141 lines
4.5 KiB
Diff
141 lines
4.5 KiB
Diff
From e339ad74ca408c665a62bb4bd98dd1ef6caedd20 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
|
|
Date: Tue, 27 Oct 2020 15:14:27 +0100
|
|
Subject: [PATCH] display: Exit with failure if loading existing users fails
|
|
|
|
Given not having users may make GDM to launch initial setup, that
|
|
allows to create new users (potentially with sudo capabilities), it's
|
|
better to make look_for_existing_users() to return its status and only
|
|
if it didn't fail continue the gdm execution.
|
|
|
|
GHSL-2020-202
|
|
CVE-2020-16125
|
|
|
|
Fixes #642
|
|
---
|
|
daemon/gdm-display.c | 12 ++++++++----
|
|
1 file changed, 8 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
|
|
index 929fa13bd..1b60eb621 100644
|
|
--- a/daemon/gdm-display.c
|
|
+++ b/daemon/gdm-display.c
|
|
@@ -436,106 +436,110 @@ finish_idle (GdmDisplay *self)
|
|
static void
|
|
queue_finish (GdmDisplay *self)
|
|
{
|
|
if (self->priv->finish_idle_id == 0) {
|
|
self->priv->finish_idle_id = g_idle_add ((GSourceFunc)finish_idle, self);
|
|
}
|
|
}
|
|
|
|
static void
|
|
_gdm_display_set_status (GdmDisplay *self,
|
|
int status)
|
|
{
|
|
if (status != self->priv->status) {
|
|
self->priv->status = status;
|
|
g_object_notify (G_OBJECT (self), "status");
|
|
}
|
|
}
|
|
|
|
static gboolean
|
|
gdm_display_real_prepare (GdmDisplay *self)
|
|
{
|
|
g_return_val_if_fail (GDM_IS_DISPLAY (self), FALSE);
|
|
|
|
g_debug ("GdmDisplay: prepare display");
|
|
|
|
_gdm_display_set_status (self, GDM_DISPLAY_PREPARED);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
-static void
|
|
+static gboolean
|
|
look_for_existing_users_sync (GdmDisplay *self)
|
|
{
|
|
g_autoptr (GVariant) result = NULL;
|
|
g_autoptr (GVariant) result_child = NULL;
|
|
g_autoptr (GError) error = NULL;
|
|
gboolean has_no_users = FALSE;
|
|
|
|
result = g_dbus_connection_call_sync (self->priv->connection,
|
|
"org.freedesktop.Accounts",
|
|
"/org/freedesktop/Accounts",
|
|
"org.freedesktop.DBus.Properties",
|
|
"Get",
|
|
g_variant_new ("(ss)", "org.freedesktop.Accounts", "HasNoUsers"),
|
|
G_VARIANT_TYPE ("(v)"),
|
|
G_DBUS_CALL_FLAGS_NONE,
|
|
-1,
|
|
NULL,
|
|
&error);
|
|
|
|
if (result == NULL) {
|
|
- g_warning ("Failed to contact accountsservice: %s", error->message);
|
|
- return;
|
|
+ g_critical ("Failed to contact accountsservice: %s", error->message);
|
|
+ goto out;
|
|
}
|
|
|
|
g_variant_get (result, "(v)", &result_child);
|
|
has_no_users = g_variant_get_boolean (result_child);
|
|
self->priv->have_existing_user_accounts = !has_no_users;
|
|
|
|
g_debug ("GdmDisplay: machine does %shave existing user accounts",
|
|
has_no_users? "not " : "");
|
|
+out:
|
|
+ return result != NULL;
|
|
}
|
|
|
|
gboolean
|
|
gdm_display_prepare (GdmDisplay *self)
|
|
{
|
|
gboolean ret;
|
|
|
|
g_return_val_if_fail (GDM_IS_DISPLAY (self), FALSE);
|
|
|
|
g_debug ("GdmDisplay: Preparing display: %s", self->priv->id);
|
|
|
|
/* FIXME: we should probably do this in a more global place,
|
|
* asynchronously
|
|
*/
|
|
- look_for_existing_users_sync (self);
|
|
+ if (!look_for_existing_users_sync (self)) {
|
|
+ exit (EXIT_FAILURE);
|
|
+ }
|
|
|
|
self->priv->doing_initial_setup = wants_initial_setup (self);
|
|
|
|
g_object_ref (self);
|
|
ret = GDM_DISPLAY_GET_CLASS (self)->prepare (self);
|
|
g_object_unref (self);
|
|
|
|
return ret;
|
|
}
|
|
|
|
gboolean
|
|
gdm_display_manage (GdmDisplay *self)
|
|
{
|
|
gboolean res;
|
|
|
|
g_return_val_if_fail (GDM_IS_DISPLAY (self), FALSE);
|
|
|
|
g_debug ("GdmDisplay: Managing display: %s", self->priv->id);
|
|
|
|
/* If not explicitly prepared, do it now */
|
|
if (self->priv->status == GDM_DISPLAY_UNMANAGED) {
|
|
res = gdm_display_prepare (self);
|
|
if (! res) {
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
if (g_strcmp0 (self->priv->session_class, "greeter") == 0) {
|
|
if (GDM_DISPLAY_GET_CLASS (self)->manage != NULL) {
|
|
GDM_DISPLAY_GET_CLASS (self)->manage (self);
|
|
--
|
|
2.28.0
|
|
|