Created attachment 218068 [details] Patch to update sysutils/accountsservice - Update to 0.6.55 (big 4 years jump!) - Switch to the Meson build system - Update pkg-descr, Freedesktop.org migrated from cgit to gitlab - Adjust dependencies - Remove useless pkg-install script, feature already in pkg-plist CC'ed the desktop team Note: tested with GLib 2.66.0
Tested with GLib 2.66.0 and GObject introspection 1.66.0 (both the latest releases).
Ooh, this also fixes the userdel thing (the previous patches forgot to touch deletion), nice.
Thanks for taking this 0mp :) mfg Tobias
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ffb1311e56725702208e807cfc63c8163c6b4a52 commit ffb1311e56725702208e807cfc63c8163c6b4a52 Author: Olivier Duchateau <olivierd@FreeBSD.org> AuthorDate: 2021-05-24 15:38:38 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2021-05-25 08:28:07 +0000 sysutils/accountsservice: Update to 0.6.55 This update also fixes the userdel functionality. PR: 249445 Reviewed by: 0mp Approved by: maintainer timeout MFH: 2021Q2 Security: 75aae50b-9e3c-11eb-9bc3-8c164582fbac Security: CVE-2018-14036 sysutils/accountsservice/Makefile | 30 +-- sysutils/accountsservice/distinfo | 6 +- .../accountsservice/files/patch-configure (gone) | 21 -- .../accountsservice/files/patch-meson.build (new) | 16 ++ .../files/patch-meson__post__install.py (new) | 13 + sysutils/accountsservice/files/patch-src_daemon.c | 282 ++++++++++++++++++++- .../patch-src_libaccountsservice_act-user.c (new) | 11 + .../files/patch-src_meson.build (new) | 13 + sysutils/accountsservice/files/patch-src_user.c | 190 ++++++++++---- .../accountsservice/files/patch-src_user.h (new) | 27 ++ .../files/patch-src_wtmp-helper.h (new) | 10 + sysutils/accountsservice/pkg-descr | 6 +- sysutils/accountsservice/pkg-install (gone) | 9 - sysutils/accountsservice/pkg-plist | 51 ++-- 14 files changed, 540 insertions(+), 145 deletions(-)
A commit in branch 2021Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6a456af02d7efda292eb0c52887c1a1964478589 commit 6a456af02d7efda292eb0c52887c1a1964478589 Author: Olivier Duchateau <olivierd@FreeBSD.org> AuthorDate: 2021-05-24 15:38:38 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2021-05-25 08:31:57 +0000 sysutils/accountsservice: Update to 0.6.55 This update also fixes the userdel functionality. PR: 249445 Reviewed by: 0mp Approved by: maintainer timeout MFH: 2021Q2 Security: 75aae50b-9e3c-11eb-9bc3-8c164582fbac Security: CVE-2018-14036 (cherry picked from commit ffb1311e56725702208e807cfc63c8163c6b4a52) sysutils/accountsservice/Makefile | 30 +-- sysutils/accountsservice/distinfo | 6 +- .../accountsservice/files/patch-configure (gone) | 21 -- .../accountsservice/files/patch-meson.build (new) | 16 ++ .../files/patch-meson__post__install.py (new) | 13 + sysutils/accountsservice/files/patch-src_daemon.c | 282 ++++++++++++++++++++- .../patch-src_libaccountsservice_act-user.c (new) | 11 + .../files/patch-src_meson.build (new) | 13 + sysutils/accountsservice/files/patch-src_user.c | 190 ++++++++++---- .../accountsservice/files/patch-src_user.h (new) | 27 ++ .../files/patch-src_wtmp-helper.h (new) | 10 + sysutils/accountsservice/pkg-descr | 6 +- sysutils/accountsservice/pkg-install (gone) | 9 - sysutils/accountsservice/pkg-plist | 51 ++-- 14 files changed, 540 insertions(+), 145 deletions(-)
Reopen. After update to 0.6.55 there is no users list at gdm login screen. It just shows "not listed" string. But I able to click there and type username manually. At 14-CURRENT I'm able to get to desktop after that, but there is similar user report for 13.x at freebsd-ports@ ML, and reporter has a problem with getting the desktop after manually typing username. But if I Lock the screen (Windows+L or via menu), I can't get back to the desktop without restarting gdm and supplying user credentials again, because Lock login screen lacks username field and providing just password isn't enough. Reverting to 0.6.42 makes users list available again and fixes Lock screen dialog. Both for 14-CURRENT and 13.x.
Here is original report: https://lists.freebsd.org/archives/freebsd-ports/2021-June/000094.html
If you try (when GDM is running, but in different TTY): DBus service must be enable. > gdbus call --system --dest org.freedesktop.DBus \ > --object-path /org/freedesktop/DBus --method org.freedesktop.DBus.ListNames If you see 'org.freedesktop.Accounts', try this following command: > gdbus call --system --dest org.freedesktop.Accounts \ > --object-path /org/freedesktop/Accounts \ > --method org.freedesktop.Accounts.ListCachedUsers List of users (it's list of ObjectPath) will be displayed (UserName property contains login name).
(In reply to Ruslan Makhmatkhanov from comment #7) Thank you, Ruslan, for linking my post
Same problem after updating to 0.6.55 No user icons in gdm login screen
(In reply to Olivier Duchateau from comment #8) gdbus call --system --dest org.freedesktop.DBus --object-path /org/freedesktop/DBus --method org.freedesktop.DBus.ListNames (['org.freedesktop.DBus', ':1.92', ':1.7', ':1.93', ':1.94', ':1.83', 'org.freedesktop.ColorManager', ':1.50', ':1.84', ':1.51', ':1.52', ':1.86', ':1.53', 'org.freedesktop.PolicyKit1', ':1.87', ':1.54', ':1.88', ':1.55', 'org.freedesktop.ConsoleKit', ':1.89', ':1.56', 'org.freedesktop.UPower', 'org.freedesktop.UDisks2', ':1.2', ':1.49', ':1.17', ':1.4', ':1.90', 'org.freedesktop.Accounts', ':1.91'],) gdbus call --system --dest org.freedesktop.Accounts --object-path /org/freedesktop/Accounts --method org.freedesktop.Accounts.ListCachedUsers ([objectpath '/org/freedesktop/Accounts/User1001'],) If i enable autologin in gdm's custom.conf i got this in logs : gdm[25252]: accountsservice: ActUserManager: user (null) has no username (uid: -1) maybe this helps ..
I have been hitting this issue myself, and I think the bug exists in 2 places. 1 in accountservice/src/daemon.c: daemon.c:197 > /* First iteration */ > if (*state == NULL) { > GHashTable *shadow_users = NULL; > FILE *fp; > #ifdef HAVE_SHADOW_H > struct spwd *shadow_entry; > > fp = fopen (PATH_SHADOW, "r"); > if (fp == NULL) { > g_warning ("Unable to open %s: %s", PATH_SHADOW, g_strerror (errno)); > return NULL; > } > > shadow_users = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); > > do { > int ret = 0; > > shadow_entry_buffers = g_malloc0 (sizeof (*shadow_entry_buffers)); > > ret = fgetspent_r (fp, &shadow_entry_buffers->spbuf, shadow_entry_buffers->buf, sizeof (shadow_entry_buffers->buf), &shadow_entry); > if (ret == 0) { > g_hash_table_insert (shadow_users, g_strdup (shadow_entry->sp_namp), shadow_entry_buffers); > } else { > g_free (shadow_entry_buffers); > > if (errno != EINTR) { > break; > } > } > } while (shadow_entry != NULL); > > fclose (fp); > > if (g_hash_table_size (shadow_users) == 0) { > g_clear_pointer (&shadow_users, g_hash_table_unref); > return NULL; > } > #endif > > fp = fopen (PATH_PASSWD, "r"); > if (fp == NULL) { > g_clear_pointer (&shadow_users, g_hash_table_unref); > g_warning ("Unable to open %s: %s", PATH_PASSWD, g_strerror (errno)); > return NULL; > } > > generator_state = g_malloc0 (sizeof (*generator_state)); > generator_state->fp = fp; > generator_state->users = shadow_users; > > *state = generator_state; > } > > /* Every iteration */ > generator_state = *state; > > if (g_hash_table_size (users) < MAX_LOCAL_USERS) { > pwent = fgetpwent (generator_state->fp); > if (pwent != NULL) { > #ifdef HAVE_SHADOW_H > shadow_entry_buffers = g_hash_table_lookup (generator_state->users, pwent->pw_name); > > if (shadow_entry_buffers != NULL) { > *spent = &shadow_entry_buffers->spbuf; > } > return pwent; > #else > if (!generator_state->users || g_hash_table_lookup (generator_state->users, pwent->pw_name)) > return pwent; > #endif > } > } Note that my reading of the code is that it pulls all of /etc/shadow into memory (and does it extremely hamfistedly), and then uses that to prune /etc/passwd in such a way that users that aren't in /etc/shadow don't even show up: > if (!generator_state->users || g_hash_table_lookup (generator_state->users, pwent->pw_name)) > return pwent; So generator_state-> users has to be non-null, AND it has to have a user by that name in it... but in the first iteration generator_state->users is set to shadow_users (L246), however shadow_users is set L210 (inside the #ifdef block), and populated in that block, what WE get is the initial value (NULL), L199.... Therefore that check NEVER passes, and we never have ANY users. So I fixed that by removing the if conditional and always returned pwent. This however did not fix it. In experimenting I would swap out JUST account-daemon (or whatever it is called), and hit gdm. THIS worked.... and later I discovered that there is libaccountservice at play here, I think there is a *second* bug lurking in there. I did a git diff between the two versions that we upgraded and .. a lot changed. I am not done investigating yet, but I figured more eyes will help. I hope this helps.
Let's rollback it until it's fixed
(In reply to Pavel Timofeev from comment #13) Rolling back is surely an option but there is an CVE that got fixed in the committed version. If we roll back the update, we need to make sure the vulnerability is still patched. Unfortunately, I don't have the necessary time to investigate and prepare a suitable patch.
When my computer time out, the screen back to lock screen, and I can't login again, only use alt+Fx reboot, so I must turned off automatic lock screen, it make me crazy. This bug affects a lot of people, especially like me use FreeBSD for desktops to work. I don't have the ability to fix it. Today I just rollback accountsservice-0.6.55 to accountsservice-0.6.43. Everything works fine. btw: I use ports-mgmt/portdowngrade to downgrade accountsservice.
This should fix the issue with the library: https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/sysutils/accountsservice/patches/patch-src_libaccountsservice_act-user-manager_c?rev=1.2&content-type=text/plain
(In reply to Robert Nagy from comment #16) Great! This fixed worked for me!
Fixed for me too.
Created attachment 228151 [details] sysutils/accountsservice/files/patch-src_libaccountsservice_act-user-manager.c This file is to be added in sysutils/accountsservice/files/ to apply OpenBSD correction.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=fa6b589dc7cf40675fad8764fd86788107e085e7 commit fa6b589dc7cf40675fad8764fd86788107e085e7 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2021-09-24 17:21:33 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2021-09-24 17:30:35 +0000 sysutils/accountsservice: unbreak update to 0.6.55 In ffb1311e56725702208e807cfc63c8163c6b4a52 the port was updated to 0.6.55, which unfortunately broke some functionality in gdm. Add the patch from OpenBSD to fix this. Reported by: rm Obtained from: https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/sysutils/accountsservice/patches/patch-src_libaccountsservice_act-user-manager_c PR: 249445 sysutils/accountsservice/Makefile | 1 + ...src_libaccountsservice_act-user-manager.c (new) | 24 ++++++++++++++++++++++ 2 files changed, 25 insertions(+)
A commit in branch 2021Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=505a7155b2e84e495ed8ce95daf21db3a0d59903 commit 505a7155b2e84e495ed8ce95daf21db3a0d59903 Author: Tobias C. Berner <tcberner@FreeBSD.org> AuthorDate: 2021-09-24 17:21:33 +0000 Commit: Tobias C. Berner <tcberner@FreeBSD.org> CommitDate: 2021-09-24 17:36:31 +0000 sysutils/accountsservice: unbreak update to 0.6.55 In ffb1311e56725702208e807cfc63c8163c6b4a52 the port was updated to 0.6.55, which unfortunately broke some functionality in gdm. Add the patch from OpenBSD to fix this. Reported by: rm Obtained from: https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/sysutils/accountsservice/patches/patch-src_libaccountsservice_act-user-manager_c PR: 249445 (cherry picked from commit fa6b589dc7cf40675fad8764fd86788107e085e7) sysutils/accountsservice/Makefile | 1 + ...src_libaccountsservice_act-user-manager.c (new) | 24 ++++++++++++++++++++++ 2 files changed, 25 insertions(+)
Committed... finally [tm].
Sad to report, but I applied the patch from OpenBSD - in fact, multiple variants of it, posted here - separately, of course, removed the "gdm" pkg and installed "gdm" from ports with the patched "accountsservice" as a dependency. It didn't hep. Now I get "Ooops, something went wrong" and the white screen instead of the blank gdm screen. All GNOME requirements are enabled, including the /proc fs. Before applying it, it was the same story as for everybody: gdm seems to be loaded, I see the mouse and the standard GDM gray background. But no users or icons to click on. Basically as of right now, it is impossible to install Gnome an gdm on FreeBSD 13.1
(In reply to madwebness from comment #23) Some of that sounds like a separate report, bug 253746. (It's unfortunate that <https://www.freebsd.org/gnome/#_state_of_the_port> does not mention anything like this.) If you need orientation, please take one of the community options: <https://www.freebsd.org/community/> ---- Whilst here: post-closure triage.