pool/xrdp
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1070579 from X11:RemoteDesktop

Browse Source 
- Enable --with-pamconfdir=/usr/lib/pam.d on Tumbleweed
  (gh#neutrinolabs/xrdp!2552 bsc#1208121).

- Add xrdp-make-pamconfdir-configurable.patch: Apply upstream
  implementation and introduce --with-pamconfdir at build time
  (gh#neutrinolabs/xrdp!2552 bsc#1208121).
- Drop xrdp-fix-search-pam-vendor-dir.patch

OBS-URL: https://build.opensuse.org/request/show/1070579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xrdp?expand=0&rev=51
This commit is contained in:
Dominique Leuenberger 2023-03-10 21:06:57 +00:00 committed by Git OBS Bridge
commit 06d943cc0d
4 changed files with 117 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
xrdp-fix-search-pam-vendor-dir.patch
View File

@ -1,14 +0,0 @@
Index: xrdp-0.9.20/sesman/verify_user_pam.c
===================================================================
--- xrdp-0.9.20.orig/sesman/verify_user_pam.c
+++ xrdp-0.9.20/sesman/verify_user_pam.c
@@ -197,7 +197,8 @@ get_service_name(char *service_name)
service_name[0] = 0;
if (g_file_exist("/etc/pam.d/xrdp-sesman") ||
- g_file_exist(XRDP_SYSCONF_PATH "/pam.d/xrdp-sesman"))
+ g_file_exist(XRDP_SYSCONF_PATH "/pam.d/xrdp-sesman") ||
+ g_file_exist("/usr/lib/pam.d/xrdp-sesman"))
{
g_strncpy(service_name, "xrdp-sesman", 255);
}

96
xrdp-make-pamconfdir-configurable.patch Normal file
View File

@ -0,0 +1,96 @@
From 8be6bc137e44939d15a8b28eff4df53c961ca84c Mon Sep 17 00:00:00 2001
From: Yifan J <yifanj2007@gmail.com>
Date: Tue, 21 Feb 2023 09:50:46 +0800
Subject: [PATCH] Make pam.d directory configurable
---
configure.ac | 7 +++++++
instfiles/pam.d/Makefile.am | 2 +-
sesman/Makefile.am | 1 +
sesman/tools/Makefile.am | 1 +
sesman/verify_user_pam.c | 10 +++++++++-
5 files changed, 19 insertions(+), 2 deletions(-)
Index: xrdp-0.9.20/configure.ac
===================================================================
--- xrdp-0.9.20.orig/configure.ac
+++ xrdp-0.9.20/configure.ac
@@ -464,6 +464,12 @@ if test "x$enable_strict_locations" != "
localstatedir="/var";
fi
+AC_ARG_WITH([pamconfdir],
+ [AS_HELP_STRING([--with-pamconfdir=DIR],
+ [Use directory for pam.d config (default: /etc/pam.d)])],
+ [], [with_pamconfdir="$sysconfdir/pam.d"])
+AC_SUBST([pamconfdir], [$with_pamconfdir])
+
PKG_INSTALLDIR
AC_CHECK_HEADERS([sys/prctl.h])
@@ -542,6 +548,7 @@ echo " exec_prefix $exec_pr
echo " libdir $libdir"
echo " bindir $bindir"
echo " sysconfdir $sysconfdir"
+echo " pamconfdir $pamconfdir"
echo ""
echo " unit tests performable $perform_unit_tests"
echo ""
Index: xrdp-0.9.20/instfiles/pam.d/Makefile.am
===================================================================
--- xrdp-0.9.20.orig/instfiles/pam.d/Makefile.am
+++ xrdp-0.9.20/instfiles/pam.d/Makefile.am
@@ -25,7 +25,7 @@ endif
endif
endif
-pamddir = $(sysconfdir)/pam.d
+pamddir = $(pamconfdir)
pamd_DATA = \
$(PAMFILE)
Index: xrdp-0.9.20/sesman/Makefile.am
===================================================================
--- xrdp-0.9.20.orig/sesman/Makefile.am
+++ xrdp-0.9.20/sesman/Makefile.am
@@ -8,6 +8,7 @@ AM_CPPFLAGS = \
-DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \
-DXRDP_PID_PATH=\"${localstatedir}/run\" \
-DXRDP_SOCKET_PATH=\"${socketdir}\" \
+ -DXRDP_PAMCONF_PATH=\"${pamconfdir}\" \
-I$(top_srcdir)/common \
-I$(top_srcdir)/sesman/libscp
Index: xrdp-0.9.20/sesman/tools/Makefile.am
===================================================================
--- xrdp-0.9.20.orig/sesman/tools/Makefile.am
+++ xrdp-0.9.20/sesman/tools/Makefile.am
@@ -4,6 +4,7 @@ AM_CPPFLAGS = \
-DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \
-DXRDP_PID_PATH=\"${localstatedir}/run\" \
-DXRDP_SOCKET_PATH=\"${socketdir}\" \
+ -DXRDP_PAMCONF_PATH=\"${pamconfdir}\" \
-I$(top_srcdir)/common \
-I$(top_srcdir)/sesman/libscp \
-I$(top_srcdir)/sesman
Index: xrdp-0.9.20/sesman/verify_user_pam.c
===================================================================
--- xrdp-0.9.20.orig/sesman/verify_user_pam.c
+++ xrdp-0.9.20/sesman/verify_user_pam.c
@@ -197,7 +197,15 @@ get_service_name(char *service_name)
service_name[0] = 0;
if (g_file_exist("/etc/pam.d/xrdp-sesman") ||
- g_file_exist(XRDP_SYSCONF_PATH "/pam.d/xrdp-sesman"))
+#ifdef __LINUX_PAM__
+ /* /usr/lib/pam.d is hardcoded into Linux-PAM */
+ g_file_exist("/usr/lib/pam.d/xrdp-sesman") ||
+#endif
+#ifdef OPENPAM_VERSION
+ /* /usr/local/etc/pam.d is hardcoded into OpenPAM */
+ g_file_exist("/usr/local/etc/pam.d/xrdp-sesman") ||
+#endif
+ g_file_exist(XRDP_PAMCONF_PATH "/xrdp-sesman"))
{
g_strncpy(service_name, "xrdp-sesman", 255);
}

14
xrdp.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Wed Mar 8 07:06:01 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
- Enable --with-pamconfdir=/usr/lib/pam.d on Tumbleweed
(gh#neutrinolabs/xrdp!2552 bsc#1208121).
-------------------------------------------------------------------
Wed Mar 8 06:51:28 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
- Add xrdp-make-pamconfdir-configurable.patch: Apply upstream
implementation and introduce --with-pamconfdir at build time
(gh#neutrinolabs/xrdp!2552 bsc#1208121).
- Drop xrdp-fix-search-pam-vendor-dir.patch
-------------------------------------------------------------------
Mon Feb 13 09:18:44 UTC 2023 - Yifan Jiang <yfjiang@suse.com>

15
xrdp.spec
View File

@ -38,8 +38,6 @@ Source7: sesman.ini
Source100: %{name}-rpmlintrc
# PATCH-FIX-OPENSUSE xrdp-pam.patch - hfiguiere@novell.com refreshed by ftake@geeko.jp
Patch1: xrdp-pam.patch
# PATCH-FIX-OPENSUSE xrdp-fix-search-pam-vendor-dir.patch bsc#1208121 - yfjiang@suse.com -- Search pam configuration file in the vendor directory /usr/lib/pam.d/
Patch2: xrdp-fix-search-pam-vendor-dir.patch
# PATCH-FIX-OPENSUSE xrdp-disable-8-bpp-vnc-support.patch bsc#991059 - fezhang@suse.com -- disable 8 bpp support for vnc connections
Patch4: xrdp-disable-8-bpp-vnc-support.patch
# PATCH-FIX-OPENSUSE xrdp-support-KillDisconnected-for-Xvnc.patch boo#1101506 - fezhang@suse.com -- Support the KillDisconnected option for TigerVNC Xvnc sessions
@ -68,6 +66,9 @@ Patch15: xrdp-CVE-2022-23484.patch
Patch16: xrdp-CVE-2022-23493.patch
# PATCH-FIX-UPSTREAM xrdp-CVE-2022-23477.patch bsc#1206301 - yu.daike@suse.com -- Buffer over flow in audin_send_open() function
Patch17: xrdp-CVE-2022-23477.patch
# PATCH-FIX-UPSTREAM xrdp-make-pamconfdir-configurable.patch gh#neutrinolabs/xrdp!2552 bsc#1208121 - yfjiang@suse.com -- Configure pam.d directory at build time
Patch18: xrdp-make-pamconfdir-configurable.patch
# Keep SLE only patches on the bottom starting from patch number 1001
# PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - hfiguiere@novell.com -- Add Avahi support.
Patch1001: xrdp-avahi.diff
@ -126,7 +127,6 @@ This package contains libraries for the JPEG2000 codec for RDP.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
@ -141,6 +141,7 @@ This package contains libraries for the JPEG2000 codec for RDP.
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%if 0%{?sle_version}
%patch1001 -p1
%patch1002 -p1
@ -154,6 +155,9 @@ sh ./bootstrap
--enable-ipv6 \
--enable-painter \
--with-systemdsystemunitdir=%{_unitdir} \
%if 0%{?suse_version} > 1500
--with-pamconfdir=%{_pam_vendordir} \
%endif
--enable-vsock \
--enable-fuse
make %{?_smp_mflags} V=1
@ -175,11 +179,6 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxrdp-sesman
# use certification file created at the post phase
rm -f %{buildroot}/%{_sysconfdir}/xrdp/{cert,key}.pem
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_pam_vendordir}
mv %{buildroot}%{_sysconfdir}/pam.d/xrdp-sesman %{buildroot}%{_pam_vendordir}
%endif
%fdupes -s %{buildroot}
%pre