Sophie

Sophie

distrib > Mageia > 5 > x86_64 > by-pkgid > e520a3e525c7292a95b037466e21c9e6 > files > 10

gdm-3.14.2-5.1.mga5.src.rpm

From 485c74c9689854a3d56e58f30114954d493ddfee Mon Sep 17 00:00:00 2001
From: Colin Guthrie <colin@mageia.org>
Date: Tue, 30 Aug 2011 20:28:57 +0100
Subject: [PATCH 302/303] Fix gdm pam.d configs.

This ensures that pam_console is included in the gdm-welcome pam.d
to allow e.g. the PulseAudio spawned by gdm to access bluetooth h/w.
While this isn't in itself necessarily majorly useful, it does solve a
problem where by bluetoothd is enabled, but not yet started when
gdm's PulseAudio is launched. This will cause bus activation to
kick in and attempt to lauch bluetoothd, but due to the default
bluez dbus policy gdm will not be allowed to talk to to the
necessary interfaces resulting in an activation failure and
a 30s timeout before gdm appears.
 References:
  * https://bugs.mageia.org/show_bug.cgi?id=5148

The other fix is to ensure that pam_gnome_keyring.so is included
after system-auth (or rather after pam_systemd specifically) to
ensure that the XDG_RUNTIME_DIR variable is set.
 References:
  * http://pkgs.fedoraproject.org/gitweb/?p=gdm.git;a=commit;h=12886d9c0f01e4f52eea9a3b63602c996bd7f084
  * https://bugzilla.gnome.org/show_bug.cgi?id=655867
  * http://mail.gnome.org/archives/distributor-list/2012-April/msg00000.html

Also add in pam_namespace.so which is needed for xguest.
 References:
  * https://bugs.mageia.org/show_bug.cgi?id=4950
---
 data/pam-redhat/gdm-autologin.pam          |  5 +----
 data/pam-redhat/gdm-fingerprint.pam        | 21 +++++++++++++--------
 data/pam-redhat/gdm-launch-environment.pam |  1 +
 data/pam-redhat/gdm-password.pam           | 15 +++++++--------
 data/pam-redhat/gdm-smartcard.pam          | 22 ++++++++++++++--------
 data/pam-redhat/gdm.pam                    |  3 +++
 6 files changed, 39 insertions(+), 28 deletions(-)

diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
index 08d4543..f884c1d 100644
--- a/data/pam-redhat/gdm-autologin.pam
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -1,14 +1,11 @@
- #%PAM-1.0
+#%PAM-1.0
 auth       required    pam_env.so
 auth       required    pam_permit.so
 account    required    pam_nologin.so
 account    include     system-auth
 password   include     system-auth
-session    required    pam_selinux.so close
 session    required    pam_loginuid.so
 session    optional    pam_console.so
--session    optional    pam_ck_connector.so
-session    required    pam_selinux.so open
 session    optional    pam_keyinit.so force revoke
 session    required    pam_namespace.so
 session    include     system-auth
diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
index ee0635d..425cd49 100644
--- a/data/pam-redhat/gdm-fingerprint.pam
+++ b/data/pam-redhat/gdm-fingerprint.pam
@@ -1,15 +1,20 @@
-auth        substack      fingerprint-auth
+# Sample PAM file for doing fingerprint authentication.
+# Distros should replace this with what makes sense for them.
+auth        required      pam_env.so
+auth        required      pam_fprintd.so
+auth        sufficient    pam_succeed_if.so uid >= 500 quiet
+auth        required      pam_deny.so
 
-account     required      pam_nologin.so
-account     include       fingerprint-auth
+account     required      pam_unix.so
+account     sufficient    pam_localuser.so
+account     sufficient    pam_succeed_if.so uid < 500 quiet
+account     required      pam_permit.so
 
-password    include       fingerprint-auth
+password    required      pam_deny.so
 
-session     required      pam_selinux.so close
 session     required      pam_loginuid.so
 session     optional      pam_console.so
--session    optional    pam_ck_connector.so
-session     required      pam_selinux.so open
 session     optional      pam_keyinit.so force revoke
 session     required      pam_namespace.so
-session     include       fingerprint-auth
+session     required      pam_limits.so
+session     required      pam_unix.so
diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam
index f1811f1..66ab89e 100644
--- a/data/pam-redhat/gdm-launch-environment.pam
+++ b/data/pam-redhat/gdm-launch-environment.pam
@@ -3,5 +3,6 @@ auth       required    pam_env.so
 auth       required    pam_permit.so
 account    include     system-auth
 password   include     system-auth
+session    optional    pam_console.so
 session    optional    pam_keyinit.so force revoke
 session    include     system-auth
diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
index b95ca16..cbcc3d9 100644
--- a/data/pam-redhat/gdm-password.pam
+++ b/data/pam-redhat/gdm-password.pam
@@ -1,19 +1,18 @@
-auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
-auth        substack      password-auth
+#%PAM-1.0
+auth        required      pam_env.so
+auth        sufficient    pam_succeed_if.so user ingroup nopasswdlogin
+auth        substack      system-auth
 auth        optional      pam_gnome_keyring.so
 
 account     required      pam_nologin.so
-account     include       password-auth
+account     include       system-auth
 
-password    substack       password-auth
+password    substack       system-auth
 -password   optional       pam_gnome_keyring.so use_authtok
 
-session     required      pam_selinux.so close
 session     required      pam_loginuid.so
 session     optional      pam_console.so
--session    optional    pam_ck_connector.so
-session     required      pam_selinux.so open
 session     optional      pam_keyinit.so force revoke
 session     required      pam_namespace.so
-session     include       password-auth
+session     include       system-auth
 session     optional      pam_gnome_keyring.so auto_start
diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
index d49eef9..306113c 100644
--- a/data/pam-redhat/gdm-smartcard.pam
+++ b/data/pam-redhat/gdm-smartcard.pam
@@ -1,15 +1,21 @@
-auth        substack      smartcard-auth
+# Sample PAM file for doing smartcard authentication.
+# Distros should replace this with what makes sense for them.
+auth        required      pam_env.so
+auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
+auth        requisite     pam_succeed_if.so uid >= 500 quiet
+auth        required      pam_deny.so
 
-account     required      pam_nologin.so
-account     include       smartcard-auth
+account     required      pam_unix.so
+account     sufficient    pam_localuser.so
+account     sufficient    pam_succeed_if.so uid < 500 quiet
+account     required      pam_permit.so
 
-password    include       smartcard-auth
+password    optional      pam_pkcs11.so
+password    requisite     pam_cracklib.so try_first_pass retry=3 type=
 
-session     required      pam_selinux.so close
 session     required      pam_loginuid.so
 session     optional      pam_console.so
--session    optional    pam_ck_connector.so
-session     required      pam_selinux.so open
 session     optional      pam_keyinit.so force revoke
 session     required      pam_namespace.so
-session     include       smartcard-auth
+session     required      pam_limits.so
+session     required      pam_unix.so
diff --git a/data/pam-redhat/gdm.pam b/data/pam-redhat/gdm.pam
index 9d95a51..d7e3a2f 100644
--- a/data/pam-redhat/gdm.pam
+++ b/data/pam-redhat/gdm.pam
@@ -2,9 +2,12 @@
 auth       required    pam_env.so
 auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
 auth       include     system-auth
+auth       optional    pam_gnome_keyring.so
 account    include     system-auth
 password   include     system-auth
 session    optional    pam_keyinit.so force revoke
+session    required    pam_namespace.so
 session    include     system-auth
 session    required    pam_loginuid.so
 session    optional    pam_console.so
+session    optional    pam_gnome_keyring.so auto_start
-- 
2.1.2

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional