packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

3.4: Update GDM patches

This commit is contained in:
Colin Walters 2012-04-29 12:32:37 -04:00
parent d4321629f4
commit ce0b639d64
5 changed files with 350 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
gnomeos/3.4/gdm-debug-prints.patch Normal file
View File

@ -0,0 +1,58 @@
From f69ea96257d7ff6b1a90e63e6597f0c49e4b0288 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sun, 29 Apr 2012 09:04:02 -0400
Subject: [PATCH 2/3] daemon: Add some more PAM g_debug() prints
Hopefully helpful later for whoever has to debug PAM stuff.
https://bugzilla.gnome.org/show_bug.cgi?id=675086
---
daemon/gdm-session-worker.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
index 57f1071..28f0cb0 100644
--- a/daemon/gdm-session-worker.c
+++ b/daemon/gdm-session-worker.c
@@ -1084,7 +1084,10 @@ gdm_session_worker_initialize_pam (GdmSessionWorker *worker,
g_assert (worker->priv->pam_handle == NULL);
- g_debug ("GdmSessionWorker: initializing PAM");
+ g_debug ("GdmSessionWorker: initializing PAM; service=%s username=%s seat=%s",
+ service ? service : "(null)",
+ username ? username : "(null)",
+ seat_id ? seat_id : "(null)");
pam_conversation.conv = (GdmSessionWorkerPamNewMessagesFunc) gdm_session_worker_pam_new_messages_handler;
pam_conversation.appdata_ptr = worker;
@@ -1273,7 +1276,8 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker,
int error_code;
int authentication_flags;
- g_debug ("GdmSessionWorker: determining if authenticated user is authorized to session");
+ g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session",
+ password_is_required);
authentication_flags = 0;
@@ -1288,6 +1292,7 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker,
/* it's possible that the user needs to change their password or pin code
*/
if (error_code == PAM_NEW_AUTHTOK_REQD && !worker->priv->is_program_session) {
+ g_debug ("GdmSessionWorker: authenticated user requires new auth token");
error_code = pam_chauthtok (worker->priv->pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
gdm_session_worker_get_username (worker, NULL);
@@ -1664,7 +1669,7 @@ session_worker_child_watch (GPid pid,
static void
gdm_session_worker_watch_child (GdmSessionWorker *worker)
{
-
+ g_debug ("GdmSession worker: watching pid %d", worker->priv->child_pid);
worker->priv->child_watch_id = g_child_watch_add (worker->priv->child_pid,
(GChildWatchFunc)session_worker_child_watch,
worker);
--
1.7.7.6

10
gnomeos/3.4/gdm-disable-documentation.patch
View File

@ -1,11 +1,13 @@
From 06a5d03ae1abd70fd0f5c6eb37ce26dee1490f7d Mon Sep 17 00:00:00 2001 From ddd83d47165c73e4678f666986abdb6f3f0b8223 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org> From: Colin Walters <walters@verbum.org>
Date: Sun, 15 Jan 2012 16:49:07 -0500 Date: Sun, 15 Jan 2012 16:49:07 -0500
Subject: [PATCH] build: Add --disable-documentation Subject: [PATCH 1/3] build: Add --disable-documentation
Documentation is the source of many cyclical build loops. Allow Documentation is the source of many cyclical build loops. Allow
operating system builders to manually cut these cycles initially operating system builders to manually cut these cycles initially
by disabling documentation for a first pass. by disabling documentation for a first pass.
https://bugzilla.gnome.org/show_bug.cgi?id=675087
--- ---
Makefile.am | 4 +++- Makefile.am | 4 +++-
configure.ac | 4 ++++ configure.ac | 4 ++++
@ -32,7 +34,7 @@ index f522f40..2d0443d 100644
# add these when help gets added back # add these when help gets added back
# omf-install # omf-install
diff --git a/configure.ac b/configure.ac diff --git a/configure.ac b/configure.ac
index 3c94f94..f3934a5 100644 index c35ad8c..35e6e04 100644
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -44,6 +44,10 @@ AC_CONFIG_MACRO_DIR([m4]) @@ -44,6 +44,10 @@ AC_CONFIG_MACRO_DIR([m4])
@ -47,5 +49,5 @@ index 3c94f94..f3934a5 100644
GETTEXT_PACKAGE=gdm GETTEXT_PACKAGE=gdm
AC_SUBST(GETTEXT_PACKAGE) AC_SUBST(GETTEXT_PACKAGE)
-- --
1.7.6.5 1.7.7.6

71
gnomeos/3.4/gdm-pam-auth.patch
View File

@ -1,71 +0,0 @@
From d774559ac7d40d2c1d57bcf7d3647a48b3a9c5ec Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 20 Jan 2012 17:23:05 -0500
Subject: [PATCH] gdm: Switch to use common- auth
---
data/gdm | 15 ++++-----------
data/gdm-autologin | 13 ++++---------
data/gdm-welcome | 10 +++-------
3 files changed, 11 insertions(+), 27 deletions(-)
diff --git a/data/gdm b/data/gdm
index 58c397d..44d509b 100644
--- a/data/gdm
+++ b/data/gdm
@@ -1,12 +1,5 @@
#%PAM-1.0
-auth required pam_env.so
-auth required pam_succeed_if.so user != root quiet
-auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
-auth include system-auth
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session optional pam_keyinit.so force revoke
-session include system-auth
-session required pam_loginuid.so
-session optional pam_console.so
+auth include common-auth
+account include common-auth
+password include common-auth
+session include common-auth
diff --git a/data/gdm-autologin b/data/gdm-autologin
index c4e598a..44d509b 100644
--- a/data/gdm-autologin
+++ b/data/gdm-autologin
@@ -1,10 +1,5 @@
#%PAM-1.0
-auth required pam_env.so
-auth required pam_permit.so
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session optional pam_keyinit.so force revoke
-session include system-auth
-session required pam_loginuid.so
-session optional pam_console.so
+auth include common-auth
+account include common-auth
+password include common-auth
+session include common-auth
diff --git a/data/gdm-welcome b/data/gdm-welcome
index b301f4f..29a6746 100644
--- a/data/gdm-welcome
+++ b/data/gdm-welcome
@@ -1,9 +1,5 @@
#%PAM-1.0
-auth required pam_env.so
auth required pam_permit.so
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session required pam_loginuid.so
-session optional pam_keyinit.so force revoke
-session include system-auth
+account include common-auth
+password include common-auth
+session include common-auth
--
1.7.6.5

282
gnomeos/3.4/gdm-pam-config.patch Normal file
View File

@ -0,0 +1,282 @@
From 5239bd5782ba083f30d3667e038b7c44f2f579c9 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 27 Apr 2012 18:34:39 -0400
Subject: [PATCH 3/3] Add --with-default-pam-config option
The PAM files that ship with GDM are really specific to Red Hat's
historical fork of pam. For example, the "system-auth" file still
lives in the Fedora 17 "pam" git.
Add new PAM files (which may still not work for everybody, but hey,
it's a starting point) that should be somewhat useful for people who
build with "Linux PAM" upstream, which uses "common-*" prefixes.
The default is still to use the Red Hat PAM files for backwards
compatibility.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
---
configure.ac | 17 +++++++++++++++++
data/Makefile.am | 33 +++++++++++++++++++++------------
data/gdm | 12 ------------
data/gdm-autologin | 10 ----------
data/gdm-welcome | 9 ---------
data/pam-linux/gdm | 12 ++++++++++++
data/pam-linux/gdm-autologin | 10 ++++++++++
data/pam-linux/gdm-welcome | 9 +++++++++
data/pam-redhat/gdm | 12 ++++++++++++
data/pam-redhat/gdm-autologin | 10 ++++++++++
data/pam-redhat/gdm-welcome | 9 +++++++++
11 files changed, 100 insertions(+), 43 deletions(-)
delete mode 100644 data/gdm
delete mode 100644 data/gdm-autologin
delete mode 100644 data/gdm-welcome
create mode 100644 data/pam-linux/gdm
create mode 100644 data/pam-linux/gdm-autologin
create mode 100644 data/pam-linux/gdm-welcome
create mode 100644 data/pam-redhat/gdm
create mode 100644 data/pam-redhat/gdm-autologin
create mode 100644 data/pam-redhat/gdm-welcome
diff --git a/configure.ac b/configure.ac
index 35e6e04..21e44e0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -226,6 +226,23 @@ if test x$enable_split_authentication = xyes; then
AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled])
fi
+AC_ARG_WITH(default-pam-config,
+ AS_HELP_STRING([--with-default-pam-config: One of redhat, linux @<:@default=redhat@:>@]),
+ with_default_pam_config=${withval}, with_default_pam_config=redhat)
+case x$with_default_pam_config in
+ xredhat|xlinux) ;;
+ *)
+ AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}])
+ exit 1
+ ;;
+esac
+AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredhat)
+AM_CONDITIONAL(ENABLE_LINUX_PAM_CONFIG, test x$with_default_pam_config = xlinux)
+
+if test x$enable_split_authentication = xyes; then
+ AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled])
+fi
+
AC_ARG_ENABLE(console-helper,
AS_HELP_STRING([--enable-console-helper],
[Enable PAM console helper @<:@default=auto@:>@]),,
diff --git a/data/Makefile.am b/data/Makefile.am
index f0d00bf..e940d71 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -1,5 +1,6 @@
NULL =
+EXTRA_DIST =
SUBDIRS = \
applications \
pixmaps \
@@ -97,7 +98,19 @@ gdm-smartcard: gdm-smartcard.pam
pamdir = $(PAM_PREFIX)/pam.d
pam_DATA = gdm-fingerprint gdm-smartcard
-EXTRA_DIST = \
+pam_redhat_files = pam-redhat/gdm pam-redhat/gdm-autologin pam-redhat/gdm-welcome
+EXTRA_DIST += $(pam_redhat_files)
+pam_linux_files = pam-linux/gdm pam-linux/gdm-autologin pam-linux/gdm-welcome
+EXTRA_DIST += $(pam_linux_files)
+
+if ENABLE_REDHAT_PAM_CONFIG
+pam_files = $(pam_redhat_files)
+endif
+if ENABLE_LINUX_PAM_CONFIG
+pam_files = $(pam_linux_files)
+endif
+
+EXTRA_DIST += \
$(schemas_in_files) \
$(schemas_DATA) \
$(dbusconf_in_files) \
@@ -105,9 +118,6 @@ EXTRA_DIST = \
gdm.schemas.in.in \
gdm.conf-custom.in \
Xsession.in \
- gdm \
- gdm-autologin \
- gdm-welcome \
gdm-fingerprint.pam \
gdm-smartcard.pam \
gdm-fallback.session \
@@ -233,14 +243,13 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession 00-upstr
$(mkinstalldirs) $(DESTDIR)$(PAM_PREFIX)/pam.d; \
chmod 755 $(DESTDIR)$(PAM_PREFIX)/pam.d; \
fi; \
- if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm; then \
- $(INSTALL_DATA) $(srcdir)/gdm $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm; \
- fi; \
- if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; then \
- $(INSTALL_DATA) $(srcdir)/gdm-autologin $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; \
- fi; \
- if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-welcome; then \
- $(INSTALL_DATA) $(srcdir)/gdm-welcome $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-welcome; \
+ if test $$system = Linux; then \
+ for file in $(pam_files); do \
+ bn=$$(basename $$file); \
+ if test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; then \
+ $(INSTALL_DATA) $(srcdir)/$$file $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; \
+ fi; \
+ done; \
fi; \
if test $$system = SunOS; then \
echo "Please add PAM authentication for gdm, gdm-autologin and gdm-welcome in $(PAM_PREFIX)/pam.conf!"; \
diff --git a/data/gdm b/data/gdm
deleted file mode 100644
index 58c397d..0000000
--- a/data/gdm
+++ /dev/null
@@ -1,12 +0,0 @@
-#%PAM-1.0
-auth required pam_env.so
-auth required pam_succeed_if.so user != root quiet
-auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
-auth include system-auth
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session optional pam_keyinit.so force revoke
-session include system-auth
-session required pam_loginuid.so
-session optional pam_console.so
diff --git a/data/gdm-autologin b/data/gdm-autologin
deleted file mode 100644
index c4e598a..0000000
--- a/data/gdm-autologin
+++ /dev/null
@@ -1,10 +0,0 @@
-#%PAM-1.0
-auth required pam_env.so
-auth required pam_permit.so
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session optional pam_keyinit.so force revoke
-session include system-auth
-session required pam_loginuid.so
-session optional pam_console.so
diff --git a/data/gdm-welcome b/data/gdm-welcome
deleted file mode 100644
index b301f4f..0000000
--- a/data/gdm-welcome
+++ /dev/null
@@ -1,9 +0,0 @@
-#%PAM-1.0
-auth required pam_env.so
-auth required pam_permit.so
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session required pam_loginuid.so
-session optional pam_keyinit.so force revoke
-session include system-auth
diff --git a/data/pam-linux/gdm b/data/pam-linux/gdm
new file mode 100644
index 0000000..de223de
--- /dev/null
+++ b/data/pam-linux/gdm
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_succeed_if.so user != root quiet
+auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
+auth include common-auth
+account required pam_nologin.so
+account include common-account
+password include common-password
+session optional pam_keyinit.so force revoke
+session include common-session
+session required pam_loginuid.so
+session optional pam_console.so
diff --git a/data/pam-linux/gdm-autologin b/data/pam-linux/gdm-autologin
new file mode 100644
index 0000000..32d5248
--- /dev/null
+++ b/data/pam-linux/gdm-autologin
@@ -0,0 +1,10 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+account required pam_nologin.so
+account include common-auth
+password include common-auth
+session optional pam_keyinit.so force revoke
+session include common-session
+session required pam_loginuid.so
+session optional pam_console.so
diff --git a/data/pam-linux/gdm-welcome b/data/pam-linux/gdm-welcome
new file mode 100644
index 0000000..602217b
--- /dev/null
+++ b/data/pam-linux/gdm-welcome
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+account required pam_nologin.so
+account include common-account
+password include common-auth
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session include common-session
diff --git a/data/pam-redhat/gdm b/data/pam-redhat/gdm
new file mode 100644
index 0000000..58c397d
--- /dev/null
+++ b/data/pam-redhat/gdm
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_succeed_if.so user != root quiet
+auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
+auth include system-auth
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session optional pam_keyinit.so force revoke
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
diff --git a/data/pam-redhat/gdm-autologin b/data/pam-redhat/gdm-autologin
new file mode 100644
index 0000000..c4e598a
--- /dev/null
+++ b/data/pam-redhat/gdm-autologin
@@ -0,0 +1,10 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session optional pam_keyinit.so force revoke
+session include system-auth
+session required pam_loginuid.so
+session optional pam_console.so
diff --git a/data/pam-redhat/gdm-welcome b/data/pam-redhat/gdm-welcome
new file mode 100644
index 0000000..b301f4f
--- /dev/null
+++ b/data/pam-redhat/gdm-welcome
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session include system-auth
--
1.7.7.6

5
gnomeos/3.4/gnomeos-3.4-src.json
View File

@ -676,9 +676,12 @@
{"src": "gnome:gdm", {"src": "gnome:gdm",
"config-opts": ["--disable-documentation", "config-opts": ["--disable-documentation",
"--disable-split-authentication",
"--with-default-pam-config=linux",
"--with-consolekit"], "--with-consolekit"],
"patches": ["gdm-disable-documentation.patch", "patches": ["gdm-disable-documentation.patch",
"gdm-pam-auth.patch"]}, "gdm-debug-prints.patch",
"gdm-pam-config.patch"]},
{"src": "fd-telepathy:telepathy-logger", {"src": "fd-telepathy:telepathy-logger",
"branch": "telepathy-logger-0.2.12", "branch": "telepathy-logger-0.2.12",