Fix pam_ecryptfs. unfortunately adds back gross last login messages.

Resolves: #1174366

fix-pam-ecryptfs.patch

@@ -0,0 +1,174 @@
+From 4d25bda84d9ed57efecb8a6444ef8d978f74b2d6 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Fri, 16 Jan 2015 09:46:26 -0500
+Subject: [PATCH] Revert "pam: drop postlogin from fedora pam config"
+
+This reverts commit 76d26d8c1c37c6bd38bcac082d5cc62670fe5d39.
+
+It breaks pam_ecryptfs.
+Downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1174366
+
+https://bugzilla.gnome.org/show_bug.cgi?id=743045
+---
+ data/pam-redhat/gdm-autologin.pam          | 2 ++
+ data/pam-redhat/gdm-fingerprint.pam        | 2 ++
+ data/pam-redhat/gdm-launch-environment.pam | 2 ++
+ data/pam-redhat/gdm-password.pam           | 2 ++
+ data/pam-redhat/gdm-pin.pam                | 2 ++
+ data/pam-redhat/gdm-smartcard.pam          | 2 ++
+ data/pam-redhat/gdm.pam                    | 3 +++
+ 7 files changed, 15 insertions(+)
+
+diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam
+index 08d4543..0616e66 100644
+--- a/data/pam-redhat/gdm-autologin.pam
++++ b/data/pam-redhat/gdm-autologin.pam
+@@ -1,14 +1,16 @@
+  #%PAM-1.0
+ auth       required    pam_env.so
+ auth       required    pam_permit.so
++auth       include     postlogin
+ account    required    pam_nologin.so
+ account    include     system-auth
+ password   include     system-auth
+ session    required    pam_selinux.so close
+ session    required    pam_loginuid.so
+ session    optional    pam_console.so
+ -session    optional    pam_ck_connector.so
+ session    required    pam_selinux.so open
+ session    optional    pam_keyinit.so force revoke
+ session    required    pam_namespace.so
+ session    include     system-auth
++session    include     postlogin
+diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam
+index ee0635d..c5a3598 100644
+--- a/data/pam-redhat/gdm-fingerprint.pam
++++ b/data/pam-redhat/gdm-fingerprint.pam
+@@ -1,15 +1,17 @@
+ auth        substack      fingerprint-auth
++auth        include       postlogin
+ 
+ account     required      pam_nologin.so
+ account     include       fingerprint-auth
+ 
+ password    include       fingerprint-auth
+ 
+ session     required      pam_selinux.so close
+ session     required      pam_loginuid.so
+ session     optional      pam_console.so
+ -session    optional    pam_ck_connector.so
+ session     required      pam_selinux.so open
+ session     optional      pam_keyinit.so force revoke
+ session     required      pam_namespace.so
+ session     include       fingerprint-auth
++session     include       postlogin
+diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam
+index f1811f1..a5130ea 100644
+--- a/data/pam-redhat/gdm-launch-environment.pam
++++ b/data/pam-redhat/gdm-launch-environment.pam
+@@ -1,7 +1,9 @@
+ #%PAM-1.0
+ auth       required    pam_env.so
+ auth       required    pam_permit.so
++auth       include     postlogin
+ account    include     system-auth
+ password   include     system-auth
+ session    optional    pam_keyinit.so force revoke
+ session    include     system-auth
++session    include     postlogin
+diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam
+index b95ca16..3006d0c 100644
+--- a/data/pam-redhat/gdm-password.pam
++++ b/data/pam-redhat/gdm-password.pam
+@@ -1,19 +1,21 @@
+ auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
+ auth        substack      password-auth
+ auth        optional      pam_gnome_keyring.so
++auth        include       postlogin
+ 
+ account     required      pam_nologin.so
+ account     include       password-auth
+ 
+ password    substack       password-auth
+ -password   optional       pam_gnome_keyring.so use_authtok
+ 
+ session     required      pam_selinux.so close
+ session     required      pam_loginuid.so
+ session     optional      pam_console.so
+ -session    optional    pam_ck_connector.so
+ session     required      pam_selinux.so open
+ session     optional      pam_keyinit.so force revoke
+ session     required      pam_namespace.so
+ session     include       password-auth
+ session     optional      pam_gnome_keyring.so auto_start
++session     include       postlogin
+diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam
+index d0a4e71..7594653 100644
+--- a/data/pam-redhat/gdm-pin.pam
++++ b/data/pam-redhat/gdm-pin.pam
+@@ -1,20 +1,22 @@
+ auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
+ auth        requisite     pam_pin.so
+ auth        substack      password-auth
+ auth        optional      pam_gnome_keyring.so
++auth        include       postlogin
+ 
+ account     required      pam_nologin.so
+ account     include       password-auth
+ 
+ password    include       password-auth
+ password    optional      pam_pin.so
+ 
+ session     required      pam_selinux.so close
+ session     required      pam_loginuid.so
+ session     optional      pam_console.so
+ -session    optional    pam_ck_connector.so
+ session     required      pam_selinux.so open
+ session     optional      pam_keyinit.so force revoke
+ session     required      pam_namespace.so
+ session     include       password-auth
+ session     optional      pam_gnome_keyring.so auto_start
++session     include       postlogin
+diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam
+index d49eef9..c91cf0d 100644
+--- a/data/pam-redhat/gdm-smartcard.pam
++++ b/data/pam-redhat/gdm-smartcard.pam
+@@ -1,15 +1,17 @@
+ auth        substack      smartcard-auth
++auth        include       postlogin
+ 
+ account     required      pam_nologin.so
+ account     include       smartcard-auth
+ 
+ password    include       smartcard-auth
+ 
+ session     required      pam_selinux.so close
+ session     required      pam_loginuid.so
+ session     optional      pam_console.so
+ -session    optional    pam_ck_connector.so
+ session     required      pam_selinux.so open
+ session     optional      pam_keyinit.so force revoke
+ session     required      pam_namespace.so
+ session     include       smartcard-auth
++session     include       postlogin
+diff --git a/data/pam-redhat/gdm.pam b/data/pam-redhat/gdm.pam
+index 9d95a51..baa058b 100644
+--- a/data/pam-redhat/gdm.pam
++++ b/data/pam-redhat/gdm.pam
+@@ -1,10 +1,13 @@
+ #%PAM-1.0
+ auth       required    pam_env.so
+ auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
++auth       include     postlogin
+ auth       include     system-auth
++account    required    pam_nologin.so
+ account    include     system-auth
+ password   include     system-auth
+ session    optional    pam_keyinit.so force revoke
+ session    include     system-auth
+ session    required    pam_loginuid.so
+ session    optional    pam_console.so
++session    include     postlogin
+-- 
+2.1.0
+

gdm.spec

@@ -12,7 +12,7 @@
 Summary: The GNOME Display Manager
 Name: gdm
 Version: 3.15.3.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: User Interface/X
@@ -20,6 +20,7 @@ URL: http://download.gnome.org/sources/gdm
 #VCS: git:git://git.gnome.org/gdm
 Source: http://download.gnome.org/sources/gdm/3.15/gdm-%{version}.tar.xz
 Source1: org.gnome.login-screen.gschema.override
+Patch0: fix-pam-ecryptfs.patch
 
 BuildRequires: pkgconfig(libcanberra-gtk)
 BuildRequires: pango-devel >= 0:%{pango_version}
@@ -105,6 +106,7 @@ files needed to build custom greeters.
 
 %prep
 %setup -q
+%patch0 -p1 -b .fix-pam-ecryptfs
 
 autoreconf -i -f
 intltoolize -f
@@ -294,6 +296,10 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor >&/dev/null || :
 %{_libdir}/pkgconfig/gdm.pc
 
 %changelog
+* Fri Jan 16 2015 Ray Strode <rstrode@redhat.com> 3.13.91-2
+- Fix pam_ecryptfs. unfortunately adds back gross last login messages.
+  Resolves: #1174366
+
 * Fri Dec 19 2014 Richard Hughes <rhughes@redhat.com> - 1:3.15.3.1-1
 - Update to 3.15.3.1