From ce0b639d646106abc37227194b08a80b592982f8 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sun, 29 Apr 2012 12:32:37 -0400 Subject: [PATCH] 3.4: Update GDM patches --- gnomeos/3.4/gdm-debug-prints.patch | 58 ++++ gnomeos/3.4/gdm-disable-documentation.patch | 10 +- gnomeos/3.4/gdm-pam-auth.patch | 71 ----- gnomeos/3.4/gdm-pam-config.patch | 282 ++++++++++++++++++++ gnomeos/3.4/gnomeos-3.4-src.json | 5 +- 5 files changed, 350 insertions(+), 76 deletions(-) create mode 100644 gnomeos/3.4/gdm-debug-prints.patch delete mode 100644 gnomeos/3.4/gdm-pam-auth.patch create mode 100644 gnomeos/3.4/gdm-pam-config.patch diff --git a/gnomeos/3.4/gdm-debug-prints.patch b/gnomeos/3.4/gdm-debug-prints.patch new file mode 100644 index 00000000..22093a8e --- /dev/null +++ b/gnomeos/3.4/gdm-debug-prints.patch @@ -0,0 +1,58 @@ +From f69ea96257d7ff6b1a90e63e6597f0c49e4b0288 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Sun, 29 Apr 2012 09:04:02 -0400 +Subject: [PATCH 2/3] daemon: Add some more PAM g_debug() prints + +Hopefully helpful later for whoever has to debug PAM stuff. + +https://bugzilla.gnome.org/show_bug.cgi?id=675086 +--- + daemon/gdm-session-worker.c | 11 ++++++++--- + 1 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c +index 57f1071..28f0cb0 100644 +--- a/daemon/gdm-session-worker.c ++++ b/daemon/gdm-session-worker.c +@@ -1084,7 +1084,10 @@ gdm_session_worker_initialize_pam (GdmSessionWorker *worker, + + g_assert (worker->priv->pam_handle == NULL); + +- g_debug ("GdmSessionWorker: initializing PAM"); ++ g_debug ("GdmSessionWorker: initializing PAM; service=%s username=%s seat=%s", ++ service ? service : "(null)", ++ username ? username : "(null)", ++ seat_id ? seat_id : "(null)"); + + pam_conversation.conv = (GdmSessionWorkerPamNewMessagesFunc) gdm_session_worker_pam_new_messages_handler; + pam_conversation.appdata_ptr = worker; +@@ -1273,7 +1276,8 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker, + int error_code; + int authentication_flags; + +- g_debug ("GdmSessionWorker: determining if authenticated user is authorized to session"); ++ g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session", ++ password_is_required); + + authentication_flags = 0; + +@@ -1288,6 +1292,7 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker, + /* it's possible that the user needs to change their password or pin code + */ + if (error_code == PAM_NEW_AUTHTOK_REQD && !worker->priv->is_program_session) { ++ g_debug ("GdmSessionWorker: authenticated user requires new auth token"); + error_code = pam_chauthtok (worker->priv->pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK); + + gdm_session_worker_get_username (worker, NULL); +@@ -1664,7 +1669,7 @@ session_worker_child_watch (GPid pid, + static void + gdm_session_worker_watch_child (GdmSessionWorker *worker) + { +- ++ g_debug ("GdmSession worker: watching pid %d", worker->priv->child_pid); + worker->priv->child_watch_id = g_child_watch_add (worker->priv->child_pid, + (GChildWatchFunc)session_worker_child_watch, + worker); +-- +1.7.7.6 + diff --git a/gnomeos/3.4/gdm-disable-documentation.patch b/gnomeos/3.4/gdm-disable-documentation.patch index dd0e7024..6f552e91 100644 --- a/gnomeos/3.4/gdm-disable-documentation.patch +++ b/gnomeos/3.4/gdm-disable-documentation.patch @@ -1,11 +1,13 @@ -From 06a5d03ae1abd70fd0f5c6eb37ce26dee1490f7d Mon Sep 17 00:00:00 2001 +From ddd83d47165c73e4678f666986abdb6f3f0b8223 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sun, 15 Jan 2012 16:49:07 -0500 -Subject: [PATCH] build: Add --disable-documentation +Subject: [PATCH 1/3] build: Add --disable-documentation Documentation is the source of many cyclical build loops. Allow operating system builders to manually cut these cycles initially by disabling documentation for a first pass. + +https://bugzilla.gnome.org/show_bug.cgi?id=675087 --- Makefile.am | 4 +++- configure.ac | 4 ++++ @@ -32,7 +34,7 @@ index f522f40..2d0443d 100644 # add these when help gets added back # omf-install diff --git a/configure.ac b/configure.ac -index 3c94f94..f3934a5 100644 +index c35ad8c..35e6e04 100644 --- a/configure.ac +++ b/configure.ac @@ -44,6 +44,10 @@ AC_CONFIG_MACRO_DIR([m4]) @@ -47,5 +49,5 @@ index 3c94f94..f3934a5 100644 GETTEXT_PACKAGE=gdm AC_SUBST(GETTEXT_PACKAGE) -- -1.7.6.5 +1.7.7.6 diff --git a/gnomeos/3.4/gdm-pam-auth.patch b/gnomeos/3.4/gdm-pam-auth.patch deleted file mode 100644 index 75fefa8a..00000000 --- a/gnomeos/3.4/gdm-pam-auth.patch +++ /dev/null @@ -1,71 +0,0 @@ -From d774559ac7d40d2c1d57bcf7d3647a48b3a9c5ec Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Fri, 20 Jan 2012 17:23:05 -0500 -Subject: [PATCH] gdm: Switch to use common- auth - ---- - data/gdm | 15 ++++----------- - data/gdm-autologin | 13 ++++--------- - data/gdm-welcome | 10 +++------- - 3 files changed, 11 insertions(+), 27 deletions(-) - -diff --git a/data/gdm b/data/gdm -index 58c397d..44d509b 100644 ---- a/data/gdm -+++ b/data/gdm -@@ -1,12 +1,5 @@ - #%PAM-1.0 --auth required pam_env.so --auth required pam_succeed_if.so user != root quiet --auth sufficient pam_succeed_if.so user ingroup nopasswdlogin --auth include system-auth --account required pam_nologin.so --account include system-auth --password include system-auth --session optional pam_keyinit.so force revoke --session include system-auth --session required pam_loginuid.so --session optional pam_console.so -+auth include common-auth -+account include common-auth -+password include common-auth -+session include common-auth -diff --git a/data/gdm-autologin b/data/gdm-autologin -index c4e598a..44d509b 100644 ---- a/data/gdm-autologin -+++ b/data/gdm-autologin -@@ -1,10 +1,5 @@ - #%PAM-1.0 --auth required pam_env.so --auth required pam_permit.so --account required pam_nologin.so --account include system-auth --password include system-auth --session optional pam_keyinit.so force revoke --session include system-auth --session required pam_loginuid.so --session optional pam_console.so -+auth include common-auth -+account include common-auth -+password include common-auth -+session include common-auth -diff --git a/data/gdm-welcome b/data/gdm-welcome -index b301f4f..29a6746 100644 ---- a/data/gdm-welcome -+++ b/data/gdm-welcome -@@ -1,9 +1,5 @@ - #%PAM-1.0 --auth required pam_env.so - auth required pam_permit.so --account required pam_nologin.so --account include system-auth --password include system-auth --session required pam_loginuid.so --session optional pam_keyinit.so force revoke --session include system-auth -+account include common-auth -+password include common-auth -+session include common-auth --- -1.7.6.5 - diff --git a/gnomeos/3.4/gdm-pam-config.patch b/gnomeos/3.4/gdm-pam-config.patch new file mode 100644 index 00000000..7ff24b7b --- /dev/null +++ b/gnomeos/3.4/gdm-pam-config.patch @@ -0,0 +1,282 @@ +From 5239bd5782ba083f30d3667e038b7c44f2f579c9 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Fri, 27 Apr 2012 18:34:39 -0400 +Subject: [PATCH 3/3] Add --with-default-pam-config option + +The PAM files that ship with GDM are really specific to Red Hat's +historical fork of pam. For example, the "system-auth" file still +lives in the Fedora 17 "pam" git. + +Add new PAM files (which may still not work for everybody, but hey, +it's a starting point) that should be somewhat useful for people who +build with "Linux PAM" upstream, which uses "common-*" prefixes. + +The default is still to use the Red Hat PAM files for backwards +compatibility. + +https://bugzilla.gnome.org/show_bug.cgi?id=675085 +--- + configure.ac | 17 +++++++++++++++++ + data/Makefile.am | 33 +++++++++++++++++++++------------ + data/gdm | 12 ------------ + data/gdm-autologin | 10 ---------- + data/gdm-welcome | 9 --------- + data/pam-linux/gdm | 12 ++++++++++++ + data/pam-linux/gdm-autologin | 10 ++++++++++ + data/pam-linux/gdm-welcome | 9 +++++++++ + data/pam-redhat/gdm | 12 ++++++++++++ + data/pam-redhat/gdm-autologin | 10 ++++++++++ + data/pam-redhat/gdm-welcome | 9 +++++++++ + 11 files changed, 100 insertions(+), 43 deletions(-) + delete mode 100644 data/gdm + delete mode 100644 data/gdm-autologin + delete mode 100644 data/gdm-welcome + create mode 100644 data/pam-linux/gdm + create mode 100644 data/pam-linux/gdm-autologin + create mode 100644 data/pam-linux/gdm-welcome + create mode 100644 data/pam-redhat/gdm + create mode 100644 data/pam-redhat/gdm-autologin + create mode 100644 data/pam-redhat/gdm-welcome + +diff --git a/configure.ac b/configure.ac +index 35e6e04..21e44e0 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -226,6 +226,23 @@ if test x$enable_split_authentication = xyes; then + AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled]) + fi + ++AC_ARG_WITH(default-pam-config, ++ AS_HELP_STRING([--with-default-pam-config: One of redhat, linux @<:@default=redhat@:>@]), ++ with_default_pam_config=${withval}, with_default_pam_config=redhat) ++case x$with_default_pam_config in ++ xredhat|xlinux) ;; ++ *) ++ AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}]) ++ exit 1 ++ ;; ++esac ++AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredhat) ++AM_CONDITIONAL(ENABLE_LINUX_PAM_CONFIG, test x$with_default_pam_config = xlinux) ++ ++if test x$enable_split_authentication = xyes; then ++ AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled]) ++fi ++ + AC_ARG_ENABLE(console-helper, + AS_HELP_STRING([--enable-console-helper], + [Enable PAM console helper @<:@default=auto@:>@]),, +diff --git a/data/Makefile.am b/data/Makefile.am +index f0d00bf..e940d71 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -1,5 +1,6 @@ + NULL = + ++EXTRA_DIST = + SUBDIRS = \ + applications \ + pixmaps \ +@@ -97,7 +98,19 @@ gdm-smartcard: gdm-smartcard.pam + pamdir = $(PAM_PREFIX)/pam.d + pam_DATA = gdm-fingerprint gdm-smartcard + +-EXTRA_DIST = \ ++pam_redhat_files = pam-redhat/gdm pam-redhat/gdm-autologin pam-redhat/gdm-welcome ++EXTRA_DIST += $(pam_redhat_files) ++pam_linux_files = pam-linux/gdm pam-linux/gdm-autologin pam-linux/gdm-welcome ++EXTRA_DIST += $(pam_linux_files) ++ ++if ENABLE_REDHAT_PAM_CONFIG ++pam_files = $(pam_redhat_files) ++endif ++if ENABLE_LINUX_PAM_CONFIG ++pam_files = $(pam_linux_files) ++endif ++ ++EXTRA_DIST += \ + $(schemas_in_files) \ + $(schemas_DATA) \ + $(dbusconf_in_files) \ +@@ -105,9 +118,6 @@ EXTRA_DIST = \ + gdm.schemas.in.in \ + gdm.conf-custom.in \ + Xsession.in \ +- gdm \ +- gdm-autologin \ +- gdm-welcome \ + gdm-fingerprint.pam \ + gdm-smartcard.pam \ + gdm-fallback.session \ +@@ -233,14 +243,13 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession 00-upstr + $(mkinstalldirs) $(DESTDIR)$(PAM_PREFIX)/pam.d; \ + chmod 755 $(DESTDIR)$(PAM_PREFIX)/pam.d; \ + fi; \ +- if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm; then \ +- $(INSTALL_DATA) $(srcdir)/gdm $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm; \ +- fi; \ +- if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; then \ +- $(INSTALL_DATA) $(srcdir)/gdm-autologin $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; \ +- fi; \ +- if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-welcome; then \ +- $(INSTALL_DATA) $(srcdir)/gdm-welcome $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-welcome; \ ++ if test $$system = Linux; then \ ++ for file in $(pam_files); do \ ++ bn=$$(basename $$file); \ ++ if test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; then \ ++ $(INSTALL_DATA) $(srcdir)/$$file $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; \ ++ fi; \ ++ done; \ + fi; \ + if test $$system = SunOS; then \ + echo "Please add PAM authentication for gdm, gdm-autologin and gdm-welcome in $(PAM_PREFIX)/pam.conf!"; \ +diff --git a/data/gdm b/data/gdm +deleted file mode 100644 +index 58c397d..0000000 +--- a/data/gdm ++++ /dev/null +@@ -1,12 +0,0 @@ +-#%PAM-1.0 +-auth required pam_env.so +-auth required pam_succeed_if.so user != root quiet +-auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +-auth include system-auth +-account required pam_nologin.so +-account include system-auth +-password include system-auth +-session optional pam_keyinit.so force revoke +-session include system-auth +-session required pam_loginuid.so +-session optional pam_console.so +diff --git a/data/gdm-autologin b/data/gdm-autologin +deleted file mode 100644 +index c4e598a..0000000 +--- a/data/gdm-autologin ++++ /dev/null +@@ -1,10 +0,0 @@ +-#%PAM-1.0 +-auth required pam_env.so +-auth required pam_permit.so +-account required pam_nologin.so +-account include system-auth +-password include system-auth +-session optional pam_keyinit.so force revoke +-session include system-auth +-session required pam_loginuid.so +-session optional pam_console.so +diff --git a/data/gdm-welcome b/data/gdm-welcome +deleted file mode 100644 +index b301f4f..0000000 +--- a/data/gdm-welcome ++++ /dev/null +@@ -1,9 +0,0 @@ +-#%PAM-1.0 +-auth required pam_env.so +-auth required pam_permit.so +-account required pam_nologin.so +-account include system-auth +-password include system-auth +-session required pam_loginuid.so +-session optional pam_keyinit.so force revoke +-session include system-auth +diff --git a/data/pam-linux/gdm b/data/pam-linux/gdm +new file mode 100644 +index 0000000..de223de +--- /dev/null ++++ b/data/pam-linux/gdm +@@ -0,0 +1,12 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_succeed_if.so user != root quiet ++auth sufficient pam_succeed_if.so user ingroup nopasswdlogin ++auth include common-auth ++account required pam_nologin.so ++account include common-account ++password include common-password ++session optional pam_keyinit.so force revoke ++session include common-session ++session required pam_loginuid.so ++session optional pam_console.so +diff --git a/data/pam-linux/gdm-autologin b/data/pam-linux/gdm-autologin +new file mode 100644 +index 0000000..32d5248 +--- /dev/null ++++ b/data/pam-linux/gdm-autologin +@@ -0,0 +1,10 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_permit.so ++account required pam_nologin.so ++account include common-auth ++password include common-auth ++session optional pam_keyinit.so force revoke ++session include common-session ++session required pam_loginuid.so ++session optional pam_console.so +diff --git a/data/pam-linux/gdm-welcome b/data/pam-linux/gdm-welcome +new file mode 100644 +index 0000000..602217b +--- /dev/null ++++ b/data/pam-linux/gdm-welcome +@@ -0,0 +1,9 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_permit.so ++account required pam_nologin.so ++account include common-account ++password include common-auth ++session required pam_loginuid.so ++session optional pam_keyinit.so force revoke ++session include common-session +diff --git a/data/pam-redhat/gdm b/data/pam-redhat/gdm +new file mode 100644 +index 0000000..58c397d +--- /dev/null ++++ b/data/pam-redhat/gdm +@@ -0,0 +1,12 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_succeed_if.so user != root quiet ++auth sufficient pam_succeed_if.so user ingroup nopasswdlogin ++auth include system-auth ++account required pam_nologin.so ++account include system-auth ++password include system-auth ++session optional pam_keyinit.so force revoke ++session include system-auth ++session required pam_loginuid.so ++session optional pam_console.so +diff --git a/data/pam-redhat/gdm-autologin b/data/pam-redhat/gdm-autologin +new file mode 100644 +index 0000000..c4e598a +--- /dev/null ++++ b/data/pam-redhat/gdm-autologin +@@ -0,0 +1,10 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_permit.so ++account required pam_nologin.so ++account include system-auth ++password include system-auth ++session optional pam_keyinit.so force revoke ++session include system-auth ++session required pam_loginuid.so ++session optional pam_console.so +diff --git a/data/pam-redhat/gdm-welcome b/data/pam-redhat/gdm-welcome +new file mode 100644 +index 0000000..b301f4f +--- /dev/null ++++ b/data/pam-redhat/gdm-welcome +@@ -0,0 +1,9 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_permit.so ++account required pam_nologin.so ++account include system-auth ++password include system-auth ++session required pam_loginuid.so ++session optional pam_keyinit.so force revoke ++session include system-auth +-- +1.7.7.6 + diff --git a/gnomeos/3.4/gnomeos-3.4-src.json b/gnomeos/3.4/gnomeos-3.4-src.json index fa1c79fa..39dd706e 100644 --- a/gnomeos/3.4/gnomeos-3.4-src.json +++ b/gnomeos/3.4/gnomeos-3.4-src.json @@ -676,9 +676,12 @@ {"src": "gnome:gdm", "config-opts": ["--disable-documentation", + "--disable-split-authentication", + "--with-default-pam-config=linux", "--with-consolekit"], "patches": ["gdm-disable-documentation.patch", - "gdm-pam-auth.patch"]}, + "gdm-debug-prints.patch", + "gdm-pam-config.patch"]}, {"src": "fd-telepathy:telepathy-logger", "branch": "telepathy-logger-0.2.12",