static gboolean handle_delete (CockpitAccount *object, GDBusMethodInvocation *invocation, gboolean remove_files) { Account *acc = ACCOUNT (object); if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) { CallData *data = g_new0 (CallData, 1); data->object = object; data->invocation = invocation; act_user_manager_delete_user_async (act_user_manager_get_default (), acc->u, remove_files, NULL, (GAsyncReadyCallback)delete_account_done, data); return TRUE; } cockpit_account_complete_delete (object, invocation); return TRUE; }
static struct oio_url_s * _metacd_load_url (struct req_args_s *args) { const gchar *s; struct oio_url_s *url = oio_url_empty(); if (NULL != (s = NS())) oio_url_set (url, OIOURL_NS, s); if (NULL != (s = ACCOUNT())) oio_url_set (url, OIOURL_ACCOUNT, s); if (NULL != (s = REF())) oio_url_set (url, OIOURL_USER, s); if (NULL != (s = TYPE())) oio_url_set (url, OIOURL_TYPE, s); if (NULL != (s = PATH())) { oio_url_set (url, OIOURL_PATH, s); if (NULL != (s = VERSION())) oio_url_set (url, OIOURL_VERSION, s); } if (NULL != (s = CID())) oio_url_set (url, OIOURL_HEXID, s); if (NULL != (s = CONTENT())) oio_url_set (url, OIOURL_CONTENTID, s); return url; }
int authenticate(string trial_password) { ACCESS_CHECK(ACCOUNT()); if (!password) { return !trial_password; } if (password == hash_string("crypt", trial_password, password)) { return TRUE; } if (password == hash_string("SHA1", trial_password)) { set_password(trial_password); return TRUE; } if (password == hash_string("MD5", trial_password)) { set_password(trial_password); return TRUE; } if (password == hash_string("crypt", trial_password, name)) { set_password(trial_password); return TRUE; } }
static gboolean handle_get_icon_data_url (CockpitAccount *object, GDBusMethodInvocation *invocation) { Account *acc = ACCOUNT (object); gs_free gchar *raw_data = NULL; gsize raw_size; gs_free gchar *base64_data = NULL; gs_free gchar *data = NULL; if (acc->u == NULL) goto out; const gchar *icon_file = act_user_get_icon_file (acc->u); if (icon_file == NULL) goto out; if (!g_file_get_contents (icon_file, &raw_data, &raw_size, NULL)) goto out; base64_data = g_base64_encode ((guchar *)raw_data, raw_size); data = g_strdup_printf ("data:image/png;base64,%s", base64_data); out: cockpit_account_complete_get_icon_data_url (object, invocation, data? data : ""); return TRUE; }
void clear_password() { ACCESS_CHECK(ACCOUNT()); password = nil; save(); }
void set_hashed_password(string new_password) { ACCESS_CHECK(ACCOUNT()); password = new_password; save(); }
void set_password(string new_password) { ACCESS_CHECK(ACCOUNT()); password = hash_string("crypt", new_password); save(); }
void set_property(string property, mixed value) { ACCESS_CHECK(ACCOUNT()); if (!property) { error("Invalid property name"); } if (!properties && value != nil) { properties = ([ ]); }
static gboolean handle_set_icon_data_url (CockpitAccount *object, GDBusMethodInvocation *invocation, const gchar *arg_data) { GError *error = NULL; Account *acc = ACCOUNT (object); if (!account_auth_check (object, invocation, acc)) return TRUE; if (acc->u) { const gchar *base64_data = strstr (arg_data, "base64,"); if (base64_data == NULL) goto out; base64_data += strlen ("base64,"); gsize raw_size; gs_free gchar *raw_data = (gchar *)g_base64_decode (base64_data, &raw_size); gs_unref_object GFileIOStream *tmp_stream = NULL; gs_unref_object GFile *tmp_file = g_file_new_tmp ("cockpit-user-icon-XXXXXX", &tmp_stream, &error); if (tmp_file == NULL) goto out; GOutputStream *out = g_io_stream_get_output_stream (G_IO_STREAM (tmp_stream)); if (!g_output_stream_write_all (out, raw_data, raw_size, NULL, NULL, &error)) goto out; if (!g_io_stream_close (G_IO_STREAM (tmp_stream), NULL, &error)) goto out; gs_free gchar *tmp_path = g_file_get_path (tmp_file); act_user_set_icon_file (acc->u, tmp_path); g_file_delete (tmp_file, NULL, NULL); } out: if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "%s", error->message); g_clear_error (&error); } else cockpit_account_complete_set_icon_data_url (object, invocation); return TRUE; }
static void user_added (ActUserManager *um, ActUser *user, Accounts *accounts) { if (act_user_is_system_account (user)) return; GDBusObjectManagerServer *object_manager_server = daemon_get_object_manager (daemon_get ()); CockpitAccount *acc = account_new (); account_update (ACCOUNT (acc), user); gs_free gchar *path = utils_generate_object_path ("/com/redhat/Cockpit/Accounts", cockpit_account_get_user_name (acc)); gs_unref_object CockpitObjectSkeleton *obj = cockpit_object_skeleton_new (path); cockpit_object_skeleton_set_account (obj, acc); g_dbus_object_manager_server_export_uniquely (object_manager_server, G_DBUS_OBJECT_SKELETON (obj)); g_hash_table_insert (accounts->act_user_to_account, user, ACCOUNT(acc)); }
static gboolean handle_set_locked (CockpitAccount *object, GDBusMethodInvocation *invocation, gboolean arg_locked) { Account *acc = ACCOUNT (object); if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) act_user_set_locked (acc->u, arg_locked); cockpit_account_complete_set_locked (object, invocation); return TRUE; }
static gboolean handle_set_real_name (CockpitAccount *object, GDBusMethodInvocation *invocation, const gchar *arg_value) { Account *acc = ACCOUNT (object); if (!account_auth_check (object, invocation, acc)) return TRUE; if (acc->u) act_user_set_real_name (acc->u, arg_value); cockpit_account_complete_set_real_name (object, invocation); return TRUE; }
static gboolean handle_kill_sessions (CockpitAccount *object, GDBusMethodInvocation *invocation) { Account *acc = ACCOUNT (object); GError *error = NULL; if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) { gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); if (bus == NULL) goto out; gs_unref_variant GVariant *result = g_dbus_connection_call_sync (bus, "org.freedesktop.login1", "/org/freedesktop/login1", "org.freedesktop.login1.Manager", "KillUser", g_variant_new ("(ui)", act_user_get_uid (acc->u), SIGTERM), NULL, 0, -1, NULL, &error); } out: if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "Failed to kill sessions: %s", error->message); g_error_free (error); } else cockpit_account_complete_kill_sessions (object, invocation); return TRUE; }
static gboolean handle_change_groups (CockpitAccount *object, GDBusMethodInvocation *invocation, const gchar *const *arg_add, const gchar *const *arg_remove) { Account *acc = ACCOUNT (object); if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) act_user_change_groups (acc->u, arg_add, arg_remove); cockpit_account_complete_change_groups (object, invocation); return TRUE; }
static gboolean handle_set_password_hash (CockpitAccount *object, GDBusMethodInvocation *invocation, const gchar *arg_hash) { GError *error; Account *acc = ACCOUNT (object); const gchar *argv[6]; gint status; if (!account_auth_check (object, invocation, acc)) return TRUE; if (acc->u == NULL) { cockpit_account_complete_set_password_hash (object, invocation); return TRUE; } argv[0] = "/usr/sbin/usermod"; argv[1] = "-p"; argv[2] = arg_hash; argv[3] = "--"; argv[4] = act_user_get_user_name (acc->u); argv[5] = NULL; error = NULL; if (g_spawn_sync (NULL, (gchar**)argv, NULL, 0, NULL, NULL, NULL, NULL, &status, &error)) g_spawn_check_exit_status (status, &error); if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "Failed to change password hash via %s: %s", argv[0], error->message); g_error_free (error); } else { cockpit_account_complete_set_password_hash (object, invocation); } return TRUE; }
static gboolean handle_set_password (CockpitAccount *object, GDBusMethodInvocation *invocation, const gchar *arg_password) { Account *acc = ACCOUNT (object); if (!account_auth_check (object, invocation, acc)) return TRUE; if (acc->u) { act_user_set_password_mode (acc->u, ACT_USER_PASSWORD_MODE_REGULAR); act_user_set_password (acc->u, arg_password, ""); } cockpit_account_complete_set_password (object, invocation); return TRUE; }
static gboolean handle_get_password_hash (CockpitAccount *object, GDBusMethodInvocation *invocation) { Account *acc = ACCOUNT (object); const gchar *hash = ""; if (!account_auth_check (object, invocation, acc)) return TRUE; if (acc->u) { struct spwd *sp = getspnam (act_user_get_user_name (acc->u)); if (sp && sp->sp_pwdp) hash = sp->sp_pwdp; } cockpit_account_complete_get_password_hash (object, invocation, hash); return TRUE; }
static gboolean handle_kill_sessions (CockpitAccount *object, GDBusMethodInvocation *invocation) { Account *acc = ACCOUNT (object); GError *error = NULL; if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; if (acc->u) { gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); if (bus == NULL) goto out; GVariant *result = g_dbus_connection_call_sync (bus, "org.freedesktop.login1", "/org/freedesktop/login1", "org.freedesktop.login1.Manager", "KillUser", g_variant_new ("(ui)", act_user_get_uid (acc->u), SIGTERM), NULL, 0, -1, NULL, &error); if (!error) { g_variant_unref (result); } else { /* logind from systemd 208 is buggy, so we use systemd directly if it fails https://bugs.freedesktop.org/show_bug.cgi?id=71092 */ g_dbus_error_strip_remote_error (error); g_warning ("logind.KillUser failed (%s), trying systemd.KillUnit", error->message); g_clear_error (&error); gs_free gchar *unit = g_strdup_printf ("user-%d.slice", act_user_get_uid (acc->u)); GVariant *result = g_dbus_connection_call_sync (bus, "org.freedesktop.systemd1", "/org/freedesktop/systemd1", "org.freedesktop.systemd1.Manager", "KillUnit", g_variant_new ("(ssi)", unit, "all", SIGTERM), NULL, 0, -1, NULL, &error); if (!error) { g_info ("systemd.KillUnit worked"); g_variant_unref (result); } } } out: if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "Failed to kill sessions: %s", error->message); g_error_free (error); } else cockpit_account_complete_kill_sessions (object, invocation); return TRUE; }
string query_name() { ACCESS_CHECK(ACCOUNT()); return name; }
static gboolean handle_change_groups (CockpitAccount *object, GDBusMethodInvocation *invocation, const gchar *const *arg_add, const gchar *const *arg_remove) { Account *acc = ACCOUNT (object); GError *error; int i, j, ngroups; gid_t primary; gid_t *groups; GString *str; struct group *gr; const gchar *argv[6]; gint status; if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN)) return TRUE; ngroups = get_user_groups (acc->u, &primary, &groups); str = g_string_new (""); for (i = 0; i < ngroups; i++) { if (groups[i] == primary) continue; gr = getgrgid_alloc (groups[i]); if (gr != NULL) { for (j = 0; arg_remove[j]; j++) { if (strcmp (gr->gr_name, arg_remove[j]) == 0) break; } if (!arg_remove[j]) g_string_append_printf (str, "%s,", gr->gr_name); g_free (gr); } } for (j = 0; arg_add[j]; j++) g_string_append_printf (str, "%s,", arg_add[j]); /* remove excess comma */ g_string_truncate (str, str->len - 1); g_free (groups); argv[0] = "/usr/sbin/usermod"; argv[1] = "-G"; argv[2] = str->str; argv[3] = "--"; argv[4] = act_user_get_user_name (acc->u); argv[5] = NULL; error = NULL; if (g_spawn_sync (NULL, (gchar**)argv, NULL, 0, NULL, NULL, NULL, NULL, &status, &error)) g_spawn_check_exit_status (status, &error); if (error) { g_dbus_method_invocation_return_error (invocation, COCKPIT_ERROR, COCKPIT_ERROR_FAILED, "Failed to change user groups via %s: %s", argv[0], error->message); g_error_free (error); } else { account_update (acc, acc->u); cockpit_account_complete_change_groups (object, invocation); } return TRUE; }
void set_name(string new_name) { ACCESS_CHECK(ACCOUNT()); name = new_name; }