diff options
Diffstat (limited to 'data')
54 files changed, 1461 insertions, 0 deletions
diff --git a/data/.gitignore b/data/.gitignore new file mode 100644 index 0000000..c95bb39 --- /dev/null +++ b/data/.gitignore @@ -0,0 +1,2 @@ +/gdm.service +/greeter-dconf-defaults diff --git a/data/61-gdm.rules.in b/data/61-gdm.rules.in new file mode 100644 index 0000000..984fdd4 --- /dev/null +++ b/data/61-gdm.rules.in @@ -0,0 +1,6 @@ +# disable Wayland on Hi1710 chipsets +ATTR{vendor}=="0x19e5", ATTR{device}=="0x1711", RUN+="@libexecdir@/gdm-disable-wayland" +# disable Wayland when using the proprietary nvidia driver +DRIVER=="nvidia", RUN+="@libexecdir@/gdm-disable-wayland" +# disable Wayland if modesetting is disabled +IMPORT{cmdline}="nomodeset", RUN+="@libexecdir@/gdm-disable-wayland" diff --git a/data/Init.in b/data/Init.in new file mode 100644 index 0000000..ec6fd39 --- /dev/null +++ b/data/Init.in @@ -0,0 +1,89 @@ +#!/bin/sh +# Stolen from the debian kdm setup, aren't I sneaky +# Plus a lot of fun stuff added +# -George + +PATH="@X_PATH@:$PATH" +OLD_IFS=$IFS + +gdmwhich () { + COMMAND="$1" + OUTPUT= + IFS=: + for dir in $PATH + do + if test -x "$dir/$COMMAND" ; then + if test "x$OUTPUT" = "x" ; then + OUTPUT="$dir/$COMMAND" + fi + fi + done + IFS=$OLD_IFS + echo "$OUTPUT" +} + +sysresources=/etc/X11/Xresources + +# merge in defaults +if [ -f "$sysresources" ]; then + xrdb -merge "$sysresources" +fi + +sysmodmap=/etc/X11/Xmodmap + +XMODMAP=`gdmwhich xmodmap` +if [ "x$XMODMAP" != "x" ] ; then + if [ "x$GDM_PARENT_DISPLAY" = "x" ]; then + if [ -f $sysmodmap ]; then + $XMODMAP $sysmodmap + fi + else + ( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $XMODMAP -pke ) | $XMODMAP - + fi + + # + # Switch Sun's Alt and Meta mod mappings + # + + UNAME=`gdmwhich uname` + PROCESSOR=`$UNAME -p` + if [ "x$PROCESSOR" = "xsparc" ]; then + if $XMODMAP | grep mod4 | grep Alt > /dev/null 2>/dev/null + then + $XMODMAP -e "clear Mod1" \ + -e "clear Mod4" \ + -e "add Mod1 = Alt_L" \ + -e "add Mod1 = Alt_R" \ + -e "add Mod4 = Meta_L" \ + -e "add Mod4 = Meta_R" + fi + fi +fi + +SETXKBMAP=`gdmwhich setxkbmap` +if [ "x$SETXKBMAP" != "x" ] ; then + # FIXME: is this all right? Is this completely on crack? + # What this does is move the xkb configuration from the GDM_PARENT_DISPLAY + # FIXME: This should be done in code. Or there must be an easier way ... + if [ -n "$GDM_PARENT_DISPLAY" ]; then + XKBSETUP=`( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $SETXKBMAP -v )` + if [ -n "$XKBSETUP" ]; then + XKBKEYMAP=`echo "$XKBSETUP" | grep '^keymap' | awk '{ print $2 }'` + XKBTYPES=`echo "$XKBSETUP" | grep '^types' | awk '{ print $2 }'` + XKBCOMPAT=`echo "$XKBSETUP" | grep '^compat' | awk '{ print $2 }'` + XKBSYMBOLS=`echo "$XKBSETUP" | grep '^symbols' | awk '{ print $2 }'` + XKBGEOMETRY=`echo "$XKBSETUP" | grep '^geometry' | awk '{ print $2 }'` + if [ -n "$XKBKEYMAP" ]; then + $SETXKBMAP -keymap "$XKBKEYMAP" + elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" -a -n "$XKBGEOMETRY" ]; then + $SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS" -geometry "$XKBGEOMETRY" + elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" ]; then + $SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS" + elif [ -n "$XKBSYMBOLS" ]; then + $SETXKBMAP -symbols "$XKBSYMBOLS" + fi + fi + fi +fi + +exit 0 diff --git a/data/PostLogin b/data/PostLogin new file mode 100755 index 0000000..efc6394 --- /dev/null +++ b/data/PostLogin @@ -0,0 +1,8 @@ +#!/bin/sh +# +# Note: this is a sample and will not be run as is. Change the name of this +# file to <gdmconfdir>/PostLogin/Default for this script to be run. This +# script will be run before any setup is run on behalf of the user and is +# useful if you for example need to do some setup to create a home directory +# for the user or something like that. $HOME, $LOGIN and such will all be +# set appropriately and this script is run as root. diff --git a/data/PostSession.in b/data/PostSession.in new file mode 100755 index 0000000..c52d3c2 --- /dev/null +++ b/data/PostSession.in @@ -0,0 +1,3 @@ +#!/bin/sh + +exit 0 diff --git a/data/PreSession.in b/data/PreSession.in new file mode 100755 index 0000000..cfabee7 --- /dev/null +++ b/data/PreSession.in @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Note that any setup should come before the sessreg command as +# that must be 'exec'ed for the pid to be correct (sessreg uses the parent +# pid) +# +# Note that output goes into the .xsession-errors file for easy debugging +# +PATH="@X_PATH@:$PATH" diff --git a/data/Xsession.in b/data/Xsession.in new file mode 100755 index 0000000..9d79558 --- /dev/null +++ b/data/Xsession.in @@ -0,0 +1,197 @@ +#!@XSESSION_SHELL@ +# +# This is SORT OF LIKE an X session, but not quite. You get a command as the +# first argument (it could be multiple words, so run it with "eval"). As a +# special case, the command can be: +# default - Run the appropriate Xclients startup (see the code below) +# custom - Run ~/.xsession and if that's not available run 'default' +# +# (Note that other arguments could also follow, but only the command one is +# right now relevant and supported) +# +# The output is ALREADY redirected to .xsession-errors in GDM. This way +# .xsession-errors actually gets more output such as if the PreSession script +# is failing. This also prevents DoS attacks if some app in the users session +# can be prodded to dump lots of stuff on the stdout/stderr. We wish to be +# robust don't we? In case you wish to use an existing script for other DM's, +# you can just not redirect when GDMSESSION is set. GDMSESSION will always +# be set from gdm. +# +# Also note that this is not run as a login shell, this is just executed. +# This is why we source the profile files below. +# +# based on: +# $XConsortium: Xsession /main/10 1995/12/18 18:21:28 gildea $ + +command="$@" + +# this will go into the .xsession-errors along with all other echo's +# good for debugging where things went wrong +echo "$0: Beginning session setup..." + +# First read /etc/profile and .profile +test -f /etc/profile && . /etc/profile +test -f "$HOME/.profile" && . "$HOME/.profile" +# Second read /etc/xprofile and .xprofile for X specific setup +test -f /etc/xprofile && . /etc/xprofile +test -f "$HOME/.xprofile" && . "$HOME/.xprofile" + +# Translation stuff +if [ -x "@libexecdir@/gdmtranslate" ] ; then + gdmtranslate="@libexecdir@/gdmtranslate" +else + gdmtranslate= +fi + +# Note that this should only go to zenity dialogs which always expect utf8 +gettextfunc () { + if [ "x$gdmtranslate" != "x" ] ; then + "$gdmtranslate" --utf8 "$1" + else + echo "$1" + fi +} + +OLD_IFS=$IFS + +gdmwhich () { + COMMAND="$1" + OUTPUT= + IFS=: + for dir in $PATH + do + if test -x "$dir/$COMMAND" ; then + if test "x$OUTPUT" = "x" ; then + OUTPUT="$dir/$COMMAND" + fi + fi + done + IFS=$OLD_IFS + echo "$OUTPUT" +} + +zenity=`gdmwhich zenity` + +# Note: ~/.xsession-errors is now done in the daemon so that it +# works for ALL sessions (except ones named 'Failsafe') + +# clean up after xbanner +freetemp=`gdmwhich freetemp` +if [ -n "$freetemp" ] ; then + "$freetemp" +fi + +userresources="$HOME/.Xresources" +usermodmap="$HOME/.Xmodmap" +userxkbmap="$HOME/.Xkbmap" + +sysresources=/etc/X11/Xresources +sysmodmap=/etc/X11/Xmodmap +sysxkbmap=/etc/X11/Xkbmap + +rh6sysresources=/etc/X11/xinit/Xresources +rh6sysmodmap=/etc/X11/xinit/Xmodmap + +# merge in defaults +if [ -f "$rh6sysresources" ]; then + xrdb -nocpp -merge "$rh6sysresources" +fi + +if [ -f "$sysresources" ]; then + xrdb -nocpp -merge "$sysresources" +fi + +if [ -f "$userresources" ]; then + xrdb -nocpp -merge "$userresources" +fi + +# merge in keymaps +if [ -f "$sysxkbmap" ]; then + setxkbmap `cat "$sysxkbmap"` + XKB_IN_USE=yes +fi + +if [ -f "$userxkbmap" ]; then + setxkbmap `cat "$userxkbmap"` + XKB_IN_USE=yes +fi + +# +# Eeek, this seems like too much magic here +# +if [ -z "$XKB_IN_USE" -a ! -L /etc/X11/X ]; then + if grep '^exec.*/Xsun' /etc/X11/X > /dev/null 2>&1 && [ -f /etc/X11/XF86Config ]; then + xkbsymbols=`sed -n -e 's/^[ ]*XkbSymbols[ ]*"\(.*\)".*$/\1/p' /etc/X11/XF86Config` + if [ -n "$xkbsymbols" ]; then + setxkbmap -symbols "$xkbsymbols" + XKB_IN_USE=yes + fi + fi +fi + +# xkb and xmodmap don't play nice together +if [ -z "$XKB_IN_USE" ]; then + if [ -f "$rh6sysmodmap" ]; then + xmodmap "$rh6sysmodmap" + fi + + if [ -f "$sysmodmap" ]; then + xmodmap "$sysmodmap" + fi + + if [ -f "$usermodmap" ]; then + xmodmap "$usermodmap" + fi +fi + +unset XKB_IN_USE + +xhost +si:localuser:`id -un` || : + +# run all system xinitrc shell scripts. +if [ -d /etc/X11/xinit/xinitrc.d ]; then + for i in /etc/X11/xinit/xinitrc.d/* ; do + if [ -x "$i" -a ! -d "$i" ]; then + . "$i" + fi + done +fi + +if [ "x$command" = "xdefault" ] ; then + if [ -x "$HOME/.Xclients" ]; then + command="$HOME/.Xclients" + elif [ -x /etc/X11/xinit/Xclients ]; then + command="/etc/X11/xinit/Xclients" + elif [ -x /etc/X11/Xclients ]; then + command="/etc/X11/Xclients" + else + if [ -n "$zenity" ] ; then + disptext=`gettextfunc "System has no Xclients file, so starting a failsafe xterm session. Windows will have focus only if the mouse pointer is above them. To get out of this mode type 'exit' in the window."` + "$zenity" --info --text "$disptext" + else + echo "$0: Cannot find Xclients" + fi + exec xterm -geometry 80x24+0+0 + fi +fi + +# add ssh-agent if found +sshagent="`gdmwhich ssh-agent`" +if [ -n "$sshagent" ] && [ -x "$sshagent" ] && [ -z "$SSH_AUTH_SOCK" ]; then + command="$sshagent -- $command" +elif [ -z "$sshagent" ] ; then + echo "$0: ssh-agent not found!" +fi + +echo "$0: Setup done, will execute: $command" + +eval exec $command + +echo "$0: Executing $command failed, will run xterm" + +if [ -n "$zenity" ] ; then + disptext=`gettextfunc "Failed to start the session, so starting a failsafe xterm session. Windows will have focus only if the mouse pointer is above them. To get out of this mode type 'exit' in the window."` + "$zenity" --info --text "$disptext" +fi + +exec xterm -geometry 80x24+0+0 diff --git a/data/applications/meson.build b/data/applications/meson.build new file mode 100644 index 0000000..48a2f09 --- /dev/null +++ b/data/applications/meson.build @@ -0,0 +1,16 @@ +desktop_conf = { + 'LIBDIR': gdm_prefix / get_option('libdir'), + 'LIBEXECDIR': gdm_prefix / get_option('libexecdir'), + 'LOCALSTATEDIR': gdm_prefix / get_option('localstatedir'), + 'SBINDIR': gdm_prefix / get_option('sbindir'), + 'SYSCONFDIR': gdm_prefix / get_option('sysconfdir'), +} + +foreach desktop_file : [ 'mime-dummy-handler.desktop', 'mimeapps.list' ] + configure_file( + input: desktop_file, + output: desktop_file, + configuration: desktop_conf, + install_dir: get_option('datadir') / 'gdm' / 'greeter' / 'applications', + ) +endforeach diff --git a/data/applications/mime-dummy-handler.desktop b/data/applications/mime-dummy-handler.desktop new file mode 100644 index 0000000..8f6623e --- /dev/null +++ b/data/applications/mime-dummy-handler.desktop @@ -0,0 +1,6 @@ +[Desktop Entry] +Type=Application +Name=Dummy URI Handler +Exec=true %U +Terminal=false +StartupNotify=false diff --git a/data/applications/mimeapps.list b/data/applications/mimeapps.list new file mode 100644 index 0000000..db3a144 --- /dev/null +++ b/data/applications/mimeapps.list @@ -0,0 +1,19 @@ +[Default Applications] +x-scheme-handler/file=mime-dummy-handler.desktop +x-scheme-handler/ftp=mime-dummy-handler.desktop +x-scheme-handler/ghelp=mime-dummy-handler.desktop +x-scheme-handler/help=mime-dummy-handler.desktop +x-scheme-handler/http=mime-dummy-handler.desktop +x-scheme-handler/https=mime-dummy-handler.desktop +x-scheme-handler/info=mime-dummy-handler.desktop +x-scheme-handler/irc=mime-dummy-handler.desktop +x-scheme-handler/itms=mime-dummy-handler.desktop +x-scheme-handler/mailto=mime-dummy-handler.desktop +x-scheme-handler/man=mime-dummy-handler.desktop +x-scheme-handler/mms=mime-dummy-handler.desktop +x-scheme-handler/rtp=mime-dummy-handler.desktop +x-scheme-handler/rtsp=mime-dummy-handler.desktop +x-scheme-handler/sip=mime-dummy-handler.desktop +x-scheme-handler/trash=mime-dummy-handler.desktop +x-scheme-handler/webcal=mime-dummy-handler.desktop +x-scheme-handler/xmpp=mime-dummy-handler.desktop diff --git a/data/autostart/meson.build b/data/autostart/meson.build new file mode 100644 index 0000000..348a6c6 --- /dev/null +++ b/data/autostart/meson.build @@ -0,0 +1,12 @@ +autostart_files_conf = { + 'LIBEXECDIR': gdm_prefix / get_option('libexecdir'), +} + +foreach autostart_file : [ 'orca-autostart.desktop' ] + configure_file( + input: autostart_file, + output: autostart_file, + configuration: autostart_files_conf, + install_dir: get_option('datadir') / 'gdm' / 'greeter' / 'autostart', + ) +endforeach diff --git a/data/autostart/orca-autostart.desktop b/data/autostart/orca-autostart.desktop new file mode 100644 index 0000000..944cfd7 --- /dev/null +++ b/data/autostart/orca-autostart.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Type=Application +Name=Orca screen reader +Exec=orca --disable main-window,splash-window --enable speech,braille +NoDisplay=true +AutostartCondition=GSettings org.gnome.desktop.a11y.applications screen-reader-enabled +X-GNOME-AutoRestart=true diff --git a/data/dconf/.gitignore b/data/dconf/.gitignore new file mode 100644 index 0000000..f0047b3 --- /dev/null +++ b/data/dconf/.gitignore @@ -0,0 +1 @@ +/gdm diff --git a/data/dconf/defaults/00-upstream-settings b/data/dconf/defaults/00-upstream-settings new file mode 100644 index 0000000..0f41899 --- /dev/null +++ b/data/dconf/defaults/00-upstream-settings @@ -0,0 +1,51 @@ +# This file is part of the GDM packaging and should not be changed. +# +# Instead create your own file next to it with a higher numbered prefix, +# and run +# +# dconf update +# + +[org/gnome/desktop/session] +session-name='gnome-login' + +[org/gnome/desktop/input-sources] +show-all-sources=true + +[org/gnome/desktop/a11y] +always-show-universal-access-status=true + +[org/gnome/desktop/background] +show-desktop-icons=false + +[org/gnome/desktop/default-applications/terminal] +exec='true' + +[org/gnome/desktop/lockdown] +disable-application-handlers=true +disable-command-line=true +disable-lock-screen=true +disable-log-out=false +disable-printing=true +disable-print-setup=true +disable-save-to-disk=true +disable-user-switching=true + +[org/gnome/desktop/sound] +event-sounds=true + +[org/gnome/settings-daemon/plugins/media-keys] +calculator='' +eject='' +email='' +help='' +home='' +media='' +next='' +pause='' +play='' +previous='' +screensaver='' +search='' +stop='' +www='' diff --git a/data/dconf/defaults/locks/00-upstream-settings-locks b/data/dconf/defaults/locks/00-upstream-settings-locks new file mode 100644 index 0000000..9cecec6 --- /dev/null +++ b/data/dconf/defaults/locks/00-upstream-settings-locks @@ -0,0 +1,28 @@ +/org/gnome/desktop/a11y/keyboard/enable +/org/gnome/desktop/background/show-desktop-icons +/org/gnome/desktop/default-applications/terminal/exec +/org/gnome/desktop/interface/toolkit-accessibility +/org/gnome/desktop/lockdown/disable-application-handlers +/org/gnome/desktop/lockdown/disable-command-line +/org/gnome/desktop/lockdown/disable-lock-screen +/org/gnome/desktop/lockdown/disable-log-out +/org/gnome/desktop/lockdown/disable-printing +/org/gnome/desktop/lockdown/disable-print-setup +/org/gnome/desktop/lockdown/disable-save-to-disk +/org/gnome/desktop/lockdown/disable-user-switching +/org/gnome/desktop/session/session-name +/org/gnome/desktop/sound/event-sounds +/org/gnome/settings-daemon/plugins/media-keys/calculator +/org/gnome/settings-daemon/plugins/media-keys/eject +/org/gnome/settings-daemon/plugins/media-keys/email +/org/gnome/settings-daemon/plugins/media-keys/help +/org/gnome/settings-daemon/plugins/media-keys/home +/org/gnome/settings-daemon/plugins/media-keys/media +/org/gnome/settings-daemon/plugins/media-keys/next +/org/gnome/settings-daemon/plugins/media-keys/pause +/org/gnome/settings-daemon/plugins/media-keys/play +/org/gnome/settings-daemon/plugins/media-keys/previous +/org/gnome/settings-daemon/plugins/media-keys/screensaver +/org/gnome/settings-daemon/plugins/media-keys/search +/org/gnome/settings-daemon/plugins/media-keys/stop +/org/gnome/settings-daemon/plugins/media-keys/www diff --git a/data/dconf/gdm.in b/data/dconf/gdm.in new file mode 100644 index 0000000..4d8bf17 --- /dev/null +++ b/data/dconf/gdm.in @@ -0,0 +1,2 @@ +user-db:user +file-db:@DATADIR@/@PACKAGE@/greeter-dconf-defaults diff --git a/data/dconf/meson.build b/data/dconf/meson.build new file mode 100644 index 0000000..8ce18d6 --- /dev/null +++ b/data/dconf/meson.build @@ -0,0 +1,25 @@ +gdm_dconf = configure_file( + input: 'gdm.in', + output: '@BASENAME@', + configuration: { + 'DATADIR': gdm_prefix / get_option('datadir'), + 'PACKAGE': meson.project_name(), + }, + install_dir: get_option('datadir') / 'dconf' / 'profile', +) + +greeter_dconf_defaults = custom_target('greeter-dconf-defaults', + output: 'greeter-dconf-defaults', + input: files( + 'defaults/00-upstream-settings', + 'defaults/locks/00-upstream-settings-locks', + ), + command: [ + find_program('dconf'), + 'compile', + '@OUTPUT@', + meson.current_source_dir() / 'defaults', + ], + install: true, + install_dir: get_option('datadir') / meson.project_name(), +) diff --git a/data/gdm.conf-custom.in b/data/gdm.conf-custom.in new file mode 100644 index 0000000..9b63ba9 --- /dev/null +++ b/data/gdm.conf-custom.in @@ -0,0 +1,16 @@ +# GDM configuration storage + +[daemon] +# Uncomment the line below to force the login screen to use Xorg +#WaylandEnable=false + +[security] + +[xdmcp] + +[chooser] + +[debug] +# Uncomment the line below to turn on debugging +#Enable=true + diff --git a/data/gdm.conf.in b/data/gdm.conf.in new file mode 100644 index 0000000..2d8897d --- /dev/null +++ b/data/gdm.conf.in @@ -0,0 +1,81 @@ +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + + <!-- Only root can own the service --> + <policy user="root"> + <allow own="org.gnome.DisplayManager"/> + + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Manager"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Settings"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.Properties" /> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.Introspectable"/> + + </policy> + + <policy context="default"> + <deny send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display"/> + <deny send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/> + <deny send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Settings"/> + <deny send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Session"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.Introspectable"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.ObjectManager"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.Properties"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Manager"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display" + send_member="GetId"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display" + send_member="GetRemoteHostname"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display" + send_member="GetSeatId"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display" + send_member="GetX11DisplayName"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display" + send_member="GetX11DisplayNumber"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display" + send_member="IsLocal"/> + + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.LocalDisplayFactory" + send_member="CreateTransientDisplay"/> + </policy> + + <policy user="@GDM_USERNAME@"> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Manager"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Display"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.LocalDisplayFactory"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.gnome.DisplayManager.Settings"/> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.Properties" /> + <allow send_destination="org.gnome.DisplayManager" + send_interface="org.freedesktop.DBus.Introspectable"/> + </policy> + +</busconfig> diff --git a/data/gdm.schemas.in b/data/gdm.schemas.in new file mode 100644 index 0000000..255bff0 --- /dev/null +++ b/data/gdm.schemas.in @@ -0,0 +1,134 @@ +<gdmschemafile> + <schemalist> + + <schema> + <key>chooser/Multicast</key> + <signature>b</signature> + <default>false</default> + </schema> + <schema> + <key>chooser/MulticastAddr</key> + <signature>s</signature> + <default>ff02::1</default> + </schema> + + <schema> + <key>daemon/User</key> + <signature>s</signature> + <default>@GDM_USERNAME@</default> + </schema> + <schema> + <key>daemon/Group</key> + <signature>s</signature> + <default>@GDM_GROUPNAME@</default> + </schema> + <schema> + <key>daemon/AutomaticLoginEnable</key> + <signature>b</signature> + <default>false</default> + </schema> + <schema> + <key>daemon/AutomaticLogin</key> + <signature>s</signature> + <default></default> + </schema> + <schema> + <key>daemon/TimedLoginEnable</key> + <signature>b</signature> + <default>false</default> + </schema> + <schema> + <key>daemon/TimedLogin</key> + <signature>s</signature> + <default></default> + </schema> + <schema> + <key>daemon/TimedLoginDelay</key> + <signature>i</signature> + <default>30</default> + </schema> + <schema> + <key>daemon/InitialSetupEnable</key> + <signature>b</signature> + <default>true</default> + </schema> + <schema> + <key>daemon/WaylandEnable</key> + <signature>b</signature> + <default>true</default> + </schema> + <schema> + <key>security/AllowRemoteAutoLogin</key> + <signature>b</signature> + <default>false</default> + </schema> + + <schema> + <key>debug/Enable</key> + <signature>b</signature> + <default>false</default> + </schema> + + <schema> + <key>security/DisallowTCP</key> + <signature>b</signature> + <default>true</default> + </schema> + <schema> + <key>xdmcp/Enable</key> + <signature>b</signature> + <default>false</default> + </schema> + <schema> + <key>xdmcp/ShowLocalGreeter</key> + <signature>b</signature> + <default>true</default> + </schema> + <schema> + <key>xdmcp/MaxPending</key> + <signature>i</signature> + <default>4</default> + </schema> + <schema> + <key>xdmcp/MaxSessions</key> + <signature>i</signature> + <default>16</default> + </schema> + <schema> + <key>xdmcp/MaxWait</key> + <signature>i</signature> + <default>30</default> + </schema> + <schema> + <key>xdmcp/DisplaysPerHost</key> + <signature>i</signature> + <default>1</default> + </schema> + <schema> + <key>xdmcp/Port</key> + <signature>i</signature> + <default>177</default> + </schema> + <schema> + <key>xdmcp/HonorIndirect</key> + <signature>b</signature> + <default>true</default> + </schema> + <schema> + <key>xdmcp/MaxWaitIndirect</key> + <signature>i</signature> + <default>30</default> + </schema> + <schema> + <key>xdmcp/PingIntervalSeconds</key> + <signature>i</signature> + <default>0</default> + </schema> + <schema> + <key>xdmcp/Willing</key> + <signature>s</signature> + <default>@gdmconfdir@/Xwilling</default> + </schema> + </schemalist> +</gdmschemafile> + diff --git a/data/gdm.service.in b/data/gdm.service.in new file mode 100644 index 0000000..17e8a8d --- /dev/null +++ b/data/gdm.service.in @@ -0,0 +1,33 @@ +[Unit] +Description=GNOME Display Manager + +# replaces the getty +Conflicts=getty@tty${GDM_INITIAL_VT}.service +After=getty@tty${GDM_INITIAL_VT}.service + +# replaces plymouth-quit since it quits plymouth on its own +Conflicts=${PLYMOUTH_QUIT_SERVICE} +After=${PLYMOUTH_QUIT_SERVICE} + +# Needs all the dependencies of the services it's replacing +# pulled from getty@.service and ${PLYMOUTH_QUIT_SERVICE} +# (except for plymouth-quit-wait.service since it waits until +# plymouth is quit, which we do) +After=rc-local.service plymouth-start.service systemd-user-sessions.service + +# GDM takes responsibility for stopping plymouth, so if it fails +# for any reason, make sure plymouth still stops +OnFailure=plymouth-quit.service + +[Service] +ExecStart=${sbindir}/gdm +KillMode=mixed +Restart=always +IgnoreSIGPIPE=no +BusName=org.gnome.DisplayManager +EnvironmentFile=-${LANG_CONFIG_FILE} +ExecReload=/bin/kill -SIGHUP $MAINPID +KeyringMode=shared + +[Install] +Alias=display-manager.service diff --git a/data/gnome-login.session.in b/data/gnome-login.session.in new file mode 100644 index 0000000..6347096 --- /dev/null +++ b/data/gnome-login.session.in @@ -0,0 +1,3 @@ +[GNOME Session] +Name=Display Manager +RequiredComponents=@gnome_required_components@; diff --git a/data/locale.alias b/data/locale.alias new file mode 100644 index 0000000..7cabea6 --- /dev/null +++ b/data/locale.alias @@ -0,0 +1,7 @@ +# You could insert none UTF-8 locales likes C, ja_JP.eucJP +# The format is language label, space and locale name but +# the language label is no longer used. +# +# This file will be removed in the future once gdm setup tool is generated. +# +#Unspecified C,POSIX diff --git a/data/meson.build b/data/meson.build new file mode 100644 index 0000000..05a2011 --- /dev/null +++ b/data/meson.build @@ -0,0 +1,220 @@ +subdir('applications') +subdir('autostart') +subdir('dconf') + +# XPath configs +foreach file : [ 'Init', 'PreSession', 'PostSession' ] + generated_file = configure_file( + input: '@0@.in'.format(file), + output: file, + configuration: { 'X_PATH': x_path }, + ) + + install_data(generated_file, + install_dir: gdmconfdir / file, + install_mode: 'rwxr-xr-x', + rename: 'Default' + ) +endforeach + +install_data('PostLogin', + rename: 'Default.sample', + install_mode: 'rwxr-xr-x', + install_dir: gdmconfdir / 'PostLogin', +) + +# gdm.conf +configure_file( + input: 'gdm.conf.in', + output: '@BASENAME@', + configuration: { + 'GDM_USERNAME': get_option('user') + }, + install_dir: dbus_sys_dir, +) +configure_file( + input: 'gdm.conf-custom.in', + output: gdm_custom_conf.split('/')[-1], + copy: true, + install_mode: 'rw-r--r--', + install_dir: run_command(find_program('dirname'), gdm_custom_conf).stdout().strip(), +) + +# GSettings schema +install_data('org.gnome.login-screen.gschema.xml', + install_dir: get_option('datadir') / 'glib-2.0' / 'schemas', +) +compiled_gschema = gnome.compile_schemas() + +# gdm.schema +gdm_schema = configure_file( + input: 'gdm.schemas.in', + output: '@BASENAME@', + configuration: { + 'GDM_USERNAME': get_option('user'), + 'GDM_GROUPNAME': get_option('group'), + 'gdmconfdir': gdmconfdir, + }, + install_dir: get_option('datadir') / 'gdm', +) + +install_data('locale.alias', + install_dir: get_option('datadir') / 'gdm', +) + +gdm_gnome_shell_component = 'org.gnome.Shell' +gdm_gnome_session_required_components = [ + 'org.gnome.SettingsDaemon.A11ySettings', + 'org.gnome.SettingsDaemon.Color', + 'org.gnome.SettingsDaemon.Datetime', + 'org.gnome.SettingsDaemon.Housekeeping', + 'org.gnome.SettingsDaemon.Keyboard', + 'org.gnome.SettingsDaemon.MediaKeys', + 'org.gnome.SettingsDaemon.Power', + 'org.gnome.SettingsDaemon.PrintNotifications', + 'org.gnome.SettingsDaemon.Rfkill', + 'org.gnome.SettingsDaemon.ScreensaverProxy', + 'org.gnome.SettingsDaemon.Sharing', + 'org.gnome.SettingsDaemon.Smartcard', + 'org.gnome.SettingsDaemon.Sound', + 'org.gnome.SettingsDaemon.Wacom', +] + +gdm_gnome_user_session_wanted_components = gdm_gnome_session_required_components +gdm_gnome_user_session_wanted_components += [ + 'org.gnome.SettingsDaemon.XSettings', +] + +configure_file( + input: 'gnome-login.session.in', + output: '@BASENAME@', + configuration: { + 'libexecdir': gdm_prefix / get_option('libexecdir'), + 'check_accelerated_dir': check_accelerated_dir, + 'gnome_required_components': ';'.join( + [ gdm_gnome_shell_component ] + gdm_gnome_session_required_components), + }, + install_dir: get_option('datadir') / 'gnome-session' / 'sessions', +) + +# PAM +pam_data_files_map = { + 'redhat': [ + 'gdm-autologin', + 'gdm-launch-environment', + 'gdm-fingerprint', + 'gdm-smartcard', + 'gdm-password', + 'gdm-pin', + ], + 'openembedded': [ + 'gdm-autologin', + 'gdm-launch-environment', + 'gdm-password', + 'gdm-pin', + ], + 'exherbo': [ + 'gdm-autologin', + 'gdm-launch-environment', + 'gdm-fingerprint', + 'gdm-smartcard', + 'gdm-password', + 'gdm-pin', + ], + 'lfs': [ + 'gdm-autologin', + 'gdm-launch-environment', + 'gdm-fingerprint', + 'gdm-smartcard', + 'gdm-password', + 'gdm-pin', + ], + 'arch': [ + 'gdm-autologin', + 'gdm-launch-environment', + 'gdm-fingerprint', + 'gdm-smartcard', + 'gdm-password', + 'gdm-pin', + ], + 'none': [], + # We should no longer have 'autodetect' at this point +} + +pam_data_files = pam_data_files_map[default_pam_config] +pam_prefix = (get_option('pam-prefix') != '')? get_option('pam-prefix') : get_option('sysconfdir') +foreach _pam_filename : pam_data_files + install_data('pam-@0@/@1@.pam'.format(default_pam_config, _pam_filename), + rename: _pam_filename, + install_dir: pam_prefix / 'pam.d', + ) +endforeach + +gdm_rules = configure_file( + input: '61-gdm.rules.in', + output: '@BASENAME@', + configuration: { + 'libexecdir': gdm_prefix / get_option('libexecdir'), + }, + install_dir: udev_dir, +) + +# DBus service files +service_config = configuration_data() +service_config.set('sbindir', gdm_prefix / get_option('sbindir')) +service_config.set('GDM_INITIAL_VT', get_option('initial-vt')) +service_config.set('LANG_CONFIG_FILE', lang_config_file) +if plymouth_dep.found() + service_config.set('PLYMOUTH_QUIT_SERVICE', 'plymouth-quit.service') +else + service_config.set('PLYMOUTH_QUIT_SERVICE', '') +endif + +if get_option('systemdsystemunitdir') != '' + systemd_systemunitdir = get_option('systemdsystemunitdir') +else + systemd_systemunitdir = systemd_dep.get_pkgconfig_variable('systemdsystemunitdir') +endif + +if get_option('systemduserunitdir') != '' + systemd_userunitdir = get_option('systemduserunitdir') +else + systemd_userunitdir = systemd_dep.get_pkgconfig_variable('systemduserunitdir', + define_variable: ['prefix', get_option('prefix')]) +endif + +configure_file( + input: 'gdm.service.in', + output: '@BASENAME@', + configuration: service_config, + install_dir: systemd_systemunitdir, + format: 'cmake' +) + +gdm_gnome_session_wanted_targets = [] +foreach component: gdm_gnome_user_session_wanted_components + gdm_gnome_session_wanted_targets += 'Wants=@0@.target'.format(component) +endforeach + +configure_file( + input: 'session.conf.in', + output: 'session.conf', + configuration: { + 'requires_component': gdm_gnome_shell_component, + 'wants_required_components': '\n'.join(gdm_gnome_session_wanted_targets), + }, + install_dir: systemd_userunitdir / 'gnome-session@gnome-login.target.d', +) + +# XSession +if get_option('gdm-xsession') + configure_file( + input: 'Xsession.in', + output: '@BASENAME@', + configuration: { + 'libexecdir': gdm_prefix / get_option('libexecdir'), + 'XSESSION_SHELL': get_option('solaris')? '/bin/ksh' : '/bin/sh', + }, + install_dir: gdmconfdir, + ) +endif diff --git a/data/org.gnome.login-screen.gschema.xml b/data/org.gnome.login-screen.gschema.xml new file mode 100644 index 0000000..7b5c54d --- /dev/null +++ b/data/org.gnome.login-screen.gschema.xml @@ -0,0 +1,102 @@ +<?xml version="1.0" encoding="UTF-8"?> +<schemalist gettext-domain="gdm"> + <schema id="org.gnome.login-screen" path="/org/gnome/login-screen/"> + <key name="enable-fingerprint-authentication" type="b"> + <default>true</default> + <summary> + Whether or not to allow fingerprint readers for login + </summary> + <description> + The login screen can optionally allow users who have enrolled + their fingerprints to log in using those prints. + </description> + </key> + <key name="enable-smartcard-authentication" type="b"> + <default>true</default> + <summary> + Whether or not to allow smartcard readers for login + </summary> + <description> + The login screen can optionally allow users who have smartcards + to log in using those smartcards. + </description> + </key> + <key name="enable-password-authentication" type="b"> + <default>true</default> + <summary> + Whether or not to allow passwords for login + </summary> + <description> + The login screen can be configured to disallow password authentication, + forcing the user to use smartcard or fingerprint authentication. + </description> + </key> + <key name="logo" type="s"> + <default>''</default> + <summary> + Path to small image at top of user list + </summary> + <description> + The login screen can optionally show a small image to provide site + administrators and distributions a way to display branding. + </description> + </key> + <key name="fallback-logo" type="s"> + <default>''</default> + <summary> + Path to small image at top of user list + </summary> + <description> + The fallback login screen can optionally show a small image to provide + site administrators and distributions a way to display branding. + </description> + </key> + <key name="disable-user-list" type="b"> + <default>false</default> + <summary> + Avoid showing user list + </summary> + <description> + The login screen normally shows a list of available users to log in + as. This setting can be toggled to disable showing the user list. + </description> + </key> + <key name="banner-message-enable" type="b"> + <default>false</default> + <summary> + Enable showing the banner message + </summary> + <description> + Set to true to show the banner message text. + </description> + </key> + <key name="banner-message-text" type="s"> + <default>''</default> + <summary> + Banner message text + </summary> + <description> + Text banner message to show in the login window. + </description> + </key> + <key name="disable-restart-buttons" type="b"> + <default>false</default> + <summary> + Disable showing the restart buttons + </summary> + <description> + Set to true to disable showing the restart buttons in the login window. + </description> + </key> + <key name="allowed-failures" type="i"> + <default>3</default> + <summary> + Number of allowed authentication failures + </summary> + <description> + The number of times a user is allowed to attempt authentication, before + giving up and going back to user selection. + </description> + </key> + </schema> +</schemalist> diff --git a/data/pam-arch/gdm-autologin.pam b/data/pam-arch/gdm-autologin.pam new file mode 100644 index 0000000..99b1420 --- /dev/null +++ b/data/pam-arch/gdm-autologin.pam @@ -0,0 +1,13 @@ +auth requisite pam_nologin.so +auth required pam_env.so +auth optional pam_gdm.so +auth optional pam_gnome_keyring.so +auth optional pam_permit.so + +account include system-local-login + +password include system-local-login + +session optional pam_keyinit.so force revoke +session include system-local-login +session optional pam_gnome_keyring.so auto_start diff --git a/data/pam-arch/gdm-fingerprint.pam b/data/pam-arch/gdm-fingerprint.pam new file mode 100644 index 0000000..a480861 --- /dev/null +++ b/data/pam-arch/gdm-fingerprint.pam @@ -0,0 +1,14 @@ +auth required pam_tally.so onerr=succeed file=/var/log/faillog +auth required pam_shells.so +auth requisite pam_nologin.so +auth required pam_env.so +auth required pam_fprintd.so +auth optional pam_permit.so + +account include system-local-login + +password required pam_fprintd.so +password optional pam_permit.so + +session optional pam_keyinit.so force revoke +session include system-local-login diff --git a/data/pam-arch/gdm-launch-environment.pam b/data/pam-arch/gdm-launch-environment.pam new file mode 100644 index 0000000..d59c9cb --- /dev/null +++ b/data/pam-arch/gdm-launch-environment.pam @@ -0,0 +1,13 @@ +auth required pam_env.so +auth required pam_succeed_if.so audit quiet_success user = gdm +auth optional pam_permit.so + +account required pam_succeed_if.so audit quiet_success user = gdm +account optional pam_permit.so + +password required pam_deny.so + +session optional pam_keyinit.so force revoke +session required pam_succeed_if.so audit quiet_success user = gdm +session required pam_systemd.so +session optional pam_permit.so diff --git a/data/pam-arch/gdm-password.pam b/data/pam-arch/gdm-password.pam new file mode 100644 index 0000000..8d34794 --- /dev/null +++ b/data/pam-arch/gdm-password.pam @@ -0,0 +1,11 @@ +auth include system-local-login +auth optional pam_gnome_keyring.so + +account include system-local-login + +password include system-local-login +password optional pam_gnome_keyring.so use_authtok + +session optional pam_keyinit.so force revoke +session include system-local-login +session optional pam_gnome_keyring.so auto_start diff --git a/data/pam-arch/gdm-pin.pam b/data/pam-arch/gdm-pin.pam new file mode 100644 index 0000000..135e205 --- /dev/null +++ b/data/pam-arch/gdm-pin.pam @@ -0,0 +1,13 @@ +auth requisite pam_pin.so +auth include system-local-login +auth optional pam_gnome_keyring.so + +account include system-local-login + +password include system-local-login +password optional pam_pin.so +password optional pam_gnome_keyring.so use_authtok + +session optional pam_keyinit.so force revoke +session include system-local-login +session optional pam_gnome_keyring.so auto_start diff --git a/data/pam-arch/gdm-smartcard.pam b/data/pam-arch/gdm-smartcard.pam new file mode 100644 index 0000000..ec6f75d --- /dev/null +++ b/data/pam-arch/gdm-smartcard.pam @@ -0,0 +1,14 @@ +auth required pam_tally.so onerr=succeed file=/var/log/faillog +auth required pam_shells.so +auth requisite pam_nologin.so +auth required pam_env.so +auth required pam_pkcs11.so wait_for_card card_only +auth optional pam_permit.so + +account include system-local-login + +password required pam_pkcs11.so +password optional pam_permit.so + +session optional pam_keyinit.so force revoke +session include system-local-login diff --git a/data/pam-exherbo/gdm-autologin.pam b/data/pam-exherbo/gdm-autologin.pam new file mode 100644 index 0000000..1324f36 --- /dev/null +++ b/data/pam-exherbo/gdm-autologin.pam @@ -0,0 +1,14 @@ +# mirrors system-auth / system(-local)-login +# except for the authentication method, which is: +# always permit login + +auth [success=ok default=1] pam_gdm.so +-auth optional pam_gnome_keyring.so +auth sufficient pam_permit.so + +account include system-local-login + +password include system-local-login + +session include system-local-login +-session optional pam_gnome_keyring.so auto_start diff --git a/data/pam-exherbo/gdm-fingerprint.pam b/data/pam-exherbo/gdm-fingerprint.pam new file mode 100644 index 0000000..41639ec --- /dev/null +++ b/data/pam-exherbo/gdm-fingerprint.pam @@ -0,0 +1,10 @@ +account include system-login + +auth substack fingerprint-auth +auth optional pam_gnome_keyring.so + +password required pam_deny.so + +session substack system-login +session optional pam_gnome_keyring.so auto_start + diff --git a/data/pam-exherbo/gdm-launch-environment.pam b/data/pam-exherbo/gdm-launch-environment.pam new file mode 100644 index 0000000..51a8e00 --- /dev/null +++ b/data/pam-exherbo/gdm-launch-environment.pam @@ -0,0 +1,15 @@ +account required pam_nologin.so +account required pam_succeed_if.so audit quiet_success user = gdm +account required pam_permit.so + +auth required pam_env.so +auth required pam_succeed_if.so audit quiet_success user = gdm +auth required pam_permit.so + +password required pam_deny.so + +-session optional pam_systemd.so +session optional pam_keyinit.so force revoke +session required pam_succeed_if.so audit quiet_success user = gdm +session required pam_permit.so + diff --git a/data/pam-exherbo/gdm-password.pam b/data/pam-exherbo/gdm-password.pam new file mode 100644 index 0000000..d223f66 --- /dev/null +++ b/data/pam-exherbo/gdm-password.pam @@ -0,0 +1,10 @@ +account include system-login + +auth substack system-login +auth optional pam_gnome_keyring.so + +password required pam_deny.so + +session substack system-login +session optional pam_gnome_keyring.so auto_start + diff --git a/data/pam-exherbo/gdm-pin.pam b/data/pam-exherbo/gdm-pin.pam new file mode 100644 index 0000000..d62c773 --- /dev/null +++ b/data/pam-exherbo/gdm-pin.pam @@ -0,0 +1,10 @@ +account include system-login + +auth requisite pam_pin.so +auth substack system-login +auth optional pam_gnome_keyring.so + +password required pam_deny.so + +session substack system-login +session optional pam_gnome_keyring.so auto_start
\ No newline at end of file diff --git a/data/pam-exherbo/gdm-smartcard.pam b/data/pam-exherbo/gdm-smartcard.pam new file mode 100644 index 0000000..0623c6e --- /dev/null +++ b/data/pam-exherbo/gdm-smartcard.pam @@ -0,0 +1,18 @@ +# mirrors system-auth / system(-local)-login +# except for the authentication method, which is: +# smartcard login + +auth required pam_env.so +auth required pam_tally.so file=/var/log/faillog onerr=succeed +auth required pam_shells.so +auth required pam_nologin.so +auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only +-auth optional pam_gnome_keyring.so + +account include system-local-login + +password include system-local-login + +session include system-local-login +-session optional pam_gnome_keyring.so auto_start + diff --git a/data/pam-lfs/gdm-autologin.pam b/data/pam-lfs/gdm-autologin.pam new file mode 100644 index 0000000..953d47e --- /dev/null +++ b/data/pam-lfs/gdm-autologin.pam @@ -0,0 +1,19 @@ +# Begin /etc/pam.d/gdm-autologin + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth optional pam_gdm.so +auth optional pam_gnome_keyring.so +auth required pam_permit.so + +account include system-account +password include system-password + +session optional pam_keyinit.so revoke +session required pam_limits.so +session include system-session +session optional pam_gnome_keyring.so auto_start + +# End /etc/pam.d/gdm-autologin diff --git a/data/pam-lfs/gdm-fingerprint.pam b/data/pam-lfs/gdm-fingerprint.pam new file mode 100644 index 0000000..f004882 --- /dev/null +++ b/data/pam-lfs/gdm-fingerprint.pam @@ -0,0 +1,18 @@ +# Begin /etc/pam.d/gdm-fingerprint + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth required pam_fprintd.so +auth optional pam_gnome_keyring.so + +account include system-account +password required pam_fprintd.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session include system-session +session optional pam_gnome_keyring.so auto_start + +# End /etc/pam.d/gdm-fingerprint diff --git a/data/pam-lfs/gdm-launch-environment.pam b/data/pam-lfs/gdm-launch-environment.pam new file mode 100644 index 0000000..174c347 --- /dev/null +++ b/data/pam-lfs/gdm-launch-environment.pam @@ -0,0 +1,17 @@ +# Begin /etc/pam.d/gdm-launch-environment + +auth required pam_succeed_if.so audit quiet_success user = gdm +auth required pam_env.so +auth optional pam_permit.so + +account required pam_succeed_if.so audit quiet_success user = gdm +account include system-account + +password required pam_deny.so + +session required pam_succeed_if.so audit quiet_success user = gdm +-session optional pam_systemd.so +session optional pam_keyinit.so force revoke +session optional pam_permit.so + +# End /etc/pam.d/gdm-launch-environment diff --git a/data/pam-lfs/gdm-password.pam b/data/pam-lfs/gdm-password.pam new file mode 100644 index 0000000..9b52a17 --- /dev/null +++ b/data/pam-lfs/gdm-password.pam @@ -0,0 +1,17 @@ +# Begin /etc/pam.d/gdm-password + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth include system-auth +auth optional pam_gnome_keyring.so + +account include system-account +password include system-password + +session required pam_limits.so +session include system-session +session optional pam_gnome_keyring.so auto_start + +# End /etc/pam.d/gdm-password diff --git a/data/pam-lfs/gdm-pin.pam b/data/pam-lfs/gdm-pin.pam new file mode 100644 index 0000000..4c955c9 --- /dev/null +++ b/data/pam-lfs/gdm-pin.pam @@ -0,0 +1,17 @@ +# Begin /etc/pam.d/gdm-pin + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth required pam_pin.so +auth optional pam_gnome_keyring.so + +account include system-account +password required pam_pin.so + +session required pam_limits.so +session include system-session +session optional pam_gnome_keyring.so auto_start + +# End /etc/pam.d/gdm-pin diff --git a/data/pam-lfs/gdm-smartcard.pam b/data/pam-lfs/gdm-smartcard.pam new file mode 100644 index 0000000..f2c1b64 --- /dev/null +++ b/data/pam-lfs/gdm-smartcard.pam @@ -0,0 +1,17 @@ +# Begin /etc/pam.d/gdm-smartcard + +auth requisite pam_nologin.so +auth required pam_env.so + +auth required pam_succeed_if.so uid >= 1000 quiet +auth required pam_pkcs11.so wait_for_card card_only +auth optional pam_gnome_keyring.so + +account include system-account +password required pam_pkcs11.so + +session required pam_limits.so +session include system-session +session optional pam_gnome_keyring.so auto_start + +# End /etc/pam.d/gdm-smartcard diff --git a/data/pam-openembedded/gdm-autologin.pam b/data/pam-openembedded/gdm-autologin.pam new file mode 100644 index 0000000..a9f4354 --- /dev/null +++ b/data/pam-openembedded/gdm-autologin.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_permit.so +account include common-account +password include common-auth +session include common-session diff --git a/data/pam-openembedded/gdm-launch-environment.pam b/data/pam-openembedded/gdm-launch-environment.pam new file mode 100644 index 0000000..a9f4354 --- /dev/null +++ b/data/pam-openembedded/gdm-launch-environment.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_permit.so +account include common-account +password include common-auth +session include common-session diff --git a/data/pam-openembedded/gdm-password.pam b/data/pam-openembedded/gdm-password.pam new file mode 100644 index 0000000..758464d --- /dev/null +++ b/data/pam-openembedded/gdm-password.pam @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/data/pam-openembedded/gdm-pin.pam b/data/pam-openembedded/gdm-pin.pam new file mode 100644 index 0000000..c56842b --- /dev/null +++ b/data/pam-openembedded/gdm-pin.pam @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth requisite pam_pin.so +auth include common-auth +account include common-account +password include common-password +password optional pam_pin.so +session include common-session diff --git a/data/pam-redhat/gdm-autologin.pam b/data/pam-redhat/gdm-autologin.pam new file mode 100644 index 0000000..c31ff27 --- /dev/null +++ b/data/pam-redhat/gdm-autologin.pam @@ -0,0 +1,16 @@ +#%PAM-1.0 +auth [success=ok default=1] pam_gdm.so +-auth optional pam_gnome_keyring.so +auth sufficient pam_permit.so +account required pam_nologin.so +account include system-auth +password include system-auth +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include system-auth +session optional pam_gnome_keyring.so auto_start +session include postlogin diff --git a/data/pam-redhat/gdm-fingerprint.pam b/data/pam-redhat/gdm-fingerprint.pam new file mode 100644 index 0000000..1483cdf --- /dev/null +++ b/data/pam-redhat/gdm-fingerprint.pam @@ -0,0 +1,16 @@ +auth substack fingerprint-auth +auth include postlogin + +account required pam_nologin.so +account include fingerprint-auth + +password include fingerprint-auth + +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include fingerprint-auth +session include postlogin diff --git a/data/pam-redhat/gdm-launch-environment.pam b/data/pam-redhat/gdm-launch-environment.pam new file mode 100644 index 0000000..2e9ea2b --- /dev/null +++ b/data/pam-redhat/gdm-launch-environment.pam @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_permit.so +auth include postlogin +account required pam_permit.so +password required pam_permit.so +session optional pam_keyinit.so force revoke +session include system-auth +session include postlogin diff --git a/data/pam-redhat/gdm-password.pam b/data/pam-redhat/gdm-password.pam new file mode 100644 index 0000000..21c04ec --- /dev/null +++ b/data/pam-redhat/gdm-password.pam @@ -0,0 +1,20 @@ +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth substack password-auth +auth optional pam_gnome_keyring.so +auth include postlogin + +account required pam_nologin.so +account include password-auth + +password substack password-auth +-password optional pam_gnome_keyring.so use_authtok + +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include password-auth +session optional pam_gnome_keyring.so auto_start +session include postlogin diff --git a/data/pam-redhat/gdm-pin.pam b/data/pam-redhat/gdm-pin.pam new file mode 100644 index 0000000..6ec7707 --- /dev/null +++ b/data/pam-redhat/gdm-pin.pam @@ -0,0 +1,21 @@ +auth [success=done ignore=ignore default=bad] pam_selinux_permit.so +auth requisite pam_pin.so +auth substack password-auth +auth optional pam_gnome_keyring.so +auth include postlogin + +account required pam_nologin.so +account include password-auth + +password include password-auth +password optional pam_pin.so + +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include password-auth +session optional pam_gnome_keyring.so auto_start +session include postlogin diff --git a/data/pam-redhat/gdm-smartcard.pam b/data/pam-redhat/gdm-smartcard.pam new file mode 100644 index 0000000..5024e52 --- /dev/null +++ b/data/pam-redhat/gdm-smartcard.pam @@ -0,0 +1,16 @@ +auth substack smartcard-auth +auth include postlogin + +account required pam_nologin.so +account include smartcard-auth + +password include smartcard-auth + +session required pam_selinux.so close +session required pam_loginuid.so +session optional pam_console.so +session required pam_selinux.so open +session optional pam_keyinit.so force revoke +session required pam_namespace.so +session include smartcard-auth +session include postlogin diff --git a/data/session.conf.in b/data/session.conf.in new file mode 100644 index 0000000..7bfa365 --- /dev/null +++ b/data/session.conf.in @@ -0,0 +1,4 @@ +[Unit] +@wants_required_components@ + +Requires=@requires_component@.target |