~kennylevinsen/greetd

greetd: Use additional pam service config for greeter v2 APPLIED

Aleksei Bavshin: 1
 Use additional pam service config for greeter

 2 files changed, 14 insertions(+), 2 deletions(-)
#305746 alpine.yml success
#305747 archlinux.yml failed
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~kennylevinsen/greetd/patches/13995/mbox | git am -3
Learn more about email & git
View this thread in the archives

[PATCH greetd v2] Use additional pam service config for greeter Export this patch

Check the existence and attempt to use `greetd-greeter` pam service file
for greeter sessions. The fallback is a standard greetd pam service,
i.e. `greetd` or `login`.

Rationale: proper configurations for different session types can vary in
acceptable modules. Certain modules like `pam_selinux` are actually
harmful for an unprivileged greeter session as it removes the SELinux
security label from the greeter processes.
---
Autologin service config is dropped in v2 patch as greetd already skips
pam_authenticate for the initial session and there's no reason to
provide a separate pam service to achieve that.

 greetd/src/context.rs | 9 +++++++--
 greetd/src/server.rs  | 7 +++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/greetd/src/context.rs b/greetd/src/context.rs
index 0299ea8..42067dc 100644
--- a/greetd/src/context.rs
+++ b/greetd/src/context.rs
@@ -37,6 +37,7 @@ pub struct Context {
    inner: RwLock<ContextInner>,
    greeter_bin: String,
    greeter_user: String,
    greeter_service: String,
    pam_service: String,
    term_mode: TerminalMode,
}
@@ -45,6 +46,7 @@ impl Context {
    pub fn new(
        greeter_bin: String,
        greeter_user: String,
        greeter_service: String,
        pam_service: String,
        term_mode: TerminalMode,
    ) -> Context {
@@ -56,6 +58,7 @@ impl Context {
            }),
            greeter_bin,
            greeter_user,
            greeter_service,
            pam_service,
            term_mode,
        }
@@ -68,11 +71,12 @@ impl Context {
        &self,
        class: &str,
        user: &str,
        service: &str,
        cmd: Vec<String>,
    ) -> Result<SessionChild, Error> {
        let mut scheduled_session = Session::new_external()?;
        scheduled_session
            .initiate(&self.pam_service, class, user, false, &self.term_mode)
            .initiate(&service, class, user, false, &self.term_mode)
            .await?;
        loop {
            match scheduled_session.get_state().await {
@@ -93,6 +97,7 @@ impl Context {
        self.start_unauthenticated_session(
            "greeter",
            &self.greeter_user,
            &self.greeter_service,
            vec![self.greeter_bin.to_string()],
        )
        .await
@@ -128,7 +133,7 @@ impl Context {
        let mut inner = self.inner.write().await;
        inner.current = Some(SessionChildSet {
            child: self
                .start_unauthenticated_session("user", user, cmd)
                .start_unauthenticated_session("user", user, &self.pam_service, cmd)
                .await?,
            time: Instant::now(),
            is_greeter: false,
diff --git a/greetd/src/server.rs b/greetd/src/server.rs
index e734eea..45e9a0d 100644
--- a/greetd/src/server.rs
+++ b/greetd/src/server.rs
@@ -197,6 +197,12 @@ pub async fn main(config: Config) -> Result<(), Error> {
        return Err("PAM 'greetd' service missing".into());
    };

    let greeter_service = if Path::new("/etc/pam.d/greetd-greeter").exists() {
        "greetd-greeter"
    } else {
        service
    };

    let u = users::get_user_by_name(&config.file.default_session.user).ok_or(format!(
        "configured default session user '{}' not found",
        &config.file.default_session.user
@@ -212,6 +218,7 @@ pub async fn main(config: Config) -> Result<(), Error> {
    let ctx = Rc::new(Context::new(
        config.file.default_session.command,
        config.file.default_session.user,
        greeter_service.to_string(),
        service.to_string(),
        term_mode.clone(),
    ));
-- 
2.26.2
builds.sr.ht
greetd/patches: FAILED in 2m40s

[Use additional pam service config for greeter][0] v2 from [Aleksei Bavshin][1]

[0]: https://lists.sr.ht/~kennylevinsen/greetd/patches/13995
[1]: mailto:alebastr89@gmail.com

✗ #305747 FAILED  greetd/patches/archlinux.yml https://builds.sr.ht/~kennylevinsen/job/305747
✓ #305746 SUCCESS greetd/patches/alpine.yml    https://builds.sr.ht/~kennylevinsen/job/305746
Applied, thanks!