Accepting request 1070579 from X11:RemoteDesktop

- Enable --with-pamconfdir=/usr/lib/pam.d on Tumbleweed
  (gh#neutrinolabs/xrdp!2552 bsc#1208121).

- Add xrdp-make-pamconfdir-configurable.patch: Apply upstream
  implementation and introduce --with-pamconfdir at build time
  (gh#neutrinolabs/xrdp!2552 bsc#1208121).
- Drop xrdp-fix-search-pam-vendor-dir.patch

OBS-URL: https://build.opensuse.org/request/show/1070579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xrdp?expand=0&rev=51

xrdp-fix-search-pam-vendor-dir.patch

@@ -1,14 +0,0 @@
-Index: xrdp-0.9.20/sesman/verify_user_pam.c
-===================================================================
---- xrdp-0.9.20.orig/sesman/verify_user_pam.c
-+++ xrdp-0.9.20/sesman/verify_user_pam.c
-@@ -197,7 +197,8 @@ get_service_name(char *service_name)
-     service_name[0] = 0;
- 
-     if (g_file_exist("/etc/pam.d/xrdp-sesman") ||
--            g_file_exist(XRDP_SYSCONF_PATH "/pam.d/xrdp-sesman"))
-+        g_file_exist(XRDP_SYSCONF_PATH "/pam.d/xrdp-sesman") ||
-+        g_file_exist("/usr/lib/pam.d/xrdp-sesman"))
-     {
-         g_strncpy(service_name, "xrdp-sesman", 255);
-     }

xrdp-make-pamconfdir-configurable.patch

@@ -0,0 +1,96 @@
+From 8be6bc137e44939d15a8b28eff4df53c961ca84c Mon Sep 17 00:00:00 2001
+From: Yifan J <yifanj2007@gmail.com>
+Date: Tue, 21 Feb 2023 09:50:46 +0800
+Subject: [PATCH] Make pam.d directory configurable
+
+---
+ configure.ac                |  7 +++++++
+ instfiles/pam.d/Makefile.am |  2 +-
+ sesman/Makefile.am          |  1 +
+ sesman/tools/Makefile.am    |  1 +
+ sesman/verify_user_pam.c    | 10 +++++++++-
+ 5 files changed, 19 insertions(+), 2 deletions(-)
+
+Index: xrdp-0.9.20/configure.ac
+===================================================================
+--- xrdp-0.9.20.orig/configure.ac
++++ xrdp-0.9.20/configure.ac
+@@ -464,6 +464,12 @@ if test "x$enable_strict_locations" != "
+   localstatedir="/var";
+ fi
+ 
++AC_ARG_WITH([pamconfdir],
++  [AS_HELP_STRING([--with-pamconfdir=DIR],
++                  [Use directory for pam.d config (default: /etc/pam.d)])],
++                  [], [with_pamconfdir="$sysconfdir/pam.d"])
++AC_SUBST([pamconfdir], [$with_pamconfdir])
++
+ PKG_INSTALLDIR
+ 
+ AC_CHECK_HEADERS([sys/prctl.h])
+@@ -542,6 +548,7 @@ echo "  exec_prefix             $exec_pr
+ echo "  libdir                  $libdir"
+ echo "  bindir                  $bindir"
+ echo "  sysconfdir              $sysconfdir"
++echo "  pamconfdir              $pamconfdir"
+ echo ""
+ echo "  unit tests performable  $perform_unit_tests"
+ echo ""
+Index: xrdp-0.9.20/instfiles/pam.d/Makefile.am
+===================================================================
+--- xrdp-0.9.20.orig/instfiles/pam.d/Makefile.am
++++ xrdp-0.9.20/instfiles/pam.d/Makefile.am
+@@ -25,7 +25,7 @@ endif
+ endif
+ endif
+ 
+-pamddir = $(sysconfdir)/pam.d
++pamddir = $(pamconfdir)
+ 
+ pamd_DATA = \
+   $(PAMFILE)
+Index: xrdp-0.9.20/sesman/Makefile.am
+===================================================================
+--- xrdp-0.9.20.orig/sesman/Makefile.am
++++ xrdp-0.9.20/sesman/Makefile.am
+@@ -8,6 +8,7 @@ AM_CPPFLAGS = \
+   -DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \
+   -DXRDP_PID_PATH=\"${localstatedir}/run\" \
+   -DXRDP_SOCKET_PATH=\"${socketdir}\" \
++  -DXRDP_PAMCONF_PATH=\"${pamconfdir}\" \
+   -I$(top_srcdir)/common \
+   -I$(top_srcdir)/sesman/libscp
+ 
+Index: xrdp-0.9.20/sesman/tools/Makefile.am
+===================================================================
+--- xrdp-0.9.20.orig/sesman/tools/Makefile.am
++++ xrdp-0.9.20/sesman/tools/Makefile.am
+@@ -4,6 +4,7 @@ AM_CPPFLAGS = \
+   -DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \
+   -DXRDP_PID_PATH=\"${localstatedir}/run\" \
+   -DXRDP_SOCKET_PATH=\"${socketdir}\" \
++  -DXRDP_PAMCONF_PATH=\"${pamconfdir}\" \
+   -I$(top_srcdir)/common \
+   -I$(top_srcdir)/sesman/libscp \
+   -I$(top_srcdir)/sesman
+Index: xrdp-0.9.20/sesman/verify_user_pam.c
+===================================================================
+--- xrdp-0.9.20.orig/sesman/verify_user_pam.c
++++ xrdp-0.9.20/sesman/verify_user_pam.c
+@@ -197,7 +197,15 @@ get_service_name(char *service_name)
+     service_name[0] = 0;
+ 
+     if (g_file_exist("/etc/pam.d/xrdp-sesman") ||
+-            g_file_exist(XRDP_SYSCONF_PATH "/pam.d/xrdp-sesman"))
++#ifdef __LINUX_PAM__
++            /* /usr/lib/pam.d is hardcoded into Linux-PAM */
++            g_file_exist("/usr/lib/pam.d/xrdp-sesman") ||
++#endif
++#ifdef OPENPAM_VERSION
++            /* /usr/local/etc/pam.d is hardcoded into OpenPAM */
++            g_file_exist("/usr/local/etc/pam.d/xrdp-sesman") ||
++#endif
++            g_file_exist(XRDP_PAMCONF_PATH "/xrdp-sesman"))
+     {
+         g_strncpy(service_name, "xrdp-sesman", 255);
+     }

xrdp.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Wed Mar  8 07:06:01 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
+
+- Enable --with-pamconfdir=/usr/lib/pam.d on Tumbleweed
+  (gh#neutrinolabs/xrdp!2552 bsc#1208121).
+
+-------------------------------------------------------------------
+Wed Mar  8 06:51:28 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
+
+- Add xrdp-make-pamconfdir-configurable.patch: Apply upstream
+  implementation and introduce --with-pamconfdir at build time
+  (gh#neutrinolabs/xrdp!2552 bsc#1208121).
+- Drop xrdp-fix-search-pam-vendor-dir.patch
+
 -------------------------------------------------------------------
 Mon Feb 13 09:18:44 UTC 2023 - Yifan Jiang <yfjiang@suse.com>
 

xrdp.spec

@@ -38,8 +38,6 @@ Source7:        sesman.ini
 Source100:      %{name}-rpmlintrc
 # PATCH-FIX-OPENSUSE xrdp-pam.patch - hfiguiere@novell.com refreshed by ftake@geeko.jp
 Patch1:         xrdp-pam.patch
-# PATCH-FIX-OPENSUSE xrdp-fix-search-pam-vendor-dir.patch bsc#1208121 - yfjiang@suse.com -- Search pam configuration file in the vendor directory /usr/lib/pam.d/
-Patch2:         xrdp-fix-search-pam-vendor-dir.patch
 # PATCH-FIX-OPENSUSE xrdp-disable-8-bpp-vnc-support.patch bsc#991059 - fezhang@suse.com -- disable 8 bpp support for vnc connections
 Patch4:         xrdp-disable-8-bpp-vnc-support.patch
 # PATCH-FIX-OPENSUSE xrdp-support-KillDisconnected-for-Xvnc.patch boo#1101506 - fezhang@suse.com -- Support the KillDisconnected option for TigerVNC Xvnc sessions
@@ -68,6 +66,9 @@ Patch15:        xrdp-CVE-2022-23484.patch
 Patch16:        xrdp-CVE-2022-23493.patch
 # PATCH-FIX-UPSTREAM xrdp-CVE-2022-23477.patch bsc#1206301 - yu.daike@suse.com -- Buffer over flow in audin_send_open() function
 Patch17:        xrdp-CVE-2022-23477.patch
+# PATCH-FIX-UPSTREAM xrdp-make-pamconfdir-configurable.patch gh#neutrinolabs/xrdp!2552 bsc#1208121 - yfjiang@suse.com -- Configure pam.d directory at build time
+Patch18:        xrdp-make-pamconfdir-configurable.patch
+
 # Keep SLE only patches on the bottom starting from patch number 1001
 # PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - hfiguiere@novell.com -- Add Avahi support.
 Patch1001:      xrdp-avahi.diff
@@ -126,7 +127,6 @@ This package contains libraries for the JPEG2000 codec for RDP.
 %prep
 %setup -q
 %patch1 -p1
-%patch2 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
@@ -141,6 +141,7 @@ This package contains libraries for the JPEG2000 codec for RDP.
 %patch15 -p1
 %patch16 -p1
 %patch17 -p1
+%patch18 -p1
 %if 0%{?sle_version}
 %patch1001 -p1
 %patch1002 -p1
@@ -154,6 +155,9 @@ sh ./bootstrap
    --enable-ipv6 \
    --enable-painter \
    --with-systemdsystemunitdir=%{_unitdir} \
+%if 0%{?suse_version} > 1500
+   --with-pamconfdir=%{_pam_vendordir} \
+%endif
    --enable-vsock \
    --enable-fuse
 make %{?_smp_mflags} V=1
@@ -175,11 +179,6 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxrdp-sesman
 # use certification file created at the post phase
 rm -f %{buildroot}/%{_sysconfdir}/xrdp/{cert,key}.pem
 
-%if 0%{?suse_version} > 1500
-mkdir -p %{buildroot}%{_pam_vendordir}
-mv %{buildroot}%{_sysconfdir}/pam.d/xrdp-sesman %{buildroot}%{_pam_vendordir}
-%endif
-
 %fdupes -s %{buildroot}
 
 %pre