diff options
Diffstat (limited to 'modules/pam_mkhomedir')
-rw-r--r-- | modules/pam_mkhomedir/Makefile.am | 2 | ||||
-rw-r--r-- | modules/pam_mkhomedir/Makefile.in | 68 | ||||
-rw-r--r-- | modules/pam_mkhomedir/mkhomedir_helper.8 | 11 | ||||
-rw-r--r-- | modules/pam_mkhomedir/mkhomedir_helper.8.xml | 7 | ||||
-rw-r--r-- | modules/pam_mkhomedir/mkhomedir_helper.c | 41 | ||||
-rw-r--r-- | modules/pam_mkhomedir/pam_mkhomedir.8 | 13 | ||||
-rw-r--r-- | modules/pam_mkhomedir/pam_mkhomedir.8.xml | 13 | ||||
-rw-r--r-- | modules/pam_mkhomedir/pam_mkhomedir.c | 41 |
8 files changed, 156 insertions, 40 deletions
diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am index 973bc336..04da1dcc 100644 --- a/modules/pam_mkhomedir/Makefile.am +++ b/modules/pam_mkhomedir/Makefile.am @@ -31,6 +31,8 @@ endif sbin_PROGRAMS = mkhomedir_helper mkhomedir_helper_SOURCES = mkhomedir_helper.c +mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ +mkhomedir_helper_LDFLAGS = @EXE_LDFLAGS@ mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la check_PROGRAMS = tst-pam_mkhomedir-retval diff --git a/modules/pam_mkhomedir/Makefile.in b/modules/pam_mkhomedir/Makefile.in index 8776cb58..163531e8 100644 --- a/modules/pam_mkhomedir/Makefile.in +++ b/modules/pam_mkhomedir/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -100,18 +100,21 @@ sbin_PROGRAMS = mkhomedir_helper$(EXEEXT) check_PROGRAMS = tst-pam_mkhomedir-retval$(EXEEXT) subdir = modules/pam_mkhomedir ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ @@ -162,9 +165,14 @@ pam_mkhomedir_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) \ -o $@ -am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT) +am_mkhomedir_helper_OBJECTS = \ + mkhomedir_helper-mkhomedir_helper.$(OBJEXT) mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS) mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la +mkhomedir_helper_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(mkhomedir_helper_CFLAGS) $(CFLAGS) \ + $(mkhomedir_helper_LDFLAGS) $(LDFLAGS) -o $@ tst_pam_mkhomedir_retval_SOURCES = tst-pam_mkhomedir-retval.c tst_pam_mkhomedir_retval_OBJECTS = tst-pam_mkhomedir-retval.$(OBJEXT) tst_pam_mkhomedir_retval_DEPENDENCIES = \ @@ -184,7 +192,8 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/mkhomedir_helper.Po \ +am__depfiles_remade = \ + ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po \ ./$(DEPDIR)/pam_mkhomedir.Plo \ ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po am__mv = mv -f @@ -394,6 +403,7 @@ am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck TEST_SUITE_LOG = test-suite.log @@ -438,6 +448,9 @@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CRYPT_CFLAGS = @CRYPT_CFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ @@ -451,6 +464,8 @@ ECONF_CFLAGS = @ECONF_CFLAGS@ ECONF_LIBS = @ECONF_LIBS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +EXE_CFLAGS = @EXE_CFLAGS@ +EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ @@ -470,7 +485,6 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ @@ -517,8 +531,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -529,6 +541,7 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +STRINGPARAM_HMAC = @STRINGPARAM_HMAC@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ @@ -578,7 +591,6 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ @@ -586,9 +598,6 @@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ @@ -598,6 +607,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -620,6 +630,8 @@ pam_mkhomedir_la_LIBADD = $(top_builddir)/libpam/libpam.la pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module \ $(am__append_1) mkhomedir_helper_SOURCES = mkhomedir_helper.c +mkhomedir_helper_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ +mkhomedir_helper_LDFLAGS = @EXE_LDFLAGS@ mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la tst_pam_mkhomedir_retval_LDADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README @@ -755,7 +767,7 @@ pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $ mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) $(EXTRA_mkhomedir_helper_DEPENDENCIES) @rm -f mkhomedir_helper$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) + $(AM_V_CCLD)$(mkhomedir_helper_LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) tst-pam_mkhomedir-retval$(EXEEXT): $(tst_pam_mkhomedir_retval_OBJECTS) $(tst_pam_mkhomedir_retval_DEPENDENCIES) $(EXTRA_tst_pam_mkhomedir_retval_DEPENDENCIES) @rm -f tst-pam_mkhomedir-retval$(EXEEXT) @@ -767,7 +779,7 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_mkhomedir-retval.Po@am__quote@ # am--include-marker @@ -798,6 +810,20 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +mkhomedir_helper-mkhomedir_helper.o: mkhomedir_helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -MT mkhomedir_helper-mkhomedir_helper.o -MD -MP -MF $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo '$(srcdir)/'`mkhomedir_helper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mkhomedir_helper.c' object='mkhomedir_helper-mkhomedir_helper.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo '$(srcdir)/'`mkhomedir_helper.c + +mkhomedir_helper-mkhomedir_helper.obj: mkhomedir_helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -MT mkhomedir_helper-mkhomedir_helper.obj -MD -MP -MF $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo -c -o mkhomedir_helper-mkhomedir_helper.obj `if test -f 'mkhomedir_helper.c'; then $(CYGPATH_W) 'mkhomedir_helper.c'; else $(CYGPATH_W) '$(srcdir)/mkhomedir_helper.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Tpo $(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mkhomedir_helper.c' object='mkhomedir_helper-mkhomedir_helper.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(mkhomedir_helper_CFLAGS) $(CFLAGS) -c -o mkhomedir_helper-mkhomedir_helper.obj `if test -f 'mkhomedir_helper.c'; then $(CYGPATH_W) 'mkhomedir_helper.c'; else $(CYGPATH_W) '$(srcdir)/mkhomedir_helper.c'; fi` + mostlyclean-libtool: -rm -f *.lo @@ -1006,7 +1032,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ @@ -1153,7 +1179,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ clean-sbinPROGRAMS clean-securelibLTLIBRARIES mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/mkhomedir_helper.Po + -rm -f ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po -rm -f ./$(DEPDIR)/pam_mkhomedir.Plo -rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po -rm -f Makefile @@ -1201,7 +1227,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/mkhomedir_helper.Po + -rm -f ./$(DEPDIR)/mkhomedir_helper-mkhomedir_helper.Po -rm -f ./$(DEPDIR)/pam_mkhomedir.Plo -rm -f ./$(DEPDIR)/tst-pam_mkhomedir-retval.Po -rm -f Makefile diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8 b/modules/pam_mkhomedir/mkhomedir_helper.8 index 5ac40fbd..a9e68a0e 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.8 +++ b/modules/pam_mkhomedir/mkhomedir_helper.8 @@ -2,12 +2,12 @@ .\" Title: mkhomedir_helper .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Date: 09/03/2021 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "MKHOMEDIR_HELPER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "MKHOMEDIR_HELPER" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -31,7 +31,7 @@ mkhomedir_helper \- Helper binary that creates home directories .SH "SYNOPSIS" .HP \w'\fBmkhomedir_helper\fR\ 'u -\fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ ]] +\fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ [\ \fIhome_mode\fR\ ]\ ]] .SH "DESCRIPTION" .PP \fImkhomedir_helper\fR @@ -44,7 +44,10 @@ The default value of is 0022 and the default value of \fIpath\-to\-skel\fR is -\fI/etc/skel\fR\&. +\fI/etc/skel\fR\&. The default value of +\fIhome_mode\fR +is computed from the value of +\fIumask\fR\&. .PP The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories\&. The SELinux domain transition happens when the module is executing the \fImkhomedir_helper\fR\&. diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml index c834eddd..8a76f2d6 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml +++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml @@ -25,6 +25,9 @@ <replaceable>umask</replaceable> <arg choice="opt"> <replaceable>path-to-skel</replaceable> + <arg choice="opt"> + <replaceable>home_mode</replaceable> + </arg> </arg> </arg> </cmdsynopsis> @@ -43,7 +46,9 @@ <para> The default value of <replaceable>umask</replaceable> is 0022 and the default value of <replaceable>path-to-skel</replaceable> is - <emphasis>/etc/skel</emphasis>. + <emphasis>/etc/skel</emphasis>. The default value of + <replaceable>home_mode</replaceable> is computed from the value of + <replaceable>umask</replaceable>. </para> <para> diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c index 8969da52..582fecce 100644 --- a/modules/pam_mkhomedir/mkhomedir_helper.c +++ b/modules/pam_mkhomedir/mkhomedir_helper.c @@ -27,6 +27,7 @@ #include <security/pam_modutil.h> static unsigned long u_mask = 0022; +static unsigned long home_mode = 0; static char skeldir[BUFSIZ] = "/etc/skel"; /* Do the actual work of creating a home dir */ @@ -232,6 +233,8 @@ create_homedir(const struct passwd *pwd, { pam_syslog(NULL, LOG_DEBUG, "unable to open or stat src file %s: %m", newsource); + if (srcfd >= 0) + close(srcfd); closedir(d); #ifndef PATH_MAX @@ -258,7 +261,7 @@ create_homedir(const struct passwd *pwd, } /* Set the proper ownership and permissions for the module. We make - the file a+w and then mask it with the set mask. This preseves + the file a+w and then mask it with the set mask. This preserves execute bits */ if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 || fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0) @@ -332,6 +335,24 @@ create_homedir(const struct passwd *pwd, } static int +create_homedir_helper(const struct passwd *_pwd, + const char *_skeldir, const char *_homedir) +{ + int retval = PAM_SESSION_ERR; + + retval = create_homedir(_pwd, _skeldir, _homedir); + + if (chmod(_homedir, home_mode) != 0) + { + pam_syslog(NULL, LOG_DEBUG, + "unable to change perms on home directory %s: %m", _homedir); + return PAM_PERM_DENIED; + } + + return retval; +} + +static int make_parent_dirs(char *dir, int make) { int rc = PAM_SUCCESS; @@ -364,9 +385,10 @@ main(int argc, char *argv[]) { struct passwd *pwd; struct stat st; + char *eptr; if (argc < 2) { - fprintf(stderr, "Usage: %s <username> [<umask> [<skeldir>]]\n", argv[0]); + fprintf(stderr, "Usage: %s <username> [<umask> [<skeldir> [<home_mode>]]]\n", argv[0]); return PAM_SESSION_ERR; } @@ -377,7 +399,6 @@ main(int argc, char *argv[]) } if (argc >= 3) { - char *eptr; errno = 0; u_mask = strtoul(argv[2], &eptr, 0); if (errno != 0 || *eptr != '\0') { @@ -394,6 +415,18 @@ main(int argc, char *argv[]) strcpy(skeldir, argv[3]); } + if (argc >= 5) { + errno = 0; + home_mode = strtoul(argv[4], &eptr, 0); + if (errno != 0 || *eptr != '\0') { + pam_syslog(NULL, LOG_ERR, "Bogus home_mode value %s", argv[4]); + return PAM_SESSION_ERR; + } + } + + if (home_mode == 0) + home_mode = 0777 & ~u_mask; + /* Stat the home directory, if something exists then we assume it is correct and return a success */ if (stat(pwd->pw_dir, &st) == 0) @@ -402,5 +435,5 @@ main(int argc, char *argv[]) if (make_parent_dirs(pwd->pw_dir, 0) != PAM_SUCCESS) return PAM_PERM_DENIED; - return create_homedir(pwd, skeldir, pwd->pw_dir); + return create_homedir_helper(pwd, skeldir, pwd->pw_dir); } diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8 b/modules/pam_mkhomedir/pam_mkhomedir.8 index 4889135f..b8a4754c 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8 +++ b/modules/pam_mkhomedir/pam_mkhomedir.8 @@ -2,12 +2,12 @@ .\" Title: pam_mkhomedir .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Date: 09/03/2021 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_MKHOMEDIR" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual" +.TH "PAM_MKHOMEDIR" "8" "09/03/2021" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -53,8 +53,13 @@ Turns on debugging via .PP \fBumask=\fR\fB\fImask\fR\fR .RS 4 -The user file\-creation mask is set to -\fImask\fR\&. The default value of mask is 0022\&. +The file mode creation mask is set to +\fImask\fR\&. The default value of mask is 0022\&. If this option is not specified, then the permissions of created user home directory is set to the value of +\fBHOME_MODE\fR +configuration item from +/etc/login\&.defs\&. If there is no such configuration item then the value is computed from the value of +\fBUMASK\fR +in the same file\&. If there is no such configuration option either the default value of 0755 is used for the mode\&. .RE .PP \fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml index 19744de8..10109067 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -90,9 +90,16 @@ </term> <listitem> <para> - The user file-creation mask is set to - <replaceable>mask</replaceable>. The default value of mask is - 0022. + The file mode creation mask is set to + <replaceable>mask</replaceable>. The default value of mask + is 0022. If this option is not specified, then the permissions + of created user home directory is set to the value of + <option>HOME_MODE</option> configuration item from + <filename>/etc/login.defs</filename>. If there is no such + configuration item then the value is computed from the + value of <option>UMASK</option> in the same file. If + there is no such configuration option either the default + value of 0755 is used for the mode. </para> </listitem> </varlistentry> diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index cb773e8f..48e578fa 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -56,6 +56,9 @@ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ +#define LOGIN_DEFS "/etc/login.defs" +#define UMASK_DEFAULT "0022" + struct options_t { int ctrl; const char *umask; @@ -68,7 +71,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, options_t *opt) { opt->ctrl = 0; - opt->umask = "0022"; + opt->umask = NULL; opt->skeldir = "/etc/skel"; /* does the application require quiet? */ @@ -94,6 +97,17 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, } } +static char* +_pam_conv_str_umask_to_homemode(const char *umask) +{ + unsigned int m = 0; + char tmp[5]; + + m = 0777 & ~strtoul(umask, NULL, 8); + (void) snprintf(tmp, sizeof(tmp), "0%o", m); + return strdup(tmp); +} + /* Do the actual work of creating a home dir */ static int create_homedir (pam_handle_t *pamh, options_t *opt, @@ -101,6 +115,8 @@ create_homedir (pam_handle_t *pamh, options_t *opt, { int retval, child; struct sigaction newsa, oldsa; + char *login_umask = NULL; + char *login_homemode = NULL; /* Mention what is happening, if the notification fails that is OK */ if (!(opt->ctrl & MKHOMEDIR_QUIET)) @@ -122,11 +138,26 @@ create_homedir (pam_handle_t *pamh, options_t *opt, pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); } + /* fetch UMASK from /etc/login.defs if not in argv */ + if (opt->umask == NULL) { + login_umask = pam_modutil_search_key(pamh, LOGIN_DEFS, "UMASK"); + login_homemode = pam_modutil_search_key(pamh, LOGIN_DEFS, "HOME_MODE"); + if (login_homemode == NULL) { + if (login_umask != NULL) { + login_homemode = _pam_conv_str_umask_to_homemode(login_umask); + } else { + login_homemode = _pam_conv_str_umask_to_homemode(UMASK_DEFAULT); + } + } + } else { + login_homemode = _pam_conv_str_umask_to_homemode(opt->umask); + } + /* fork */ child = fork(); if (child == 0) { static char *envp[] = { NULL }; - const char *args[] = { NULL, NULL, NULL, NULL, NULL }; + const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, PAM_MODUTIL_PIPE_FD, @@ -136,8 +167,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt, /* exec the mkhomedir helper */ args[0] = MKHOMEDIR_HELPER; args[1] = user; - args[2] = opt->umask; + args[2] = opt->umask ? opt->umask : UMASK_DEFAULT; args[3] = opt->skeldir; + args[4] = login_homemode; DIAG_PUSH_IGNORE_CAST_QUAL; execve(MKHOMEDIR_HELPER, (char **)args, envp); @@ -175,6 +207,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt, dir); } + free(login_umask); + free(login_homemode); + D(("returning %d", retval)); return retval; } |