[gnome-initial-setup/wip/pwithnall/misc-fixes: 7/70] account-local: create a shared user account
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-initial-setup/wip/pwithnall/misc-fixes: 7/70] account-local: create a shared user account
- Date: Fri, 11 Sep 2020 13:29:08 +0000 (UTC)
commit f39821fa4e4414afb8c2ed691cafd4b8dd67c860
Author: Alessandro Puccetti <alessandro kinvolk io>
Date: Fri May 5 12:38:45 2017 +0200
account-local: create a shared user account
The shared account can be used to log in without password.
Unlike the regular user, we don't call gis_driver_set_user_permissions()
here. The credentials passed to gis_driver_set_user_permissions()
are used by the summary page to log into the newly-created user's
sessions. The shared user is not the user we want to log in with!
In practice, these credentials are overwritten by a subsequent call to
gis_driver_set_user_permissions() when GisAccountPageLocal emits
::user-created, so the only harm is a small leak of the previous
password (in this case, empty string, so 1 byte) in
gis_driver_set_user_permissions().
We get sporadic reports of systems which only have the shared user, and
no administrator user. (In one case, the user reported not being asked
to create an admin user during the FBE.) It's hard to recover from this
state because the shared user is not an administrator and the root
account is locked; it's also hard to get useful logs, because the shared
user cannot read the full journal. Therefore, we take care to create the
shared user after creating the user-specified administrator user.
(Rebase 3.38: Fix minor rebase conflicts. Add g_autoptr() support and
error propagation.)
.../pages/account/gis-account-page-local.c | 34 +++++++++++++++++++++-
.../pages/account/gis-account-page.c | 16 ++++++++++
gnome-initial-setup/pages/account/um-utils.h | 7 +++++
3 files changed, 56 insertions(+), 1 deletion(-)
---
diff --git a/gnome-initial-setup/pages/account/gis-account-page-local.c
b/gnome-initial-setup/pages/account/gis-account-page-local.c
index c858c608..f5c892bb 100644
--- a/gnome-initial-setup/pages/account/gis-account-page-local.c
+++ b/gnome-initial-setup/pages/account/gis-account-page-local.c
@@ -77,6 +77,7 @@ enum {
VALIDATION_CHANGED,
MAIN_USER_CREATED,
PARENT_USER_CREATED,
+ SHARED_USER_CREATED,
CONFIRM,
LAST_SIGNAL,
};
@@ -534,6 +535,33 @@ set_user_avatar (GisAccountPageLocal *page,
g_clear_object (&file);
}
+static gboolean
+create_shared_user (GisAccountPageLocal *local,
+ GError **error)
+{
+ GisAccountPageLocalPrivate *priv = gis_account_page_local_get_instance_private (local);
+ g_autoptr(ActUser) shared_user = NULL;
+
+ shared_user = act_user_manager_create_user (priv->act_client,
+ SHARED_ACCOUNT_USERNAME,
+ SHARED_ACCOUNT_FULLNAME,
+ ACT_USER_ACCOUNT_TYPE_STANDARD,
+ error);
+ if (shared_user == NULL)
+ {
+ g_prefix_error (error,
+ _("Failed to create user '%s': "),
+ SHARED_ACCOUNT_USERNAME);
+ return FALSE;
+ }
+
+ act_user_set_password_mode (shared_user, ACT_USER_PASSWORD_MODE_NONE);
+
+ g_signal_emit (local, signals[SHARED_USER_CREATED], 0, shared_user, "");
+
+ return TRUE;
+}
+
static gboolean
local_create_user (GisAccountPageLocal *local,
GisPage *page,
@@ -616,7 +644,7 @@ local_create_user (GisAccountPageLocal *local,
g_signal_emit (local, signals[MAIN_USER_CREATED], 0, main_user, "");
- return TRUE;
+ return create_shared_user (local, error);
}
static void
@@ -650,6 +678,10 @@ gis_account_page_local_class_init (GisAccountPageLocalClass *klass)
G_SIGNAL_RUN_LAST, 0, NULL, NULL, NULL,
G_TYPE_NONE, 2, ACT_TYPE_USER, G_TYPE_STRING);
+ signals[SHARED_USER_CREATED] = g_signal_new ("shared-user-created", GIS_TYPE_ACCOUNT_PAGE_LOCAL,
+ G_SIGNAL_RUN_LAST, 0, NULL, NULL, NULL,
+ G_TYPE_NONE, 2, ACT_TYPE_USER, G_TYPE_STRING);
+
signals[CONFIRM] = g_signal_new ("confirm", GIS_TYPE_ACCOUNT_PAGE_LOCAL,
G_SIGNAL_RUN_LAST, 0, NULL, NULL, NULL,
G_TYPE_NONE, 0);
diff --git a/gnome-initial-setup/pages/account/gis-account-page.c
b/gnome-initial-setup/pages/account/gis-account-page.c
index f319a267..93d9e81a 100644
--- a/gnome-initial-setup/pages/account/gis-account-page.c
+++ b/gnome-initial-setup/pages/account/gis-account-page.c
@@ -235,6 +235,19 @@ on_network_changed (GNetworkMonitor *monitor,
gtk_stack_set_visible_child (GTK_STACK (priv->offline_stack), priv->page_toggle);
}
+static void
+on_shared_user_created (GtkWidget *page_local,
+ ActUser *user,
+ char *password,
+ GisAccountPage *page)
+{
+ const gchar *language;
+
+ language = gis_driver_get_user_language (GIS_PAGE (page)->driver);
+ if (language)
+ act_user_set_language (user, language);
+}
+
static void
gis_account_page_constructed (GObject *object)
{
@@ -254,6 +267,9 @@ gis_account_page_constructed (GObject *object)
g_signal_connect (priv->page_local, "confirm",
G_CALLBACK (on_local_page_confirmed), page);
+ g_signal_connect (priv->page_local, "shared-user-created",
+ G_CALLBACK (on_shared_user_created), page);
+
g_signal_connect (priv->page_enterprise, "validation-changed",
G_CALLBACK (on_validation_changed), page);
g_signal_connect (priv->page_enterprise, "user-cached",
diff --git a/gnome-initial-setup/pages/account/um-utils.h b/gnome-initial-setup/pages/account/um-utils.h
index b0bb905b..ee86966c 100644
--- a/gnome-initial-setup/pages/account/um-utils.h
+++ b/gnome-initial-setup/pages/account/um-utils.h
@@ -27,6 +27,13 @@
G_BEGIN_DECLS
+/* Endless-specific: username and full name for the built-in shared account, an
+ * unprivileged, passwordless user created after the administrator account on
+ * most images.
+ */
+#define SHARED_ACCOUNT_USERNAME "shared"
+#define SHARED_ACCOUNT_FULLNAME "Shared Account"
+
void set_entry_validation_error (GtkEntry *entry,
const gchar *text);
void set_entry_validation_checkmark (GtkEntry *entry);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
