Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37850152
en ru br
ALT Linux repos
S:1.32.0-alt4

Group :: Graphical desktop/Other
RPM: lightdm

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: lightdm-1.32.0-alt-pam-2.0.patch
Download

 data/.pam_environment      |  1 +
 data/Makefile.am           |  4 ++++
 data/pam/lightdm           | 37 ++++++++++++++++++-------------------
 data/pam/lightdm-autologin | 21 +++++++++------------
 data/pam/lightdm-greeter   | 27 ++++++++++++---------------
 5 files changed, 44 insertions(+), 46 deletions(-)
diff --git a/data/.pam_environment b/data/.pam_environment
new file mode 100644
index 00000000..2e68c9bc
--- /dev/null
+++ b/data/.pam_environment
@@ -0,0 +1 @@
+GDK_CORE_DEVICE_EVENTS=true
diff --git a/data/Makefile.am b/data/Makefile.am
index 7f7b4a3f..c920bcaa 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -12,6 +12,10 @@ dist_pam_DATA = pam/lightdm \
                 pam/lightdm-autologin \
                 pam/lightdm-greeter
 
+localstatedir = /var/lib
+pkglocalstatedir = $(localstatedir)/ldm
+pkglocalstate_DATA = .pam_environment
+
 completionsdir = $(datadir)/bash-completion/completions
 dist_completions_DATA = bash-completion/dm-tool bash-completion/lightdm
 
diff --git a/data/pam/lightdm b/data/pam/lightdm
index fed8a9b4..cf39cd7e 100644
--- a/data/pam/lightdm
+++ b/data/pam/lightdm
@@ -1,20 +1,19 @@
 #%PAM-1.0
-
-# Block login if they are globally disabled
-auth      required pam_nologin.so
-
-# Load environment from /etc/environment and ~/.pam_environment
-auth      required pam_env.so
-
-# Use /etc/passwd and /etc/shadow for passwords
-auth      required pam_unix.so
-
-# Check account is active, change password if required
-account   required pam_unix.so
-
-# Allow password to be changed
-password  required pam_unix.so
-
-# Setup session
-session   required pam_unix.so
-session   optional pam_systemd.so
+auth		required	pam_shells.so
+auth		required	pam_succeed_if.so quiet uid ne 0
+auth		sufficient	pam_succeed_if.so user ingroup nopasswdlogin
+auth		substack	common-login
+-auth		optional	pam_gnome_keyring.so
+-auth		optional	pam_mate_keyring.so
+-auth		optional	pam_kwallet.so
+-auth		optional	pam_kwallet5.so
+account		include		common-login
+password	include		common-login
+session		substack	common-login
+session		optional	pam_console.so
+-session	optional	pam_ck_connector.so
+session		required	pam_namespace.so
+-session	optional	pam_gnome_keyring.so auto_start
+-session	optional	pam_mate_keyring.so auto_start
+-session	optional	pam_kwallet.so auto_start
+-session	optional	pam_kwallet5.so auto_start
diff --git a/data/pam/lightdm-autologin b/data/pam/lightdm-autologin
index 157f469f..011bf432 100644
--- a/data/pam/lightdm-autologin
+++ b/data/pam/lightdm-autologin
@@ -1,22 +1,19 @@
 #%PAM-1.0
 # Block login if shell in nologin or false
-auth      required pam_succeed_if.so shell notin /sbin/nologin:/usr/sbin/nologin:/bin/false:/usr/bin/false
+auth		required	pam_succeed_if.so shell notin /sbin/nologin:/usr/sbin/nologin:/bin/false:/usr/bin/false
 
 # Block login if they are globally disabled
-auth      required pam_nologin.so
-
-# Load environment from /etc/environment and ~/.pam_environment
-auth      required pam_env.so
+auth		required	pam_nologin.so
 
 # Allow access without authentication
-auth      required pam_permit.so
+auth		required	pam_permit.so
 
-# Stop autologin if account requires action
-account   required pam_unix.so
+account		include		common-login
 
 # Can't change password
-password  required pam_deny.so
+password	required	pam_deny.so
 
-# Setup session
-session   required pam_unix.so
-session   optional pam_systemd.so
+session		substack	common-login
+session		optional	pam_console.so
+-session	optional	pam_ck_connector.so
+session		required	pam_namespace.so
diff --git a/data/pam/lightdm-greeter b/data/pam/lightdm-greeter
index 9a6862b5..941c7efc 100644
--- a/data/pam/lightdm-greeter
+++ b/data/pam/lightdm-greeter
@@ -1,17 +1,14 @@
 #%PAM-1.0
 
-# Load environment from /etc/environment and ~/.pam_environment
-auth      required pam_env.so
-
-# Always let the greeter start without authentication
-auth      required pam_permit.so
-
-# No action required for account management
-account   required pam_permit.so
-
-# Can't change password
-password  required pam_deny.so
-
-# Setup session
-session   required pam_unix.so
-session   optional pam_systemd.so
+account		required	pam_nologin.so
+account		required	pam_succeed_if.so audit quiet_success user = _ldm
+account		required	pam_permit.so
+auth		required	pam_env.so
+auth		required	pam_succeed_if.so audit quiet_success user = _ldm
+auth		required	pam_permit.so
+password	required	pam_deny.so
+session		required	pam_loginuid.so
+-session	required	pam_systemd.so class=greeter
+session		required	pam_succeed_if.so audit quiet_success user = _ldm
+session		required	pam_env.so user_readenv=1
+session		required	pam_permit.so








 






	design & coding: Vladimir Lettiev aka crux © 2004-2005,
	Andrew Avramenko aka liks © 2007-2008

	current maintainer: Michael Shigorin