aboutsummaryrefslogtreecommitdiffstats
path: root/community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
diff options
context:
space:
mode:
authorRasmus Thomsen <oss@cogitri.dev>2020-08-29 23:52:03 +0200
committerRasmus Thomsen <oss@cogitri.dev>2020-08-31 23:18:57 +0200
commite9eb034531a516369b5289bd4c8f0c4efa8c9cd4 (patch)
tree9f3fae4e421393373c6635827a007a655df2f548 /community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
parent9ba93cf3f515b4f0b9b3802b84d42c4e436afe8b (diff)
downloadaports-e9eb034531a516369b5289bd4c8f0c4efa8c9cd4.tar.gz
aports-e9eb034531a516369b5289bd4c8f0c4efa8c9cd4.tar.bz2
aports-e9eb034531a516369b5289bd4c8f0c4efa8c9cd4.tar.xz
community/gdm: adjust config to pam 1.4
Diffstat (limited to 'community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch')
-rw-r--r--community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch199
1 files changed, 199 insertions, 0 deletions
diff --git a/community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch b/community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
new file mode 100644
index 0000000000..f200d043de
--- /dev/null
+++ b/community/gdm/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
@@ -0,0 +1,199 @@
+Upstream: No
+Reason: Required to work with linux-pam>=1.4
+Source: https://raw.githubusercontent.com/archlinux/svntogit-packages/4c8454ff599d65024580291563f502fad58f0adb/trunk/0004-pam-arch-Update-to-match-pambase-20200721.1-2.patch
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
+Date: Sun, 9 Aug 2020 00:34:37 +0000
+Subject: [PATCH] pam-arch: Update to match pambase 20200721.1-2
+
+https://bugs.archlinux.org/task/67485
+---
+ data/pam-arch/gdm-autologin.pam | 22 +++++++++--------
+ data/pam-arch/gdm-fingerprint.pam | 31 +++++++++++++++---------
+ data/pam-arch/gdm-launch-environment.pam | 24 ++++++++++--------
+ data/pam-arch/gdm-password.pam | 17 +++++++------
+ data/pam-arch/gdm-pin.pam | 13 ----------
+ data/pam-arch/gdm-smartcard.pam | 31 +++++++++++++++---------
+ 6 files changed, 75 insertions(+), 63 deletions(-)
+ delete mode 100644 data/pam-arch/gdm-pin.pam
+
+diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
+index 99b14209..30bdf529 100644
+--- a/data/pam-arch/gdm-autologin.pam
++++ b/data/pam-arch/gdm-autologin.pam
+@@ -1,13 +1,15 @@
+-auth requisite pam_nologin.so
+-auth required pam_env.so
+-auth optional pam_gdm.so
+-auth optional pam_gnome_keyring.so
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account include system-local-login
++auth required pam_shells.so
++auth requisite pam_nologin.so
++auth optional pam_permit.so
++auth required pam_env.so
++auth [success=ok default=1] pam_gdm.so
++auth optional pam_gnome_keyring.so
+
+-password include system-local-login
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
++password required pam_deny.so
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
+index a4808617..cc660d9a 100644
+--- a/data/pam-arch/gdm-fingerprint.pam
++++ b/data/pam-arch/gdm-fingerprint.pam
+@@ -1,14 +1,23 @@
+-auth required pam_tally.so onerr=succeed file=/var/log/faillog
+-auth required pam_shells.so
+-auth requisite pam_nologin.so
+-auth required pam_env.so
+-auth required pam_fprintd.so
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account include system-local-login
++auth required pam_shells.so
++auth requisite pam_nologin.so
++auth required pam_faillock.so preauth
++# Optionally use requisite above if you do not want to prompt for the fingerprint
++# on locked accounts.
++auth [success=1 default=ignore] pam_fprintd.so
++auth [default=die] pam_faillock.so authfail
++auth optional pam_permit.so
++auth required pam_env.so
++auth required pam_faillock.so authsucc
++# If you drop the above call to pam_faillock.so the lock will be done also
++# on non-consecutive authentication failures.
++auth [success=ok default=1] pam_gdm.so
++auth optional pam_gnome_keyring.so
+
+-password required pam_fprintd.so
+-password optional pam_permit.so
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
++password required pam_deny.so
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
+index d59c9cb9..2ff5ae56 100644
+--- a/data/pam-arch/gdm-launch-environment.pam
++++ b/data/pam-arch/gdm-launch-environment.pam
+@@ -1,10 +1,16 @@
+-auth required pam_env.so
+-auth optional pam_permit.so
++#%PAM-1.0
++auth required pam_succeed_if.so quiet_success user = gdm
++auth optional pam_permit.so
++auth required pam_env.so
+
+-account include system-local-login
++account required pam_succeed_if.so quiet_success user = gdm
++account optional pam_permit.so
+
+-password required pam_deny.so
++password required pam_deny.so
+
+-session optional pam_keyinit.so force revoke
+-session required pam_systemd.so
+-session optional pam_permit.so
++session optional pam_loginuid.so
++session optional pam_keyinit.so force revoke
++session required pam_succeed_if.so quiet_success user = gdm
++session optional pam_permit.so
++-session optional pam_systemd.so
++session required pam_env.so user_readenv=1
+diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
+index 8d34794e..137242a6 100644
+--- a/data/pam-arch/gdm-password.pam
++++ b/data/pam-arch/gdm-password.pam
+@@ -1,11 +1,12 @@
+-auth include system-local-login
+-auth optional pam_gnome_keyring.so
++#%PAM-1.0
+
+-account include system-local-login
++auth include system-local-login
++auth optional pam_gnome_keyring.so
+
+-password include system-local-login
+-password optional pam_gnome_keyring.so use_authtok
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
++password include system-local-login
++password optional pam_gnome_keyring.so use_authtok
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
+deleted file mode 100644
+index 135e205e..00000000
+--- a/data/pam-arch/gdm-pin.pam
++++ /dev/null
+@@ -1,13 +0,0 @@
+-auth requisite pam_pin.so
+-auth include system-local-login
+-auth optional pam_gnome_keyring.so
+-
+-account include system-local-login
+-
+-password include system-local-login
+-password optional pam_pin.so
+-password optional pam_gnome_keyring.so use_authtok
+-
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
+diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
+index ec6f75d5..e6ec1299 100644
+--- a/data/pam-arch/gdm-smartcard.pam
++++ b/data/pam-arch/gdm-smartcard.pam
+@@ -1,14 +1,23 @@
+-auth required pam_tally.so onerr=succeed file=/var/log/faillog
+-auth required pam_shells.so
+-auth requisite pam_nologin.so
+-auth required pam_env.so
+-auth required pam_pkcs11.so wait_for_card card_only
+-auth optional pam_permit.so
++#%PAM-1.0
+
+-account include system-local-login
++auth required pam_shells.so
++auth requisite pam_nologin.so
++auth required pam_faillock.so preauth
++# Optionally use requisite above if you do not want to prompt for the smartcard
++# on locked accounts.
++auth [success=1 default=ignore] pam_pkcs11.so wait_for_card card_only
++auth [default=die] pam_faillock.so authfail
++auth optional pam_permit.so
++auth required pam_env.so
++auth required pam_faillock.so authsucc
++# If you drop the above call to pam_faillock.so the lock will be done also
++# on non-consecutive authentication failures.
++auth [success=ok default=1] pam_gdm.so
++auth optional pam_gnome_keyring.so
+
+-password required pam_pkcs11.so
+-password optional pam_permit.so
++account include system-local-login
+
+-session optional pam_keyinit.so force revoke
+-session include system-local-login
++password required pam_deny.so
++
++session include system-local-login
++session optional pam_gnome_keyring.so auto_start