diff --git a/9000-Add-openEuler-PAM-config.patch b/9000-Add-openEuler-PAM-config.patch new file mode 100644 index 0000000000000000000000000000000000000000..0c46847b3ea182e0a22c5d74392f96f657d53517 --- /dev/null +++ b/9000-Add-openEuler-PAM-config.patch @@ -0,0 +1,200 @@ +From 9c23ccb58d4f31bf666010cf0c35116b96b2a3d9 Mon Sep 17 00:00:00 2001 +From: beta <beta@yfqm.date> +Date: Fri, 1 Dec 2023 23:34:25 +0800 +Subject: [PATCH] Add openEuler PAM config + +Signed-off-by: beta <beta@yfqm.date> +--- + data/meson.build | 8 ++++++++ + data/pam-openeuler/gdm-autologin.pam | 15 ++++++++++++++ + data/pam-openeuler/gdm-fingerprint.pam | 15 ++++++++++++++ + data/pam-openeuler/gdm-launch-environment.pam | 9 +++++++++ + data/pam-openeuler/gdm-password.pam | 19 ++++++++++++++++++ + data/pam-openeuler/gdm-pin.pam | 20 +++++++++++++++++++ + data/pam-openeuler/gdm-smartcard.pam | 15 ++++++++++++++ + meson.build | 1 + + meson_options.txt | 2 +- + 9 files changed, 103 insertions(+), 1 deletion(-) + create mode 100644 data/pam-openeuler/gdm-autologin.pam + create mode 100644 data/pam-openeuler/gdm-fingerprint.pam + create mode 100644 data/pam-openeuler/gdm-launch-environment.pam + create mode 100644 data/pam-openeuler/gdm-password.pam + create mode 100644 data/pam-openeuler/gdm-pin.pam + create mode 100644 data/pam-openeuler/gdm-smartcard.pam + +diff --git a/data/meson.build b/data/meson.build +index 05a2011..bb79abe 100644 +--- a/data/meson.build ++++ b/data/meson.build +@@ -137,6 +137,14 @@ pam_data_files_map = { + 'gdm-password', + 'gdm-pin', + ], ++ 'openeuler': [ ++ 'gdm-autologin', ++ 'gdm-launch-environment', ++ 'gdm-fingerprint', ++ 'gdm-smartcard', ++ 'gdm-password', ++ 'gdm-pin', ++ ], + 'none': [], + # We should no longer have 'autodetect' at this point + } +diff --git a/data/pam-openeuler/gdm-autologin.pam b/data/pam-openeuler/gdm-autologin.pam +new file mode 100644 +index 0000000..97a4a13 +--- /dev/null ++++ b/data/pam-openeuler/gdm-autologin.pam +@@ -0,0 +1,15 @@ ++#%PAM-1.0 ++auth [success=ok default=1] pam_gdm.so ++-auth optional pam_gnome_keyring.so ++auth sufficient pam_permit.so ++account required pam_nologin.so ++account include system-auth ++password include system-auth ++session required pam_selinux.so close ++session required pam_loginuid.so ++session required pam_selinux.so open ++session optional pam_keyinit.so force revoke ++session required pam_namespace.so ++session include system-auth ++session optional pam_gnome_keyring.so auto_start ++session include postlogin +diff --git a/data/pam-openeuler/gdm-fingerprint.pam b/data/pam-openeuler/gdm-fingerprint.pam +new file mode 100644 +index 0000000..628568e +--- /dev/null ++++ b/data/pam-openeuler/gdm-fingerprint.pam +@@ -0,0 +1,15 @@ ++auth substack fingerprint-auth ++auth include postlogin ++ ++account required pam_nologin.so ++account include fingerprint-auth ++ ++password include fingerprint-auth ++ ++session required pam_selinux.so close ++session required pam_loginuid.so ++session required pam_selinux.so open ++session optional pam_keyinit.so force revoke ++session required pam_namespace.so ++session include fingerprint-auth ++session include postlogin +diff --git a/data/pam-openeuler/gdm-launch-environment.pam b/data/pam-openeuler/gdm-launch-environment.pam +new file mode 100644 +index 0000000..2e9ea2b +--- /dev/null ++++ b/data/pam-openeuler/gdm-launch-environment.pam +@@ -0,0 +1,9 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_permit.so ++auth include postlogin ++account required pam_permit.so ++password required pam_permit.so ++session optional pam_keyinit.so force revoke ++session include system-auth ++session include postlogin +diff --git a/data/pam-openeuler/gdm-password.pam b/data/pam-openeuler/gdm-password.pam +new file mode 100644 +index 0000000..c75da00 +--- /dev/null ++++ b/data/pam-openeuler/gdm-password.pam +@@ -0,0 +1,19 @@ ++auth [success=done ignore=ignore default=bad] pam_selinux_permit.so ++auth substack password-auth ++auth optional pam_gnome_keyring.so ++auth include postlogin ++ ++account required pam_nologin.so ++account include password-auth ++ ++password substack password-auth ++-password optional pam_gnome_keyring.so use_authtok ++ ++session required pam_selinux.so close ++session required pam_loginuid.so ++session required pam_selinux.so open ++session optional pam_keyinit.so force revoke ++session required pam_namespace.so ++session include password-auth ++session optional pam_gnome_keyring.so auto_start ++session include postlogin +diff --git a/data/pam-openeuler/gdm-pin.pam b/data/pam-openeuler/gdm-pin.pam +new file mode 100644 +index 0000000..66277d3 +--- /dev/null ++++ b/data/pam-openeuler/gdm-pin.pam +@@ -0,0 +1,20 @@ ++auth [success=done ignore=ignore default=bad] pam_selinux_permit.so ++auth requisite pam_pin.so ++auth substack password-auth ++auth optional pam_gnome_keyring.so ++auth include postlogin ++ ++account required pam_nologin.so ++account include password-auth ++ ++password include password-auth ++password optional pam_pin.so ++ ++session required pam_selinux.so close ++session required pam_loginuid.so ++session required pam_selinux.so open ++session optional pam_keyinit.so force revoke ++session required pam_namespace.so ++session include password-auth ++session optional pam_gnome_keyring.so auto_start ++session include postlogin +diff --git a/data/pam-openeuler/gdm-smartcard.pam b/data/pam-openeuler/gdm-smartcard.pam +new file mode 100644 +index 0000000..3264a71 +--- /dev/null ++++ b/data/pam-openeuler/gdm-smartcard.pam +@@ -0,0 +1,15 @@ ++auth substack smartcard-auth ++auth include postlogin ++ ++account required pam_nologin.so ++account include smartcard-auth ++ ++password include smartcard-auth ++ ++session required pam_selinux.so close ++session required pam_loginuid.so ++session required pam_selinux.so open ++session optional pam_keyinit.so force revoke ++session required pam_namespace.so ++session include smartcard-auth ++session include postlogin +diff --git a/meson.build b/meson.build +index 4ace94b..49618e1 100644 +--- a/meson.build ++++ b/meson.build +@@ -172,6 +172,7 @@ if default_pam_config == 'autodetect' + '/etc/exherbo-release': 'exherbo', + '/etc/arch-release': 'arch', + '/etc/lfs-release': 'lfs', ++ '/etc/openEuler-release': 'openeuler', + } + + foreach _file, _pam_conf : pam_autodetect_map +diff --git a/meson_options.txt b/meson_options.txt +index 49550bc..3c07d16 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -2,7 +2,7 @@ option('at-spi-registryd-dir', type: 'string', value: '', description: 'Specify + option('check-accelerated-dir', type: 'string', value: '', description: 'Specify the directory of gnome-session-check-accelerated.') + option('custom-conf', type: 'string', value: '', description: 'Filename to give to custom configuration file.') + option('dbus-sys', type: 'string', value: '', description: 'Where D-Bus systemd directory is.') +-option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'none'], value: 'autodetect', description: '') ++option('default-pam-config', type: 'combo', choices: [ 'autodetect', 'redhat', 'openembedded', 'exherbo', 'lfs', 'arch', 'openeuler', 'none'], value: 'autodetect', description: '') + option('default-path', type: 'string', value: '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin', description: 'Path GDM will use as the user\'s default PATH.') + option('defaults-conf', type: 'string', value: '', description: 'Filename to give to defaults file.') + option('dmconfdir', type: 'string', value: '', description: 'Directory where sessions are stored.') +-- +2.27.0 + diff --git a/gdm.spec b/gdm.spec index 999e60724095736560f9211df3b495723c7cab06..d04d1de3a78bf4127ff11c5eb5f5cc2821f148ad 100644 --- a/gdm.spec +++ b/gdm.spec @@ -1,12 +1,14 @@ Name: gdm Epoch: 1 Version: 3.38.2.1 -Release: 1 +Release: 2 Summary: A graphical display manager License: GPLv2+ URL: https://wiki.gnome.org/Projects/GDM Source0: http://download.gnome.org/sources/gdm/3.38/gdm-%{version}.tar.xz +Patch9000: 9000-Add-openEuler-PAM-config.patch + BuildRequires: pam-devel >= 0:0.99.8.1-11 desktop-file-utils >= 0.2.90 BuildRequires: libtool automake autoconf libattr-devel gettext-devel libdmx-devel BuildRequires: audit-devel >= 1.0.6 xorg-x11-server-Xorg nss-devel >= 3.11.1 @@ -53,7 +55,7 @@ The gdm-devel package contains header files and others for building applications that use GDM. %prep -%autosetup -n %{name}-%{version} +%autosetup -n %{name}-%{version} -p1 %build %meson -Dpam-prefix=%{_sysconfdir} \ @@ -149,6 +151,12 @@ fi %config %{_sysconfdir}/gdm/PreSession/* %config %{_sysconfdir}/gdm/PostSession/* %{_sysconfdir}/gdm/Xsession +%config %{_sysconfdir}/pam.d/gdm-autologin +%config %{_sysconfdir}/pam.d/gdm-password +%config %{_sysconfdir}/pam.d/gdm-pin +%config %{_sysconfdir}/pam.d/gdm-smartcard +%config %{_sysconfdir}/pam.d/gdm-fingerprint +%{_sysconfdir}/pam.d/gdm-launch-environment %{_sysconfdir}/dbus-1/system.d/gdm.conf %{_datadir}/gdm/gdm.schemas %{_datadir}/gdm/greeter-dconf-defaults @@ -176,6 +184,9 @@ fi %{_libdir}/pkgconfig/*.pc %changelog +* Fri Dec 01 2023 beta <beta@yfqm.date> - 1:3.38.2.1-2 +- Add openEuler PAM config + * Thu Jul 21 2022 weichao.zhang <weichao.zhang@epro.com.cn> - 1:3.38.2.1-1 - Upgrade to 3.38.2.1,Fix CVE-2020-27837