summaryrefslogblamecommitdiff
path: root/user/sddm/autologin-pam.patch
blob: bb4560b696a5dd9adf2fe21407b8f834b9bd71d2 (plain) (tree)















































































                                                                                                                                     
From a6280bde181c72811ab5dd0eb525f112ac72099f Mon Sep 17 00:00:00 2001
From: Aleix Pol <aleixpol@kde.org>
Date: Thu, 24 Jun 2021 17:08:10 +0200
Subject: [PATCH] pam: Do not use tally2 if faillock is present

From pam 1.4.0 release notes:

Deprecated pam_tally and pam_tally2: these modules are no longer built
by default and will be removed in the next release, use pam_faillock
instead.
https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0

Fixes #1313
---
 cmake/FindPAM.cmake                |  1 +
 services/CMakeLists.txt            |  6 +++++-
 services/sddm-autologin-tally2.pam | 13 +++++++++++++
 services/sddm-autologin.pam        |  2 +-
 4 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100755 services/sddm-autologin-tally2.pam

diff --git a/cmake/FindPAM.cmake b/cmake/FindPAM.cmake
index f209c0b46..a64680bea 100644
--- a/cmake/FindPAM.cmake
+++ b/cmake/FindPAM.cmake
@@ -13,6 +13,7 @@ endif (PAM_INCLUDE_DIR AND PAM_LIBRARY)
 find_path(PAM_INCLUDE_DIR NAMES security/pam_appl.h pam/pam_appl.h)
 find_library(PAM_LIBRARY pam)
 find_library(DL_LIBRARY dl)
+find_library(HAVE_PAM_FAILLOCK NAME pam_faillock.so PATH_SUFFIXES security)
 
 if (PAM_INCLUDE_DIR AND PAM_LIBRARY)
 	set(PAM_FOUND TRUE)
diff --git a/services/CMakeLists.txt b/services/CMakeLists.txt
index fbf760895..6e4fa0f93 100644
--- a/services/CMakeLists.txt
+++ b/services/CMakeLists.txt
@@ -10,6 +10,10 @@ else()
 endif()
 configure_file("${CMAKE_CURRENT_SOURCE_DIR}/sddm-greeter.pam.in" "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam")
 
+if(HAVE_PAM_FAILLOCK)
+    install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+else()
+    install(FILES sddm-autologin-tally2.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
+endif()
 install(FILES sddm.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm)
-install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin)
 install(FILES "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam" DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-greeter)
diff --git a/services/sddm-autologin-tally2.pam b/services/sddm-autologin-tally2.pam
new file mode 100755
index 000000000..99729bc9b
--- /dev/null
+++ b/services/sddm-autologin-tally2.pam
@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth        required    pam_env.so
+auth        required    pam_tally2.so file=/var/log/tallylog onerr=succeed
+auth        required    pam_shells.so
+auth        required    pam_nologin.so
+auth        required    pam_permit.so
+-auth       optional    pam_gnome_keyring.so
+-auth       optional    pam_kwallet5.so
+account     include     system-local-login
+password    include     system-local-login
+session     include     system-local-login
+-session    optional    pam_gnome_keyring.so auto_start
+-session    optional    pam_kwallet5.so auto_start
diff --git a/services/sddm-autologin.pam b/services/sddm-autologin.pam
index 99729bc9b..b42991e38 100755
--- a/services/sddm-autologin.pam
+++ b/services/sddm-autologin.pam
@@ -1,6 +1,6 @@
 #%PAM-1.0
 auth        required    pam_env.so
-auth        required    pam_tally2.so file=/var/log/tallylog onerr=succeed
+auth        required    pam_faillock.so preauth
 auth        required    pam_shells.so
 auth        required    pam_nologin.so
 auth        required    pam_permit.so