[gdm] Add --with-default-pam-config option, autodetect from /etc/foo-release files
- From: Colin Walters <walters src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdm] Add --with-default-pam-config option, autodetect from /etc/foo-release files
- Date: Tue, 10 Jul 2012 14:28:25 +0000 (UTC)
commit 295d0bc42b11a9473a024b9cdca58bdd9197e905
Author: Colin Walters <walters verbum org>
Date: Fri Apr 27 18:34:39 2012 -0400
Add --with-default-pam-config option, autodetect from /etc/foo-release files
The PAM files that ship with GDM are really specific to Red Hat's
historical fork of pam. For example, the "system-auth" file still
lives in the Fedora 17 "pam" git. A long while back, Debian hit the
same problem, and of course the difference is the naming;
common-auth/common-password etc.
OpenEmbedded then picked up Debian's PAM fork. Since for OSTree-GNOME
we're using Poky/OpenEmbedded, let's add an option to integrate with
their PAM.
We use code similar to what NetworkManager has, so we should keep
using the Red Hat files on systems with /etc/redhat-release or
/etc/fedora-release.
https://bugzilla.gnome.org/show_bug.cgi?id=675085
configure.ac | 22 ++++++++++++++++++++++
data/Makefile.am | 15 ++++++++++++++-
data/pam-openembedded/gdm-autologin.pam | 10 ++++++++++
data/pam-openembedded/gdm-welcome.pam | 9 +++++++++
data/pam-openembedded/gdm.pam | 12 ++++++++++++
5 files changed, 67 insertions(+), 1 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index b70f537..0e86c71 100644
--- a/configure.ac
+++ b/configure.ac
@@ -226,6 +226,27 @@ if test x$enable_split_authentication = xyes; then
AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled])
fi
+AC_ARG_WITH(default-pam-config,
+ AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, none @<:@default=auto@:>@]))
+dnl If not given, try autodetecting from release files (see NetworkManager source)
+if test x$with_default_pam_config = x; then
+ AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat")
+ AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat")
+ dnl If not autodetected, default to none
+ if test x$with_default_pam_config = x; then
+ with_default_pam_config=none
+ fi
+fi
+case x$with_default_pam_config in
+ xredhat|xopenembedded|xnone) ;;
+ *)
+ AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}])
+ exit 1
+ ;;
+esac
+AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredhat)
+AM_CONDITIONAL(ENABLE_OPENEMBEDDED_PAM_CONFIG, test x$with_default_pam_config = xopenembedded)
+
AC_ARG_ENABLE(console-helper,
AS_HELP_STRING([--enable-console-helper],
[Enable PAM console helper @<:@default=auto@:>@]),,
@@ -1550,6 +1571,7 @@ echo "
dbus-1 system.d dir: ${DBUS_SYS_DIR}
PAM prefix: ${PAM_PREFIX}
+ PAM config: ${with_default_pam_config}
X server: ${X_SERVER}
"
diff --git a/data/Makefile.am b/data/Makefile.am
index dc0301b..1982349 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -98,6 +98,19 @@ pam_redhat_files = pam-redhat/gdm.pam \
$(NULL)
EXTRA_DIST += $(pam_redhat_files)
+pam_openembedded_files = pam-openembedded/gdm.pam \
+ pam-openembedded/gdm-autologin.pam \
+ pam-openembedded/gdm-welcome.pam \
+ $(NULL)
+EXTRA_DIST += $(pam_openembedded_files)
+
+if ENABLE_REDHAT_PAM_CONFIG
+pam_files = $(pam_redhat_files)
+endif
+if ENABLE_OPENEMBEDDED_PAM_CONFIG
+pam_files = $(pam_openembedded_files)
+endif
+
EXTRA_DIST += \
$(schemas_in_files) \
$(schemas_DATA) \
@@ -223,7 +236,7 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession 00-upstr
chmod 755 $(DESTDIR)$(PAM_PREFIX)/pam.d; \
fi; \
if test $$system = Linux; then \
- for pamfile in $(pam_redhat_files); do \
+ for pamfile in $(pam_files); do \
bn=$$(basename $$pamfile .pam); \
$(INSTALL_DATA) $(srcdir)/$$pamfile $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; \
done; \
diff --git a/data/pam-openembedded/gdm-autologin.pam b/data/pam-openembedded/gdm-autologin.pam
new file mode 100644
index 0000000..32d5248
--- /dev/null
+++ b/data/pam-openembedded/gdm-autologin.pam
@@ -0,0 +1,10 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+account required pam_nologin.so
+account include common-auth
+password include common-auth
+session optional pam_keyinit.so force revoke
+session include common-session
+session required pam_loginuid.so
+session optional pam_console.so
diff --git a/data/pam-openembedded/gdm-welcome.pam b/data/pam-openembedded/gdm-welcome.pam
new file mode 100644
index 0000000..602217b
--- /dev/null
+++ b/data/pam-openembedded/gdm-welcome.pam
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_permit.so
+account required pam_nologin.so
+account include common-account
+password include common-auth
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session include common-session
diff --git a/data/pam-openembedded/gdm.pam b/data/pam-openembedded/gdm.pam
new file mode 100644
index 0000000..de223de
--- /dev/null
+++ b/data/pam-openembedded/gdm.pam
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_succeed_if.so user != root quiet
+auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
+auth include common-auth
+account required pam_nologin.so
+account include common-account
+password include common-password
+session optional pam_keyinit.so force revoke
+session include common-session
+session required pam_loginuid.so
+session optional pam_console.so
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
