From 6f172007452b39bfda5062fc29ea5382671ac16e Mon Sep 17 00:00:00 2001 From: Alexander Ried Date: Thu, 26 May 2016 19:54:21 +0200 Subject: [PATCH] Disable methods that change files in /etc Only if environment variable NIXOS_USERS_PURE is set. --- src/daemon.c | 10 ++++++++++ src/user.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/src/daemon.c b/src/daemon.c index 861430f..aefaf2d 100644 --- a/src/daemon.c +++ b/src/daemon.c @@ -1378,6 +1378,11 @@ daemon_create_user (AccountsAccounts *accounts, const gchar *real_name, gint account_type) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + Daemon *daemon = (Daemon *) accounts; CreateUserData *data; @@ -1581,6 +1586,11 @@ daemon_delete_user (AccountsAccounts *accounts, gint64 uid, gboolean remove_files) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + Daemon *daemon = (Daemon *) accounts; DeleteUserData *data; diff --git a/src/user.c b/src/user.c index 28170db..df947a1 100644 --- a/src/user.c +++ b/src/user.c @@ -1216,6 +1216,11 @@ user_set_real_name (AccountsUser *auser, GDBusMethodInvocation *context, const gchar *real_name) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; int uid; const gchar *action_id; @@ -1293,6 +1298,11 @@ user_set_user_name (AccountsUser *auser, GDBusMethodInvocation *context, const gchar *user_name) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; daemon_local_check_auth (user->daemon, @@ -1945,6 +1955,11 @@ user_set_home_directory (AccountsUser *auser, GDBusMethodInvocation *context, const gchar *home_dir) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; daemon_local_check_auth (user->daemon, @@ -2000,6 +2015,11 @@ user_set_shell (AccountsUser *auser, GDBusMethodInvocation *context, const gchar *shell) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; daemon_local_check_auth (user->daemon, @@ -2249,6 +2269,11 @@ user_set_locked (AccountsUser *auser, GDBusMethodInvocation *context, gboolean locked) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; daemon_local_check_auth (user->daemon, @@ -2457,6 +2482,11 @@ user_set_password_mode (AccountsUser *auser, GDBusMethodInvocation *context, gint mode) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; const gchar *action_id; gint uid; @@ -2550,6 +2580,11 @@ user_set_password (AccountsUser *auser, const gchar *password, const gchar *hint) { + if (getenv("NIXOS_USERS_PURE")) { + throw_error (context, ERROR_NOT_SUPPORTED, "Modifying users not supported without users.mutableUsers"); + return; + } + User *user = (User *) auser; gchar **data; const gchar *action_id;