packages/gdm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add openEuler PAM config

Browse Source 
Signed-off-by: beta <beta@yfqm.date>
This commit is contained in:
beta 2023-12-01 23:37:08 +08:00
parent 8414708c48
commit 46b8815b87
No known key found for this signature in database
GPG Key ID: C7C3F9C0ED57B6CD
2 changed files with 213 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
9000-Add-openEuler-PAM-config.patch Normal file
View File

@ -0,0 +1,200 @@
From 9c23ccb58d4f31bf666010cf0c35116b96b2a3d9 Mon Sep 17 00:00:00 2001
From: beta <beta@yfqm.date>
Date: Fri, 1 Dec 2023 23:34:25 +0800
Subject: [PATCH] Add openEuler PAM config
Signed-off-by: beta <beta@yfqm.date>
---
data/meson.build | 8 ++++++++
data/pam-openeuler/gdm-autologin.pam | 15 ++++++++++++++
data/pam-openeuler/gdm-fingerprint.pam | 15 ++++++++++++++
data/pam-openeuler/gdm-launch-environment.pam | 9 +++++++++
data/pam-openeuler/gdm-password.pam | 19 ++++++++++++++++++
data/pam-openeuler/gdm-pin.pam | 20 +++++++++++++++++++
data/pam-openeuler/gdm-smartcard.pam | 15 ++++++++++++++
meson.build | 1 +
meson_options.txt | 2 +-
9 files changed, 103 insertions(+), 1 deletion(-)
create mode 100644 data/pam-openeuler/gdm-autologin.pam
create mode 100644 data/pam-openeuler/gdm-fingerprint.pam
create mode 100644 data/pam-openeuler/gdm-launch-environment.pam
create mode 100644 data/pam-openeuler/gdm-password.pam
create mode 100644 data/pam-openeuler/gdm-pin.pam
create mode 100644 data/pam-openeuler/gdm-smartcard.pam
diff --git a/data/meson.build b/data/meson.build
index 05a2011..bb79abe 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -137,6 +137,14 @@ pam_data_files_map = {
'gdm-password',
'gdm-pin',
],
+ 'openeuler': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-fingerprint',
+ 'gdm-smartcard',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
'none': [],
# We should no longer have 'autodetect' at this point
}
diff --git a/data/pam-openeuler/gdm-autologin.pam b/data/pam-openeuler/gdm-autologin.pam
new file mode 100644
index 0000000..97a4a13
--- /dev/null
+++ b/data/pam-openeuler/gdm-autologin.pam
@@ -0,0 +1,15 @@
+#%PAM-1.0
+auth [success=ok default=1] pam_gdm.so
+-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include system-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-openeuler/gdm-fingerprint.pam b/data/pam-openeuler/gdm-fingerprint.pam
new file mode 100644
index 0000000..628568e
--- /dev/null
+++ b/data/pam-openeuler/gdm-fingerprint.pam
@@ -0,0 +1,15 @@
+auth substack fingerprint-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include fingerprint-auth
+
+password include fingerprint-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include fingerprint-auth
+session include postlogin
diff --git a/data/pam-openeuler/gdm-launch-environment.pam b/data/pam-openeuler/gdm-launch-environment.pam
new file mode 100644
index 0000000..2e9ea2b
--- /dev/null
+++ b/data/pam-openeuler/gdm-launch-environment.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+auth include postlogin
+account required pam_permit.so
+password required pam_permit.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session include postlogin
diff --git a/data/pam-openeuler/gdm-password.pam b/data/pam-openeuler/gdm-password.pam
new file mode 100644
index 0000000..c75da00
--- /dev/null
+++ b/data/pam-openeuler/gdm-password.pam
@@ -0,0 +1,19 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password substack password-auth
+-password optional pam_gnome_keyring.so use_authtok
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-openeuler/gdm-pin.pam b/data/pam-openeuler/gdm-pin.pam
new file mode 100644
index 0000000..66277d3
--- /dev/null
+++ b/data/pam-openeuler/gdm-pin.pam
@@ -0,0 +1,20 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth requisite pam_pin.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+password optional pam_pin.so
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-openeuler/gdm-smartcard.pam b/data/pam-openeuler/gdm-smartcard.pam
new file mode 100644
index 0000000..3264a71
--- /dev/null
+++ b/data/pam-openeuler/gdm-smartcard.pam
@@ -0,0 +1,15 @@
+auth substack smartcard-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include smartcard-auth
+
+password include smartcard-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include smartcard-auth
+session include postlogin
diff --git a/meson.build b/meson.build
index 4ace94b..49618e1 100644
--- a/meson.build
+++ b/meson.build
@@ -172,6 +172,7 @@ if default_pam_config == 'autodetect'
'/etc/exherbo-release': 'exherbo',
'/etc/arch-release': 'arch',
'/etc/lfs-release': 'lfs',
+ '/etc/openEuler-release': 'openeuler',
}
foreach _file, _pam_conf : pam_autodetect_map
diff --git a/meson_options.txt b/meson_options.txt
index 49550bc..3c07d16 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -2,7 +2,7 @@ option('at-spi-registryd-dir', type: 'string', value: '', description: 'Specify
option('check-accelerated-dir', type: 'string', value: '', description: 'Specify the directory of gnome-session-check-accelerated.')
option('custom-conf', type: 'string', value: '', description: 'Filename to give to custom configuration file.')
option('dbus-sys', type: 'string', value: '', description: 'Where D-Bus systemd directory is.')
-option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'none'], value: 'autodetect', description: '')
+option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'openeuler', 'none'], value: 'autodetect', description: '')
option('default-path', type: 'string', value: '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin', description: 'Path GDM will use as the user\'s default PATH.')
option('defaults-conf', type: 'string', value: '', description: 'Filename to give to defaults file.')
option('dmconfdir', type: 'string', value: '', description: 'Directory where sessions are stored.')
--
2.27.0

15
gdm.spec
View File

@ -1,12 +1,14 @@
Name: gdm Name: gdm
Epoch: 1 Epoch: 1
Version: 3.38.2.1 Version: 3.38.2.1
Release: 1 Release: 2
Summary: A graphical display manager Summary: A graphical display manager
License: GPLv2+ License: GPLv2+
URL: https://wiki.gnome.org/Projects/GDM URL: https://wiki.gnome.org/Projects/GDM
Source0: http://download.gnome.org/sources/gdm/3.38/gdm-%{version}.tar.xz Source0: http://download.gnome.org/sources/gdm/3.38/gdm-%{version}.tar.xz
Patch9000: 9000-Add-openEuler-PAM-config.patch
BuildRequires: pam-devel >= 0:0.99.8.1-11 desktop-file-utils >= 0.2.90 BuildRequires: pam-devel >= 0:0.99.8.1-11 desktop-file-utils >= 0.2.90
BuildRequires: libtool automake autoconf libattr-devel gettext-devel libdmx-devel BuildRequires: libtool automake autoconf libattr-devel gettext-devel libdmx-devel
BuildRequires: audit-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1 BuildRequires: audit-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1
@ -53,7 +55,7 @@ The gdm-devel package contains header files and others for building
applications that use GDM. applications that use GDM.
%prep %prep
%autosetup -n %{name}-%{version} %autosetup -n %{name}-%{version} -p1
%build %build
%meson -Dpam-prefix=%{_sysconfdir} \ %meson -Dpam-prefix=%{_sysconfdir} \
@ -149,6 +151,12 @@ fi
%config %{_sysconfdir}/gdm/PreSession/* %config %{_sysconfdir}/gdm/PreSession/*
%config %{_sysconfdir}/gdm/PostSession/* %config %{_sysconfdir}/gdm/PostSession/*
%{_sysconfdir}/gdm/Xsession %{_sysconfdir}/gdm/Xsession
%config %{_sysconfdir}/pam.d/gdm-autologin
%config %{_sysconfdir}/pam.d/gdm-password
%config %{_sysconfdir}/pam.d/gdm-pin
%config %{_sysconfdir}/pam.d/gdm-smartcard
%config %{_sysconfdir}/pam.d/gdm-fingerprint
%{_sysconfdir}/pam.d/gdm-launch-environment
%{_sysconfdir}/dbus-1/system.d/gdm.conf %{_sysconfdir}/dbus-1/system.d/gdm.conf
%{_datadir}/gdm/gdm.schemas %{_datadir}/gdm/gdm.schemas
%{_datadir}/gdm/greeter-dconf-defaults %{_datadir}/gdm/greeter-dconf-defaults
@ -176,6 +184,9 @@ fi
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%changelog %changelog
* Fri Dec 01 2023 beta <beta@yfqm.date> - 1:3.38.2.1-2
- Add openEuler PAM config
* Thu Jul 21 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 1:3.38.2.1-1 * Thu Jul 21 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 1:3.38.2.1-1
- Upgrade to 3.38.2.1,Fix CVE-2020-27837 - Upgrade to 3.38.2.1,Fix CVE-2020-27837