static gboolean
handle_delete (CockpitAccount *object,
GDBusMethodInvocation *invocation,
gboolean remove_files)
{
Account *acc = ACCOUNT (object);
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
{
CallData *data = g_new0 (CallData, 1);
data->object = object;
data->invocation = invocation;
act_user_manager_delete_user_async (act_user_manager_get_default (),
acc->u,
remove_files,
NULL,
(GAsyncReadyCallback)delete_account_done,
data);
return TRUE;
}
cockpit_account_complete_delete (object, invocation);
return TRUE;
}
static struct oio_url_s *
_metacd_load_url (struct req_args_s *args)
{
const gchar *s;
struct oio_url_s *url = oio_url_empty();
if (NULL != (s = NS()))
oio_url_set (url, OIOURL_NS, s);
if (NULL != (s = ACCOUNT()))
oio_url_set (url, OIOURL_ACCOUNT, s);
if (NULL != (s = REF()))
oio_url_set (url, OIOURL_USER, s);
if (NULL != (s = TYPE()))
oio_url_set (url, OIOURL_TYPE, s);
if (NULL != (s = PATH())) {
oio_url_set (url, OIOURL_PATH, s);
if (NULL != (s = VERSION()))
oio_url_set (url, OIOURL_VERSION, s);
}
if (NULL != (s = CID()))
oio_url_set (url, OIOURL_HEXID, s);
if (NULL != (s = CONTENT()))
oio_url_set (url, OIOURL_CONTENTID, s);
return url;
}
int authenticate(string trial_password)
{
ACCESS_CHECK(ACCOUNT());
if (!password) {
return !trial_password;
}
if (password == hash_string("crypt", trial_password, password)) {
return TRUE;
}
if (password == hash_string("SHA1", trial_password)) {
set_password(trial_password);
return TRUE;
}
if (password == hash_string("MD5", trial_password)) {
set_password(trial_password);
return TRUE;
}
if (password == hash_string("crypt", trial_password, name)) {
set_password(trial_password);
return TRUE;
}
}
static gboolean
handle_get_icon_data_url (CockpitAccount *object,
GDBusMethodInvocation *invocation)
{
Account *acc = ACCOUNT (object);
gs_free gchar *raw_data = NULL;
gsize raw_size;
gs_free gchar *base64_data = NULL;
gs_free gchar *data = NULL;
if (acc->u == NULL)
goto out;
const gchar *icon_file = act_user_get_icon_file (acc->u);
if (icon_file == NULL)
goto out;
if (!g_file_get_contents (icon_file, &raw_data, &raw_size, NULL))
goto out;
base64_data = g_base64_encode ((guchar *)raw_data, raw_size);
data = g_strdup_printf ("data:image/png;base64,%s", base64_data);
out:
cockpit_account_complete_get_icon_data_url (object, invocation, data? data : "");
return TRUE;
}
void clear_password()
{
ACCESS_CHECK(ACCOUNT());
password = nil;
save();
}
void set_hashed_password(string new_password)
{
ACCESS_CHECK(ACCOUNT());
password = new_password;
save();
}
void set_password(string new_password)
{
ACCESS_CHECK(ACCOUNT());
password = hash_string("crypt", new_password);
save();
}
void set_property(string property, mixed value)
{
ACCESS_CHECK(ACCOUNT());
if (!property) {
error("Invalid property name");
}
if (!properties && value != nil) {
properties = ([ ]);
}
static gboolean
handle_set_icon_data_url (CockpitAccount *object,
GDBusMethodInvocation *invocation,
const gchar *arg_data)
{
GError *error = NULL;
Account *acc = ACCOUNT (object);
if (!account_auth_check (object, invocation, acc))
return TRUE;
if (acc->u)
{
const gchar *base64_data = strstr (arg_data, "base64,");
if (base64_data == NULL)
goto out;
base64_data += strlen ("base64,");
gsize raw_size;
gs_free gchar *raw_data = (gchar *)g_base64_decode (base64_data, &raw_size);
gs_unref_object GFileIOStream *tmp_stream = NULL;
gs_unref_object GFile *tmp_file = g_file_new_tmp ("cockpit-user-icon-XXXXXX", &tmp_stream, &error);
if (tmp_file == NULL)
goto out;
GOutputStream *out = g_io_stream_get_output_stream (G_IO_STREAM (tmp_stream));
if (!g_output_stream_write_all (out, raw_data, raw_size, NULL, NULL, &error))
goto out;
if (!g_io_stream_close (G_IO_STREAM (tmp_stream), NULL, &error))
goto out;
gs_free gchar *tmp_path = g_file_get_path (tmp_file);
act_user_set_icon_file (acc->u, tmp_path);
g_file_delete (tmp_file, NULL, NULL);
}
out:
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"%s", error->message);
g_clear_error (&error);
}
else
cockpit_account_complete_set_icon_data_url (object, invocation);
return TRUE;
}
static void
user_added (ActUserManager *um,
ActUser *user,
Accounts *accounts)
{
if (act_user_is_system_account (user))
return;
GDBusObjectManagerServer *object_manager_server = daemon_get_object_manager (daemon_get ());
CockpitAccount *acc = account_new ();
account_update (ACCOUNT (acc), user);
gs_free gchar *path =
utils_generate_object_path ("/com/redhat/Cockpit/Accounts",
cockpit_account_get_user_name (acc));
gs_unref_object CockpitObjectSkeleton *obj = cockpit_object_skeleton_new (path);
cockpit_object_skeleton_set_account (obj, acc);
g_dbus_object_manager_server_export_uniquely (object_manager_server,
G_DBUS_OBJECT_SKELETON (obj));
g_hash_table_insert (accounts->act_user_to_account, user, ACCOUNT(acc));
}
static gboolean
handle_set_locked (CockpitAccount *object,
GDBusMethodInvocation *invocation,
gboolean arg_locked)
{
Account *acc = ACCOUNT (object);
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
act_user_set_locked (acc->u, arg_locked);
cockpit_account_complete_set_locked (object, invocation);
return TRUE;
}
static gboolean
handle_set_real_name (CockpitAccount *object,
GDBusMethodInvocation *invocation,
const gchar *arg_value)
{
Account *acc = ACCOUNT (object);
if (!account_auth_check (object, invocation, acc))
return TRUE;
if (acc->u)
act_user_set_real_name (acc->u, arg_value);
cockpit_account_complete_set_real_name (object, invocation);
return TRUE;
}
static gboolean
handle_kill_sessions (CockpitAccount *object,
GDBusMethodInvocation *invocation)
{
Account *acc = ACCOUNT (object);
GError *error = NULL;
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
{
gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM,
NULL,
&error);
if (bus == NULL)
goto out;
gs_unref_variant GVariant *result =
g_dbus_connection_call_sync (bus,
"org.freedesktop.login1",
"/org/freedesktop/login1",
"org.freedesktop.login1.Manager",
"KillUser",
g_variant_new ("(ui)",
act_user_get_uid (acc->u),
SIGTERM),
NULL,
0,
-1,
NULL,
&error);
}
out:
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"Failed to kill sessions: %s", error->message);
g_error_free (error);
}
else
cockpit_account_complete_kill_sessions (object, invocation);
return TRUE;
}
static gboolean
handle_change_groups (CockpitAccount *object,
GDBusMethodInvocation *invocation,
const gchar *const *arg_add,
const gchar *const *arg_remove)
{
Account *acc = ACCOUNT (object);
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
act_user_change_groups (acc->u, arg_add, arg_remove);
cockpit_account_complete_change_groups (object, invocation);
return TRUE;
}
static gboolean
handle_set_password_hash (CockpitAccount *object,
GDBusMethodInvocation *invocation,
const gchar *arg_hash)
{
GError *error;
Account *acc = ACCOUNT (object);
const gchar *argv[6];
gint status;
if (!account_auth_check (object, invocation, acc))
return TRUE;
if (acc->u == NULL)
{
cockpit_account_complete_set_password_hash (object, invocation);
return TRUE;
}
argv[0] = "/usr/sbin/usermod";
argv[1] = "-p";
argv[2] = arg_hash;
argv[3] = "--";
argv[4] = act_user_get_user_name (acc->u);
argv[5] = NULL;
error = NULL;
if (g_spawn_sync (NULL, (gchar**)argv, NULL, 0, NULL, NULL, NULL, NULL, &status, &error))
g_spawn_check_exit_status (status, &error);
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"Failed to change password hash via %s: %s", argv[0], error->message);
g_error_free (error);
}
else
{
cockpit_account_complete_set_password_hash (object, invocation);
}
return TRUE;
}
static gboolean
handle_set_password (CockpitAccount *object,
GDBusMethodInvocation *invocation,
const gchar *arg_password)
{
Account *acc = ACCOUNT (object);
if (!account_auth_check (object, invocation, acc))
return TRUE;
if (acc->u)
{
act_user_set_password_mode (acc->u, ACT_USER_PASSWORD_MODE_REGULAR);
act_user_set_password (acc->u, arg_password, "");
}
cockpit_account_complete_set_password (object, invocation);
return TRUE;
}
static gboolean
handle_get_password_hash (CockpitAccount *object,
GDBusMethodInvocation *invocation)
{
Account *acc = ACCOUNT (object);
const gchar *hash = "";
if (!account_auth_check (object, invocation, acc))
return TRUE;
if (acc->u)
{
struct spwd *sp = getspnam (act_user_get_user_name (acc->u));
if (sp && sp->sp_pwdp)
hash = sp->sp_pwdp;
}
cockpit_account_complete_get_password_hash (object, invocation, hash);
return TRUE;
}
static gboolean
handle_kill_sessions (CockpitAccount *object,
GDBusMethodInvocation *invocation)
{
Account *acc = ACCOUNT (object);
GError *error = NULL;
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
if (acc->u)
{
gs_unref_object GDBusConnection *bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM,
NULL,
&error);
if (bus == NULL)
goto out;
GVariant *result =
g_dbus_connection_call_sync (bus,
"org.freedesktop.login1",
"/org/freedesktop/login1",
"org.freedesktop.login1.Manager",
"KillUser",
g_variant_new ("(ui)",
act_user_get_uid (acc->u),
SIGTERM),
NULL,
0,
-1,
NULL,
&error);
if (!error)
{
g_variant_unref (result);
}
else
{
/* logind from systemd 208 is buggy, so we use systemd directly if it fails
https://bugs.freedesktop.org/show_bug.cgi?id=71092
*/
g_dbus_error_strip_remote_error (error);
g_warning ("logind.KillUser failed (%s), trying systemd.KillUnit", error->message);
g_clear_error (&error);
gs_free gchar *unit = g_strdup_printf ("user-%d.slice", act_user_get_uid (acc->u));
GVariant *result =
g_dbus_connection_call_sync (bus,
"org.freedesktop.systemd1",
"/org/freedesktop/systemd1",
"org.freedesktop.systemd1.Manager",
"KillUnit",
g_variant_new ("(ssi)",
unit,
"all",
SIGTERM),
NULL,
0,
-1,
NULL,
&error);
if (!error)
{
g_info ("systemd.KillUnit worked");
g_variant_unref (result);
}
}
}
out:
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"Failed to kill sessions: %s", error->message);
g_error_free (error);
}
else
cockpit_account_complete_kill_sessions (object, invocation);
return TRUE;
}
string query_name()
{
ACCESS_CHECK(ACCOUNT());
return name;
}
static gboolean
handle_change_groups (CockpitAccount *object,
GDBusMethodInvocation *invocation,
const gchar *const *arg_add,
const gchar *const *arg_remove)
{
Account *acc = ACCOUNT (object);
GError *error;
int i, j, ngroups;
gid_t primary;
gid_t *groups;
GString *str;
struct group *gr;
const gchar *argv[6];
gint status;
if (!auth_check_sender_role (invocation, COCKPIT_ROLE_USER_ADMIN))
return TRUE;
ngroups = get_user_groups (acc->u, &primary, &groups);
str = g_string_new ("");
for (i = 0; i < ngroups; i++)
{
if (groups[i] == primary)
continue;
gr = getgrgid_alloc (groups[i]);
if (gr != NULL)
{
for (j = 0; arg_remove[j]; j++)
{
if (strcmp (gr->gr_name, arg_remove[j]) == 0)
break;
}
if (!arg_remove[j])
g_string_append_printf (str, "%s,", gr->gr_name);
g_free (gr);
}
}
for (j = 0; arg_add[j]; j++)
g_string_append_printf (str, "%s,", arg_add[j]);
/* remove excess comma */
g_string_truncate (str, str->len - 1);
g_free (groups);
argv[0] = "/usr/sbin/usermod";
argv[1] = "-G";
argv[2] = str->str;
argv[3] = "--";
argv[4] = act_user_get_user_name (acc->u);
argv[5] = NULL;
error = NULL;
if (g_spawn_sync (NULL, (gchar**)argv, NULL, 0, NULL, NULL, NULL, NULL, &status, &error))
g_spawn_check_exit_status (status, &error);
if (error)
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"Failed to change user groups via %s: %s", argv[0], error->message);
g_error_free (error);
}
else
{
account_update (acc, acc->u);
cockpit_account_complete_change_groups (object, invocation);
}
return TRUE;
}
void set_name(string new_name)
{
ACCESS_CHECK(ACCOUNT());
name = new_name;
}
