rpms/gdm
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Drop an unused patch

Browse Source
This commit is contained in:
Kalev Lember 2018-05-17 16:30:05 +02:00
parent 6d861c9aa2
commit 2cfe54ce62
1 changed files with 0 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
fix-autologin.patch
View File

@ -1,154 +0,0 @@
From 0a7779b47319eb47b4d5d51f6eb653434c204c29 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 30 Aug 2016 16:10:19 -0400
Subject: [PATCH 1/2] pam_gdm: return AUTHINFO_UNAVAIL if kernel keyring
unavailable
right now we return PAM_SUCCESS if keyutils are unavailable.
This is the wrong default, we should fail if we aren't able to
get the password.
https://bugzilla.gnome.org/show_bug.cgi?id=770612
---
pam_gdm/pam_gdm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pam_gdm/pam_gdm.c b/pam_gdm/pam_gdm.c
index 7beb04e..f491b8d 100644
--- a/pam_gdm/pam_gdm.c
+++ b/pam_gdm/pam_gdm.c
@@ -31,61 +31,61 @@
#include <keyutils.h>
#endif
int
pam_sm_authenticate (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
#ifdef HAVE_KEYUTILS
int r;
void *cached_password = NULL;
key_serial_t serial;
serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
if (serial == 0)
return PAM_AUTHINFO_UNAVAIL;
r = keyctl_read_alloc (serial, &cached_password);
if (r < 0)
return PAM_AUTHINFO_UNAVAIL;
r = pam_set_item (pamh, PAM_AUTHTOK, cached_password);
free (cached_password);
if (r < 0)
return PAM_AUTH_ERR;
#endif
- return PAM_SUCCESS;
+ return PAM_AUTHINFO_UNAVAIL;
}
int
pam_sm_setcred (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return PAM_SUCCESS;
}
int
pam_sm_acct_mgmt (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return PAM_SUCCESS;
}
int
pam_sm_chauthtok (pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return PAM_SUCCESS;
}
int
--
2.7.4
From 5716de2c0ec11a77c279c6952ea76d173d46b0e3 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 30 Aug 2016 15:58:15 -0400
Subject: [PATCH 2/2] pam: don't call into pam_unix if pam_gdm fails for
autolgoin
If pam_gdm fails we shouldn't call into pam_unix since it can lead
to the system asking for a password, and autologin isn't equipped for
that.
This commit changes the pam configuration to jump to pam_permit if
pam_gdm fails.
https://bugzilla.gnome.org/show_bug.cgi?id=770612
---
data/pam-exherbo/gdm-autologin.pam | 4 ++--
data/pam-redhat/gdm-autologin.pam | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/data/pam-exherbo/gdm-autologin.pam b/data/pam-exherbo/gdm-autologin.pam
index afde048..61f8e54 100644
--- a/data/pam-exherbo/gdm-autologin.pam
+++ b/data/pam-exherbo/gdm-autologin.pam
@@ -1,15 +1,15 @@
# mirrors system-auth / system(-local)-login
# except for the authentication method, which is:
# always permit login
-auth optional pam_gdm.so
+auth [success=ok default=2] pam_gdm.so
auth substack system-local-login
-auth sufficient pam_permit.so
-auth optional pam_gnome_keyring.so
+auth sufficient pam_permit.so
account include system-local-login
password include system-local-login
session include system-local-login
-session optional pam_gnome_keyring.so auto_start
diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
index c2efea8..fbc9d9c 100644
--- a/data/pam-redhat/gdm-autologin.pam
+++ b/data/pam-redhat/gdm-autologin.pam
@@ -1,18 +1,18 @@
#%PAM-1.0
-auth optional pam_gdm.so
+auth [success=ok default=2] pam_gdm.so
auth substack password-auth
auth optional pam_gnome_keyring.so
auth sufficient pam_permit.so
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include system-auth
session optional pam_gnome_keyring.so auto_start
session include postlogin
--
2.7.4