdk_display_flush (display); g_object_unref (cursor); return; } act_user_set_password (um->user, password, ""); break; case ACT_USER_PASSWORD_MODE_SET_AT_LOGIN: act_user_set_password_mode (um->user, um->password_mode); act_user_set_automatic_login (um->user, FALSE); break; default: g_assert_not_reached (); } finish_password_change (um); }
static void log_user_in (GisSummaryPage *page) { GisSummaryPagePrivate *priv = gis_summary_page_get_instance_private (page); GError *error = NULL; GdmGreeter *greeter; GdmUserVerifier *user_verifier; if (!connect_to_gdm (&greeter, &user_verifier)) { g_warning ("No GDM connection; not initiating login"); return; } g_signal_connect (user_verifier, "info", G_CALLBACK (on_info), page); g_signal_connect (user_verifier, "problem", G_CALLBACK (on_problem), page); g_signal_connect (user_verifier, "info-query", G_CALLBACK (on_info_query), page); g_signal_connect (user_verifier, "secret-info-query", G_CALLBACK (on_secret_info_query), page); g_signal_connect (greeter, "session-opened", G_CALLBACK (on_session_opened), page); /* We are in NEW_USER mode and we want to make it possible for third * parties to find out which user ID we created. */ add_uid_file (act_user_get_uid (priv->user_account)); gdm_user_verifier_call_begin_verification_for_user_sync (user_verifier, SERVICE_NAME, act_user_get_user_name (priv->user_account), NULL, &error); if (error != NULL) { g_warning ("Could not begin verification: %s", error->message); return; } }
static void accept_password_dialog (GtkButton *button, UmPasswordDialog *um) { GtkTreeModel *model; GtkTreeIter iter; gint mode; const gchar *hint; const gchar *password; model = gtk_combo_box_get_model (GTK_COMBO_BOX (um->action_combo)); gtk_combo_box_get_active_iter (GTK_COMBO_BOX (um->action_combo), &iter); gtk_tree_model_get (model, &iter, 1, &mode, -1); password = gtk_entry_get_text (GTK_ENTRY (um->password_entry)); hint = NULL; switch (mode) { case UM_PASSWORD_DIALOG_MODE_NORMAL: if (act_user_get_uid (um->user) == getuid ()) { GdkDisplay *display; GdkCursor *cursor; /* When setting a password for the current user, * use passwd directly, to preserve the audit trail * and to e.g. update the keyring password. */ passwd_change_password (um->passwd_handler, password, (PasswdCallback) password_changed_cb, um); gtk_widget_set_sensitive (um->dialog, FALSE); display = gtk_widget_get_display (um->dialog); cursor = gdk_cursor_new_for_display (display, GDK_WATCH); gdk_window_set_cursor (gtk_widget_get_window (um->dialog), cursor); gdk_display_flush (display); g_object_unref (cursor); return; } act_user_set_password (um->user, password, hint); break; case UM_PASSWORD_DIALOG_MODE_SET_AT_LOGIN: act_user_set_password_mode (um->user, ACT_USER_PASSWORD_MODE_SET_AT_LOGIN); break; case UM_PASSWORD_DIALOG_MODE_NO_PASSWORD: act_user_set_password_mode (um->user, ACT_USER_PASSWORD_MODE_NONE); break; case UM_PASSWORD_DIALOG_MODE_LOCK_ACCOUNT: act_user_set_locked (um->user, TRUE); break; case UM_PASSWORD_DIALOG_MODE_UNLOCK_ACCOUNT: act_user_set_locked (um->user, FALSE); break; default: g_assert_not_reached (); } finish_password_change (um); }
static gboolean handle_kill_sessions (CockpitAccount *object, GDBusMethodInvocation *invocation) { Account *acc = ACCOUNT (object); GError *error = NULL; if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) { gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); if (bus == NULL) goto out; GVariant *result = g_dbus_connection_call_sync (bus, "org.freedesktop.login1", "/org/freedesktop/login1", "org.freedesktop.login1.Manager", "KillUser", g_variant_new ("(ui)", act_user_get_uid (acc->u), SIGTERM), NULL, 0, -1, NULL, &error); if (!error) { g_variant_unref (result); } else { /* logind from systemd 208 is buggy, so we use systemd directly if it fails https://bugs.freedesktop.org/show_bug.cgi?id=71092 */ g_dbus_error_strip_remote_error (error); g_warning ("logind.KillUser failed (%s), trying systemd.KillUnit", error->message); g_clear_error (&error); gs_free gchar *unit = g_strdup_printf ("user-%d.slice", act_user_get_uid (acc->u)); GVariant *result = g_dbus_connection_call_sync (bus, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager", "KillUnit", g_variant_new ("(ssi)", unit, "all", SIGTERM), NULL, 0, -1, NULL, &error); if (!error) { g_info ("systemd.KillUnit worked"); g_variant_unref (result); } } } out: if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "Failed to kill sessions: %s", error->message); g_error_free (error); } else cockpit_account_complete_kill_sessions (object, invocation); return TRUE; }