cinnamon-settings-users: User dialog holds if user creates a user that already exists

For Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985138

I have a debdiff/patch for this, based on two commits-one is the actual patch and another one is a localization fix. I put them into one if whoever reviews doesn't mind.

The attachment "cinnamon_4.4.8-4ubuntu0.3.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Groovy patch. The patch file is the same, this is just really an adjusted changelog and patch file name.

Could you please add SRU information to this bug report? Once that is done I'll be happy to sponsor it!

I'm not that interested in groovy/hirsute, but feel free to play with it if you *really* wish.

 $ dput cinnamon_4.8.6-2ubuntu0.1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /tmp/pkgs/impish/cinnamon_4.8.6-2ubuntu0.1_source.changes: Valid signature from 1E918B66765B3E31
Checking signature on .dsc
gpg: /tmp/pkgs/impish/cinnamon_4.8.6-2ubuntu0.1.dsc: Valid signature from 1E918B66765B3E31
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading cinnamon_4.8.6-2ubuntu0.1.dsc: done.
  Uploading cinnamon_4.8.6-2ubuntu0.1.debian.tar.xz: done.
  Uploading cinnamon_4.8.6-2ubuntu0.1_source.buildinfo: done.
  Uploading cinnamon_4.8.6-2ubuntu0.1_source.changes: done.
Successfully uploaded packages.

This now awaiting review by the SRU team.

is there any risk here that enumerating the users, in environments where a large number of users are visible to the system (AD realms, etc), will cause all user creation to be slow here? I would normally expect either to do a try and then catch whatever exception is raised when trying to create an already-existing user, or else to query for the exact username from the backend to find out whether it exists rather than enumerating. (Basically, one of the two options already listed in https://github.com/linuxmint/cinnamon/issues/9494#issue-667846043.) I see that this is already committed upstream, but I still have reservations about making a change such as this in SRU because of the risk that making a change that fixes behavior when the user has made an uncommon error (conflicting username) could impact all users in certain environments (AD realms) that haven't committed an error.

An upload of cinnamon to impish-proposed has been rejected from the upload queue for the following reason: "No answer to request for clarification in over a month: https://bugs.launchpad.net/ubuntu/+source/cinnamon/+bug/1919026/comments/9".

Hello, I've been busy with school and life - Cinnamon 5.2 is currently WIP in Debian experimental

This shouldn't slow anything down significantly. The only slowing that could happen is processing and checking the issue on info change.

I can agree that this may not be as important but it shouldn't cause any error. I tested the patch a lot before I finished submitting it to LM and I think it will be fine for Ubuntu.

Vorlon: In response to your question, it probably could cause performance impacts if it was like, 100 accounts. But there are already a lot of users taken in the system. ~40 on my laptop. CS users cycles through all of them. Why would adding one or two more cause a big performance issue? Unless for some reason there are already an insane amount of users I find it unlikely this would happen.

But I suppose it could cause the application to just freeze, potentially DoS if a local attacker or for some reason like 1000 accounts exist on the machine. But again, why would anyone do that?

The point is that if the system is joined to an Active Directory realm, enumerating the list of users may mean going through tens of thousands of users. This is not a question of adding "one or two more users", and saying that you've tested it on systems with less than 100 accounts does not address this concern.

Sorry for late response.

I have not tested that; and I do not know if I can. Maybe my dad's workplace computers (which is at a university) can be able to help but I don't know.

And I guess it could cause the program to freeze up which may not be the best idea.

Not entirely sure what to think of this as to whether it should be SRU'd or not.

Ubuntu 21.10 (Impish Indri) has reached end of life, so this bug will not be fixed for that specific release.