packages/gdm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:e1285df6253af56e9160b09661477d9402c4c547
Branches Tags
packages:main
...
compare: packages:03bf045979850ae45add82baf64eee7a179c9817
Branches Tags
packages:main

10 Commits
e1285df625 ... 03bf045979

Author SHA1 Message Date
openeuler-ci-bot
03bf045979
!72 Add openEuler PAM config 
From: @beta_dz 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek
 2024-09-04 01:50:51 +00:00
beta
46b8815b87
Add openEuler PAM config 
Signed-off-by: beta <beta@yfqm.date>
 2023-12-01 23:37:08 +08:00
openeuler-ci-bot
8414708c48
!51 [sync] PR-47: upgrade to 3.38.2.1 for fix CVE-2020-27837 
From: @openeuler-sync-bot 
Reviewed-by: @ruebb 
Signed-off-by: @ruebb
 2022-08-01 09:57:28 +00:00
hundred-ci
a792f9dc9e upgrade to 3.38.2.1 for fix CVE-2020-27837 
(cherry picked from commit d5959f34437903593b545443cfd1a795e752260e)
 2022-08-01 17:30:16 +08:00
openeuler-ci-bot
3f09d22944 !27 [sync] PR-25: fix CVE-2019-3825 
From: @openeuler-sync-bot
Reviewed-by: @zhanghua1831,@small_leek
Signed-off-by: @small_leek
 2021-02-08 10:08:18 +08:00
wangxiao65
7bda8c2e83 fix CVE-2019-3825 
(cherry picked from commit c4e04311b00a42fb54b2ad2735f1c10a51f90fca)
 2021-02-07 09:18:46 +08:00
openeuler-ci-bot
d620ca724d !21 Gdm should recover automatically when killed 
From: @si-gui
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2020-12-18 16:18:45 +08:00
si-gui
ce7705fc55 Gdm should recover automatically when killed 2020-12-18 15:47:15 +08:00
openeuler-ci-bot
97f6c96f5e !18 fix CVE-2020-16125 
From: @angela7
Reviewed-by: @wangxp006
Signed-off-by: @wangxp006
 2020-11-29 14:21:36 +08:00
guoxiaoqi
ad17dec63c fix CVE-2020-16125 2020-11-19 14:42:06 +08:00
5 changed files with 262 additions and 35 deletions
Show Stats Expand all files Collapse all files

200
9000-Add-openEuler-PAM-config.patch Normal file
View File

@ -0,0 +1,200 @@
From 9c23ccb58d4f31bf666010cf0c35116b96b2a3d9 Mon Sep 17 00:00:00 2001
From: beta <beta@yfqm.date>
Date: Fri, 1 Dec 2023 23:34:25 +0800
Subject: [PATCH] Add openEuler PAM config
Signed-off-by: beta <beta@yfqm.date>
---
data/meson.build | 8 ++++++++
data/pam-openeuler/gdm-autologin.pam | 15 ++++++++++++++
data/pam-openeuler/gdm-fingerprint.pam | 15 ++++++++++++++
data/pam-openeuler/gdm-launch-environment.pam | 9 +++++++++
data/pam-openeuler/gdm-password.pam | 19 ++++++++++++++++++
data/pam-openeuler/gdm-pin.pam | 20 +++++++++++++++++++
data/pam-openeuler/gdm-smartcard.pam | 15 ++++++++++++++
meson.build | 1 +
meson_options.txt | 2 +-
9 files changed, 103 insertions(+), 1 deletion(-)
create mode 100644 data/pam-openeuler/gdm-autologin.pam
create mode 100644 data/pam-openeuler/gdm-fingerprint.pam
create mode 100644 data/pam-openeuler/gdm-launch-environment.pam
create mode 100644 data/pam-openeuler/gdm-password.pam
create mode 100644 data/pam-openeuler/gdm-pin.pam
create mode 100644 data/pam-openeuler/gdm-smartcard.pam
diff --git a/data/meson.build b/data/meson.build
index 05a2011..bb79abe 100644
--- a/data/meson.build
+++ b/data/meson.build
@@ -137,6 +137,14 @@ pam_data_files_map = {
'gdm-password',
'gdm-pin',
],
+ 'openeuler': [
+ 'gdm-autologin',
+ 'gdm-launch-environment',
+ 'gdm-fingerprint',
+ 'gdm-smartcard',
+ 'gdm-password',
+ 'gdm-pin',
+ ],
'none': [],
# We should no longer have 'autodetect' at this point
}
diff --git a/data/pam-openeuler/gdm-autologin.pam b/data/pam-openeuler/gdm-autologin.pam
new file mode 100644
index 0000000..97a4a13
--- /dev/null
+++ b/data/pam-openeuler/gdm-autologin.pam
@@ -0,0 +1,15 @@
+#%PAM-1.0
+auth [success=ok default=1] pam_gdm.so
+-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include system-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-openeuler/gdm-fingerprint.pam b/data/pam-openeuler/gdm-fingerprint.pam
new file mode 100644
index 0000000..628568e
--- /dev/null
+++ b/data/pam-openeuler/gdm-fingerprint.pam
@@ -0,0 +1,15 @@
+auth substack fingerprint-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include fingerprint-auth
+
+password include fingerprint-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include fingerprint-auth
+session include postlogin
diff --git a/data/pam-openeuler/gdm-launch-environment.pam b/data/pam-openeuler/gdm-launch-environment.pam
new file mode 100644
index 0000000..2e9ea2b
--- /dev/null
+++ b/data/pam-openeuler/gdm-launch-environment.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+auth include postlogin
+account required pam_permit.so
+password required pam_permit.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session include postlogin
diff --git a/data/pam-openeuler/gdm-password.pam b/data/pam-openeuler/gdm-password.pam
new file mode 100644
index 0000000..c75da00
--- /dev/null
+++ b/data/pam-openeuler/gdm-password.pam
@@ -0,0 +1,19 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password substack password-auth
+-password optional pam_gnome_keyring.so use_authtok
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-openeuler/gdm-pin.pam b/data/pam-openeuler/gdm-pin.pam
new file mode 100644
index 0000000..66277d3
--- /dev/null
+++ b/data/pam-openeuler/gdm-pin.pam
@@ -0,0 +1,20 @@
+auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
+auth requisite pam_pin.so
+auth substack password-auth
+auth optional pam_gnome_keyring.so
+auth include postlogin
+
+account required pam_nologin.so
+account include password-auth
+
+password include password-auth
+password optional pam_pin.so
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include password-auth
+session optional pam_gnome_keyring.so auto_start
+session include postlogin
diff --git a/data/pam-openeuler/gdm-smartcard.pam b/data/pam-openeuler/gdm-smartcard.pam
new file mode 100644
index 0000000..3264a71
--- /dev/null
+++ b/data/pam-openeuler/gdm-smartcard.pam
@@ -0,0 +1,15 @@
+auth substack smartcard-auth
+auth include postlogin
+
+account required pam_nologin.so
+account include smartcard-auth
+
+password include smartcard-auth
+
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_selinux.so open
+session optional pam_keyinit.so force revoke
+session required pam_namespace.so
+session include smartcard-auth
+session include postlogin
diff --git a/meson.build b/meson.build
index 4ace94b..49618e1 100644
--- a/meson.build
+++ b/meson.build
@@ -172,6 +172,7 @@ if default_pam_config == 'autodetect'
'/etc/exherbo-release': 'exherbo',
'/etc/arch-release': 'arch',
'/etc/lfs-release': 'lfs',
+ '/etc/openEuler-release': 'openeuler',
}
foreach _file, _pam_conf : pam_autodetect_map
diff --git a/meson_options.txt b/meson_options.txt
index 49550bc..3c07d16 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -2,7 +2,7 @@ option('at-spi-registryd-dir', type: 'string', value: '', description: 'Specify
option('check-accelerated-dir', type: 'string', value: '', description: 'Specify the directory of gnome-session-check-accelerated.')
option('custom-conf', type: 'string', value: '', description: 'Filename to give to custom configuration file.')
option('dbus-sys', type: 'string', value: '', description: 'Where D-Bus systemd directory is.')
-option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'none'], value: 'autodetect', description: '')
+option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'openeuler', 'none'], value: 'autodetect', description: '')
option('default-path', type: 'string', value: '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin', description: 'Path GDM will use as the user\'s default PATH.')
option('defaults-conf', type: 'string', value: '', description: 'Filename to give to defaults file.')
option('dmconfdir', type: 'string', value: '', description: 'Directory where sessions are stored.')
--
2.27.0

11
9000-add-openeuler-pam-config.patch
View File

@ -1,11 +0,0 @@
diff -ru gdm-3.30.1-origin/configure.ac gdm-3.30.1/configure.ac
--- gdm-3.30.1-origin/configure.ac 2019-12-17 15:33:13.656357443 +0800
+++ gdm-3.30.1/configure.ac 2019-12-17 17:19:34.848463487 +0800
@@ -200,6 +200,7 @@
AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, exherbo, lfs, arch, none @<:@default=auto@:>@]))
dnl If not given, try autodetecting from release files (see NetworkManager source)
if test x$with_default_pam_config = x; then
+ AC_CHECK_FILE(/etc/openEuler-release,with_default_pam_config="redhat")
AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat")
AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat")
AC_CHECK_FILE(/etc/exherbo-release,with_default_pam_config="exherbo")

BIN
gdm-3.30.1.tar.xz
View File

Binary file not shown.

BIN
gdm-3.38.2.1.tar.xz Normal file
View File

Binary file not shown.

86
gdm.spec
View File

@ -1,22 +1,23 @@
Name: gdm
Epoch: 1
Version: 3.30.1
Release: 7
Version: 3.38.2.1
Release: 2
Summary: A graphical display manager
License: GPLv2+
URL: https://wiki.gnome.org/Projects/GDM
Source0: http://download.gnome.org/sources/gdm/3.30/gdm-%{version}.tar.xz
Patch9000: 9000-add-openeuler-pam-config.patch
Source0: http://download.gnome.org/sources/gdm/3.38/gdm-%{version}.tar.xz
Patch9000: 9000-Add-openEuler-PAM-config.patch
BuildRequires: pam-devel >= 0:0.99.8.1-11 desktop-file-utils >= 0.2.90
BuildRequires: libtool automake autoconf libattr-devel gettext-devel libdmx-devel
BuildRequires: audit-libs-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1
BuildRequires: audit-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1
BuildRequires: pkgconfig(accountsservice) >= 0.6.3 pkgconfig(check)
BuildRequires: pkgconfig(gobject-introspection-1.0) pkgconfig(gtk+-3.0) >= 2.99.2
BuildRequires: pkgconfig(iso-codes) pkgconfig(libcanberra-gtk3) pkgconfig(libselinux)
BuildRequires: pkgconfig(libsystemd) pkgconfig(ply-boot-client) pkgconfig(systemd)
BuildRequires: pkgconfig(x11) pkgconfig(xau) pkgconfig(xorg-server) libXdmcp-devel
BuildRequires: systemd keyutils-libs-devel dconf
BuildRequires: systemd keyutils-libs-devel dconf meson itstool
Requires(pre): shadow-utils
Requires(post): systemd
@ -55,18 +56,16 @@ applications that use GDM.
%prep
%autosetup -n %{name}-%{version} -p1
autoreconf -if
%build
%configure --with-pam-prefix=%{_sysconfdir} --with-run-dir=/run/gdm \
--with-default-path=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin \
--enable-split-authentication --enable-profiling --enable-console-helper \
--with-selinux
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
sed -i -e 's/ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then/ func_append compile_command " -Wl,-O1,--as-needed"\n func_append finalize_command " -Wl,-O1,--as-needed"\n\0/' libtool
%make_build
%meson -Dpam-prefix=%{_sysconfdir} \
-Drun-dir=/run/gdm \
-Dudev-dir=%{_udevrulesdir} \
-Ddefault-path=/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin \
-Dprofiling=true \
-Dplymouth=enabled \
-Dselinux=enabled
%meson_build
%install
install -d %{buildroot}%{_sysconfdir}/gdm/Init
@ -76,7 +75,7 @@ install -d %{buildroot}/var/log/gdm
install -d %{buildroot}%{_datadir}/gdm/autostart/LoginWindow
install -d %{buildroot}/run/gdm
%make_install
%meson_install
(cd %{buildroot}%{_sysconfdir}/gdm; ln -sf ../X11/xinit/Xsession .)
@ -100,11 +99,38 @@ if [ $1 -ge 2 ] ; then
fi
if [ -n "$oldconffile" ]; then
sed -e 's@^Greeter=/usr/bin/gdmlogin@Greeter=/usr/libexec/gdmlogin@' $oldconffile > $newconffile
sed -e 's@^RemoteGreeter=/usr/bin/gdmgreeter@RemoteGreeter=/usr/libexec/gdmgreeter@' $oldconffile >> $newconffile
sed \
-e 's@^command=/usr/X11R6/bin/X@#command=/usr/bin/Xorg@' \
-e 's@^Xnest=/usr/X11R6/bin/Xnest@#Xnest=/usr/X11R6/bin/Xnest@' \
-e 's@^BaseXsession=/etc/X11/xdm/Xsession@#BaseXsession=/etc/X11/xinit/Xsession@' \
-e 's@^BaseXsession=/etc/X11/gdm/Xsession@#&@' \
-e 's@^BaseXsession=/etc/gdm/Xsession@#&@' \
-e 's@^Greeter=/usr/bin/gdmgreeter@#Greeter=/usr/libexec/gdmgreeter@' \
-e 's@^RemoteGreeter=/usr/bin/gdmlogin@#RemoteGreeter=/usr/libexec/gdmlogin@' \
-e 's@^GraphicalTheme=Bluecurve@#&@' \
-e 's@^BackgroundColor=#20305a@#&@' \
-e 's@^DefaultPath=/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin@#&@' \
-e 's@^RootPath=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin@#&@' \
-e 's@^HostImageDir=/usr/share/hosts/@#HostImageDir=/usr/share/pixmaps/faces/@' \
-e 's@^LogDir=/var/log/gdm@#&@' \
-e 's@^PostLoginScriptDir=/etc/X11/gdm/PostLogin@#&@' \
-e 's@^PreLoginScriptDir=/etc/X11/gdm/PreLogin@#&@' \
-e 's@^PreSessionScriptDir=/etc/X11/gdm/PreSession@#&@' \
-e 's@^PostSessionScriptDir=/etc/X11/gdm/PostSession@#&@' \
-e 's@^DisplayInitDir=/var/run/gdm.pid@#&@' \
-e 's@^RebootCommand=/sbin/reboot;/sbin/shutdown -r now;/usr/sbin/shutdown -r now;/usr/bin/reboot@#&@' \
-e 's@^HaltCommand=/sbin/poweroff;/sbin/shutdown -h now;/usr/sbin/shutdown -h now;/usr/bin/poweroff@#&@' \
-e 's@^ServAuthDir=/var/gdm@#&@' \
-e 's@^Greeter=/usr/bin/gdmlogin@Greeter=/usr/libexec/gdmlogin@' \
-e 's@^RemoteGreeter=/usr/bin/gdmgreeter@RemoteGreeter=/usr/libexec/gdmgreeter@' \
$oldconffile > $newconffile
fi
fi
if [ $1 -ge 2 -a -f $newconffile ] && grep -q /etc/X11/gdm $custom ; then
sed -i -e 's@/etc/X11/gdm@/etc/gdm@g' $custom
fi
if [ -f "$newconffile" ]; then
sed -ie 's@^#WaylandEnable=false@WaylandEnable=false@' $newconffile
fi
@ -130,7 +156,6 @@ fi
%config %{_sysconfdir}/pam.d/gdm-pin
%config %{_sysconfdir}/pam.d/gdm-smartcard
%config %{_sysconfdir}/pam.d/gdm-fingerprint
%exclude %{_sysconfdir}/pam.d/gdm
%{_sysconfdir}/pam.d/gdm-launch-environment
%{_sysconfdir}/dbus-1/system.d/gdm.conf
%{_datadir}/gdm/gdm.schemas
@ -139,11 +164,9 @@ fi
%{_datadir}/gdm/gdb-cmd
%{_datadir}/gdm/greeter/applications/*
%{_datadir}/gdm/greeter/autostart/*
%{_datadir}/pixmaps/*.png
%{_datadir}/glib-2.0/schemas/*
%{_datadir}/dconf/profile/gdm
%{_datadir}/gnome-session/sessions/gnome-login.session
%{_datadir}/icons/hicolor/*/*/*.png
%{_libexecdir}/*
%{_sbindir}/gdm
%{_bindir}/*
@ -151,9 +174,9 @@ fi
%{_libdir}/security/pam_gdm.so
%{_libdir}/libgdm*.so*
%attr(0711, root, gdm) %dir /run/gdm
%attr(1755, root, gdm) %dir %{_localstatedir}/cache/gdm
%{_udevrulesdir}/61-gdm.rules
%{_unitdir}/gdm.service
%{_userunitdir}/gnome-session@gnome-login.target.d/session.conf
%files devel
%{_includedir}/gdm/*.h
@ -161,6 +184,21 @@ fi
%{_libdir}/pkgconfig/*.pc
%changelog
* Fri Dec 01 2023 beta <beta@yfqm.date> - 1:3.38.2.1-2
- Add openEuler PAM config
* Thu Jul 21 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 1:3.38.2.1-1
- Upgrade to 3.38.2.1,Fix CVE-2020-27837
* Fri Feb 5 2021 wangxiao <wangxiao65@huawei.com> - 1:3.30.1-10
- fix CVE-2019-3825
* Fri Dec 18 2020 Guoshuai Sun <sunguoshuai@huawei.com> - 1:3.30.1-9
- Gdm should recover automatically when killed
* Thu Nov 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:3.30.1-8
- fix CVE-2020-16125
* Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:3.30.1-7
- Type:bugfix
- Id:NA
@ -176,5 +214,5 @@ fi
* Tue Dec 17 2019 Jiangping Hu <hujiangping@huawei.com> - 1:3.30.1-4
- Add openEuler PAM config
* Wed Nov 23 2019 Jiangping Hu <hujiangping@huawei.com> - 1:3.30.1-3
* Sat Nov 23 2019 Jiangping Hu <hujiangping@huawei.com> - 1:3.30.1-3
- Package init