From 91a8f06ae9f6834a7e40b7a86223e35cee439621 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Fri, 5 Jan 2024 17:41:28 +0100 Subject: [PATCH] added upstream patch and pam configuration to fix support for pam_groups [release 0.17.0-2mamba;Sun Apr 08 2018] --- ...m.patch => sddm-0.17.0-openmamba-pam.patch | 44 +++++---- sddm-0.17.0.20180408git-fix-pam-group.patch | 89 +++++++++++++++++++ sddm.spec | 20 +++-- 3 files changed, 129 insertions(+), 24 deletions(-) rename sddm-0.16.0-openmamba-pam.patch => sddm-0.17.0-openmamba-pam.patch (53%) create mode 100644 sddm-0.17.0.20180408git-fix-pam-group.patch diff --git a/sddm-0.16.0-openmamba-pam.patch b/sddm-0.17.0-openmamba-pam.patch similarity index 53% rename from sddm-0.16.0-openmamba-pam.patch rename to sddm-0.17.0-openmamba-pam.patch index ab7e73a..e6e6bd6 100644 --- a/sddm-0.16.0-openmamba-pam.patch +++ b/sddm-0.17.0-openmamba-pam.patch @@ -1,9 +1,32 @@ ---- sddm-0.15.0/services/sddm.pam.orig 2017-09-22 22:51:56.275397000 +0200 -+++ sddm-0.15.0/services/sddm.pam 2017-09-22 22:52:32.245548477 +0200 -@@ -1,15 +1,15 @@ +diff -Nru sddm-0.17.0.20180408git.orig/services/sddm-autologin.pam sddm-0.17.0.20180408git/services/sddm-autologin.pam +--- sddm-0.17.0.20180408git.orig/services/sddm-autologin.pam 2018-04-08 13:39:55.388821656 +0200 ++++ sddm-0.17.0.20180408git/services/sddm-autologin.pam 2018-04-08 13:57:08.348376643 +0200 +@@ -1,13 +1,14 @@ + #%PAM-1.0 + auth required pam_env.so ++auth required pam_group.so + auth required pam_tally.so file=/var/log/faillog onerr=succeed + auth required pam_shells.so + auth required pam_nologin.so + auth required pam_permit.so + -auth optional pam_gnome_keyring.so + -auth optional pam_kwallet5.so +-account include system-local-login +-password include system-local-login +-session include system-local-login ++account include system-auth ++password include system-auth ++session include system-auth + -session optional pam_gnome_keyring.so auto_start + -session optional pam_kwallet5.so auto_start +diff -Nru sddm-0.17.0.20180408git.orig/services/sddm.pam sddm-0.17.0.20180408git/services/sddm.pam +--- sddm-0.17.0.20180408git.orig/services/sddm.pam 2018-04-08 13:40:01.544851819 +0200 ++++ sddm-0.17.0.20180408git/services/sddm.pam 2018-04-08 13:56:57.760332524 +0200 +@@ -1,15 +1,16 @@ #%PAM-1.0 -auth include system-login ++auth required pam_group.so +auth include system-auth -auth optional pam_gnome_keyring.so -auth optional pam_kwallet5.so @@ -20,18 +43,3 @@ +session include system-auth -session optional pam_gnome_keyring.so auto_start -session optional pam_kwallet5.so auto_start -diff -Nru sddm-0.16.0.orig/services/sddm-autologin.pam sddm-0.16.0/services/sddm-autologin.pam ---- sddm-0.16.0.orig/services/sddm-autologin.pam 2017-10-24 22:40:54.000000000 +0200 -+++ sddm-0.16.0/services/sddm-autologin.pam 2017-11-15 23:55:08.217612865 +0100 -@@ -6,8 +6,8 @@ - auth required pam_permit.so - -auth optional pam_gnome_keyring.so - -auth optional pam_kwallet5.so --account include system-local-login --password include system-local-login --session include system-local-login -+account include system-auth -+password include system-auth -+session include system-auth - -session optional pam_gnome_keyring.so auto_start - -session optional pam_kwallet5.so auto_start diff --git a/sddm-0.17.0.20180408git-fix-pam-group.patch b/sddm-0.17.0.20180408git-fix-pam-group.patch new file mode 100644 index 0000000..51ac07e --- /dev/null +++ b/sddm-0.17.0.20180408git-fix-pam-group.patch @@ -0,0 +1,89 @@ +From bd14b3a8a9731e644a50c1c350b7f76038c22bbb Mon Sep 17 00:00:00 2001 +From: "J. Konrad Tegtmeier-Rottach" +Date: Mon, 19 Jun 2017 23:13:34 +0200 +Subject: [PATCH] Honor PAM's ambient supplemental groups. + +When compiled with USE_PAM, prefer a combination of +getgroups(3) and getgrouplist(3) for ambient and user +groups, respectively, to initgroups(3). + +This way, groups injected into the PAM environment +by means of pam_groups.so aren't ignored. + +Signed-off-by: J. Konrad Tegtmeier-Rottach +--- + src/helper/UserSession.cpp | 57 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 57 insertions(+) + +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp +index 587888d7..4b5b8553 100644 +--- a/src/helper/UserSession.cpp ++++ b/src/helper/UserSession.cpp +@@ -116,10 +116,67 @@ namespace SDDM { + qCritical() << "setgid(" << pw->pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } ++ ++#ifdef USE_PAM ++ ++ // fetch ambient groups from PAM's environment; ++ // these are set by modules such as pam_groups.so ++ int n_pam_groups = getgroups(0, NULL); ++ gid_t *pam_groups = NULL; ++ if (n_pam_groups > 0) { ++ pam_groups = new gid_t[n_pam_groups]; ++ if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) { ++ qCritical() << "getgroups() failed to fetch supplemental" ++ << "PAM groups for user:" << username; ++ exit(Auth::HELPER_OTHER_ERROR); ++ } ++ } else { ++ n_pam_groups = 0; ++ } ++ ++ // fetch session's user's groups ++ int n_user_groups = 0; ++ gid_t *user_groups = NULL; ++ if (-1 == getgrouplist(username.constData(), pw->pw_gid, ++ NULL, &n_user_groups)) { ++ user_groups = new gid_t[n_user_groups]; ++ if ((n_user_groups = getgrouplist(username.constData(), ++ pw->pw_gid, user_groups, ++ &n_user_groups)) == -1 ) { ++ qCritical() << "getgrouplist(" << username << ", " << pw->pw_gid ++ << ") failed"; ++ exit(Auth::HELPER_OTHER_ERROR); ++ } ++ } ++ ++ // set groups to concatenation of PAM's ambient ++ // groups and the session's user's groups ++ int n_groups = n_pam_groups + n_user_groups; ++ if (n_groups > 0) { ++ gid_t *groups = new gid_t[n_groups]; ++ memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t))); ++ memcpy((groups + n_pam_groups), user_groups, ++ (n_user_groups * sizeof(gid_t))); ++ ++ // setgroups(2) handles duplicate groups ++ if (setgroups(n_groups, groups) != 0) { ++ qCritical() << "setgroups() failed for user: " << username; ++ exit (Auth::HELPER_OTHER_ERROR); ++ } ++ delete[] groups; ++ } ++ delete[] pam_groups; ++ delete[] user_groups; ++ ++#else ++ + if (initgroups(pw->pw_name, pw->pw_gid) != 0) { + qCritical() << "initgroups(" << pw->pw_name << ", " << pw->pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } ++ ++#endif /* USE_PAM */ ++ + if (setuid(pw->pw_uid) != 0) { + qCritical() << "setuid(" << pw->pw_uid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); diff --git a/sddm.spec b/sddm.spec index bb99d7e..653c7e5 100644 --- a/sddm.spec +++ b/sddm.spec @@ -2,7 +2,7 @@ %define group_sddm 68 Name: sddm Version: 0.17.0 -Release: 1mamba +Release: 2mamba Summary: QML based X11 and Wayland display manager Group: Graphical Desktop/Applications/Environment Vendor: openmamba @@ -10,8 +10,10 @@ Distribution: openmamba Packager: Silvan Calarco URL: https://github.com/sddm/sddm ## GITSOURCE https://github.com/sddm/sddm.git v0.13.0 +#Source: https://github.com/sddm/sddm.git/develop/sddm-%{version}.tar.bz2 Source: https://github.com/sddm/sddm.git/v%{version}/sddm-%{version}.tar.bz2 -Patch0: sddm-0.16.0-openmamba-pam.patch +Patch0: sddm-0.17.0-openmamba-pam.patch +Patch1: sddm-0.17.0.20180408git-fix-pam-group.patch License: GPL ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel @@ -34,6 +36,7 @@ QML based X11 and Wayland display manager. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %cmake -d build @@ -68,10 +71,12 @@ useradd -u %{user_sddm} -g sddm \ %posttrans if [ $1 -ge 1 ]; then - # Keep autologin when upgrading from KDM - KDM_AUTOLOGIN=`grep "^AutoLoginUser=" /opt/kde/share/config/kdm/kdmrc| sed "s|AutoLoginUser=||"` - if [ "${KDM_AUTOLOGIN}" ]; then - sed -i "s|^User=$|^User=${KDM_AUTOLOGIN}|" /etc/sddm.conf + if [ -e /opt/kde/share/config/kdm/kdmrc ]; then + # Keep autologin when upgrading from KDM + KDM_AUTOLOGIN=`grep "^AutoLoginUser=" /opt/kde/share/config/kdm/kdmrc| sed "s|AutoLoginUser=||"` + if [ "${KDM_AUTOLOGIN}" ]; then + sed -i "s|^User=$|^User=${KDM_AUTOLOGIN}|" /etc/sddm.conf + fi fi fi : @@ -109,6 +114,9 @@ fi %doc LICENSE %changelog +* Sun Apr 08 2018 Silvan Calarco 0.17.0-2mamba +- added upstream patch and pam configuration to fix support for pam_groups + * Wed Dec 27 2017 Automatic Build System 0.17.0-1mamba - automatic version update by autodist