From 2008b683e1fdf1cb850cd48384469b8979a7ed0c Mon Sep 17 00:00:00 2001
From: Jan Beich <jbeich@FreeBSD.org>
Date: Fri, 17 Jul 2020 22:12:29 +0000
Subject: [PATCH] x11/swaylock: unbreak PAM locking

Since 1.5 it includes "login" service which doesn't ask for password
from user running Wayland session. Before pam_authenticate(3) failed
with PAM_AUTH_ERR due to missing permissions password database.

PR:		248053
Reported by:	many
Submitted by:	andrew|_|tao11.riddles.org.uk, jbeich
Tested by:	ashish
---
 x11/swaylock/Makefile                 |  3 ++-
 x11/swaylock/files/patch-pam.c        | 19 +++++++++++++++++++
 x11/swaylock/files/patch-pam_swaylock | 15 +++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 x11/swaylock/files/patch-pam.c
 create mode 100644 x11/swaylock/files/patch-pam_swaylock

diff --git a/x11/swaylock/Makefile b/x11/swaylock/Makefile
index a92af32ae72b..1d6123ee5404 100644
--- a/x11/swaylock/Makefile
+++ b/x11/swaylock/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	swaylock
 DISTVERSION=	1.5
+PORTREVISION=	1
 CATEGORIES=	x11
 
 MAINTAINER=	jbeich@FreeBSD.org
@@ -18,7 +19,7 @@ USES=		compiler:c11 gnome meson pkgconfig
 USE_GITHUB=	yes
 GH_ACCOUNT=	swaywm
 USE_GNOME=	cairo pango
-PLIST_FILES=	bin/${PORTNAME} \
+PLIST_FILES=	"@(,,4755) bin/${PORTNAME}" \
 		etc/pam.d/${PORTNAME} \
 		share/bash-completion/completions/${PORTNAME} \
 		share/fish/vendor_completions.d/${PORTNAME}.fish \
diff --git a/x11/swaylock/files/patch-pam.c b/x11/swaylock/files/patch-pam.c
new file mode 100644
index 000000000000..b00deca58e32
--- /dev/null
+++ b/x11/swaylock/files/patch-pam.c
@@ -0,0 +1,19 @@
+pam_unix(8) requires root priveleges to access master.passwd(5)
+
+--- pam.c.orig	2019-01-29 19:48:00 UTC
++++ pam.c
+@@ -12,12 +12,14 @@
+ static char *pw_buf = NULL;
+ 
+ void initialize_pw_backend(int argc, char **argv) {
++#ifdef __linux__
+ 	if (getuid() != geteuid() || getgid() != getegid()) {
+ 		swaylock_log(LOG_ERROR,
+ 			"swaylock is setuid, but was compiled with the PAM"
+ 			" backend. Run 'chmod a-s %s' to fix. Aborting.", argv[0]);
+ 		exit(EXIT_FAILURE);
+ 	}
++#endif
+ 	if (!spawn_comm_child()) {
+ 		exit(EXIT_FAILURE);
+ 	}
diff --git a/x11/swaylock/files/patch-pam_swaylock b/x11/swaylock/files/patch-pam_swaylock
new file mode 100644
index 000000000000..8388acd8a579
--- /dev/null
+++ b/x11/swaylock/files/patch-pam_swaylock
@@ -0,0 +1,15 @@
+"login" has "auth sufficient pam_self.so" but a screen locker is
+supposed to ask for password regardless.
+
+--- pam/swaylock.orig	2019-01-29 19:48:00 UTC
++++ pam/swaylock
+@@ -1,6 +1,6 @@
+ #
+-# PAM configuration file for the swaylock screen locker. By default, it includes
+-# the 'login' configuration file (see /etc/pam.d/login)
++# PAM configuration for the "swaylock" service. swaylock(1) only uses
++# auth facilities.
+ #
+ 
+-auth include login
++auth include system