798e1e0c65
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/compare/22.08.8...23.13.9 Fixes CVE-2012-6655
127 lines
4.7 KiB
Diff
127 lines
4.7 KiB
Diff
From 6f172007452b39bfda5062fc29ea5382671ac16e Mon Sep 17 00:00:00 2001
|
|
From: Alexander Ried <ried@mytum.de>
|
|
Date: Thu, 26 May 2016 19:54:21 +0200
|
|
Subject: [PATCH] Disable methods that change files in /etc
|
|
|
|
Only if environment variable NIXOS_USERS_PURE is set.
|
|
---
|
|
src/daemon.c | 10 ++++++++++
|
|
src/user.c | 35 +++++++++++++++++++++++++++++++++++
|
|
2 files changed, 45 insertions(+)
|
|
|
|
diff --git a/src/daemon.c b/src/daemon.c
|
|
index 861430f..aefaf2d 100644
|
|
--- a/src/daemon.c
|
|
+++ b/src/daemon.c
|
|
@@ -1378,6 +1378,11 @@ daemon_create_user (AccountsAccounts *accounts,
|
|
const gchar *real_name,
|
|
gint account_type)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
Daemon *daemon = (Daemon *) accounts;
|
|
CreateUserData *data;
|
|
|
|
@@ -1581,6 +1586,11 @@ daemon_delete_user (AccountsAccounts *accounts,
|
|
gint64 uid,
|
|
gboolean remove_files)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
Daemon *daemon = (Daemon *) accounts;
|
|
DeleteUserData *data;
|
|
|
|
diff --git a/src/user.c b/src/user.c
|
|
index 28170db..df947a1 100644
|
|
--- a/src/user.c
|
|
+++ b/src/user.c
|
|
@@ -1216,6 +1216,11 @@ user_set_real_name (AccountsUser *auser,
|
|
GDBusMethodInvocation *context,
|
|
const gchar *real_name)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
int uid;
|
|
const gchar *action_id;
|
|
@@ -1293,6 +1298,11 @@ user_set_user_name (AccountsUser *auser,
|
|
GDBusMethodInvocation *context,
|
|
const gchar *user_name)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
|
|
daemon_local_check_auth (user->daemon,
|
|
@@ -1945,6 +1955,11 @@ user_set_home_directory (AccountsUser *auser,
|
|
GDBusMethodInvocation *context,
|
|
const gchar *home_dir)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
|
|
daemon_local_check_auth (user->daemon,
|
|
@@ -2000,6 +2015,11 @@ user_set_shell (AccountsUser *auser,
|
|
GDBusMethodInvocation *context,
|
|
const gchar *shell)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
|
|
daemon_local_check_auth (user->daemon,
|
|
@@ -2249,6 +2269,11 @@ user_set_locked (AccountsUser *auser,
|
|
GDBusMethodInvocation *context,
|
|
gboolean locked)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
|
|
daemon_local_check_auth (user->daemon,
|
|
@@ -2457,6 +2482,11 @@ user_set_password_mode (AccountsUser *auser,
|
|
GDBusMethodInvocation *context,
|
|
gint mode)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
const gchar *action_id;
|
|
gint uid;
|
|
@@ -2550,6 +2580,11 @@ user_set_password (AccountsUser *auser,
|
|
const gchar *password,
|
|
const gchar *hint)
|
|
{
|
|
+ if (getenv("NIXOS_USERS_PURE")) {
|
|
+ throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers");
|
|
+ return;
|
|
+ }
|
|
+
|
|
User *user = (User *) auser;
|
|
gchar **data;
|
|
const gchar *action_id;
|