New upstream version 1.5.2

author: Steve Langasek <steve.langasek@canonical.com> 2022-08-16 22:06:15 -0700
committer: Steve Langasek <steve.langasek@canonical.com> 2022-08-16 22:06:15 -0700
commit: 99d0d1c5c4f07332daa86e73981267a761bc966e (patch)
tree: a56fe41110023676d7082028cbaa47ca4b6e6164 /modules/pam_mkhomedir
parent: f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff)
parent: 40f7d85f3736d058c26de1dafa4fed46de7d75ef (diff)
8 files changed, 156 insertions, 40 deletions
diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am
index 973bc336..04da1dcc 100644
--- a/modules/pam_mkhomedir/Makefile.am
+++ b/modules/pam_mkhomedir/Makefile.am
@@ -31,6 +31,8 @@ endif
 
 sbin_PROGRAMS = mkhomedir_helper
 mkhomedir_helper_SOURCES = mkhomedir_helper.c
+mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
+mkhomedir_helper_LDFLAGS = @EXE_LDFLAGS@
 mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
 
 check_PROGRAMS = tst-pam_mkhomedir-retval
diff --git a/modules/pam_mkhomedir/Makefile.in b/modules/pam_mkhomedir/Makefile.in
index 8776cb58..163531e8 100644
--- a/modules/pam_mkhomedir/Makefile.in
+++ b/modules/pam_mkhomedir/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -100,18 +100,21 @@ sbin_PROGRAMS = mkhomedir_helper$(EXEEXT)
 check_PROGRAMS = tst-pam_mkhomedir-retval$(EXEEXT)
 subdir = modules/pam_mkhomedir
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
-	$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
-	$(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+	$(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+	$(top_srcdir)/m4/intlmacosx.m4 \
 	$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
 	$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
-	$(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+	$(top_srcdir)/m4/ld-no-undefined.m4 \
+	$(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
 	$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
 	$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
 	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
 	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
 	$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
-	$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+	$(top_srcdir)/m4/progtest.m4 \
+	$(top_srcdir)/m4/warn_lang_flags.m4 \
+	$(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -162,9 +165,14 @@ pam_mkhomedir_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) \
 	-o $@
-am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT)
+am_mkhomedir_helper_OBJECTS =  \
+	mkhomedir_helper-mkhomedir_helper.$(OBJEXT)
 mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS)
 mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+mkhomedir_helper_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(mkhomedir_helper_CFLAGS) $(CFLAGS) \
+	$(mkhomedir_helper_LDFLAGS) $(LDFLAGS) -o $@
 tst_pam_mkhomedir_retval_SOURCES = tst-pam_mkhomedir-retval.c
 tst_pam_mkhomedir_retval_OBJECTS = tst-pam_mkhomedir-retval.$(OBJEXT)
 tst_pam_mkhomedir_retval_DEPENDENCIES =  \
@@ -184,7 +192,8 @@ am__v_at_1 =
 DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
 am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/mkhomedir_helper.Po \
+am__depfiles_remade =  \
+	./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po \
 	./$(DEPDIR)/pam_mkhomedir.Plo \
 	./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 am__mv = mv -f
@@ -394,6 +403,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 AM_RECURSIVE_TARGETS = check recheck
 TEST_SUITE_LOG = test-suite.log
@@ -438,6 +448,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
 CFLAGS = @CFLAGS@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
@@ -451,6 +464,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
 ECONF_LIBS = @ECONF_LIBS@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
 FGREP = @FGREP@
 FO2PDF = @FO2PDF@
 GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
@@ -470,7 +485,6 @@ LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
 LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
 LIBCRYPT = @LIBCRYPT@
 LIBDB = @LIBDB@
 LIBDL = @LIBDL@
@@ -517,8 +531,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PACKAGE_URL = @PACKAGE_URL@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
 PKG_CONFIG = @PKG_CONFIG@
 PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
 PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -529,6 +541,7 @@ SECUREDIR = @SECUREDIR@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+STRINGPARAM_HMAC = @STRINGPARAM_HMAC@
 STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
 STRIP = @STRIP@
 TIRPC_CFLAGS = @TIRPC_CFLAGS@
@@ -578,7 +591,6 @@ htmldir = @htmldir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
 libdir = @libdir@
 libexecdir = @libexecdir@
 localedir = @localedir@
@@ -586,9 +598,6 @@ localstatedir = @localstatedir@
 mandir = @mandir@
 mkdir_p = @mkdir_p@
 oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
 pam_xauth_path = @pam_xauth_path@
 pdfdir = @pdfdir@
 prefix = @prefix@
@@ -598,6 +607,7 @@ sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
 sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
 target_alias = @target_alias@
 top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
@@ -620,6 +630,8 @@ pam_mkhomedir_la_LIBADD = $(top_builddir)/libpam/libpam.la
 pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module \
 	$(am__append_1)
 mkhomedir_helper_SOURCES = mkhomedir_helper.c
+mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@
+mkhomedir_helper_LDFLAGS = @EXE_LDFLAGS@
 mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la
 tst_pam_mkhomedir_retval_LDADD = $(top_builddir)/libpam/libpam.la
 @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
@@ -755,7 +767,7 @@ pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $
 
 mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) $(EXTRA_mkhomedir_helper_DEPENDENCIES) 
 	@rm -f mkhomedir_helper$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS)
+	$(AM_V_CCLD)$(mkhomedir_helper_LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS)
 
 tst-pam_mkhomedir-retval$(EXEEXT): $(tst_pam_mkhomedir_retval_OBJECTS) $(tst_pam_mkhomedir_retval_DEPENDENCIES) $(EXTRA_tst_pam_mkhomedir_retval_DEPENDENCIES) 
 	@rm -f tst-pam_mkhomedir-retval$(EXEEXT)
@@ -767,7 +779,7 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_mkhomedir-retval.Po@am__quote@ # am--include-marker
 
@@ -798,6 +810,20 @@ am--depfiles: $(am__depfiles_remade)
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
 
+mkhomedir_helper-mkhomedir_helper.o: mkhomedir_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -MT mkhomedir_helper-mkhomedir_helper.o -MD -MP -MF $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo '$(srcdir)/'`mkhomedir_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mkhomedir_helper.c' object='mkhomedir_helper-mkhomedir_helper.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo '$(srcdir)/'`mkhomedir_helper.c
+
+mkhomedir_helper-mkhomedir_helper.obj: mkhomedir_helper.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -MT mkhomedir_helper-mkhomedir_helper.obj -MD -MP -MF $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo -c -o mkhomedir_helper-mkhomedir_helper.obj `if test -f 'mkhomedir_helper.c'; then $(CYGPATH_W) 'mkhomedir_helper.c'; else $(CYGPATH_W) '$(srcdir)/mkhomedir_helper.c'; fi`
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mkhomedir_helper.c' object='mkhomedir_helper-mkhomedir_helper.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -c -o mkhomedir_helper-mkhomedir_helper.obj `if test -f 'mkhomedir_helper.c'; then $(CYGPATH_W) 'mkhomedir_helper.c'; else $(CYGPATH_W) '$(srcdir)/mkhomedir_helper.c'; fi`
+
 mostlyclean-libtool:
 	-rm -f *.lo
 
@@ -1006,7 +1032,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
@@ -1153,7 +1179,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
 	clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
-		-rm -f ./$(DEPDIR)/mkhomedir_helper.Po
+		-rm -f ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
 	-rm -f ./$(DEPDIR)/pam_mkhomedir.Plo
 	-rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 	-rm -f Makefile
@@ -1201,7 +1227,7 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-		-rm -f ./$(DEPDIR)/mkhomedir_helper.Po
+		-rm -f ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po
 	-rm -f ./$(DEPDIR)/pam_mkhomedir.Plo
 	-rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po
 	-rm -f Makefile
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8 b/modules/pam_mkhomedir/mkhomedir_helper.8
index 5ac40fbd..a9e68a0e 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.8
+++ b/modules/pam_mkhomedir/mkhomedir_helper.8
@@ -2,12 +2,12 @@
 .\"     Title: mkhomedir_helper
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "MKHOMEDIR_HELPER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "MKHOMEDIR_HELPER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
 mkhomedir_helper \- Helper binary that creates home directories
 .SH "SYNOPSIS"
 .HP \w'\fBmkhomedir_helper\fR\ 'u
-\fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ ]]
+\fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ [\ \fIhome_mode\fR\ ]\ ]]
 .SH "DESCRIPTION"
 .PP
 \fImkhomedir_helper\fR
@@ -44,7 +44,10 @@ The default value of
 is 0022 and the default value of
 \fIpath\-to\-skel\fR
 is
-\fI/etc/skel\fR\&.
+\fI/etc/skel\fR\&. The default value of
+\fIhome_mode\fR
+is computed from the value of
+\fIumask\fR\&.
 .PP
 The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories\&. The SELinux domain transition happens when the module is executing the
 \fImkhomedir_helper\fR\&.
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml
index c834eddd..8a76f2d6 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml
+++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml
@@ -25,6 +25,9 @@
         <replaceable>umask</replaceable>
       <arg choice="opt">
         <replaceable>path-to-skel</replaceable>
+      <arg choice="opt">
+        <replaceable>home_mode</replaceable>
+      </arg>
       </arg>
       </arg>
     </cmdsynopsis>
@@ -43,7 +46,9 @@
     <para>
       The default value of <replaceable>umask</replaceable> is 0022 and the
       default value of <replaceable>path-to-skel</replaceable> is
-      <emphasis>/etc/skel</emphasis>.
+      <emphasis>/etc/skel</emphasis>. The default value of
+      <replaceable>home_mode</replaceable> is computed from the value of
+      <replaceable>umask</replaceable>.
     </para>
 
     <para>
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index 8969da52..582fecce 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -27,6 +27,7 @@
 #include <security/pam_modutil.h>
 
 static unsigned long u_mask = 0022;
+static unsigned long home_mode = 0;
 static char skeldir[BUFSIZ] = "/etc/skel";
 
 /* Do the actual work of creating a home dir */
@@ -232,6 +233,8 @@ create_homedir(const struct passwd *pwd,
       {
          pam_syslog(NULL, LOG_DEBUG,
 		    "unable to open or stat src file %s: %m", newsource);
+         if (srcfd >= 0)
+            close(srcfd);
          closedir(d);
 
 #ifndef PATH_MAX
@@ -258,7 +261,7 @@ create_homedir(const struct passwd *pwd,
       }
 
       /* Set the proper ownership and permissions for the module. We make
-         the file a+w and then mask it with the set mask. This preseves
+         the file a+w and then mask it with the set mask. This preserves
 	 execute bits */
       if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 ||
 	  fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0)
@@ -332,6 +335,24 @@ create_homedir(const struct passwd *pwd,
 }
 
 static int
+create_homedir_helper(const struct passwd *_pwd,
+		      const char *_skeldir, const char *_homedir)
+{
+   int retval = PAM_SESSION_ERR;
+
+   retval = create_homedir(_pwd, _skeldir, _homedir);
+
+   if (chmod(_homedir, home_mode) != 0)
+   {
+      pam_syslog(NULL, LOG_DEBUG,
+		 "unable to change perms on home directory %s: %m", _homedir);
+      return PAM_PERM_DENIED;
+   }
+
+   return retval;
+}
+
+static int
 make_parent_dirs(char *dir, int make)
 {
   int rc = PAM_SUCCESS;
@@ -364,9 +385,10 @@ main(int argc, char *argv[])
 {
    struct passwd *pwd;
    struct stat st;
+   char *eptr;
 
    if (argc < 2) {
-	fprintf(stderr, "Usage: %s <username> [<umask> [<skeldir>]]\n", argv[0]);
+	fprintf(stderr, "Usage: %s <username> [<umask> [<skeldir> [<home_mode>]]]\n", argv[0]);
 	return PAM_SESSION_ERR;
    }
 
@@ -377,7 +399,6 @@ main(int argc, char *argv[])
    }
 
    if (argc >= 3) {
-	char *eptr;
 	errno = 0;
 	u_mask = strtoul(argv[2], &eptr, 0);
 	if (errno != 0 || *eptr != '\0') {
@@ -394,6 +415,18 @@ main(int argc, char *argv[])
 	strcpy(skeldir, argv[3]);
    }
 
+   if (argc >= 5) {
+       errno = 0;
+       home_mode = strtoul(argv[4], &eptr, 0);
+       if (errno != 0 || *eptr != '\0') {
+		pam_syslog(NULL, LOG_ERR, "Bogus home_mode value %s", argv[4]);
+		return PAM_SESSION_ERR;
+       }
+   }
+
+   if (home_mode == 0)
+      home_mode = 0777 & ~u_mask;
+
    /* Stat the home directory, if something exists then we assume it is
       correct and return a success */
    if (stat(pwd->pw_dir, &st) == 0)
@@ -402,5 +435,5 @@ main(int argc, char *argv[])
    if (make_parent_dirs(pwd->pw_dir, 0) != PAM_SUCCESS)
 	return PAM_PERM_DENIED;
 
-   return create_homedir(pwd, skeldir, pwd->pw_dir);
+   return create_homedir_helper(pwd, skeldir, pwd->pw_dir);
 }
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8
index 4889135f..b8a4754c 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8
@@ -2,12 +2,12 @@
 .\"     Title: pam_mkhomedir
 .\"    Author: [see the "AUTHOR" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 06/08/2020
+.\"      Date: 09/03/2021
 .\"    Manual: Linux-PAM Manual
 .\"    Source: Linux-PAM Manual
 .\"  Language: English
 .\"
-.TH "PAM_MKHOMEDIR" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_MKHOMEDIR" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -53,8 +53,13 @@ Turns on debugging via
 .PP
 \fBumask=\fR\fB\fImask\fR\fR
 .RS 4
-The user file\-creation mask is set to
-\fImask\fR\&. The default value of mask is 0022\&.
+The file mode creation mask is set to
+\fImask\fR\&. The default value of mask is 0022\&. If this option is not specified, then the permissions of created user home directory is set to the value of
+\fBHOME_MODE\fR
+configuration item from
+/etc/login\&.defs\&. If there is no such configuration item then the value is computed from the value of
+\fBUMASK\fR
+in the same file\&. If there is no such configuration option either the default value of 0755 is used for the mode\&.
 .RE
 .PP
 \fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
index 19744de8..10109067 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml
+++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml
@@ -90,9 +90,16 @@
         </term>
         <listitem>
           <para>
-            The user file-creation mask is set to
-            <replaceable>mask</replaceable>. The default value of mask is
-            0022.
+            The file mode creation mask is set to
+            <replaceable>mask</replaceable>. The default value of mask
+            is 0022. If this option is not specified, then the permissions
+            of created user home directory  is set to the value of
+            <option>HOME_MODE</option> configuration item from
+            <filename>/etc/login.defs</filename>. If there is no such
+            configuration item then the value is computed from the
+            value of <option>UMASK</option> in the same file. If
+            there is no such configuration option either the default
+            value of 0755 is used for the mode.
           </para>
         </listitem>
       </varlistentry>
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index cb773e8f..48e578fa 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -56,6 +56,9 @@
 #define MKHOMEDIR_DEBUG      020	/* be verbose about things */
 #define MKHOMEDIR_QUIET      040	/* keep quiet about things */
 
+#define LOGIN_DEFS           "/etc/login.defs"
+#define UMASK_DEFAULT        "0022"
+
 struct options_t {
   int ctrl;
   const char *umask;
@@ -68,7 +71,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv,
 	    options_t *opt)
 {
    opt->ctrl = 0;
-   opt->umask = "0022";
+   opt->umask = NULL;
    opt->skeldir = "/etc/skel";
 
    /* does the application require quiet? */
@@ -94,6 +97,17 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv,
    }
 }
 
+static char*
+_pam_conv_str_umask_to_homemode(const char *umask)
+{
+   unsigned int m = 0;
+   char tmp[5];
+
+   m = 0777 & ~strtoul(umask, NULL, 8);
+   (void) snprintf(tmp, sizeof(tmp), "0%o", m);
+   return strdup(tmp);
+}
+
 /* Do the actual work of creating a home dir */
 static int
 create_homedir (pam_handle_t *pamh, options_t *opt,
@@ -101,6 +115,8 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 {
    int retval, child;
    struct sigaction newsa, oldsa;
+   char *login_umask = NULL;
+   char *login_homemode = NULL;
 
    /* Mention what is happening, if the notification fails that is OK */
    if (!(opt->ctrl & MKHOMEDIR_QUIET))
@@ -122,11 +138,26 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
         pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper.");
    }
 
+   /* fetch UMASK from /etc/login.defs if not in argv */
+   if (opt->umask == NULL) {
+      login_umask = pam_modutil_search_key(pamh, LOGIN_DEFS, "UMASK");
+      login_homemode = pam_modutil_search_key(pamh, LOGIN_DEFS, "HOME_MODE");
+      if (login_homemode == NULL) {
+         if (login_umask != NULL) {
+            login_homemode = _pam_conv_str_umask_to_homemode(login_umask);
+         } else {
+            login_homemode = _pam_conv_str_umask_to_homemode(UMASK_DEFAULT);
+         }
+      }
+   } else {
+      login_homemode = _pam_conv_str_umask_to_homemode(opt->umask);
+   }
+
    /* fork */
    child = fork();
    if (child == 0) {
 	static char *envp[] = { NULL };
-	const char *args[] = { NULL, NULL, NULL, NULL, NULL };
+	const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
 
 	if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD,
 					    PAM_MODUTIL_PIPE_FD,
@@ -136,8 +167,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 	/* exec the mkhomedir helper */
 	args[0] = MKHOMEDIR_HELPER;
 	args[1] = user;
-	args[2] = opt->umask;
+	args[2] = opt->umask ? opt->umask : UMASK_DEFAULT;
 	args[3] = opt->skeldir;
+	args[4] = login_homemode;
 
 	DIAG_PUSH_IGNORE_CAST_QUAL;
 	execve(MKHOMEDIR_HELPER, (char **)args, envp);
@@ -175,6 +207,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 		  dir);
    }
 
+   free(login_umask);
+   free(login_homemode);
+
    D(("returning %d", retval));
    return retval;
 }
author	Steve Langasek <steve.langasek@canonical.com>	2022-08-16 22:06:15 -0700
committer	Steve Langasek <steve.langasek@canonical.com>	2022-08-16 22:06:15 -0700
commit	99d0d1c5c4f07332daa86e73981267a761bc966e (patch)
tree	a56fe41110023676d7082028cbaa47ca4b6e6164 /modules/pam_mkhomedir
parent	f6d08ed47a3da3c08345bce2ca366e961c52ad7c (diff)
parent	40f7d85f3736d058c26de1dafa4fed46de7d75ef (diff)