diff options
Diffstat (limited to 'modules/pam_env')
| -rw-r--r-- | modules/pam_env/Makefile.in | 18 | ||||
| -rw-r--r-- | modules/pam_env/README | 3 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.8 | 6 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.8.xml | 4 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.c | 14 | ||||
| -rw-r--r-- | modules/pam_env/pam_env.conf.5 | 4 |
6 files changed, 33 insertions, 16 deletions
diff --git a/modules/pam_env/Makefile.in b/modules/pam_env/Makefile.in index 39f16e18..1040c70e 100644 --- a/modules/pam_env/Makefile.in +++ b/modules/pam_env/Makefile.in @@ -46,13 +46,13 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ - $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \ - $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ - $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ - $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \ - $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs @@ -104,6 +104,8 @@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ +BUILD_CFLAGS = @BUILD_CFLAGS@ +BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ @@ -243,7 +245,9 @@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ +pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ +pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ diff --git a/modules/pam_env/README b/modules/pam_env/README index 6d52bc1b..8b362d2a 100644 --- a/modules/pam_env/README +++ b/modules/pam_env/README @@ -16,6 +16,9 @@ This module can also parse a file with simple KEY=VAL pairs on separate lines the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 respectively. +Since setting of PAM environment variables can have side effects to other +modules, this module should be the last one on the stack. + OPTIONS conffile=/path/to/pam_env.conf diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8 index cd26d5f2..18f9540e 100644 --- a/modules/pam_env/pam_env.8 +++ b/modules/pam_env/pam_env.8 @@ -1,12 +1,12 @@ .\" Title: pam_env .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> -.\" Date: 07/08/2010 +.\" Date: 10/27/2010 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_ENV" "8" "07/08/2010" "Linux-PAM Manual" "Linux-PAM Manual" +.TH "PAM_ENV" "8" "10/27/2010" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * (re)Define some macros .\" ----------------------------------------------------------------- @@ -191,6 +191,8 @@ by default)\&. You can change the default file to parse, with the flag and turn it on or off by setting the \fIreadenv\fR flag to 1 or 0 respectively\&. +.PP +Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack\&. .SH "OPTIONS" .PP \fBconffile=\fR\fB\fI/path/to/pam_env\&.conf\fR\fR diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml index 536cb132..309643fd 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -65,6 +65,10 @@ flag and turn it on or off by setting the <emphasis>readenv</emphasis> flag to 1 or 0 respectively. </para> + <para> + Since setting of PAM environment variables can have side effects + to other modules, this module should be the last one on the stack. + </para> </refsect1> <refsect1 id="pam_env-options"> diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 4e5f6eb3..8ac8ed33 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -23,7 +23,6 @@ #include <string.h> #include <syslog.h> #include <sys/stat.h> -#include <sys/fsuid.h> #include <sys/types.h> #include <unistd.h> @@ -791,10 +790,15 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) return PAM_BUF_ERR; } if (stat(envpath, &statbuf) == 0) { - uid_t euid = geteuid(); - setfsuid (user_entry->pw_uid); - retval = _parse_config_file(pamh, envpath); - setfsuid (euid); + PAM_MODUTIL_DEF_PRIVS(privs); + + if (pam_modutil_drop_priv(pamh, &privs, user_entry)) { + retval = PAM_SESSION_ERR; + } else { + retval = _parse_config_file(pamh, envpath); + if (pam_modutil_regain_priv(pamh, &privs)) + retval = PAM_SESSION_ERR; + } if (retval == PAM_IGNORE) retval = PAM_SUCCESS; } diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5 index 3af9b5dd..0da8bb44 100644 --- a/modules/pam_env/pam_env.conf.5 +++ b/modules/pam_env/pam_env.conf.5 @@ -1,12 +1,12 @@ .\" Title: pam_env.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> -.\" Date: 07/08/2010 +.\" Date: 10/27/2010 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_ENV\&.CONF" "5" "07/08/2010" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_ENV\&.CONF" "5" "10/27/2010" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * (re)Define some macros .\" ----------------------------------------------------------------- |