1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
From 1159c7d0ccc28cdcf3a299afd43ea737a993a7d3 Mon Sep 17 00:00:00 2001
From: Piotr Gorski <lucjan.lucjanov@gmail.com>
Date: Tue, 5 Mar 2024 22:30:38 +0100
Subject: [PATCH] Revert "cmake: remove the final (Arch) PAM modules"
This reverts commit ae072f901671b68861da9577e3e12e350a9053d5.
Signed-off-by: Piotr Gorski <lucjan.lucjanov@gmail.com>
---
CMakeLists.txt | 1 +
services/CMakeLists.txt | 18 ++++++++++++++++++
services/sddm-autologin-tally2.pam | 13 +++++++++++++
services/sddm-autologin.pam | 13 +++++++++++++
services/sddm-greeter.pam.in | 17 +++++++++++++++++
services/sddm.pam | 15 +++++++++++++++
6 files changed, 77 insertions(+)
create mode 100644 services/sddm-autologin-tally2.pam
create mode 100644 services/sddm-autologin.pam
create mode 100644 services/sddm-greeter.pam.in
create mode 100644 services/sddm.pam
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4e84543..1b8a147 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,6 +19,7 @@ option(ENABLE_JOURNALD "Enable logging to journald" ON)
option(NO_SYSTEMD "Disable systemd support" OFF)
option(USE_ELOGIND "Use elogind instead of logind" OFF)
option(BUILD_WITH_QT6 "Build with Qt 6" OFF)
+option(INSTALL_PAM_CONFIGURATION "Install PAM configuration files" ON)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
diff --git a/services/CMakeLists.txt b/services/CMakeLists.txt
index f542c55..5406f8b 100644
--- a/services/CMakeLists.txt
+++ b/services/CMakeLists.txt
@@ -11,3 +11,21 @@ if(DEFINED SYSTEMD_TMPFILES_DIR)
configure_file(sddm-tmpfiles.conf.in sddm-tmpfiles.conf)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/sddm-tmpfiles.conf" DESTINATION "${SYSTEMD_TMPFILES_DIR}" RENAME sddm.conf)
endif()
+
+if(USE_ELOGIND)
+ set(LOGIND_PAM_MODULE "pam_elogind.so")
+else()
+ set(LOGIND_PAM_MODULE "pam_systemd.so")
+endif()
+configure_file("${CMAKE_CURRENT_SOURCE_DIR}/sddm-greeter.pam.in" "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam")
+
+if(INSTALL_PAM_CONFIGURATION)
+ if(HAVE_PAM_FAILLOCK)
+ install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+ else()
+ install(FILES sddm-autologin-tally2.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+ endif()
+
+ install(FILES sddm.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm)
+ install(FILES "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam" DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-greeter)
+endif()
diff --git a/services/sddm-autologin-tally2.pam b/services/sddm-autologin-tally2.pam
new file mode 100644
index 0000000..99729bc
--- /dev/null
+++ b/services/sddm-autologin-tally2.pam
@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_tally2.so file=/var/log/tallylog onerr=succeed
+auth required pam_shells.so
+auth required pam_nologin.so
+auth required pam_permit.so
+-auth optional pam_gnome_keyring.so
+-auth optional pam_kwallet5.so
+account include system-local-login
+password include system-local-login
+session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_kwallet5.so auto_start
diff --git a/services/sddm-autologin.pam b/services/sddm-autologin.pam
new file mode 100644
index 0000000..b42991e
--- /dev/null
+++ b/services/sddm-autologin.pam
@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth required pam_env.so
+auth required pam_faillock.so preauth
+auth required pam_shells.so
+auth required pam_nologin.so
+auth required pam_permit.so
+-auth optional pam_gnome_keyring.so
+-auth optional pam_kwallet5.so
+account include system-local-login
+password include system-local-login
+session include system-local-login
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_kwallet5.so auto_start
diff --git a/services/sddm-greeter.pam.in b/services/sddm-greeter.pam.in
new file mode 100644
index 0000000..d41792d
--- /dev/null
+++ b/services/sddm-greeter.pam.in
@@ -0,0 +1,17 @@
+#%PAM-1.0
+
+# Load environment from /etc/environment and ~/.pam_environment
+auth required pam_env.so
+
+# Always let the greeter start without authentication
+auth required pam_permit.so
+
+# No action required for account management
+account required pam_permit.so
+
+# Can't change password
+password required pam_deny.so
+
+# Setup session
+session required pam_unix.so
+session optional @LOGIND_PAM_MODULE@
diff --git a/services/sddm.pam b/services/sddm.pam
new file mode 100644
index 0000000..df11003
--- /dev/null
+++ b/services/sddm.pam
@@ -0,0 +1,15 @@
+#%PAM-1.0
+
+auth include system-login
+-auth optional pam_gnome_keyring.so
+-auth optional pam_kwallet5.so
+
+account include system-login
+
+password include system-login
+-password optional pam_gnome_keyring.so use_authtok
+
+session optional pam_keyinit.so force revoke
+session include system-login
+-session optional pam_gnome_keyring.so auto_start
+-session optional pam_kwallet5.so auto_start
--
2.43.0.232.ge79552d197
|