Commit 295d0bc4 authored by Colin Walters's avatar Colin Walters

Add --with-default-pam-config option, autodetect from /etc/foo-release files

The PAM files that ship with GDM are really specific to Red Hat's
historical fork of pam.  For example, the "system-auth" file still
lives in the Fedora 17 "pam" git.  A long while back, Debian hit the
same problem, and of course the difference is the naming;
common-auth/common-password etc.

OpenEmbedded then picked up Debian's PAM fork.  Since for OSTree-GNOME
we're using Poky/OpenEmbedded, let's add an option to integrate with
their PAM.

We use code similar to what NetworkManager has, so we should keep
using the Red Hat files on systems with /etc/redhat-release or
/etc/fedora-release.

https://bugzilla.gnome.org/show_bug.cgi?id=675085
parent f42e685e
......@@ -226,6 +226,27 @@ if test x$enable_split_authentication = xyes; then
AC_DEFINE(ENABLE_SPLIT_AUTHENTICATION, 1, [Define if split authentication is enabled])
fi
AC_ARG_WITH(default-pam-config,
AS_HELP_STRING([--with-default-pam-config: One of redhat, openembedded, none @<:@default=auto@:>@]))
dnl If not given, try autodetecting from release files (see NetworkManager source)
if test x$with_default_pam_config = x; then
AC_CHECK_FILE(/etc/redhat-release,with_default_pam_config="redhat")
AC_CHECK_FILE(/etc/fedora-release,with_default_pam_config="redhat")
dnl If not autodetected, default to none
if test x$with_default_pam_config = x; then
with_default_pam_config=none
fi
fi
case x$with_default_pam_config in
xredhat|xopenembedded|xnone) ;;
*)
AC_MSG_ERROR([Invalid --with-default-pam-config ${with_default_pam_config}])
exit 1
;;
esac
AM_CONDITIONAL(ENABLE_REDHAT_PAM_CONFIG, test x$with_default_pam_config = xredhat)
AM_CONDITIONAL(ENABLE_OPENEMBEDDED_PAM_CONFIG, test x$with_default_pam_config = xopenembedded)
AC_ARG_ENABLE(console-helper,
AS_HELP_STRING([--enable-console-helper],
[Enable PAM console helper @<:@default=auto@:>@]),,
......@@ -1550,6 +1571,7 @@ echo "
dbus-1 system.d dir: ${DBUS_SYS_DIR}
PAM prefix: ${PAM_PREFIX}
PAM config: ${with_default_pam_config}
X server: ${X_SERVER}
"
......
......@@ -98,6 +98,19 @@ pam_redhat_files = pam-redhat/gdm.pam \
$(NULL)
EXTRA_DIST += $(pam_redhat_files)
pam_openembedded_files = pam-openembedded/gdm.pam \
pam-openembedded/gdm-autologin.pam \
pam-openembedded/gdm-welcome.pam \
$(NULL)
EXTRA_DIST += $(pam_openembedded_files)
if ENABLE_REDHAT_PAM_CONFIG
pam_files = $(pam_redhat_files)
endif
if ENABLE_OPENEMBEDDED_PAM_CONFIG
pam_files = $(pam_openembedded_files)
endif
EXTRA_DIST += \
$(schemas_in_files) \
$(schemas_DATA) \
......@@ -223,7 +236,7 @@ install-data-hook: gdm.conf-custom Xsession Init PostSession PreSession 00-upstr
chmod 755 $(DESTDIR)$(PAM_PREFIX)/pam.d; \
fi; \
if test $$system = Linux; then \
for pamfile in $(pam_redhat_files); do \
for pamfile in $(pam_files); do \
bn=$$(basename $$pamfile .pam); \
$(INSTALL_DATA) $(srcdir)/$$pamfile $(DESTDIR)$(PAM_PREFIX)/pam.d/$$bn; \
done; \
......
#%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
account required pam_nologin.so
account include common-auth
password include common-auth
session optional pam_keyinit.so force revoke
session include common-session
session required pam_loginuid.so
session optional pam_console.so
#%PAM-1.0
auth required pam_env.so
auth required pam_permit.so
account required pam_nologin.so
account include common-account
password include common-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session
#%PAM-1.0
auth required pam_env.so
auth required pam_succeed_if.so user != root quiet
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth include common-auth
account required pam_nologin.so
account include common-account
password include common-password
session optional pam_keyinit.so force revoke
session include common-session
session required pam_loginuid.so
session optional pam_console.so
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment