From c81cec7ae4c29127d951fbf6219ddd2c1ce7086d Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sun, 4 Dec 2022 00:12:42 +0000 Subject: user/sddm: Fix autologin issue with PAM modules This corrects an issue where Horizon media may boot to a black screen. --- user/sddm/autologin-pam.patch | 80 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 user/sddm/autologin-pam.patch (limited to 'user/sddm/autologin-pam.patch') diff --git a/user/sddm/autologin-pam.patch b/user/sddm/autologin-pam.patch new file mode 100644 index 000000000..bb4560b69 --- /dev/null +++ b/user/sddm/autologin-pam.patch @@ -0,0 +1,80 @@ +From a6280bde181c72811ab5dd0eb525f112ac72099f Mon Sep 17 00:00:00 2001 +From: Aleix Pol +Date: Thu, 24 Jun 2021 17:08:10 +0200 +Subject: [PATCH] pam: Do not use tally2 if faillock is present + +From pam 1.4.0 release notes: + +Deprecated pam_tally and pam_tally2: these modules are no longer built +by default and will be removed in the next release, use pam_faillock +instead. +https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0 + +Fixes #1313 +--- + cmake/FindPAM.cmake | 1 + + services/CMakeLists.txt | 6 +++++- + services/sddm-autologin-tally2.pam | 13 +++++++++++++ + services/sddm-autologin.pam | 2 +- + 4 files changed, 20 insertions(+), 2 deletions(-) + create mode 100755 services/sddm-autologin-tally2.pam + +diff --git a/cmake/FindPAM.cmake b/cmake/FindPAM.cmake +index f209c0b46..a64680bea 100644 +--- a/cmake/FindPAM.cmake ++++ b/cmake/FindPAM.cmake +@@ -13,6 +13,7 @@ endif (PAM_INCLUDE_DIR AND PAM_LIBRARY) + find_path(PAM_INCLUDE_DIR NAMES security/pam_appl.h pam/pam_appl.h) + find_library(PAM_LIBRARY pam) + find_library(DL_LIBRARY dl) ++find_library(HAVE_PAM_FAILLOCK NAME pam_faillock.so PATH_SUFFIXES security) + + if (PAM_INCLUDE_DIR AND PAM_LIBRARY) + set(PAM_FOUND TRUE) +diff --git a/services/CMakeLists.txt b/services/CMakeLists.txt +index fbf760895..6e4fa0f93 100644 +--- a/services/CMakeLists.txt ++++ b/services/CMakeLists.txt +@@ -10,6 +10,10 @@ else() + endif() + configure_file("${CMAKE_CURRENT_SOURCE_DIR}/sddm-greeter.pam.in" "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam") + ++if(HAVE_PAM_FAILLOCK) ++ install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin) ++else() ++ install(FILES sddm-autologin-tally2.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin) ++endif() + install(FILES sddm.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm) +-install(FILES sddm-autologin.pam DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-autologin) + install(FILES "${CMAKE_CURRENT_BINARY_DIR}/sddm-greeter.pam" DESTINATION ${CMAKE_INSTALL_FULL_SYSCONFDIR}/pam.d RENAME sddm-greeter) +diff --git a/services/sddm-autologin-tally2.pam b/services/sddm-autologin-tally2.pam +new file mode 100755 +index 000000000..99729bc9b +--- /dev/null ++++ b/services/sddm-autologin-tally2.pam +@@ -0,0 +1,13 @@ ++#%PAM-1.0 ++auth required pam_env.so ++auth required pam_tally2.so file=/var/log/tallylog onerr=succeed ++auth required pam_shells.so ++auth required pam_nologin.so ++auth required pam_permit.so ++-auth optional pam_gnome_keyring.so ++-auth optional pam_kwallet5.so ++account include system-local-login ++password include system-local-login ++session include system-local-login ++-session optional pam_gnome_keyring.so auto_start ++-session optional pam_kwallet5.so auto_start +diff --git a/services/sddm-autologin.pam b/services/sddm-autologin.pam +index 99729bc9b..b42991e38 100755 +--- a/services/sddm-autologin.pam ++++ b/services/sddm-autologin.pam +@@ -1,6 +1,6 @@ + #%PAM-1.0 + auth required pam_env.so +-auth required pam_tally2.so file=/var/log/tallylog onerr=succeed ++auth required pam_faillock.so preauth + auth required pam_shells.so + auth required pam_nologin.so + auth required pam_permit.so -- cgit v1.2.3-70-g09d2