diff options
| author | Jan Beich <jbeich@FreeBSD.org> | 2020-07-17 22:14:24 +0000 |
|---|---|---|
| committer | Jan Beich <jbeich@FreeBSD.org> | 2020-07-17 22:14:24 +0000 |
| commit | 033f2cc92a3c923f2db55b46ade60459ba9ac149 (patch) | |
| tree | 57458e34892709c6e7a75607045fa7c8ff299ea2 /x11 | |
| parent | d3df1c6409779c6ecc7a7ca087bceeaf46b421ed (diff) | |
| download | ports-033f2cc92a3c923f2db55b46ade60459ba9ac149.tar.gz ports-033f2cc92a3c923f2db55b46ade60459ba9ac149.zip | |
MFH: r542450
x11/swaylock: unbreak PAM locking
Since 1.5 it includes "login" service which doesn't ask for password
from user running Wayland session. Before pam_authenticate(3) failed
with PAM_AUTH_ERR due to missing permissions password database.
PR: 248053
Reported by: many
Submitted by: andrew|_|tao11.riddles.org.uk, jbeich
Tested by: ashish
Approved by: ports-secteam blanket
Notes
Notes:
svn path=/branches/2020Q3/; revision=542451
Diffstat (limited to 'x11')
| -rw-r--r-- | x11/swaylock/Makefile | 3 | ||||
| -rw-r--r-- | x11/swaylock/files/patch-pam.c | 19 | ||||
| -rw-r--r-- | x11/swaylock/files/patch-pam_swaylock | 15 |
3 files changed, 36 insertions, 1 deletions
diff --git a/x11/swaylock/Makefile b/x11/swaylock/Makefile index a92af32ae72b..1d6123ee5404 100644 --- a/x11/swaylock/Makefile +++ b/x11/swaylock/Makefile @@ -2,6 +2,7 @@ PORTNAME= swaylock DISTVERSION= 1.5 +PORTREVISION= 1 CATEGORIES= x11 MAINTAINER= jbeich@FreeBSD.org @@ -18,7 +19,7 @@ USES= compiler:c11 gnome meson pkgconfig USE_GITHUB= yes GH_ACCOUNT= swaywm USE_GNOME= cairo pango -PLIST_FILES= bin/${PORTNAME} \ +PLIST_FILES= "@(,,4755) bin/${PORTNAME}" \ etc/pam.d/${PORTNAME} \ share/bash-completion/completions/${PORTNAME} \ share/fish/vendor_completions.d/${PORTNAME}.fish \ diff --git a/x11/swaylock/files/patch-pam.c b/x11/swaylock/files/patch-pam.c new file mode 100644 index 000000000000..b00deca58e32 --- /dev/null +++ b/x11/swaylock/files/patch-pam.c @@ -0,0 +1,19 @@ +pam_unix(8) requires root priveleges to access master.passwd(5) + +--- pam.c.orig 2019-01-29 19:48:00 UTC ++++ pam.c +@@ -12,12 +12,14 @@ + static char *pw_buf = NULL; + + void initialize_pw_backend(int argc, char **argv) { ++#ifdef __linux__ + if (getuid() != geteuid() || getgid() != getegid()) { + swaylock_log(LOG_ERROR, + "swaylock is setuid, but was compiled with the PAM" + " backend. Run 'chmod a-s %s' to fix. Aborting.", argv[0]); + exit(EXIT_FAILURE); + } ++#endif + if (!spawn_comm_child()) { + exit(EXIT_FAILURE); + } diff --git a/x11/swaylock/files/patch-pam_swaylock b/x11/swaylock/files/patch-pam_swaylock new file mode 100644 index 000000000000..8388acd8a579 --- /dev/null +++ b/x11/swaylock/files/patch-pam_swaylock @@ -0,0 +1,15 @@ +"login" has "auth sufficient pam_self.so" but a screen locker is +supposed to ask for password regardless. + +--- pam/swaylock.orig 2019-01-29 19:48:00 UTC ++++ pam/swaylock +@@ -1,6 +1,6 @@ + # +-# PAM configuration file for the swaylock screen locker. By default, it includes +-# the 'login' configuration file (see /etc/pam.d/login) ++# PAM configuration for the "swaylock" service. swaylock(1) only uses ++# auth facilities. + # + +-auth include login ++auth include system |