Add Arch Linux PAM config files

8 files changed, 88 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index 90af1c06..ab31ba50 100644
--- a/configure.ac
+++ b/configure.ac
@@ -195,12 +195,13 @@ if test x$enable_split_authentication = xyes; then
 fi
 
 AC_ARG_WITH(default-pam-config,
-	    AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, exherbo, lfs, none @<:@default=auto@:>@]))
+	    AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, exherbo, lfs, arch, none @<:@default=auto@:>@]))
 dnl If not given, try autodetecting from release files (see NetworkManager source) 
 if test x$with_default_pam_config = x; then
 	AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat")
 	AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat")
 	AC_CHECK_FILE(/etc/exherbo-release,with_default_pam_config="exherbo")
+	AC_CHECK_FILE(/etc/arch-release,with_default_pam_config="arch")
 	AC_CHECK_FILE(/etc/lfs-release,with_default_pam_config="lfs")
 	dnl If not autodetected, default to none
 	if test x$with_default_pam_config = x; then
@@ -208,7 +209,7 @@ if test x$with_default_pam_config = x; then
 	fi
 fi
 case x$with_default_pam_config in
-     xredhat|xopenembedded|xexherbo|xlfs|xnone) ;;
+     xredhat|xopenembedded|xexherbo|xlfs|xarch|xnone) ;;
      *)
        AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}])
        exit 1
@@ -218,6 +219,7 @@ AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredha
 AM_CONDITIONAL(ENABLE_OPENEMBEDDED_PAM_CONFIG, test x$with_default_pam_config = xopenembedded)
 AM_CONDITIONAL(ENABLE_EXHERBO_PAM_CONFIG, test x$with_default_pam_config = xexherbo)
 AM_CONDITIONAL(ENABLE_LFS_PAM_CONFIG, test x$with_default_pam_config = xlfs)
+AM_CONDITIONAL(ENABLE_ARCH_PAM_CONFIG, test x$with_default_pam_config = xarch)
 
 AC_ARG_ENABLE(console-helper,
 	      AS_HELP_STRING([--enable-console-helper],
diff --git a/data/Makefile.am b/data/Makefile.am
index 81cde22b..2ad4d267 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -125,6 +125,15 @@ pam_lfs_files = pam-lfs/gdm.pam			\
 	$(NULL)
 EXTRA_DIST += $(pam_lfs_files)
 
+pam_arch_files = pam-arch/gdm-autologin.pam	\
+	pam-arch/gdm-launch-environment.pam	\
+	pam-arch/gdm-fingerprint.pam		\
+	pam-arch/gdm-smartcard.pam		\
+	pam-arch/gdm-password.pam		\
+	pam-arch/gdm-pin.pam			\
+	$(NULL)
+EXTRA_DIST += $(pam_arch_files)
+
 if ENABLE_REDHAT_PAM_CONFIG
 pam_files = $(pam_redhat_files)
 endif
@@ -137,6 +146,9 @@ endif
 if ENABLE_LFS_PAM_CONFIG
 pam_files = $(pam_lfs_files)
 endif
+if ENABLE_ARCH_PAM_CONFIG
+pam_files = $(pam_arch_files)
+endif
 
 EXTRA_DIST +=			\
 	$(dconf_db_files)	\
diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam
new file mode 100644
index 00000000..9f45c659
--- /dev/null
+++ b/data/pam-arch/gdm-autologin.pam
@@ -0,0 +1,10 @@
+auth     requisite pam_nologin.so
+auth     required  pam_env.so
+auth     optional  pam_permit.so
+
+account  include   system-local-login
+
+password include   system-local-login
+
+session  optional  pam_keyinit.so force revoke
+session  include   system-local-login
diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam
new file mode 100644
index 00000000..a4808617
--- /dev/null
+++ b/data/pam-arch/gdm-fingerprint.pam
@@ -0,0 +1,14 @@
+auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
+auth     required  pam_shells.so
+auth     requisite pam_nologin.so
+auth     required  pam_env.so
+auth     required  pam_fprintd.so
+auth     optional  pam_permit.so
+
+account  include   system-local-login
+
+password required  pam_fprintd.so
+password optional  pam_permit.so
+
+session  optional  pam_keyinit.so force revoke
+session  include   system-local-login
diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam
new file mode 100644
index 00000000..618a7d3a
--- /dev/null
+++ b/data/pam-arch/gdm-launch-environment.pam
@@ -0,0 +1,10 @@
+auth     required  pam_env.so
+auth     optional  pam_permit.so
+
+account  include   system-local-login
+
+password required  pam_deny.so
+
+session  optional  pam_keyinit.so force revoke
+session  required  pam_systemd.so
+session  optional  pam_permit.so
diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam
new file mode 100644
index 00000000..8d34794e
--- /dev/null
+++ b/data/pam-arch/gdm-password.pam
@@ -0,0 +1,11 @@
+auth     include   system-local-login
+auth     optional  pam_gnome_keyring.so
+
+account  include   system-local-login
+
+password include   system-local-login
+password optional  pam_gnome_keyring.so use_authtok
+
+session  optional  pam_keyinit.so force revoke
+session  include   system-local-login
+session  optional  pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam
new file mode 100644
index 00000000..135e205e
--- /dev/null
+++ b/data/pam-arch/gdm-pin.pam
@@ -0,0 +1,13 @@
+auth     requisite pam_pin.so
+auth     include   system-local-login
+auth     optional  pam_gnome_keyring.so
+
+account  include   system-local-login
+
+password include   system-local-login
+password optional  pam_pin.so
+password optional  pam_gnome_keyring.so use_authtok
+
+session  optional  pam_keyinit.so force revoke
+session  include   system-local-login
+session  optional  pam_gnome_keyring.so auto_start
diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam
new file mode 100644
index 00000000..ec6f75d5
--- /dev/null
+++ b/data/pam-arch/gdm-smartcard.pam
@@ -0,0 +1,14 @@
+auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
+auth     required  pam_shells.so
+auth     requisite pam_nologin.so
+auth     required  pam_env.so
+auth     required  pam_pkcs11.so wait_for_card card_only
+auth     optional  pam_permit.so
+
+account  include   system-local-login
+
+password required  pam_pkcs11.so
+password optional  pam_permit.so
+
+session  optional  pam_keyinit.so force revoke
+session  include   system-local-login