From 295d0bc42b11a9473a024b9cdca58bdd9197e905 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 27 Apr 2012 18:34:39 -0400 Subject: Add --with-default-pam-config option, autodetect from /etc/foo-release files The PAM files that ship with GDM are really specific to Red Hat's historical fork of pam. For example, the "system-auth" file still lives in the Fedora 17 "pam" git. A long while back, Debian hit the same problem, and of course the difference is the naming; common-auth/common-password etc. OpenEmbedded then picked up Debian's PAM fork. Since for OSTree-GNOME we're using Poky/OpenEmbedded, let's add an option to integrate with their PAM. We use code similar to what NetworkManager has, so we should keep using the Red Hat files on systems with /etc/redhat-release or /etc/fedora-release. https://bugzilla.gnome.org/show_bug.cgi?id=675085 --- configure.ac | 22 ++++++++++++++++++++++ data/Makefile.am | 15 ++++++++++++++- data/pam-openembedded/gdm-autologin.pam | 10 ++++++++++ data/pam-openembedded/gdm-welcome.pam | 9 +++++++++ data/pam-openembedded/gdm.pam | 12 ++++++++++++ 5 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 data/pam-openembedded/gdm-autologin.pam create mode 100644 data/pam-openembedded/gdm-welcome.pam create mode 100644 data/pam-openembedded/gdm.pam diff --git a/configure.ac b/configure.ac index b70f5372..0e86c718 100644 --- a/configure.ac +++ b/configure.ac @@ -226,6 +226,27 @@ if test x$enable_split_authentication = xyes; then AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled]) fi +AC_ARG_WITH(default-pam-config, + AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, none @<:@default=auto@:>@])) +dnl If not given, try autodetecting from release files (see NetworkManager source) +if test x$with_default_pam_config = x; then + AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat") + AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat") + dnl If not autodetected, default to none + if test x$with_default_pam_config = x; then + with_default_pam_config=none + fi +fi +case x$with_default_pam_config in + xredhat|xopenembedded|xnone) ;; + *) + AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}]) + exit 1 + ;; +esac +AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredhat) +AM_CONDITIONAL(ENABLE_OPENEMBEDDED_PAM_CONFIG, test x$with_default_pam_config = xopenembedded) + AC_ARG_ENABLE(console-helper, AS_HELP_STRING([--enable-console-helper], [Enable PAM console helper @<:@default=auto@:>@]),, @@ -1550,6 +1571,7 @@ echo " dbus-1 system.d dir: ${DBUS_SYS_DIR} PAM prefix: ${PAM_PREFIX} + PAM config: ${with_default_pam_config} X server: ${X_SERVER} " diff --git a/data/Makefile.am b/data/Makefile.am index dc0301b8..19823491 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -98,6 +98,19 @@ pam_redhat_files = pam-redhat/gdm.pam \ $(NULL) EXTRA_DIST += $(pam_redhat_files) +pam_openembedded_files = pam-openembedded/gdm.pam \ + pam-openembedded/gdm-autologin.pam \ + pam-openembedded/gdm-welcome.pam \ + $(NULL) +EXTRA_DIST += $(pam_openembedded_files) + +if ENABLE_REDHAT_PAM_CONFIG +pam_files = $(pam_redhat_files) +endif +if ENABLE_OPENEMBEDDED_PAM_CONFIG +pam_files = $(pam_openembedded_files) +endif + EXTRA_DIST += \ $(schemas_in_files) \ $(schemas_DATA) \ @@ -223,7 +236,7 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession 00-upstr chmod 755 $(DESTDIR)$(PAM_PREFIX)/pam.d; \ fi; \ if test $$system = Linux; then \ - for pamfile in $(pam_redhat_files); do \ + for pamfile in $(pam_files); do \ bn=$$(basename $$pamfile .pam); \ $(INSTALL_DATA) $(srcdir)/$$pamfile $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; \ done; \ diff --git a/data/pam-openembedded/gdm-autologin.pam b/data/pam-openembedded/gdm-autologin.pam new file mode 100644 index 00000000..32d5248f --- /dev/null +++ b/data/pam-openembedded/gdm-autologin.pam @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_permit.so +account required pam_nologin.so +account include common-auth +password include common-auth +session optional pam_keyinit.so force revoke +session include common-session +session required pam_loginuid.so +session optional pam_console.so diff --git a/data/pam-openembedded/gdm-welcome.pam b/data/pam-openembedded/gdm-welcome.pam new file mode 100644 index 00000000..602217b1 --- /dev/null +++ b/data/pam-openembedded/gdm-welcome.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_permit.so +account required pam_nologin.so +account include common-account +password include common-auth +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session include common-session diff --git a/data/pam-openembedded/gdm.pam b/data/pam-openembedded/gdm.pam new file mode 100644 index 00000000..de223de1 --- /dev/null +++ b/data/pam-openembedded/gdm.pam @@ -0,0 +1,12 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth include common-auth +account required pam_nologin.so +account include common-account +password include common-password +session optional pam_keyinit.so force revoke +session include common-session +session required pam_loginuid.so +session optional pam_console.so -- cgit v1.2.1