diff options
| -rw-r--r-- | ChangeLog | 16 | ||||
| -rw-r--r-- | doc/man/Makefile.am | 4 | ||||
| -rw-r--r-- | doc/man/pam_end.3 | 11 | ||||
| -rw-r--r-- | doc/man/pam_end.3.xml | 13 | ||||
| -rw-r--r-- | doc/man/pam_get_user.3 | 69 | ||||
| -rw-r--r-- | doc/man/pam_get_user.3.xml | 139 | ||||
| -rw-r--r-- | modules/pam_access/access.conf.5.xml | 2 | ||||
| -rw-r--r-- | modules/pam_env/Makefile.am | 13 | ||||
| -rw-r--r-- | modules/pam_env/README | 146 | ||||
| -rw-r--r-- | modules/pam_env/README.xml | 39 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.8 | 85 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.8.xml | 206 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.conf.5 | 78 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.conf.5.xml | 129 |
14 files changed, 873 insertions, 77 deletions
@@ -1,3 +1,19 @@ +2006-02-17 Thorsten Kukuk <kukuk@thkukuk.de> + + * doc/man/Makefile.am: Add new manual pages. + * doc/man/pam_end.3: Regenerated from xml file. + * doc/man/pam_end.3.xml: Document freeing of item data. + * doc/man/pam_get_user.3: New. + * doc/man/pam_get_user.3.xml: New. + * modules/pam_access/access.conf.5.xml: Fix typos. + * modules/pam_env/Makefile.am: Add new manual pages. + * modules/pam_env/README: Regenerate from xml file. + * modules/pam_env/README.xml: New. + * modules/pam_env/pam_env.8: New. + * modules/pam_env/pam_env.8.xml: New. + * modules/pam_env/pam_env.conf.5: New. + * modules/pam_env/pam_env.conf.5.xml New. + 2006-02-14 Thorsten Kukuk <kukuk@thkukuk.de> * po/fi.po: Updated translations. diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 49eefacc..83d1eec5 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -11,7 +11,7 @@ man_MANS = pam.8 pam.conf.5 pam.d.5 \ pam_chauthtok.3 pam_close_session.3 \ pam_end.3 \ pam_fail_delay.3 \ - pam_get_data.3 pam_get_item.3 \ + pam_get_data.3 pam_get_item.3 pam_get_user.3 \ pam_open_session.3 \ pam_set_data.3 pam_set_item.3 \ pam_setcred.3 pam_start.3 pam_strerror.3 @@ -20,7 +20,7 @@ XMLS = pam.8.xml \ pam_chauthtok.3.xml pam_close_session.3.xml \ pam_end.3.xml \ pam_fail_delay.3.xml \ - pam_get_data.3.xml pam_get_item.3.xml \ + pam_get_data.3.xml pam_get_item.3.xml pam_get_user.3.xml \ pam_open_session.3.xml \ pam_set_data.3.xml pam_set_item.3.xml \ pam_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ diff --git a/doc/man/pam_end.3 b/doc/man/pam_end.3 index e074c6c5..3b0e3cb7 100644 --- a/doc/man/pam_end.3 +++ b/doc/man/pam_end.3 @@ -2,7 +2,7 @@ .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). .\" Instead of manually editing it, you probably should edit the DocBook XML .\" source for it and then use the DocBook XSL Stylesheets to regenerate it. -.TH "PAM_END" "3" "02/12/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_END" "3" "02/14/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -37,6 +37,15 @@ and \fIPAM_DATA_SILENT\fR to indicate to indicate that the module should not treat the call too seriously. It is generally used to indicate that the current closing of the library is in a \fBfork\fR(2)ed process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc.). +.PP +This function +\fIfree\fR's all memory for items associated with the +\fBpam_set_item\fR(3) +and +\fBpam_get_item\fR(3) +functions. Pointers associated with such objects are not valid anymore after +\fBpam_end\fR +was called. .SH "RETURN VALUES" .TP PAM_SUCCESS diff --git a/doc/man/pam_end.3.xml b/doc/man/pam_end.3.xml index 64dd3900..de317c53 100644 --- a/doc/man/pam_end.3.xml +++ b/doc/man/pam_end.3.xml @@ -65,6 +65,19 @@ process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc.). </para> + + <para> + This function <emphasis>free</emphasis>'s all memory for items + associated with the + <citerefentry> + <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> and + <citerefentry> + <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> functions. Pointers associated with such objects + are not valid anymore after <function>pam_end</function> was called. + </para> + </refsect1> <refsect1 id="pam_end-return_values"> <title>RETURN VALUES</title> diff --git a/doc/man/pam_get_user.3 b/doc/man/pam_get_user.3 new file mode 100644 index 00000000..a5bc9ebe --- /dev/null +++ b/doc/man/pam_get_user.3 @@ -0,0 +1,69 @@ +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "PAM_GET_USER" "3" "02/14/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_get_user \- get user name +.SH "SYNOPSIS" +.PP +\fB#include <security/pam_modules.h>\fR +.HP 17 +\fBint\ \fBpam_get_user\fR\fR\fB(\fR\fBconst\ pam_handle_t\ *\fR\fB\fIpamh\fR\fR\fB, \fR\fBconst\ char\ **\fR\fB\fIuser\fR\fR\fB, \fR\fBconst\ char\ *\fR\fB\fIprompt\fR\fR\fB);\fR +.SH "DESCRIPTION" +.PP +The +\fBpam_get_user\fR +function returns the name of the user specified by +\fBpam_start\fR(3). If no user was specified it what +\fBpam_get_item (pamh, PAM_USER, ... );\fR +would have returned. If this is NULL it obtains the username via the +\fBpam_conv\fR(3) +mechanism, it prompts the user with the first non\-NULL string in the following list: +.TP 3 +\(bu +The +\fIprompt\fR +argument passed to the function. +.TP +\(bu +What is returned by pam_get_item (pamh, PAM_USER_PROMPT, ... ); +.TP +\(bu +The default prompt: "login: " +.PP +By whatever means the username is obtained, a pointer to it is returned as the contents of +\fI*user\fR. Note, this memory should +\fInot\fR +be +\fIfree()\fR'd or +\fImodified\fR +by the module. +.PP +This function sets the +\fIPAM_USER\fR +item associated with the +\fBpam_set_item\fR(3) +and +\fBpam_get_item\fR(3) +functions. +.SH "RETURN VALUES" +.TP +PAM_SUCCESS +User name was successful retrieved. +.TP +PAM_SYSTEM_ERR +A NULL pointer was submitted. +.TP +PAM_CONV_ERR +The conversation method supplied by the application failed to obtain the username. +.SH "SEE ALSO" +.PP +\fBpam_end\fR(3), +\fBpam_get_item\fR(3), +\fBpam_set_item\fR(3), +\fBpam_strerror\fR(3) diff --git a/doc/man/pam_get_user.3.xml b/doc/man/pam_get_user.3.xml new file mode 100644 index 00000000..40a6c53b --- /dev/null +++ b/doc/man/pam_get_user.3.xml @@ -0,0 +1,139 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> + +<refentry id='pam_get_user'> + + <refmeta> + <refentrytitle>pam_get_user</refentrytitle> + <manvolnum>3</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id='pam_get_user-name'> + <refname>pam_get_user</refname> + <refpurpose> + get user name + </refpurpose> + </refnamediv> + + +<!-- body begins here --> + + <refsynopsisdiv> + + <funcsynopsis id="pam_get_user-synopsis"> + <funcsynopsisinfo>#include <security/pam_modules.h></funcsynopsisinfo> + <funcprototype> + <funcdef>int <function>pam_get_user</function></funcdef> + <paramdef>const pam_handle_t *<parameter>pamh</parameter></paramdef> + <paramdef>const char **<parameter>user</parameter></paramdef> + <paramdef>const char *<parameter>prompt</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + </refsynopsisdiv> + + + <refsect1 id="pam_get_user-description"> + <title>DESCRIPTION</title> + <para> + The <function>pam_get_user</function> function returns the + name of the user specified by + <citerefentry> + <refentrytitle>pam_start</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>. If no user was specified it what + <function>pam_get_item (pamh, PAM_USER, ... );</function> would + have returned. If this is NULL it obtains the username via the + <citerefentry> + <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> mechanism, it prompts the user with the first + non-NULL string in the following list: + </para> + + <itemizedlist> + <listitem> + <para> + The <emphasis>prompt</emphasis> argument passed to the function. + </para> + </listitem> + <listitem> + <para> + What is returned by pam_get_item (pamh, PAM_USER_PROMPT, ... ); + </para> + </listitem> + <listitem> + <para> + The default prompt: "login: " + </para> + </listitem> + </itemizedlist> + <para> + By whatever means the username is obtained, a pointer to it is + returned as the contents of <emphasis>*user</emphasis>. Note, + this memory should <emphasis remap="B">not</emphasis> be + <emphasis>free()</emphasis>'d or <emphasis>modified</emphasis> + by the module. + </para> + <para> + This function sets the <emphasis>PAM_USER</emphasis> item + associated with the + <citerefentry> + <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> and + <citerefentry> + <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> functions. + </para> + </refsect1> + + <refsect1 id="pam_get_user-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + User name was successful retrieved. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SYSTEM_ERR</term> + <listitem> + <para> + A NULL pointer was submitted. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CONV_ERR</term> + <listitem> + <para> + The conversation method supplied by the + application failed to obtain the username. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_get_user-see_also"> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam_end</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_get_item</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_set_item</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam_strerror</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> + </para> + </refsect1> + +</refentry> diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml index a7b1c62f..5d86c56b 100644 --- a/modules/pam_access/access.conf.5.xml +++ b/modules/pam_access/access.conf.5.xml @@ -12,7 +12,7 @@ <refnamediv> <refname>access.conf</refname> - <refpurpose>The login access control table file</refpurpose> + <refpurpose>the login access control table file</refpurpose> </refnamediv> diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am index d113ac33..fe9ba068 100644 --- a/modules/pam_env/Makefile.am +++ b/modules/pam_env/Makefile.am @@ -4,7 +4,11 @@ CLEANFILES = *~ -EXTRA_DIST = README pam_env.conf +EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) + +man_MANS = pam_env.conf.5 pam_env.8 + +XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) @@ -20,3 +24,10 @@ endif securelib_LTLIBRARIES = pam_env.la secureconf_DATA = pam_env.conf + +if ENABLE_REGENERATE_MAN +noinst_DATA = README +README: pam_env.8.xml pam_env.conf.5.xml +-include $(top_srcdir)/Make.xml.rules +endif + diff --git a/modules/pam_env/README b/modules/pam_env/README index 04df323b..81c63154 100644 --- a/modules/pam_env/README +++ b/modules/pam_env/README @@ -1,72 +1,74 @@ -# $Date$ -# $Author$ -# $Id$ -# -# This is the configuration file for pam_env, a PAM module to load in -# a configurable list of environment variables for a -# -# The original idea for this came from Andrew G. Morgan ... -#<quote> -# Mmm. Perhaps you might like to write a pam_env module that reads a -# default environment from a file? I can see that as REALLY -# useful... Note it would be an "auth" module that returns PAM_IGNORE -# for the auth part and sets the environment returning PAM_SUCCESS in -# the setcred function... -#</quote> -# -# What I wanted was the REMOTEHOST variable set, purely for selfish -# reasons, and AGM didn't want it added to the SimpleApps login -# program (which is where I added the patch). So, my first concern is -# that variable, from there there are numerous others that might/would -# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER ..... -# -# Of course, these are a different kind of variable than REMOTEHOST in -# that they are things that are likely to be configured by -# administrators rather than set by logging in, how to treat them both -# in the same config file? -# -# Here is my idea: -# -# Each line starts with the variable name, there are then two possible -# options for each variable DEFAULT and OVERRIDE. -# DEFAULT allows and administrator to set the value of the -# variable to some default value, if none is supplied then the empty -# string is assumed. The OVERRIDE option tells pam_env that it should -# enter in its value (overriding the default value) if there is one -# to use. OVERRIDE is not used, "" is assumed and no override will be -# done. -# -# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] -# -# (Possibly non-existent) environment variables may be used in values -# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may -# be used in values using the @{string} syntax. Both the $ and @ -# characters can be backslash escaped to be used as literal values -# values can be delimited with "", escaped " not supported. -# -# -# First, some special variables -# -# Set the REMOTEHOST variable for any hosts that are remote, default -# to "localhost" rather than not being set at all -REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} -# -# Set the DISPLAY variable if it seems reasonable -DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} -# -# -# Now some simple variables -# -PAGER DEFAULT=less -MANPAGER DEFAULT=less -LESS DEFAULT="M q e h15 z23 b80" -NNTPSERVER DEFAULT=localhost -PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ -:/usr/bin:/usr/local/bin/X11:/usr/bin/X11 -# -# silly examples of escaped variables, just to show how they work. -# -DOLLAR DEFAULT=\$ -DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} -DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} -ATSIGN DEFAULT="" OVERRIDE=\@ +pam_env — PAM module to set/unset environment variables + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_env PAM module allows the (un)setting of environment variables. +Supported is the use of previously set environment variables as well as +PAM_ITEMs such as PAM_RHOST. + +By default rules for (un)setting of variables is taken from the config file / +etc/security/pam_env.conf if no other file is specified. + +This module can also parse a file with simple KEY=VAL pairs on seperate lines +(/etc/environment by default). You can change the default file to parse, with +the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 +respectively. + +OPTIONS + +conffile=/path/to/pam_env.conf + + Indicate an alternative pam_env.conf style configuration file to override + the default. This can be useful when different services need different + environments. + +debug + + A lot of debug informations are printed with syslog(3). + +envfile=/path/to/environment + + Indicate an alternative environment file to override the default. This can + be useful when different services need different environments. + +readenv=0|1 + + Turns on or off the reading of the file specified by envfile (0 is off, 1 + is on). By default this option is on. + +EXAMPLES + +These are some example lines which might be specified in /etc/security/ +pam_env.conf. + +Set the REMOTEHOST variable for any hosts that are remote, default to +"localhost" rather than not being set at all + + REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} + + +Set the DISPLAY variable if it seems reasonable + + DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} + + +Now some simple variables + + PAGER DEFAULT=less + MANPAGER DEFAULT=less + LESS DEFAULT="M q e h15 z23 b80" + NNTPSERVER DEFAULT=localhost + PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ + :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 + + +Silly examples of escaped variables, just to show how they work. + + DOLLAR DEFAULT=\$ + DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} + DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} + ATSIGN DEFAULT="" OVERRIDE=\@ + + diff --git a/modules/pam_env/README.xml b/modules/pam_env/README.xml new file mode 100644 index 00000000..21a9b855 --- /dev/null +++ b/modules/pam_env/README.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" +"http://www.docbook.org/xml/4.3/docbookx.dtd" +[ +<!-- +<!ENTITY pamaccess SYSTEM "pam_env.8.xml"> +--> +<!-- +<!ENTITY accessconf SYSTEM "pam_env.conf.5.xml"> +--> +]> + +<article> + + <articleinfo> + + <title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_env.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_env-name"]/*)'/> + </title> + + </articleinfo> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-description"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-options"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_env.conf.5.xml" xpointer='xpointer(//refsect1[@id = "pam_env.conf-examples"]/*)'/> + </section> + +</article> diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8 new file mode 100644 index 00000000..566396f1 --- /dev/null +++ b/modules/pam_env/pam_env.8 @@ -0,0 +1,85 @@ +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "PAM_ENV" "8" "02/17/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_env \- PAM module to set/unset environment variables +.SH "SYNOPSIS" +.HP 11 +\fBpam_env.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] +.SH "DESCRIPTION" +.PP +The pam_env PAM module allows the (un)setting of environment variables. Supported is the use of previously set environment variables as well as +\fIPAM_ITEM\fRs such as +\fIPAM_RHOST\fR. +.PP +By default rules for (un)setting of variables is taken from the config file +\fI/etc/security/pam_env.conf\fR +if no other file is specified. +.PP +This module can also parse a file with simple +\fIKEY=VAL\fR +pairs on seperate lines (\fI/etc/environment\fR +by default). You can change the default file to parse, with the +\fIenvfile\fR +flag and turn it on or off by setting the +\fIreadenv\fR +flag to 1 or 0 respectively. +.SH "OPTIONS" +.TP +\fBconffile=\fR\fB\fI/path/to/pam_env.conf\fR\fR +Indicate an alternative +\fIpam_env.conf\fR +style configuration file to override the default. This can be useful when different services need different environments. +.TP +\fBdebug\fR +A lot of debug informations are printed with +\fBsyslog\fR(3). +.TP +\fBenvfile=\fR\fB\fI/path/to/environment\fR\fR +Indicate an alternative +\fIenvironment\fR +file to override the default. This can be useful when different services need different environments. +.TP +\fBreadenv=\fR\fB\fI0|1\fR\fR +Turns on or off the reading of the file specified by envfile (0 is off, 1 is on). By default this option is on. +.SH "MODULE SERVICES PROVIDED" +.PP +The +\fBauth\fR +and +\fBsession\fR +services are supported. +.SH "RETURN VALUES" +.TP +PAM_ABORT +Not all relevant data or options could be gotten. +.TP +PAM_BUF_ERR +Memory buffer error. +.TP +PAM_IGNORE +No pam_env.conf and environment file was found. +.TP +PAM_SUCCESS +Environment variables were set. +.SH "FILES" +.TP +\fI/etc/security/pam_env.conf\fR +Default configuration file +.TP +\fI/etc/environment\fR +Default environment file +.SH "SEE ALSO" +.PP +\fBpam_env.conf\fR(5), +\fBpam.d\fR(8), +\fBpam\fR(8). +.SH "AUTHORS" +.PP +pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml new file mode 100644 index 00000000..4ab305ec --- /dev/null +++ b/modules/pam_env/pam_env.8.xml @@ -0,0 +1,206 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"> + +<refentry id='pam_env'> + + <refmeta> + <refentrytitle>pam_env</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class='setdesc'>Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id='pam_env-name'> + <refname>pam_env</refname> + <refpurpose> + PAM module to set/unset environment variables + </refpurpose> + </refnamediv> + +<!-- body begins here --> + + <refsynopsisdiv> + <cmdsynopsis id="pam_env-cmdsynopsis"> + <command>pam_env.so</command> + <arg choice="opt"> + debug + </arg> + <arg choice="opt"> + conffile=<replaceable>conf-file</replaceable> + </arg> + <arg choice="opt"> + envfile=<replaceable>env-file</replaceable> + </arg> + <arg choice="opt"> + readenv=<replaceable>0|1</replaceable> + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + + <refsect1 id="pam_env-description"> + <title>DESCRIPTION</title> + <para> + The pam_env PAM module allows the (un)setting of environment + variables. Supported is the use of previously set environment + variables as well as <emphasis>PAM_ITEM</emphasis>s such as + <emphasis>PAM_RHOST</emphasis>. + </para> + <para> + By default rules for (un)setting of variables is taken from the + config file <filename>/etc/security/pam_env.conf</filename> if + no other file is specified. + </para> + <para> + This module can also parse a file with simple + <emphasis>KEY=VAL</emphasis> pairs on seperate lines + (<filename>/etc/environment</filename> by default). You can + change the default file to parse, with the <emphasis>envfile</emphasis> + flag and turn it on or off by setting the <emphasis>readenv</emphasis> + flag to 1 or 0 respectively. + </para> + </refsect1> + + <refsect1 id="pam_env-options"> + <title>OPTIONS</title> + <variablelist> + + <varlistentry> + <term> + <option>conffile=<replaceable>/path/to/pam_env.conf</replaceable></option> + </term> + <listitem> + <para> + Indicate an alternative <filename>pam_env.conf</filename> + style configuration file to override the default. This can + be useful when different services need different environments. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>debug</option> + </term> + <listitem> + <para> + A lot of debug informations are printed with + <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>envfile=<replaceable>/path/to/environment</replaceable></option> + </term> + <listitem> + <para> + Indicate an alternative <filename>environment</filename> + file to override the default. This can be useful when different + services need different environments. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>readenv=<replaceable>0|1</replaceable></option> + </term> + <listitem> + <para> + Turns on or off the reading of the file specified by envfile + (0 is off, 1 is on). By default this option is on. + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsect1> + + <refsect1 id="pam_env-services"> + <title>MODULE SERVICES PROVIDED</title> + <para> + The <option>auth</option> and <option>session</option> services + are supported. + </para> + </refsect1> + + <refsect1 id="pam_env-return_values"> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_ABORT</term> + <listitem> + <para> + Not all relevant data or options could be gotten. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_IGNORE</term> + <listitem> + <para> + No pam_env.conf and environment file was found. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + Environment variables were set. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_env-files"> + <title>FILES</title> + <variablelist> + <varlistentry> + <term><filename>/etc/security/pam_env.conf</filename></term> + <listitem> + <para>Default configuration file</para> + </listitem> + </varlistentry> + <varlistentry> + <term><filename>/etc/environment</filename></term> + <listitem> + <para>Default environment file</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_env-see_also"> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>pam_env.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>. + </para> + </refsect1> + + <refsect1 id="pam_env-authors"> + <title>AUTHORS</title> + <para> + pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. + </para> + </refsect1> +</refentry> diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5 new file mode 100644 index 00000000..edf1fe2f --- /dev/null +++ b/modules/pam_env/pam_env.conf.5 @@ -0,0 +1,78 @@ +.\" ** You probably do not want to edit this file directly ** +.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1). +.\" Instead of manually editing it, you probably should edit the DocBook XML +.\" source for it and then use the DocBook XSL Stylesheets to regenerate it. +.TH "PAM_ENV.CONF" "5" "02/17/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +pam_env.conf \- the environment variables config file +.SH "DESCRIPTION" +.PP +The +\fIpam_env\fR +module allows the (un)setting of environment variables. Supported is the use of previously set environment variables as well as +\fIPAM_ITEM\fRs such as PAM_RHOST. +.PP +The +\fI/etc/security/pam_env.conf\fR +file specifies the environment variables to be set, unset or modified. When someone logs in, this file is read and the environment variables are set according. +.PP +Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use. OVERRIDE is not used, "" is assumed and no override will be done. +.PP +\fIVARIABLE\fR +[\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR] +.PP +(Possibly non\-existent) environment variables may be used in values using the ${string} syntax and (possibly non\-existent) PAM_ITEMs may be used in values using the @{string} syntax. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported. Note that many environment variables that you would like to use may not be set by the time the module is called. For example, HOME is used below several times, but many PAM applications don't make it available by the time you need it. +.PP +The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line. +.SH "EXAMPLES" +.PP +These are some example lines which might be specified in +\fI/etc/security/pam_env.conf\fR. +.PP +Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all +.sp +.nf + REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} + +.fi +.PP +Set the DISPLAY variable if it seems reasonable +.sp +.nf + DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} + +.fi +.PP +Now some simple variables +.sp +.nf + PAGER DEFAULT=less + MANPAGER DEFAULT=less + LESS DEFAULT="M q e h15 z23 b80" + NNTPSERVER DEFAULT=localhost + PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\\ + :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 + +.fi +.PP +Silly examples of escaped variables, just to show how they work. +.sp +.nf + DOLLAR DEFAULT=\\$ + DOLLARDOLLAR DEFAULT= OVERRIDE=\\$${DOLLAR} + DOLLARPLUS DEFAULT=\\${REMOTEHOST}${REMOTEHOST} + ATSIGN DEFAULT="" OVERRIDE=\\@ + +.fi +.SH "SEE ALSO" +.PP +\fBpam_env\fR(8), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHORS" +.PP +pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml new file mode 100644 index 00000000..7d12cfe1 --- /dev/null +++ b/modules/pam_env/pam_env.conf.5.xml @@ -0,0 +1,129 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + +<refentry id="pam_env.conf"> + + <refmeta> + <refentrytitle>pam_env.conf</refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv> + <refname>pam_env.conf</refname> + <refpurpose>the environment variables config file</refpurpose> + </refnamediv> + + + <refsect1 id='pam_env.conf-description'> + <title>DESCRIPTION</title> + + <para> + The <emphasis>pam_env</emphasis> module allows the (un)setting + of environment variables. Supported is the use of previously set + environment variables as well as <emphasis>PAM_ITEM</emphasis>s + such as PAM_RHOST. + </para> + + <para> + The <filename>/etc/security/pam_env.conf</filename> file specifies + the environment variables to be set, unset or modified. + When someone logs in, this file is + read and the environment variables are set according. + </para> + <para> + Each line starts with the variable name, there are then two possible + options for each variable DEFAULT and OVERRIDE. DEFAULT allows and + administrator to set the value of the variable to some default + value, if none is supplied then the empty string is assumed. The + OVERRIDE option tells pam_env that it should enter in its value + (overriding the default value) if there is one to use. OVERRIDE is + not used, "" is assumed and no override will be done. + </para> + <para> + <replaceable>VARIABLE</replaceable> + [<replaceable>DEFAULT=[value]</replaceable>] + [<replaceable>OVERRIDE=[value]</replaceable>] + </para> + + <para> + (Possibly non-existent) environment variables may be used in values + using the ${string} syntax and (possibly non-existent) PAM_ITEMs may + be used in values using the @{string} syntax. Both the $ and @ + characters can be backslash escaped to be used as literal values + values can be delimited with "", escaped " not supported. + Note that many environment variables that you would like to use + may not be set by the time the module is called. + For example, HOME is used below several times, but + many PAM applications don't make it available by the time you need it. + </para> + + <para> + The "<emphasis>#</emphasis>" character at start of line (no space + at front) can be used to mark this line as a comment line. + </para> + + </refsect1> + + <refsect1 id="pam_env.conf-examples"> + <title>EXAMPLES</title> + <para> + These are some example lines which might be specified in + <filename>/etc/security/pam_env.conf</filename>. + </para> + + <para> + Set the REMOTEHOST variable for any hosts that are remote, default + to "localhost" rather than not being set at all + </para> + <programlisting> + REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} + </programlisting> + + <para> + Set the DISPLAY variable if it seems reasonable + </para> + <programlisting> + DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} + </programlisting> + + <para> + Now some simple variables + </para> + <programlisting> + PAGER DEFAULT=less + MANPAGER DEFAULT=less + LESS DEFAULT="M q e h15 z23 b80" + NNTPSERVER DEFAULT=localhost + PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ + :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 + </programlisting> + + <para> + Silly examples of escaped variables, just to show how they work. + </para> + <programlisting> + DOLLAR DEFAULT=\$ + DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} + DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} + ATSIGN DEFAULT="" OVERRIDE=\@ + </programlisting> + </refsect1> + + <refsect1 id="pam_env.conf-see_also"> + <title>SEE ALSO</title> + <para> + <citerefentry><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry> + </para> + </refsect1> + + <refsect1 id="pam_env.conf-author"> + <title>AUTHORS</title> + <para> + pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. + </para> + </refsect1> +</refentry> |