rpms/sddm
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added upstream patch and pam configuration to fix support for pam_groups [release 0.17.0-2mamba;Sun Apr 08 2018]

Browse Source
This commit is contained in:
Silvan Calarco 2024-01-05 17:41:28 +01:00
parent 7473b581aa
commit 91a8f06ae9
3 changed files with 129 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
sddm-0.16.0-openmamba-pam.patch → sddm-0.17.0-openmamba-pam.patch
View File

@ -1,9 +1,32 @@
--- sddm-0.15.0/services/sddm.pam.orig 2017-09-22 22:51:56.275397000 +0200 diff -Nru sddm-0.17.0.20180408git.orig/services/sddm-autologin.pam sddm-0.17.0.20180408git/services/sddm-autologin.pam
+++ sddm-0.15.0/services/sddm.pam 2017-09-22 22:52:32.245548477 +0200 --- sddm-0.17.0.20180408git.orig/services/sddm-autologin.pam 2018-04-08 13:39:55.388821656 +0200
@@ -1,15 +1,15 @@ +++ sddm-0.17.0.20180408git/services/sddm-autologin.pam 2018-04-08 13:57:08.348376643 +0200
@@ -1,13 +1,14 @@
#%PAM-1.0
auth required pam_env.so
+auth required pam_group.so
auth required pam_tally.so file=/var/log/faillog onerr=succeed
auth required pam_shells.so
auth required pam_nologin.so
auth required pam_permit.so
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
-account include system-local-login
-password include system-local-login
-session include system-local-login
+account include system-auth
+password include system-auth
+session include system-auth
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so auto_start
diff -Nru sddm-0.17.0.20180408git.orig/services/sddm.pam sddm-0.17.0.20180408git/services/sddm.pam
--- sddm-0.17.0.20180408git.orig/services/sddm.pam 2018-04-08 13:40:01.544851819 +0200
+++ sddm-0.17.0.20180408git/services/sddm.pam 2018-04-08 13:56:57.760332524 +0200
@@ -1,15 +1,16 @@
#%PAM-1.0 #%PAM-1.0
-auth include system-login -auth include system-login
+auth required pam_group.so
+auth include system-auth +auth include system-auth
-auth optional pam_gnome_keyring.so -auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so -auth optional pam_kwallet5.so
@ -20,18 +43,3 @@
+session include system-auth +session include system-auth
-session optional pam_gnome_keyring.so auto_start -session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so auto_start -session optional pam_kwallet5.so auto_start
diff -Nru sddm-0.16.0.orig/services/sddm-autologin.pam sddm-0.16.0/services/sddm-autologin.pam
--- sddm-0.16.0.orig/services/sddm-autologin.pam 2017-10-24 22:40:54.000000000 +0200
+++ sddm-0.16.0/services/sddm-autologin.pam 2017-11-15 23:55:08.217612865 +0100
@@ -6,8 +6,8 @@
auth required pam_permit.so
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
-account include system-local-login
-password include system-local-login
-session include system-local-login
+account include system-auth
+password include system-auth
+session include system-auth
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so auto_start

89
sddm-0.17.0.20180408git-fix-pam-group.patch Normal file
View File

@ -0,0 +1,89 @@
From bd14b3a8a9731e644a50c1c350b7f76038c22bbb Mon Sep 17 00:00:00 2001
From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de>
Date: Mon, 19 Jun 2017 23:13:34 +0200
Subject: [PATCH] Honor PAM's ambient supplemental groups.
When compiled with USE_PAM, prefer a combination of
getgroups(3) and getgrouplist(3) for ambient and user
groups, respectively, to initgroups(3).
This way, groups injected into the PAM environment
by means of pam_groups.so aren't ignored.
Signed-off-by: J. Konrad Tegtmeier-Rottach <jktr@0x16.de>
---
src/helper/UserSession.cpp | 57 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp
index 587888d7..4b5b8553 100644
--- a/src/helper/UserSession.cpp
+++ b/src/helper/UserSession.cpp
@@ -116,10 +116,67 @@ namespace SDDM {
qCritical() << "setgid(" << pw->pw_gid << ") failed for user: " << username;
exit(Auth::HELPER_OTHER_ERROR);
}
+
+#ifdef USE_PAM
+
+ // fetch ambient groups from PAM's environment;
+ // these are set by modules such as pam_groups.so
+ int n_pam_groups = getgroups(0, NULL);
+ gid_t *pam_groups = NULL;
+ if (n_pam_groups > 0) {
+ pam_groups = new gid_t[n_pam_groups];
+ if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) {
+ qCritical() << "getgroups() failed to fetch supplemental"
+ << "PAM groups for user:" << username;
+ exit(Auth::HELPER_OTHER_ERROR);
+ }
+ } else {
+ n_pam_groups = 0;
+ }
+
+ // fetch session's user's groups
+ int n_user_groups = 0;
+ gid_t *user_groups = NULL;
+ if (-1 == getgrouplist(username.constData(), pw->pw_gid,
+ NULL, &n_user_groups)) {
+ user_groups = new gid_t[n_user_groups];
+ if ((n_user_groups = getgrouplist(username.constData(),
+ pw->pw_gid, user_groups,
+ &n_user_groups)) == -1 ) {
+ qCritical() << "getgrouplist(" << username << ", " << pw->pw_gid
+ << ") failed";
+ exit(Auth::HELPER_OTHER_ERROR);
+ }
+ }
+
+ // set groups to concatenation of PAM's ambient
+ // groups and the session's user's groups
+ int n_groups = n_pam_groups + n_user_groups;
+ if (n_groups > 0) {
+ gid_t *groups = new gid_t[n_groups];
+ memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t)));
+ memcpy((groups + n_pam_groups), user_groups,
+ (n_user_groups * sizeof(gid_t)));
+
+ // setgroups(2) handles duplicate groups
+ if (setgroups(n_groups, groups) != 0) {
+ qCritical() << "setgroups() failed for user: " << username;
+ exit (Auth::HELPER_OTHER_ERROR);
+ }
+ delete[] groups;
+ }
+ delete[] pam_groups;
+ delete[] user_groups;
+
+#else
+
if (initgroups(pw->pw_name, pw->pw_gid) != 0) {
qCritical() << "initgroups(" << pw->pw_name << ", " << pw->pw_gid << ") failed for user: " << username;
exit(Auth::HELPER_OTHER_ERROR);
}
+
+#endif /* USE_PAM */
+
if (setuid(pw->pw_uid) != 0) {
qCritical() << "setuid(" << pw->pw_uid << ") failed for user: " << username;
exit(Auth::HELPER_OTHER_ERROR);

12
sddm.spec
View File

@ -2,7 +2,7 @@
%define group_sddm 68 %define group_sddm 68
Name: sddm Name: sddm
Version: 0.17.0 Version: 0.17.0
Release: 1mamba Release: 2mamba
Summary: QML based X11 and Wayland display manager Summary: QML based X11 and Wayland display manager
Group: Graphical Desktop/Applications/Environment Group: Graphical Desktop/Applications/Environment
Vendor: openmamba Vendor: openmamba
@ -10,8 +10,10 @@ Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it> Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: https://github.com/sddm/sddm URL: https://github.com/sddm/sddm
## GITSOURCE https://github.com/sddm/sddm.git v0.13.0 ## GITSOURCE https://github.com/sddm/sddm.git v0.13.0
#Source: https://github.com/sddm/sddm.git/develop/sddm-%{version}.tar.bz2
Source: https://github.com/sddm/sddm.git/v%{version}/sddm-%{version}.tar.bz2 Source: https://github.com/sddm/sddm.git/v%{version}/sddm-%{version}.tar.bz2
Patch0: sddm-0.16.0-openmamba-pam.patch Patch0: sddm-0.17.0-openmamba-pam.patch
Patch1: sddm-0.17.0.20180408git-fix-pam-group.patch
License: GPL License: GPL
## AUTOBUILDREQ-BEGIN ## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel BuildRequires: glibc-devel
@ -34,6 +36,7 @@ QML based X11 and Wayland display manager.
%prep %prep
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1
%build %build
%cmake -d build %cmake -d build
@ -68,12 +71,14 @@ useradd -u %{user_sddm} -g sddm \
%posttrans %posttrans
if [ $1 -ge 1 ]; then if [ $1 -ge 1 ]; then
if [ -e /opt/kde/share/config/kdm/kdmrc ]; then
# Keep autologin when upgrading from KDM # Keep autologin when upgrading from KDM
KDM_AUTOLOGIN=`grep "^AutoLoginUser=" /opt/kde/share/config/kdm/kdmrc| sed "s|AutoLoginUser=||"` KDM_AUTOLOGIN=`grep "^AutoLoginUser=" /opt/kde/share/config/kdm/kdmrc| sed "s|AutoLoginUser=||"`
if [ "${KDM_AUTOLOGIN}" ]; then if [ "${KDM_AUTOLOGIN}" ]; then
sed -i "s|^User=$|^User=${KDM_AUTOLOGIN}|" /etc/sddm.conf sed -i "s|^User=$|^User=${KDM_AUTOLOGIN}|" /etc/sddm.conf
fi fi
fi fi
fi
: :
%files %files
@ -109,6 +114,9 @@ fi
%doc LICENSE %doc LICENSE
%changelog %changelog
* Sun Apr 08 2018 Silvan Calarco <silvan.calarco@mambasoft.it> 0.17.0-2mamba
- added upstream patch and pam configuration to fix support for pam_groups
* Wed Dec 27 2017 Automatic Build System <autodist@mambasoft.it> 0.17.0-1mamba * Wed Dec 27 2017 Automatic Build System <autodist@mambasoft.it> 0.17.0-1mamba
- automatic version update by autodist - automatic version update by autodist