On Wed, Feb 22, 2017 at 03:27:00AM -0000, Yuan-Chen Cheng wrote: > I run the test case on xenial with the new package, it works fine and > the test case passed ! > > But as I replace step 7 to: > > close the "user accounts panel" and make sure we quit all instance of > unity-control-center, and launch "user accounts panel" again, and choose > to Re-open the password dialog as in step 4. > > Then the test failed with after re-launch user account panel in the way > > 1. can't ""Click "Unlock" at the top right, and enter the user's password."" > because the password is clear in step 5. > 2. if we just change the password without unlock first, the system request > password prompt "Authentication is required to change user data". Any > password won't work for it. Then I need to press 'cancel' button, then the > password is set, but user still in nopasswdlogin group. > > I propose we refine the bug description instead of open a new bug. Feel > free to propose otherwise.
TBH it's up to you. If you're saying this is a partial fix but doesn't fix the main part of the problem for you then you can either release this SRU and do another one to fix the rest of it, or block this one. It doesn't really matter to me. I would appreciate it if someone could help out on figuring out what the problem is here though. Is it something to do with deleting the password when you go to ACT_USER_PASSWORD_MODE_NONE? If so, what's the right thing to do? And also, what happens if you operate on a user other than the current one? -- Iain Lane [ i...@orangesquash.org.uk ] Debian Developer [ la...@debian.org ] Ubuntu Developer [ la...@ubuntu.com ] -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to unity-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1630156 Title: No password needed to Log in after cancel the password and then reset again Status in Light Display Manager: Invalid Status in OEM Priority Project: In Progress Status in OEM Priority Project trusty series: Confirmed Status in OEM Priority Project xenial series: Confirmed Status in unity-control-center package in Ubuntu: Fix Released Status in unity-control-center source package in Xenial: Fix Committed Status in unity-control-center source package in Yakkety: Fix Committed Bug description: [ Description ] If you use unity-control-center to set the current user from "Log in without a password" to having a password again, the user is not removed from the 'nopasswdlogin' UNIX group, and so can log in without a password still. [ Test case ] 1. Open the dash, type "User Accounts", open the user accounts panel of unity-control-center. 2. Make sure the current user (which must be an admin) is selected in the list of user's on the left hand side. 3. Click "Unlock" at the top right, and enter the user's password. 4. Click the dots to the right of "Password", to open the dialog where you can change the password mode. 5. In the combo box at the top, select "Log in without a password". Save the dialog. 6. Open a terminal, and execute `grep nopasswdlogin /etc/group'. Note that the current user is present. 7. Re-open the password dialog as in step 4. 8. Select "Set a password now", and set a password. Save the dialog. 9. Open a terminal, and execute `grep nopasswdlogin /etc/group'. At step 9, if the bug is present then the user will still be in the group. If it is fixed then the user will not. [ Fix ] unity-control-center's user-accounts panel contains a codepath to call `passwd' directly when changing the current user's password. There's another path when setting the password for a different user which uses AccountsService. In the former codepath, the AccountsService call required to remove the user from `nopasswdlogin' is not executed (act_user_set_password_mode (..., ACT_USER_PASSWORD_MODE_REGULAR)). The proposed fix (in the attached MP) is to always make this call when setting a password, even in this passwd case. [ QA ] Run the test case above. Additionally, - Try to use the dialog to change passwords without unlocking it. - Try to change both the current and another user's password. Make sure the nopasswdlogin membership is right at all times and the new password always gets applied (e.g. try logging out and in to check the settings). [ Regression potential ] The fix changes a couple of things - We now call act_user_set_password_mode () after running passwd. - We now call act_user_set_password () before act_user_set_password_mode (), which is the opposite of the previous order. AFAIK both of these changes are fine, but we should run the QA tests above to get confidence that they didn't break password setting. [ Original description ] 1. Go to path "System Setting --> User Accounts--> Unlock" to unlock system setting. 2. Click "Password --> Action --> Log in without password -->Change to clear Log in password. (as doing so, the user is added to group "nopasswdlogin") 3. Check that the user is in the nopasswdlogin group 4. Then do the similar action "Set a password now" as the same way to set Log in password. 5. Check that the user is *not* in the nopasswdlogin group. The key problem is: it won't remove user from nopasswdlogin in step 4. At step 5, you are left in the group. To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/1630156/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
