3.4: Update GDM patches

diff --git a/gnomeos/3.4/gdm-debug-prints.patch b/gnomeos/3.4/gdm-debug-prints.patch
new file mode 100644 (file)
index 0000000..22093a8
--- /dev/null
+++ b/gnomeos/3.4/gdm-debug-prints.patch
@@ -0,0 +1,58 @@
+From f69ea96257d7ff6b1a90e63e6597f0c49e4b0288 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Sun, 29 Apr 2012 09:04:02 -0400
+Subject: [PATCH 2/3] daemon: Add some more PAM g_debug() prints
+
+Hopefully helpful later for whoever has to debug PAM stuff.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=675086
+---
+ daemon/gdm-session-worker.c |   11 ++++++++---
+ 1 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/daemon/gdm-session-worker.c b/daemon/gdm-session-worker.c
+index 57f1071..28f0cb0 100644
+--- a/daemon/gdm-session-worker.c
++++ b/daemon/gdm-session-worker.c
+@@ -1084,7 +1084,10 @@ gdm_session_worker_initialize_pam (GdmSessionWorker *worker,
+ 
+         g_assert (worker->priv->pam_handle == NULL);
+ 
+-        g_debug ("GdmSessionWorker: initializing PAM");
++        g_debug ("GdmSessionWorker: initializing PAM; service=%s username=%s seat=%s",
++                 service ? service : "(null)",
++                 username ? username : "(null)",
++                 seat_id ? seat_id : "(null)");
+ 
+         pam_conversation.conv = (GdmSessionWorkerPamNewMessagesFunc) gdm_session_worker_pam_new_messages_handler;
+         pam_conversation.appdata_ptr = worker;
+@@ -1273,7 +1276,8 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker,
+         int error_code;
+         int authentication_flags;
+ 
+-        g_debug ("GdmSessionWorker: determining if authenticated user is authorized to session");
++        g_debug ("GdmSessionWorker: determining if authenticated user (password required:%d) is authorized to session",
++                 password_is_required);
+ 
+         authentication_flags = 0;
+ 
+@@ -1288,6 +1292,7 @@ gdm_session_worker_authorize_user (GdmSessionWorker *worker,
+         /* it's possible that the user needs to change their password or pin code
+          */
+         if (error_code == PAM_NEW_AUTHTOK_REQD && !worker->priv->is_program_session) {
++                g_debug ("GdmSessionWorker: authenticated user requires new auth token");
+                 error_code = pam_chauthtok (worker->priv->pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
+ 
+                 gdm_session_worker_get_username (worker, NULL);
+@@ -1664,7 +1669,7 @@ session_worker_child_watch (GPid              pid,
+ static void
+ gdm_session_worker_watch_child (GdmSessionWorker *worker)
+ {
+-
++        g_debug ("GdmSession worker: watching pid %d", worker->priv->child_pid);
+         worker->priv->child_watch_id = g_child_watch_add (worker->priv->child_pid,
+                                                           (GChildWatchFunc)session_worker_child_watch,
+                                                           worker);
+-- 
+1.7.7.6
+

diff --git a/gnomeos/3.4/gdm-disable-documentation.patch b/gnomeos/3.4/gdm-disable-documentation.patch
index dd0e7024966ca27d937217da74ffedc2a08510f4..6f552e9105c5e51d91e2b7df6da2ff03ee968237 100644 (file)
--- a/gnomeos/3.4/gdm-disable-documentation.patch
+++ b/gnomeos/3.4/gdm-disable-documentation.patch
@@ -1,11 +1,13 @@
-From 06a5d03ae1abd70fd0f5c6eb37ce26dee1490f7d Mon Sep 17 00:00:00 2001
+From ddd83d47165c73e4678f666986abdb6f3f0b8223 Mon Sep 17 00:00:00 2001
 From: Colin Walters <walters@verbum.org>
 Date: Sun, 15 Jan 2012 16:49:07 -0500
-Subject: [PATCH] build: Add --disable-documentation
+Subject: [PATCH 1/3] build: Add --disable-documentation
 
 Documentation is the source of many cyclical build loops.  Allow
 operating system builders to manually cut these cycles initially
 by disabling documentation for a first pass.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=675087
 ---
  Makefile.am  |    4 +++-
  configure.ac |    4 ++++
@@ -32,7 +34,7 @@ index f522f40..2d0443d 100644
  # add these when help gets added back
  # omf-install
 diff --git a/configure.ac b/configure.ac
-index 3c94f94..f3934a5 100644
+index c35ad8c..35e6e04 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -44,6 +44,10 @@ AC_CONFIG_MACRO_DIR([m4])
@@ -47,5 +49,5 @@ index 3c94f94..f3934a5 100644
  GETTEXT_PACKAGE=gdm
  AC_SUBST(GETTEXT_PACKAGE)
 -- 
-1.7.6.5
+1.7.7.6
 

diff --git a/gnomeos/3.4/gdm-pam-auth.patch b/gnomeos/3.4/gdm-pam-auth.patch
deleted file mode 100644 (file)
index 75fefa8..0000000
--- a/gnomeos/3.4/gdm-pam-auth.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From d774559ac7d40d2c1d57bcf7d3647a48b3a9c5ec Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Fri, 20 Jan 2012 17:23:05 -0500
-Subject: [PATCH] gdm: Switch to use common- auth
-
----
- data/gdm           |   15 ++++-----------
- data/gdm-autologin |   13 ++++---------
- data/gdm-welcome   |   10 +++-------
- 3 files changed, 11 insertions(+), 27 deletions(-)
-
-diff --git a/data/gdm b/data/gdm
-index 58c397d..44d509b 100644
---- a/data/gdm
-+++ b/data/gdm
-@@ -1,12 +1,5 @@
- #%PAM-1.0
--auth       required    pam_env.so
--auth       required    pam_succeed_if.so user != root quiet
--auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
--auth       include     system-auth
--account    required    pam_nologin.so
--account    include     system-auth
--password   include     system-auth
--session    optional    pam_keyinit.so force revoke
--session    include     system-auth
--session    required    pam_loginuid.so
--session    optional    pam_console.so
-+auth       include     common-auth
-+account    include     common-auth
-+password   include     common-auth
-+session    include     common-auth
-diff --git a/data/gdm-autologin b/data/gdm-autologin
-index c4e598a..44d509b 100644
---- a/data/gdm-autologin
-+++ b/data/gdm-autologin
-@@ -1,10 +1,5 @@
- #%PAM-1.0
--auth       required    pam_env.so
--auth       required    pam_permit.so
--account    required    pam_nologin.so
--account    include     system-auth
--password   include     system-auth
--session    optional    pam_keyinit.so force revoke
--session    include     system-auth
--session    required    pam_loginuid.so
--session    optional    pam_console.so
-+auth       include     common-auth
-+account    include     common-auth
-+password   include     common-auth
-+session    include     common-auth
-diff --git a/data/gdm-welcome b/data/gdm-welcome
-index b301f4f..29a6746 100644
---- a/data/gdm-welcome
-+++ b/data/gdm-welcome
-@@ -1,9 +1,5 @@
- #%PAM-1.0
--auth       required    pam_env.so
- auth       required    pam_permit.so
--account    required    pam_nologin.so
--account    include     system-auth
--password   include     system-auth
--session    required    pam_loginuid.so
--session    optional    pam_keyinit.so force revoke
--session    include     system-auth
-+account    include     common-auth
-+password   include     common-auth
-+session    include     common-auth
--- 
-1.7.6.5
-

diff --git a/gnomeos/3.4/gdm-pam-config.patch b/gnomeos/3.4/gdm-pam-config.patch
new file mode 100644 (file)
index 0000000..7ff24b7
--- /dev/null
+++ b/gnomeos/3.4/gdm-pam-config.patch
@@ -0,0 +1,282 @@
+From 5239bd5782ba083f30d3667e038b7c44f2f579c9 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Fri, 27 Apr 2012 18:34:39 -0400
+Subject: [PATCH 3/3] Add --with-default-pam-config option
+
+The PAM files that ship with GDM are really specific to Red Hat's
+historical fork of pam.  For example, the "system-auth" file still
+lives in the Fedora 17 "pam" git.
+
+Add new PAM files (which may still not work for everybody, but hey,
+it's a starting point) that should be somewhat useful for people who
+build with "Linux PAM" upstream, which uses "common-*" prefixes.
+
+The default is still to use the Red Hat PAM files for backwards
+compatibility.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=675085
+---
+ configure.ac                  |   17 +++++++++++++++++
+ data/Makefile.am              |   33 +++++++++++++++++++++------------
+ data/gdm                      |   12 ------------
+ data/gdm-autologin            |   10 ----------
+ data/gdm-welcome              |    9 ---------
+ data/pam-linux/gdm            |   12 ++++++++++++
+ data/pam-linux/gdm-autologin  |   10 ++++++++++
+ data/pam-linux/gdm-welcome    |    9 +++++++++
+ data/pam-redhat/gdm           |   12 ++++++++++++
+ data/pam-redhat/gdm-autologin |   10 ++++++++++
+ data/pam-redhat/gdm-welcome   |    9 +++++++++
+ 11 files changed, 100 insertions(+), 43 deletions(-)
+ delete mode 100644 data/gdm
+ delete mode 100644 data/gdm-autologin
+ delete mode 100644 data/gdm-welcome
+ create mode 100644 data/pam-linux/gdm
+ create mode 100644 data/pam-linux/gdm-autologin
+ create mode 100644 data/pam-linux/gdm-welcome
+ create mode 100644 data/pam-redhat/gdm
+ create mode 100644 data/pam-redhat/gdm-autologin
+ create mode 100644 data/pam-redhat/gdm-welcome
+
+diff --git a/configure.ac b/configure.ac
+index 35e6e04..21e44e0 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -226,6 +226,23 @@ if test x$enable_split_authentication = xyes; then
+   AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled])
+ fi
+ 
++AC_ARG_WITH(default-pam-config,
++          AS_HELP_STRING([--with-default-pam-config: One of redhat, linux @<:@default=redhat@:>@]),
++            with_default_pam_config=${withval}, with_default_pam_config=redhat)
++case x$with_default_pam_config in
++     xredhat|xlinux) ;;
++     *)
++       AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}])
++       exit 1
++       ;;
++esac
++AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredhat)
++AM_CONDITIONAL(ENABLE_LINUX_PAM_CONFIG, test x$with_default_pam_config = xlinux)
++
++if test x$enable_split_authentication = xyes; then
++  AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled])
++fi
++
+ AC_ARG_ENABLE(console-helper,
+             AS_HELP_STRING([--enable-console-helper],
+                              [Enable PAM console helper @<:@default=auto@:>@]),,
+diff --git a/data/Makefile.am b/data/Makefile.am
+index f0d00bf..e940d71 100644
+--- a/data/Makefile.am
++++ b/data/Makefile.am
+@@ -1,5 +1,6 @@
+ NULL =
+ 
++EXTRA_DIST =
+ SUBDIRS =                     \
+       applications            \
+       pixmaps                 \
+@@ -97,7 +98,19 @@ gdm-smartcard: gdm-smartcard.pam
+ pamdir = $(PAM_PREFIX)/pam.d
+ pam_DATA = gdm-fingerprint gdm-smartcard
+ 
+-EXTRA_DIST =                  \
++pam_redhat_files = pam-redhat/gdm pam-redhat/gdm-autologin pam-redhat/gdm-welcome
++EXTRA_DIST += $(pam_redhat_files)
++pam_linux_files = pam-linux/gdm pam-linux/gdm-autologin pam-linux/gdm-welcome
++EXTRA_DIST += $(pam_linux_files)
++
++if ENABLE_REDHAT_PAM_CONFIG
++pam_files = $(pam_redhat_files)
++endif
++if ENABLE_LINUX_PAM_CONFIG
++pam_files = $(pam_linux_files)
++endif
++
++EXTRA_DIST +=                 \
+       $(schemas_in_files)     \
+       $(schemas_DATA)         \
+       $(dbusconf_in_files)    \
+@@ -105,9 +118,6 @@ EXTRA_DIST =                       \
+       gdm.schemas.in.in       \
+       gdm.conf-custom.in      \
+       Xsession.in             \
+-      gdm                     \
+-      gdm-autologin           \
+-      gdm-welcome             \
+       gdm-fingerprint.pam     \
+       gdm-smartcard.pam       \
+       gdm-fallback.session    \
+@@ -233,14 +243,13 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession 00-upstr
+               $(mkinstalldirs) $(DESTDIR)$(PAM_PREFIX)/pam.d; \
+               chmod 755 $(DESTDIR)$(PAM_PREFIX)/pam.d; \
+          fi; \
+-         if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm; then \
+-              $(INSTALL_DATA) $(srcdir)/gdm $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm; \
+-         fi; \
+-         if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; then \
+-              $(INSTALL_DATA) $(srcdir)/gdm-autologin $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-autologin; \
+-         fi; \
+-         if test $$system = Linux && test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-welcome; then \
+-              $(INSTALL_DATA) $(srcdir)/gdm-welcome $(DESTDIR)$(PAM_PREFIX)/pam.d/gdm-welcome; \
++         if test $$system = Linux; then \
++           for file in $(pam_files); do \
++               bn=$$(basename $$file); \
++             if test '!' -f $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; then \
++               $(INSTALL_DATA) $(srcdir)/$$file $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; \
++             fi; \
++           done; \
+          fi; \
+          if test $$system = SunOS; then \
+               echo "Please add PAM authentication for gdm, gdm-autologin and gdm-welcome in $(PAM_PREFIX)/pam.conf!"; \
+diff --git a/data/gdm b/data/gdm
+deleted file mode 100644
+index 58c397d..0000000
+--- a/data/gdm
++++ /dev/null
+@@ -1,12 +0,0 @@
+-#%PAM-1.0
+-auth       required    pam_env.so
+-auth       required    pam_succeed_if.so user != root quiet
+-auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
+-auth       include     system-auth
+-account    required    pam_nologin.so
+-account    include     system-auth
+-password   include     system-auth
+-session    optional    pam_keyinit.so force revoke
+-session    include     system-auth
+-session    required    pam_loginuid.so
+-session    optional    pam_console.so
+diff --git a/data/gdm-autologin b/data/gdm-autologin
+deleted file mode 100644
+index c4e598a..0000000
+--- a/data/gdm-autologin
++++ /dev/null
+@@ -1,10 +0,0 @@
+-#%PAM-1.0
+-auth       required    pam_env.so
+-auth       required    pam_permit.so
+-account    required    pam_nologin.so
+-account    include     system-auth
+-password   include     system-auth
+-session    optional    pam_keyinit.so force revoke
+-session    include     system-auth
+-session    required    pam_loginuid.so
+-session    optional    pam_console.so
+diff --git a/data/gdm-welcome b/data/gdm-welcome
+deleted file mode 100644
+index b301f4f..0000000
+--- a/data/gdm-welcome
++++ /dev/null
+@@ -1,9 +0,0 @@
+-#%PAM-1.0
+-auth       required    pam_env.so
+-auth       required    pam_permit.so
+-account    required    pam_nologin.so
+-account    include     system-auth
+-password   include     system-auth
+-session    required    pam_loginuid.so
+-session    optional    pam_keyinit.so force revoke
+-session    include     system-auth
+diff --git a/data/pam-linux/gdm b/data/pam-linux/gdm
+new file mode 100644
+index 0000000..de223de
+--- /dev/null
++++ b/data/pam-linux/gdm
+@@ -0,0 +1,12 @@
++#%PAM-1.0
++auth       required    pam_env.so
++auth       required    pam_succeed_if.so user != root quiet
++auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
++auth       include     common-auth
++account    required    pam_nologin.so
++account    include     common-account
++password   include     common-password
++session    optional    pam_keyinit.so force revoke
++session    include     common-session
++session    required    pam_loginuid.so
++session    optional    pam_console.so
+diff --git a/data/pam-linux/gdm-autologin b/data/pam-linux/gdm-autologin
+new file mode 100644
+index 0000000..32d5248
+--- /dev/null
++++ b/data/pam-linux/gdm-autologin
+@@ -0,0 +1,10 @@
++#%PAM-1.0
++auth       required    pam_env.so
++auth       required    pam_permit.so
++account    required    pam_nologin.so
++account    include     common-auth
++password   include     common-auth
++session    optional    pam_keyinit.so force revoke
++session    include     common-session
++session    required    pam_loginuid.so
++session    optional    pam_console.so
+diff --git a/data/pam-linux/gdm-welcome b/data/pam-linux/gdm-welcome
+new file mode 100644
+index 0000000..602217b
+--- /dev/null
++++ b/data/pam-linux/gdm-welcome
+@@ -0,0 +1,9 @@
++#%PAM-1.0
++auth       required    pam_env.so
++auth       required    pam_permit.so
++account    required    pam_nologin.so
++account    include     common-account
++password   include     common-auth
++session    required    pam_loginuid.so
++session    optional    pam_keyinit.so force revoke
++session    include     common-session
+diff --git a/data/pam-redhat/gdm b/data/pam-redhat/gdm
+new file mode 100644
+index 0000000..58c397d
+--- /dev/null
++++ b/data/pam-redhat/gdm
+@@ -0,0 +1,12 @@
++#%PAM-1.0
++auth       required    pam_env.so
++auth       required    pam_succeed_if.so user != root quiet
++auth       sufficient  pam_succeed_if.so user ingroup nopasswdlogin
++auth       include     system-auth
++account    required    pam_nologin.so
++account    include     system-auth
++password   include     system-auth
++session    optional    pam_keyinit.so force revoke
++session    include     system-auth
++session    required    pam_loginuid.so
++session    optional    pam_console.so
+diff --git a/data/pam-redhat/gdm-autologin b/data/pam-redhat/gdm-autologin
+new file mode 100644
+index 0000000..c4e598a
+--- /dev/null
++++ b/data/pam-redhat/gdm-autologin
+@@ -0,0 +1,10 @@
++#%PAM-1.0
++auth       required    pam_env.so
++auth       required    pam_permit.so
++account    required    pam_nologin.so
++account    include     system-auth
++password   include     system-auth
++session    optional    pam_keyinit.so force revoke
++session    include     system-auth
++session    required    pam_loginuid.so
++session    optional    pam_console.so
+diff --git a/data/pam-redhat/gdm-welcome b/data/pam-redhat/gdm-welcome
+new file mode 100644
+index 0000000..b301f4f
+--- /dev/null
++++ b/data/pam-redhat/gdm-welcome
+@@ -0,0 +1,9 @@
++#%PAM-1.0
++auth       required    pam_env.so
++auth       required    pam_permit.so
++account    required    pam_nologin.so
++account    include     system-auth
++password   include     system-auth
++session    required    pam_loginuid.so
++session    optional    pam_keyinit.so force revoke
++session    include     system-auth
+-- 
+1.7.7.6
+

diff --git a/gnomeos/3.4/gnomeos-3.4-src.json b/gnomeos/3.4/gnomeos-3.4-src.json
index fa1c79fa49402805e6654f8fd6d385c6b7f53aff..39dd706ecb96d5dd0d2e9e3731b24840f455ecfc 100644 (file)
--- a/gnomeos/3.4/gnomeos-3.4-src.json
+++ b/gnomeos/3.4/gnomeos-3.4-src.json
@@ -676,9 +676,12 @@
 
                {"src": "gnome:gdm",
                 "config-opts": ["--disable-documentation",
+                                "--disable-split-authentication",
+                                "--with-default-pam-config=linux",
                                 "--with-consolekit"],
                 "patches": ["gdm-disable-documentation.patch",
-                            "gdm-pam-auth.patch"]},
+                            "gdm-debug-prints.patch",
+                            "gdm-pam-config.patch"]},
 
                {"src": "fd-telepathy:telepathy-logger",
                 "branch": "telepathy-logger-0.2.12",