[packages/xorg-xserver-server] - added xwrapper-pam patch (PAM support for new Xwrapper, based on old Xwrapper patch) - package Xwr
qboosh
qboosh at pld-linux.org
Sat Dec 19 13:31:21 CET 2015
commit ca47a6d2bcaa42a7f67c50d72de5ec9006a99eac
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sat Dec 19 13:32:39 2015 +0100
- added xwrapper-pam patch (PAM support for new Xwrapper, based on old Xwrapper patch)
- package Xwrapper.config
- release 2
xorg-xserver-server-xwrapper-pam.patch | 117 +++++++++++++++++++++++++++++++++
xorg-xserver-server.spec | 16 ++++-
2 files changed, 130 insertions(+), 3 deletions(-)
---
diff --git a/xorg-xserver-server.spec b/xorg-xserver-server.spec
index c4a57ea..f4e6263 100644
--- a/xorg-xserver-server.spec
+++ b/xorg-xserver-server.spec
@@ -34,7 +34,7 @@ Summary: X.org server
Summary(pl.UTF-8): Serwer X.org
Name: xorg-xserver-server
Version: 1.18.0
-Release: 1
+Release: 2
License: MIT
Group: X11/Servers
Source0: http://xorg.freedesktop.org/releases/individual/xserver/xorg-server-%{version}.tar.bz2
@@ -44,7 +44,7 @@ Source2: xserver.pamd
Source10: %{name}-Xvfb.init
Source11: %{name}-Xvfb.sysconfig
Source12: xvfb-run.sh
-
+Patch1: %{name}-xwrapper-pam.patch
Patch2: dtrace-link.patch
Patch4: %{name}-builtin-SHA1.patch
@@ -429,7 +429,7 @@ Biblioteka rozszerzenia GLX dla serwera X.org.
%prep
%setup -q -n xorg-server-%{version}
-
+%patch1 -p1
%patch2 -p1
%patch4 -p1
@@ -539,6 +539,15 @@ install -d $RPM_BUILD_ROOT/etc/sysconfig
install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/Xvfb
cp -p %{SOURCE11} $RPM_BUILD_ROOT/etc/sysconfig/Xvfb
+# Xorg.wrap config
+cat >$RPM_BUILD_ROOT/etc/X11/Xwrapper.config <<EOF
+# allowed values: rootonly console anybody pam
+allowed_users = pam
+
+# set to yes if hardware or console access requires root rights (and Xwrapper fails to detect it)
+#needs_root_rights = yes
+EOF
+
# compatibility with old xwrapper
ln -s %{_libdir}/xorg/Xorg.wrap $RPM_BUILD_ROOT%{_bindir}/Xwrapper
@@ -617,6 +626,7 @@ fi
%config(missingok) /etc/security/console.apps/xserver
%{?with_dbus:/etc/dbus-1/system.d/xorg-server.conf}
%dir /etc/X11/xorg.conf.d
+%config(noreplace) %verify(not md5 mtime size) /etc/X11/Xwrapper.config
%dir %{_datadir}/X11/xorg.conf.d
# overwrite these settings with local configs in /etc/X11/xorg.conf.d
%verify(not md5 mtime size) %{_datadir}/X11/xorg.conf.d/10-quirks.conf
diff --git a/xorg-xserver-server-xwrapper-pam.patch b/xorg-xserver-server-xwrapper-pam.patch
new file mode 100644
index 0000000..b1ba743
--- /dev/null
+++ b/xorg-xserver-server-xwrapper-pam.patch
@@ -0,0 +1,117 @@
+--- xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c.orig 2015-12-05 22:58:04.135435699 +0100
++++ xorg-server-1.18.0/hw/xfree86/xorg-wrapper.c 2015-12-19 11:04:14.816470975 +0100
+@@ -44,6 +44,13 @@
+ #include <drm.h>
+ #include <xf86drm.h> /* For DRM_DEV_NAME */
+ #endif
++#define WITH_PAM 1
++#ifdef WITH_PAM
++#include <security/pam_appl.h>
++#include <security/pam_misc.h>
++#include <pwd.h>
++#endif /* WITH_PAM */
++
+
+ #include "misc.h"
+
+@@ -51,7 +58,7 @@
+
+ static const char *progname;
+
+-enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY };
++enum { ROOT_ONLY, CONSOLE_ONLY, ANYBODY, USEPAM };
+
+ /* KISS non locale / LANG parsing isspace version */
+ static int is_space(char c)
+@@ -125,6 +132,10 @@
+ *allowed = CONSOLE_ONLY;
+ else if (strcmp(value, "anybody") == 0)
+ *allowed = ANYBODY;
++#ifdef WITH_PAM
++ else if (strcmp(value, "pam") == 0)
++ *allowed = USEPAM;
++#endif
+ else {
+ fprintf(stderr,
+ "%s: Invalid value '%s' for 'allowed_users' at %s line %d\n",
+@@ -186,6 +197,45 @@
+ return 0;
+ }
+
++#ifdef WITH_PAM
++static int do_pam(void)
++{
++ int retval;
++ struct passwd *pw;
++ pam_handle_t *pamh = NULL;
++ static struct pam_conv conv = {
++ misc_conv,
++ NULL
++ };
++
++ pw = getpwuid(getuid());
++ if (pw == NULL) {
++ fprintf(stderr, "%s: Unable to read passwd entry\n", progname);
++ return -1;
++ }
++ retval = pam_start("xserver", pw->pw_name, &conv, &pamh);
++ if (retval != PAM_SUCCESS) {
++ fprintf(stderr, "%s: PAM failed\n", progname);
++ return -1;
++ }
++ retval = pam_authenticate(pamh, 0);
++ if (retval != PAM_SUCCESS) {
++ fprintf(stderr, "%s: PAM auth failed\n", progname);
++ pam_end(pamh, retval);
++ return -1;
++ }
++ retval = pam_acct_mgmt(pamh, 0);
++ if (retval != PAM_SUCCESS) {
++ fprintf(stderr, "%s: PAM auth failed\n", progname);
++ pam_end(pamh, retval);
++ return -1;
++ }
++ /* this is not a session, so do not do session management */
++ pam_end(pamh, PAM_SUCCESS);
++ return 0;
++}
++#endif
++
+ int main(int argc, char *argv[])
+ {
+ #ifdef WITH_LIBDRM
+@@ -195,7 +245,11 @@
+ int i, r, fd;
+ int kms_cards = 0;
+ int total_cards = 0;
++#if WITH_PAM
++ int allowed = USEPAM;
++#else
+ int allowed = CONSOLE_ONLY;
++#endif
+ int needs_root_rights = -1;
+ char *const empty_envp[1] = { NULL, };
+
+@@ -203,6 +257,12 @@
+
+ parse_config(&allowed, &needs_root_rights);
+
++#if WITH_PAM
++ if (allowed == USEPAM) {
++ if(do_pam() < 0)
++ exit(1);
++ } else
++#endif
+ /* For non root users check if they are allowed to run the X server */
+ if (getuid() != 0) {
+ switch (allowed) {
+--- xorg-server-1.18.0/hw/xfree86/Makefile.am.orig 2015-10-28 19:15:36.000000000 +0100
++++ xorg-server-1.18.0/hw/xfree86/Makefile.am 2015-12-19 11:04:50.946469457 +0100
+@@ -85,6 +85,7 @@
+ wrapdir = $(SUID_WRAPPER_DIR)
+ wrap_PROGRAMS = Xorg.wrap
+ Xorg_wrap_SOURCES = xorg-wrapper.c
++Xorg_wrap_LDADD = -lpam_misc -lpam
+ endif
+
+ BUILT_SOURCES = xorg.conf.example
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/xorg-xserver-server.git/commitdiff/ca47a6d2bcaa42a7f67c50d72de5ec9006a99eac
More information about the pld-cvs-commit
mailing list