diff options
Diffstat (limited to 'testing/source/vtown/kde/patch/sddm')
8 files changed, 459 insertions, 0 deletions
diff --git a/testing/source/vtown/kde/patch/sddm/sddm_auth.diff b/testing/source/vtown/kde/patch/sddm/sddm_auth.diff new file mode 100644 index 000000000..f5d21cf67 --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_auth.diff @@ -0,0 +1,25 @@ +diff -uar sddm-qt5-7c8cc3a_20140827git.orig/src/helper/backend/PasswdBackend.cpp sddm-qt5-7c8cc3a_20140827git/src/helper/backend/PasswdBackend.cpp +--- sddm-qt5-7c8cc3a_20140827git.orig/src/helper/backend/PasswdBackend.cpp 2014-08-27 16:42:23.000000000 +0200 ++++ sddm-qt5-7c8cc3a_20140827git/src/helper/backend/PasswdBackend.cpp 2014-09-15 12:24:06.717173942 +0200 +@@ -20,8 +20,8 @@ + + #include "PasswdBackend.h" + +-#include "auth/AuthMessages.h" +-#include "helper/HelperApp.h" ++#include "Auth.h" ++#include "../HelperApp.h" + + #include <QtCore/QDebug> + +diff -uar sddm-qt5-7c8cc3a_20140827git.orig/src/helper/backend/PasswdBackend.h sddm-qt5-7c8cc3a_20140827git/src/helper/backend/PasswdBackend.h +--- sddm-qt5-7c8cc3a_20140827git.orig/src/helper/backend/PasswdBackend.h 2014-08-27 16:42:23.000000000 +0200 ++++ sddm-qt5-7c8cc3a_20140827git/src/helper/backend/PasswdBackend.h 2014-09-15 12:17:43.135172278 +0200 +@@ -21,6 +21,7 @@ + #if !defined(PASSWDBACKEND_H) && !defined(USE_PAM) + #define PASSWDBACKEND_H + ++#include "AuthMessages.h" + #include "../Backend.h" + + namespace SDDM { diff --git a/testing/source/vtown/kde/patch/sddm/sddm_avatars.patch b/testing/source/vtown/kde/patch/sddm/sddm_avatars.patch new file mode 100644 index 000000000..d40f68c10 --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_avatars.patch @@ -0,0 +1,33 @@ +From ecb903e48822bd90650bdd64fe80754e3e9664cb Mon Sep 17 00:00:00 2001 +From: Bastian Beischer <bastian.beischer@gmail.com> +Date: Fri, 2 Sep 2016 13:05:18 +0200 +Subject: [PATCH] Fix display of user avatars. (#684) + +QFile::exists("...") does not understand file:// URLs, at least in Qt +5.7.0 and Qt 4.8.7. +--- + src/greeter/UserModel.cpp | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/greeter/UserModel.cpp b/src/greeter/UserModel.cpp +index 41a9f10..94c492d 100644 +--- a/src/greeter/UserModel.cpp ++++ b/src/greeter/UserModel.cpp +@@ -107,13 +107,13 @@ namespace SDDM { + d->lastIndex = i; + + if (avatarsEnabled) { +- const QString userFace = QStringLiteral("file://%1/.face.icon").arg(user->homeDir); +- const QString systemFace = QStringLiteral("file://%1/%2.face.icon").arg(facesDir).arg(user->name); ++ const QString userFace = QStringLiteral("%1/.face.icon").arg(user->homeDir); ++ const QString systemFace = QStringLiteral("%1/%2.face.icon").arg(facesDir).arg(user->name); + + if (QFile::exists(userFace)) +- user->icon = userFace; ++ user->icon = QStringLiteral("file://%1").arg(userFace); + else if (QFile::exists(systemFace)) +- user->icon = systemFace; ++ user->icon = QStringLiteral("file://%1").arg(systemFace); + } + } + } diff --git a/testing/source/vtown/kde/patch/sddm/sddm_ck2_revert.patch b/testing/source/vtown/kde/patch/sddm/sddm_ck2_revert.patch new file mode 100644 index 000000000..bbe2a2728 --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_ck2_revert.patch @@ -0,0 +1,20 @@ +SDDM 0.16.0 fails to start with consolekit2 because it assumes consolekit2 +has the same interface names as logind. + +This patch forces sddm to use legacy behaviour when consolekit2 is detected. + +Bug: https://bugs.gentoo.org/633920 +Bug: https://github.com/sddm/sddm/issues/903 +Bug: https://github.com/ConsoleKit2/ConsoleKit2/issues/99 + +--- a/src/daemon/LogindDBusTypes.cpp ++++ b/src/daemon/LogindDBusTypes.cpp +@@ -60,7 +60,7 @@ + + if (QDBusConnection::systemBus().interface()->isServiceRegistered(QStringLiteral("org.freedesktop.ConsoleKit"))) { + qDebug() << "Console kit interface found"; +- available = true; ++ available = false; + serviceName = QStringLiteral("org.freedesktop.ConsoleKit"); + managerPath = QStringLiteral("/org/freedesktop/ConsoleKit/Manager"); + managerIfaceName = QStringLiteral("/org.freedesktop.ConsoleKit.Manager"); //note this doesn't match logind diff --git a/testing/source/vtown/kde/patch/sddm/sddm_consolekit.diff b/testing/source/vtown/kde/patch/sddm/sddm_consolekit.diff new file mode 100644 index 000000000..9b535bf71 --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_consolekit.diff @@ -0,0 +1,9 @@ +--- sddm-0.14.0/data/scripts/Xsession.orig 2016-08-28 13:54:03.000000000 +0200 ++++ sddm-0.14.0/data/scripts/Xsession 2016-11-05 21:47:28.502096600 +0100 +@@ -91,5 +91,5 @@ + if [ -z "$@" ]; then + exec xmessage -center -buttons OK:0 -default OK "Sorry, $DESKTOP_SESSION is no valid session." + else +- exec $@ ++ exec ck-launch-session dbus-launch --sh-syntax --exit-with-session $@ + fi diff --git a/testing/source/vtown/kde/patch/sddm/sddm_honor-PAM-supplemental-groups-v2.patch b/testing/source/vtown/kde/patch/sddm/sddm_honor-PAM-supplemental-groups-v2.patch new file mode 100644 index 000000000..bf3bfd255 --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_honor-PAM-supplemental-groups-v2.patch @@ -0,0 +1,183 @@ +From 75e6e00d9e1ecf25e3a9c8332530a1e40d737cdb Mon Sep 17 00:00:00 2001 +From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de> +Date: Thu, 9 May 2019 03:06:48 +0200 +Subject: [PATCH] Honor PAM's supplemental groups (v2) (#834, #1159) + +This moves the supplemental group initialization step from +UserSession.cpp to the Backend system, so that the Pam Backend can +inject additional supplemental groups via modules like pam_group.so. + +pam_setcred(3) assumes that it operates on an already initialized +supplemental group list. However, PamBackend calls +pam_setcred(PAM_ESTABLISH_CRED) earlier, at the start +PamBackend::openSession, so a pam_setcred(PAM_REINITIALIZE_CRED) call +must be issued to repeat the injection of PAM's supplemental groups. +--- + src/helper/Backend.cpp | 5 +++++ + src/helper/Backend.h | 3 +++ + src/helper/HelperApp.cpp | 4 ++++ + src/helper/HelperApp.h | 1 + + src/helper/UserSession.cpp | 13 ++++++++----- + src/helper/backend/PamBackend.cpp | 18 ++++++++++++++++++ + src/helper/backend/PamBackend.h | 2 ++ + 7 files changed, 41 insertions(+), 5 deletions(-) + +diff --git a/src/helper/Backend.cpp b/src/helper/Backend.cpp +index d6bb4d0a..35ae2bdf 100644 +--- a/src/helper/Backend.cpp ++++ b/src/helper/Backend.cpp +@@ -29,6 +29,7 @@ + #include <QtCore/QProcessEnvironment> + + #include <pwd.h> ++#include <grp.h> + + namespace SDDM { + Backend::Backend(HelperApp* parent) +@@ -79,4 +80,8 @@ namespace SDDM { + bool Backend::closeSession() { + return true; + } ++ ++ bool Backend::setupSupplementalGroups(struct passwd *pw) { ++ return !initgroups(pw->pw_name, pw->pw_gid); ++ } + } +diff --git a/src/helper/Backend.h b/src/helper/Backend.h +index b790e001..3caf1592 100644 +--- a/src/helper/Backend.h ++++ b/src/helper/Backend.h +@@ -22,6 +22,7 @@ + #define BACKEND_H + + #include <QtCore/QObject> ++#include <pwd.h> + + namespace SDDM { + class HelperApp; +@@ -38,6 +39,8 @@ namespace SDDM { + void setAutologin(bool on = true); + void setGreeter(bool on = true); + ++ virtual bool setupSupplementalGroups(struct passwd *pw); ++ + public slots: + virtual bool start(const QString &user = QString()) = 0; + virtual bool authenticate() = 0; +diff --git a/src/helper/HelperApp.cpp b/src/helper/HelperApp.cpp +index cad93bd8..d0891d75 100644 +--- a/src/helper/HelperApp.cpp ++++ b/src/helper/HelperApp.cpp +@@ -253,6 +253,10 @@ namespace SDDM { + return m_session; + } + ++ Backend *HelperApp::backend() { ++ return m_backend; ++ } ++ + const QString& HelperApp::user() const { + return m_user; + } +diff --git a/src/helper/HelperApp.h b/src/helper/HelperApp.h +index 3742df12..cb5959a7 100644 +--- a/src/helper/HelperApp.h ++++ b/src/helper/HelperApp.h +@@ -39,6 +39,7 @@ namespace SDDM { + virtual ~HelperApp(); + + UserSession *session(); ++ Backend *backend(); + const QString &user() const; + const QString &cookie() const; + +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp +index f71fd358..62fd4d70 100644 +--- a/src/helper/UserSession.cpp ++++ b/src/helper/UserSession.cpp +@@ -19,6 +19,7 @@ + * + */ + ++#include "Backend.h" + #include "Configuration.h" + #include "UserSession.h" + #include "HelperApp.h" +@@ -129,7 +130,8 @@ namespace SDDM { + #endif + + // switch user +- const QByteArray username = qobject_cast<HelperApp*>(parent())->user().toLocal8Bit(); ++ HelperApp* app = qobject_cast<HelperApp*>(parent()); ++ const QByteArray username = app->user().toLocal8Bit(); + struct passwd pw; + struct passwd *rpw; + long bufsize = sysconf(_SC_GETPW_R_SIZE_MAX); +@@ -146,12 +148,13 @@ namespace SDDM { + qCritical() << "getpwnam_r(" << username << ") failed with error: " << strerror(err); + exit(Auth::HELPER_OTHER_ERROR); + } +- if (setgid(pw.pw_gid) != 0) { +- qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; ++ ++ if (!app->backend()->setupSupplementalGroups(&pw)) { ++ qCritical() << "failed to set up supplemental groups for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } +- if (initgroups(pw.pw_name, pw.pw_gid) != 0) { +- qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username; ++ if (setgid(pw.pw_gid) != 0) { ++ qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } + if (setuid(pw.pw_uid) != 0) { +diff --git a/src/helper/backend/PamBackend.cpp b/src/helper/backend/PamBackend.cpp +index f86d77d6..cccfa258 100644 +--- a/src/helper/backend/PamBackend.cpp ++++ b/src/helper/backend/PamBackend.cpp +@@ -289,6 +289,24 @@ namespace SDDM { + return QString::fromLocal8Bit((const char*) m_pam->getItem(PAM_USER)); + } + ++ bool PamBackend::setupSupplementalGroups(struct passwd *pw) { ++ if (!Backend::setupSupplementalGroups(pw)) ++ return false; ++ ++ // pam_setcred(3) may inject additional groups into the user's ++ // list of supplemental groups, and assumes that the user's ++ // supplemental groups have already been initialized before ++ // its invocation. Since pam_setcred was already called at the ++ // start of openSession, we need to repeat this step here as ++ // the user's groups have only just now been initialized. ++ ++ if (!m_pam->setCred(PAM_REINITIALIZE_CRED)) { ++ m_app->error(m_pam->errorString(), Auth::ERROR_AUTHENTICATION); ++ return false; ++ } ++ return true; ++ } ++ + int PamBackend::converse(int n, const struct pam_message **msg, struct pam_response **resp) { + qDebug() << "[PAM] Conversation with" << n << "messages"; + +diff --git a/src/helper/backend/PamBackend.h b/src/helper/backend/PamBackend.h +index 4c8b4b35..5b079099 100644 +--- a/src/helper/backend/PamBackend.h ++++ b/src/helper/backend/PamBackend.h +@@ -28,6 +28,7 @@ + #include <QtCore/QObject> + + #include <security/pam_appl.h> ++#include <pwd.h> + + namespace SDDM { + class PamHandle; +@@ -61,6 +62,7 @@ namespace SDDM { + explicit PamBackend(HelperApp *parent); + virtual ~PamBackend(); + int converse(int n, const struct pam_message **msg, struct pam_response **resp); ++ virtual bool setupSupplementalGroups(struct passwd *pw); + + public slots: + virtual bool start(const QString &user = QString()); + diff --git a/testing/source/vtown/kde/patch/sddm/sddm_qstring.patch b/testing/source/vtown/kde/patch/sddm/sddm_qstring.patch new file mode 100644 index 000000000..40c3879af --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_qstring.patch @@ -0,0 +1,88 @@ +Slightly modified from this patch in order to apply against SDDM master git: +https://github.com/AOSC-Dev/sddm/commit/c6be72636f43a28f1b6aebff9d682d0182dd7a1e.patch + +From c6be72636f43a28f1b6aebff9d682d0182dd7a1e Mon Sep 17 00:00:00 2001 +From: Leslie Zhai <xiangzhai83@gmail.com> +Date: Mon, 31 Aug 2015 14:04:17 +0800 +Subject: [PATCH] Disable pam backend because loginFailed + +--- +diff -uar sddm-d42700a_20150822git.orig/CMakeLists.txt sddm-d42700a_20150822git/CMakeLists.txt +--- sddm-d42700a_20150822git.orig/CMakeLists.txt 2015-08-22 16:17:37.000000000 +0200 ++++ sddm-d42700a_20150822git/CMakeLists.txt 2015-08-31 12:01:47.342810382 +0200 +@@ -31,6 +31,7 @@ + # Options + option(BUILD_MAN_PAGES "Build man pages" OFF) + option(ENABLE_JOURNALD "Enable logging to journald" ON) ++option(ENABLE_PAM "Enable pam" OFF) + + # Definitions + add_definitions(-Wall -std=c++11 -DQT_NO_CAST_FROM_ASCII) +@@ -66,7 +67,7 @@ + find_package(PkgConfig) + + # PAM +-if(NOT NO_PAM) ++if(ENABLE_PAM) + find_package(PAM) + + if(PAM_FOUND) +diff -uar sddm-d42700a_20150822git.orig/src/helper/backend/PasswdBackend.cpp sddm-d42700a_20150822git/src/helper/backend/PasswdBackend.cpp +--- sddm-d42700a_20150822git.orig/src/helper/backend/PasswdBackend.cpp 2015-08-22 16:17:37.000000000 +0200 ++++ sddm-d42700a_20150822git/src/helper/backend/PasswdBackend.cpp 2015-08-31 12:00:43.995324823 +0200 +@@ -38,7 +38,7 @@ + if (m_autologin) + return true; + +- if (m_user == "sddm") { ++ if (m_user == QStringLiteral("sddm")) { + if (m_greeter) + return true; + else +@@ -49,17 +49,17 @@ + QString password; + + if (m_user.isEmpty()) +- r.prompts << Prompt(AuthPrompt::LOGIN_USER, "Login", false); +- r.prompts << Prompt(AuthPrompt::LOGIN_PASSWORD, "Password", true); ++ r.prompts << Prompt(AuthPrompt::LOGIN_USER, QStringLiteral("Login"), false); ++ r.prompts << Prompt(AuthPrompt::LOGIN_PASSWORD, QStringLiteral("Password"), true); + + Request response = m_app->request(r); + Q_FOREACH(const Prompt &p, response.prompts) { + switch (p.type) { + case AuthPrompt::LOGIN_USER: +- m_user = p.response; ++ m_user = QString::fromUtf8(p.response); + break; + case AuthPrompt::LOGIN_PASSWORD: +- password = p.response; ++ password = QString::fromUtf8(p.response); + break; + default: + break; +@@ -68,13 +68,13 @@ + + struct passwd *pw = getpwnam(qPrintable(m_user)); + if (!pw) { +- m_app->error(QString("Wrong user/password combination"), Auth::ERROR_AUTHENTICATION); ++ m_app->error(QStringLiteral("Wrong user/password combination"), Auth::ERROR_AUTHENTICATION); + return false; + } + + struct spwd *spw = getspnam(pw->pw_name); + if (!spw) { +- qWarning() << "[Passwd] Could get passwd but not shadow"; ++ qWarning() << QStringLiteral("[Passwd] Could get passwd but not shadow"); + return false; + } + +@@ -86,7 +86,7 @@ + return true; + } + +- m_app->error(QString("Wrong user/password combination"), Auth::ERROR_AUTHENTICATION); ++ m_app->error(QStringLiteral("Wrong user/password combination"), Auth::ERROR_AUTHENTICATION); + return false; + } + diff --git a/testing/source/vtown/kde/patch/sddm/sddm_revert-honor-PAM-supplemental-groups.patch b/testing/source/vtown/kde/patch/sddm/sddm_revert-honor-PAM-supplemental-groups.patch new file mode 100644 index 000000000..2391c80ce --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_revert-honor-PAM-supplemental-groups.patch @@ -0,0 +1,88 @@ +From d3953e88a94ec25a87d3c5136517b3d1009cb1fd Mon Sep 17 00:00:00 2001 +From: "J. Konrad Tegtmeier-Rottach" <jktr@0x16.de> +Date: Wed, 8 May 2019 18:58:53 +0200 +Subject: [PATCH] Revert "Honor PAM's ambient supplemental groups. (#834)" + +This reverts commit 1bc813d08b8130e458a6550ec47fb2bfbe6de080, which +misuses PAM and leads to pulling in all of root's supplemental groups +during session initialization instead of only adding PAM's extra +groups. The problem was masked due to the root user not having any +supplemental groups in some common contexts, like running sddm from a +systemd unit. +--- + src/helper/UserSession.cpp | 57 -------------------------------------- + 1 file changed, 57 deletions(-) + +diff --git a/src/helper/UserSession.cpp b/src/helper/UserSession.cpp +index b3aec356..f71fd358 100644 +--- a/src/helper/UserSession.cpp ++++ b/src/helper/UserSession.cpp +@@ -150,67 +150,10 @@ namespace SDDM { + qCritical() << "setgid(" << pw.pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } +- +-#ifdef USE_PAM +- +- // fetch ambient groups from PAM's environment; +- // these are set by modules such as pam_groups.so +- int n_pam_groups = getgroups(0, NULL); +- gid_t *pam_groups = NULL; +- if (n_pam_groups > 0) { +- pam_groups = new gid_t[n_pam_groups]; +- if ((n_pam_groups = getgroups(n_pam_groups, pam_groups)) == -1) { +- qCritical() << "getgroups() failed to fetch supplemental" +- << "PAM groups for user:" << username; +- exit(Auth::HELPER_OTHER_ERROR); +- } +- } else { +- n_pam_groups = 0; +- } +- +- // fetch session's user's groups +- int n_user_groups = 0; +- gid_t *user_groups = NULL; +- if (-1 == getgrouplist(username.constData(), pw.pw_gid, +- NULL, &n_user_groups)) { +- user_groups = new gid_t[n_user_groups]; +- if ((n_user_groups = getgrouplist(username.constData(), +- pw.pw_gid, user_groups, +- &n_user_groups)) == -1 ) { +- qCritical() << "getgrouplist(" << username << ", " << pw.pw_gid +- << ") failed"; +- exit(Auth::HELPER_OTHER_ERROR); +- } +- } +- +- // set groups to concatenation of PAM's ambient +- // groups and the session's user's groups +- int n_groups = n_pam_groups + n_user_groups; +- if (n_groups > 0) { +- gid_t *groups = new gid_t[n_groups]; +- memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t))); +- memcpy((groups + n_pam_groups), user_groups, +- (n_user_groups * sizeof(gid_t))); +- +- // setgroups(2) handles duplicate groups +- if (setgroups(n_groups, groups) != 0) { +- qCritical() << "setgroups() failed for user: " << username; +- exit (Auth::HELPER_OTHER_ERROR); +- } +- delete[] groups; +- } +- delete[] pam_groups; +- delete[] user_groups; +- +-#else +- + if (initgroups(pw.pw_name, pw.pw_gid) != 0) { + qCritical() << "initgroups(" << pw.pw_name << ", " << pw.pw_gid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + } +- +-#endif /* USE_PAM */ +- + if (setuid(pw.pw_uid) != 0) { + qCritical() << "setuid(" << pw.pw_uid << ") failed for user: " << username; + exit(Auth::HELPER_OTHER_ERROR); + diff --git a/testing/source/vtown/kde/patch/sddm/sddm_userxsession.diff b/testing/source/vtown/kde/patch/sddm/sddm_userxsession.diff new file mode 100644 index 000000000..3dcea1f0b --- /dev/null +++ b/testing/source/vtown/kde/patch/sddm/sddm_userxsession.diff @@ -0,0 +1,13 @@ +--- sddm-0.18.1/data/scripts/Xsession.orig 2018-09-26 21:03:47.000000000 +0200 ++++ sddm-0.18.1/data/scripts/Xsession 2020-01-21 11:55:24.997845799 +0100 +@@ -91,10 +91,6 @@ + fi + [ -f $HOME/.Xresources ] && xrdb -merge $HOME/.Xresources + +-if [ -f "$USERXSESSION" ]; then +- . "$USERXSESSION" +-fi +- + if [ -z "$*" ]; then + exec xmessage -center -buttons OK:0 -default OK "Sorry, $DESKTOP_SESSION is no valid session." + else |