mirror of
https://github.com/systemd/systemd.git
synced 2025-03-09 12:58:26 +03:00
Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses PAM with service name 'systemd-user' to perform account and session managment tasks. Previously, the name was 'systemd-shared', it is now changed to 'systemd-user'. Most PAM installations use one common setup for different callers. Based on a quick poll, distributions fall into two camps: those that have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia, Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE). Distributions that have system-auth have just one configuration file that contains auth, password, account, and session blocks, and distributions that have common-auth also have common-session, common-password, and common-account. It is thus impossible to use one configuration file which would work for everybody. systemd-user now refers to system-auth, because it seems that the approach with one file is more popular and also easier, so let's follow that.
This commit is contained in:
parent
7b617155b5
commit
5c390a4ae0
@ -64,6 +64,7 @@ dbussessionservicedir=@dbussessionservicedir@
|
||||
dbussystemservicedir=@dbussystemservicedir@
|
||||
dbusinterfacedir=@dbusinterfacedir@
|
||||
pamlibdir=@pamlibdir@
|
||||
pamconfdir=@pamconfdir@
|
||||
pkgconfigdatadir=$(datadir)/pkgconfig
|
||||
pkgconfiglibdir=$(libdir)/pkgconfig
|
||||
polkitpolicydir=$(datadir)/polkit-1/actions
|
||||
@ -3905,6 +3906,9 @@ pam_systemd_la_LIBADD = \
|
||||
|
||||
pamlib_LTLIBRARIES = \
|
||||
pam_systemd.la
|
||||
|
||||
dist_pamconf_DATA = \
|
||||
src/login/systemd-user
|
||||
endif
|
||||
|
||||
# move lib from $(libdir) to $(rootlibdir) and update devel link, if needed
|
||||
@ -4460,6 +4464,7 @@ DISTCHECK_CONFIGURE_FLAGS = \
|
||||
--with-bashcompletiondir=$$dc_install_base/$(bashcompletiondir) \
|
||||
--with-zshcompletiondir=$$dc_install_base/$(zshcompletiondir) \
|
||||
--with-pamlibdir=$$dc_install_base/$(pamlibdir) \
|
||||
--with-pamconfdir=$$dc_install_base/$(pamconfdir) \
|
||||
--with-rootprefix=$$dc_install_base \
|
||||
--disable-split-usr
|
||||
|
||||
|
@ -943,6 +943,11 @@ AC_ARG_WITH([pamlibdir],
|
||||
[],
|
||||
[with_pamlibdir=${with_rootlibdir}/security])
|
||||
|
||||
AC_ARG_WITH([pamconfdir],
|
||||
AS_HELP_STRING([--with-pamconfdir=DIR], [Directory for PAM configuration]),
|
||||
[],
|
||||
[with_pamconfdir=${sysconfdir}/pam.d])
|
||||
|
||||
AC_ARG_ENABLE([split-usr],
|
||||
AS_HELP_STRING([--enable-split-usr], [Assume that /bin, /sbin aren\'t symlinks into /usr]),
|
||||
[],
|
||||
@ -975,6 +980,7 @@ AC_SUBST([dbusinterfacedir], [$with_dbusinterfacedir])
|
||||
AC_SUBST([bashcompletiondir], [$with_bashcompletiondir])
|
||||
AC_SUBST([zshcompletiondir], [$with_zshcompletiondir])
|
||||
AC_SUBST([pamlibdir], [$with_pamlibdir])
|
||||
AC_SUBST([pamconfdir], [$with_pamconfdir])
|
||||
AC_SUBST([rootprefix], [$with_rootprefix])
|
||||
AC_SUBST([rootlibdir], [$with_rootlibdir])
|
||||
|
||||
@ -1047,6 +1053,7 @@ AC_MSG_RESULT([
|
||||
Installation Python: ${PYTHON_BINARY}
|
||||
firmware path: ${FIRMWARE_PATH}
|
||||
PAM modules dir: ${with_pamlibdir}
|
||||
PAM configuration dir: ${with_pamconfdir}
|
||||
D-Bus policy dir: ${with_dbuspolicydir}
|
||||
D-Bus session dir: ${with_dbussessionservicedir}
|
||||
D-Bus system dir: ${with_dbussystemservicedir}
|
||||
|
@ -220,11 +220,11 @@ _public_ PAM_EXTERN int pam_sm_open_session(
|
||||
/* Make sure we don't enter a loop by talking to
|
||||
* systemd-logind when it is actually waiting for the
|
||||
* background to finish start-up. If the service is
|
||||
* "systemd-shared" we simply set XDG_RUNTIME_DIR and
|
||||
* "systemd-user" we simply set XDG_RUNTIME_DIR and
|
||||
* leave. */
|
||||
|
||||
pam_get_item(handle, PAM_SERVICE, (const void**) &service);
|
||||
if (streq_ptr(service, "systemd-shared")) {
|
||||
if (streq_ptr(service, "systemd-user")) {
|
||||
char *p, *rt = NULL;
|
||||
|
||||
if (asprintf(&p, "/run/systemd/users/%lu", (unsigned long) pw->pw_uid) < 0) {
|
||||
|
8
src/login/systemd-user
Normal file
8
src/login/systemd-user
Normal file
@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
|
||||
# Used by systemd when launching systemd user instances.
|
||||
|
||||
account include system-auth
|
||||
session include system-auth
|
||||
auth required pam_deny.so
|
||||
password required pam_deny.so
|
@ -11,7 +11,7 @@ After=systemd-user-sessions.service
|
||||
|
||||
[Service]
|
||||
User=%I
|
||||
PAMName=systemd-shared
|
||||
PAMName=systemd-user
|
||||
Type=notify
|
||||
ExecStart=-@rootlibexecdir@/systemd --user
|
||||
Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%I/dbus/user_bus_socket
|
||||
|
Loading…
x
Reference in New Issue
Block a user