From 39ea6b6f8c98161644a5777b5a3c3f23e1e7632a Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Mon, 25 Oct 2021 13:22:16 -0400 Subject: [PATCH] Make users with nologin as their shell fail to login Resolves: #2015519 --- ...don-t-validate-shell-before-using-it.patch | 57 +++++++++++++++++++ gnome-session.spec | 22 +++++-- 2 files changed, 73 insertions(+), 6 deletions(-) create mode 100644 0001-gnome-session-don-t-validate-shell-before-using-it.patch diff --git a/0001-gnome-session-don-t-validate-shell-before-using-it.patch b/0001-gnome-session-don-t-validate-shell-before-using-it.patch new file mode 100644 index 0000000..d39e8cf --- /dev/null +++ b/0001-gnome-session-don-t-validate-shell-before-using-it.patch @@ -0,0 +1,57 @@ +From 63d74edc4b112669fdce14d88d37e2dd0315ff7e Mon Sep 17 00:00:00 2001 +From: Ray Strode +Date: Tue, 19 Nov 2019 09:29:16 -0500 +Subject: [PATCH] gnome-session: don't validate shell before using it + +Users sometimes set their shell to an invalid shell to prevent +login from proceeding. + +GNOME on Wayland still allows login in these cases. + +This commit makes the behavior match expectations by skipping +shell validity checks when deciding to run though a login shell. +--- + gnome-session/gnome-session.in | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/gnome-session/gnome-session.in b/gnome-session/gnome-session.in +index ddd1a591..b4b1f8fa 100755 +--- a/gnome-session/gnome-session.in ++++ b/gnome-session/gnome-session.in +@@ -1,32 +1,29 @@ + #!/bin/sh + + if [ "x$XDG_SESSION_TYPE" = "xwayland" ] && + [ "x$XDG_SESSION_CLASS" != "xgreeter" ] && +- [ -n "$SHELL" ] && +- grep -q "$SHELL" /etc/shells && +- ! (echo "$SHELL" | grep -q "false") && +- ! (echo "$SHELL" | grep -q "nologin"); then ++ [ -n "$SHELL" ]; then + if [ "$1" != '-l' ]; then + exec bash -c "exec -l '$SHELL' -c '$0 -l $*'" + else + shift + fi + fi + + SETTING=$(G_MESSAGES_DEBUG='' gsettings get org.gnome.system.locale region) + REGION=${SETTING#\'} + REGION=${REGION%\'} + + if [ -n "$REGION" ]; then + unset LC_TIME LC_NUMERIC LC_MONETARY LC_MEASUREMENT LC_PAPER + + if [ "$LANG" != "$REGION" ] ; then + export LC_TIME=$REGION + export LC_NUMERIC=$REGION + export LC_MONETARY=$REGION + export LC_MEASUREMENT=$REGION + export LC_PAPER=$REGION + fi + fi + + exec @libexecdir@/gnome-session-binary "$@" +-- +2.32.0 + diff --git a/gnome-session.spec b/gnome-session.spec index a878160..af3e1a0 100644 --- a/gnome-session.spec +++ b/gnome-session.spec @@ -9,7 +9,7 @@ Name: gnome-session Version: 40.1.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: GNOME session manager License: GPLv2+ @@ -19,15 +19,21 @@ Source1: gnome.desktop Source2: gnome-xorg.desktop # Blacklist NV30: https://bugzilla.redhat.com/show_bug.cgi?id=745202 -Patch1: gnome-session-3.3.92-nv30.patch -Patch3: gnome-session-3.6.2-swrast.patch +Patch10001: gnome-session-3.3.92-nv30.patch + +Patch20001: gnome-session-3.6.2-swrast.patch + # https://bugzilla.gnome.org/show_bug.cgi?id=772421 -Patch4: 0001-check-accelerated-gles-Use-eglGetPlatformDisplay-EXT.patch +Patch30001: 0001-check-accelerated-gles-Use-eglGetPlatformDisplay-EXT.patch + # For https://fedoraproject.org/w/index.php?title=Changes/HiddenGrubMenu # This should go upstream once systemd has a generic interface for this -Patch5: 0001-Fedora-Set-grub-boot-flags-on-shutdown-reboot.patch +Patch40001: 0001-Fedora-Set-grub-boot-flags-on-shutdown-reboot.patch + # subscription manager support -Patch6: subscription-manager-support.patch +Patch50001: subscription-manager-support.patch + +Patch60001: 0001-gnome-session-don-t-validate-shell-before-using-it.patch BuildRequires: meson BuildRequires: gcc @@ -139,6 +145,10 @@ cp $RPM_SOURCE_DIR/gnome-xorg.desktop $RPM_BUILD_ROOT%{_datadir}/xsessions/gnome %{_userunitdir}/gnome-launched-.scope.d/ %changelog +* Mon Oct 25 2021 Ray Strode - 40.1.1-5 +- Make users with nologin as their shell fail to login + Resolves: #2015519 + * Mon Sep 06 2021 Kalev Lember - 40.1.1-4 - Forward port subscription manager support from RHEL 8 - Resolves: #1937113