diff options
Diffstat (limited to 'modules/pam_motd')
| -rw-r--r-- | modules/pam_motd/Makefile.am | 4 | ||||
| -rw-r--r-- | modules/pam_motd/Makefile.in | 47 | ||||
| -rw-r--r-- | modules/pam_motd/README | 9 | ||||
| -rw-r--r-- | modules/pam_motd/README.xml | 32 | ||||
| -rw-r--r-- | modules/pam_motd/pam_motd.8 | 23 | ||||
| -rw-r--r-- | modules/pam_motd/pam_motd.8.xml | 59 | ||||
| -rw-r--r-- | modules/pam_motd/pam_motd.c | 164 |
7 files changed, 233 insertions, 105 deletions
diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am index 956dad2b..fc8f26c4 100644 --- a/modules/pam_motd/Makefile.am +++ b/modules/pam_motd/Makefile.am @@ -15,7 +15,11 @@ dist_check_SCRIPTS = tst-pam_motd TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) +if HAVE_VENDORDIR +secureconfdir = $(VENDOR_SCONFIGDIR) +else secureconfdir = $(SCONFIGDIR) +endif AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) diff --git a/modules/pam_motd/Makefile.in b/modules/pam_motd/Makefile.in index 9ed9e2e4..4116d988 100644 --- a/modules/pam_motd/Makefile.in +++ b/modules/pam_motd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -96,18 +96,21 @@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_motd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 \ + $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/warn_lang_flags.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ @@ -373,6 +376,7 @@ am__set_TESTS_bases = \ bases='$(TEST_LOGS)'; \ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' RECHECK_LOGS = $(TEST_LOGS) AM_RECURSIVE_TARGETS = check recheck TEST_SUITE_LOG = test-suite.log @@ -417,10 +421,14 @@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ +CRYPTO_LIBS = @CRYPTO_LIBS@ +CRYPT_CFLAGS = @CRYPT_CFLAGS@ +CRYPT_LIBS = @CRYPT_LIBS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ +DOCBOOK_RNG = @DOCBOOK_RNG@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -430,12 +438,16 @@ ECONF_CFLAGS = @ECONF_CFLAGS@ ECONF_LIBS = @ECONF_LIBS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +EXE_CFLAGS = @EXE_CFLAGS@ +EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ +HTML_STYLESHEET = @HTML_STYLESHEET@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -449,7 +461,6 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ @@ -468,12 +479,14 @@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ +LOGIND_CFLAGS = @LOGIND_CFLAGS@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ +MAN_STYLESHEET = @MAN_STYLESHEET@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ @@ -496,8 +509,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ +PDF_STYLESHEET = @PDF_STYLESHEET@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -508,11 +520,16 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ TIRPC_LIBS = @TIRPC_LIBS@ +TXT_STYLESHEET = @TXT_STYLESHEET@ USE_NLS = @USE_NLS@ +VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@ VERSION = @VERSION@ WARN_CFLAGS = @WARN_CFLAGS@ XGETTEXT = @XGETTEXT@ @@ -557,7 +574,6 @@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ @@ -565,9 +581,6 @@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ @@ -577,6 +590,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ +systemdunitdir = @systemdunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -589,7 +603,8 @@ XMLS = README.xml pam_motd.8.xml dist_check_SCRIPTS = tst-pam_motd TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) +@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR) +@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) @@ -912,7 +927,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ fi; \ echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ echo "$${col}$$br$${std}"; \ create_testsuite_report --maybe-color; \ echo "$$col$$br$$std"; \ diff --git a/modules/pam_motd/README b/modules/pam_motd/README index cd1e27e9..375ec809 100644 --- a/modules/pam_motd/README +++ b/modules/pam_motd/README @@ -24,8 +24,9 @@ Similar overriding behavior applies to the directories. Files in /etc/motd.d/ override files with the same name in /run/motd.d/ and /usr/lib/motd.d/. Files in /run/motd.d/ override files with the same name in /usr/lib/motd.d/. -Files the in the directories listed above are displayed in lexicographic order -by name. +Files in the directories listed above are displayed in lexicographic order by +name. Moreover, the files are filtered by reading them with the credentials of +the target user authenticating on the system. To silence a message, a symbolic link with target /dev/null may be placed in / etc/motd.d with the same filename as the message to be silenced. Example: @@ -51,6 +52,10 @@ motd_dir=/path/dirname.d colon-separated list. By default this option is set to /etc/motd.d:/run/ motd.d:/usr/lib/motd.d. +noupdate + + Don't run the scripts in /etc/update-motd.d to refresh the motd file. + When no options are given, the default behavior applies for both options. Specifying either option (or both) will disable the default behavior for both options. diff --git a/modules/pam_motd/README.xml b/modules/pam_motd/README.xml index 779e4d17..9e8edadf 100644 --- a/modules/pam_motd/README.xml +++ b/modules/pam_motd/README.xml @@ -1,41 +1,27 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_motd.8.xml"> ---> -]> +<article xmlns="http://docbook.org/ns/docbook" version="5.0"> -<article> - - <articleinfo> + <info> <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_motd.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_motd-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-name")/*)'/> </title> - </articleinfo> + </info> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-description"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-description")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-options"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-options")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-examples"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-examples")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-author"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-author")/*)'/> </section> -</article> +</article>
\ No newline at end of file diff --git a/modules/pam_motd/pam_motd.8 b/modules/pam_motd/pam_motd.8 index 63da02fa..6a6ab4e7 100644 --- a/modules/pam_motd/pam_motd.8 +++ b/modules/pam_motd/pam_motd.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_motd .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 +.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +.\" Date: 05/07/2023 .\" Manual: Linux-PAM Manual -.\" Source: Linux-PAM Manual +.\" Source: Linux-PAM .\" Language: English .\" -.TH "PAM_MOTD" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_MOTD" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -77,7 +77,7 @@ and override files with the same name in /usr/lib/motd\&.d/\&. .PP -Files the in the directories listed above are displayed in lexicographic order by name\&. +Files in the directories listed above are displayed in lexicographic order by name\&. Moreover, the files are filtered by reading them with the credentials of the target user authenticating on the system\&. .PP To silence a message, a symbolic link with target /dev/null @@ -93,7 +93,7 @@ The environment variable is set after showing the motd files, even when all of them were silenced using symbolic links\&. .SH "OPTIONS" .PP -\fBmotd=\fR\fB\fI/path/filename\fR\fR +motd=/path/filename .RS 4 The /path/filename @@ -101,7 +101,7 @@ file is displayed as message of the day\&. Multiple paths to try can be specifie /etc/motd:/run/motd:/usr/lib/motd\&. .RE .PP -\fBmotd_dir=\fR\fB\fI/path/dirname\&.d\fR\fR +motd_dir=/path/dirname\&.d .RS 4 The /path/dirname\&.d @@ -109,6 +109,13 @@ directory is scanned and each file contained inside of it is displayed\&. Multip /etc/motd\&.d:/run/motd\&.d:/usr/lib/motd\&.d\&. .RE .PP +\fBnoupdate\fR +.RS 4 +Don\*(Aqt run the scripts in +/etc/update\-motd\&.d +to refresh the motd file\&. +.RE +.PP When no options are given, the default behavior applies for both options\&. Specifying either option (or both) will disable the default behavior for both options\&. .SH "MODULE TYPES PROVIDED" .PP @@ -185,7 +192,7 @@ session optional pam_motd\&.so motd=/elsewhere/motd motd_dir=/elsewhere/motd\& \fBmotd\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_motd was written by Ben Collins <bcollins@debian\&.org>\&. diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml index b533530b..8369779a 100644 --- a/modules/pam_motd/pam_motd.8.xml +++ b/modules/pam_motd/pam_motd.8.xml @@ -1,33 +1,30 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_motd"> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_motd"> <refmeta> <refentrytitle>pam_motd</refentrytitle> <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + <refmiscinfo class="source">Linux-PAM</refmiscinfo> + <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> </refmeta> - <refnamediv id="pam_motd-name"> + <refnamediv xml:id="pam_motd-name"> <refname>pam_motd</refname> <refpurpose>Display the motd file</refpurpose> </refnamediv> <refsynopsisdiv> - <cmdsynopsis id="pam_motd-cmdsynopsis"> + <cmdsynopsis xml:id="pam_motd-cmdsynopsis" sepchar=" "> <command>pam_motd.so</command> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> motd=<replaceable>/path/filename</replaceable> </arg> - <arg choice="opt"> + <arg choice="opt" rep="norepeat"> motd_dir=<replaceable>/path/dirname.d</replaceable> </arg> </cmdsynopsis> </refsynopsisdiv> - <refsect1 id="pam_motd-description"> + <refsect1 xml:id="pam_motd-description"> <title>DESCRIPTION</title> @@ -38,7 +35,7 @@ following locations: </para> <para> - <simplelist type='vert'> + <simplelist type="vert"> <member><filename>/etc/motd</filename></member> <member><filename>/run/motd</filename></member> <member><filename>/usr/lib/motd</filename></member> @@ -64,8 +61,9 @@ override files with the same name in <filename>/usr/lib/motd.d/</filename>. </para> <para> - Files the in the directories listed above are displayed in - lexicographic order by name. + Files in the directories listed above are displayed in lexicographic + order by name. Moreover, the files are filtered by reading them with the + credentials of the target user authenticating on the system. </para> <para> To silence a message, @@ -78,19 +76,19 @@ <command>ln -s /dev/null /etc/motd.d/my_motd</command> </para> <para> - The <emphasis remap='B'>MOTD_SHOWN=pam</emphasis> environment variable + The <emphasis remap="B">MOTD_SHOWN=pam</emphasis> environment variable is set after showing the motd files, even when all of them were silenced using symbolic links. </para> </refsect1> - <refsect1 id="pam_motd-options"> + <refsect1 xml:id="pam_motd-options"> <title>OPTIONS</title> <variablelist> <varlistentry> <term> - <option>motd=<replaceable>/path/filename</replaceable></option> + motd=/path/filename </term> <listitem> <para> @@ -103,7 +101,7 @@ </varlistentry> <varlistentry> <term> - <option>motd_dir=<replaceable>/path/dirname.d</replaceable></option> + motd_dir=/path/dirname.d </term> <listitem> <para> @@ -114,6 +112,17 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term> + <option>noupdate</option> + </term> + <listitem> + <para> + Don't run the scripts in <filename>/etc/update-motd.d</filename> + to refresh the motd file. + </para> + </listitem> + </varlistentry> </variablelist> <para> When no options are given, the default behavior applies for both @@ -122,14 +131,14 @@ </para> </refsect1> - <refsect1 id="pam_motd-types"> + <refsect1 xml:id="pam_motd-types"> <title>MODULE TYPES PROVIDED</title> <para> Only the <option>session</option> module type is provided. </para> </refsect1> - <refsect1 id='pam_motd-return_values'> + <refsect1 xml:id="pam_motd-return_values"> <title>RETURN VALUES</title> <variablelist> <varlistentry> @@ -159,7 +168,7 @@ </variablelist> </refsect1> - <refsect1 id='pam_motd-examples'> + <refsect1 xml:id="pam_motd-examples"> <title>EXAMPLES</title> <para> The suggested usage for <filename>/etc/pam.d/login</filename> is: @@ -182,7 +191,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d </para> </refsect1> - <refsect1 id='pam_motd-see_also'> + <refsect1 xml:id="pam_motd-see_also"> <title>SEE ALSO</title> <para> <citerefentry> @@ -195,12 +204,12 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum> </citerefentry> </para> </refsect1> - <refsect1 id='pam_motd-author'> + <refsect1 xml:id="pam_motd-author"> <title>AUTHOR</title> <para> pam_motd was written by Ben Collins <bcollins@debian.org>. @@ -211,4 +220,4 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d </para> </refsect1> -</refentry> +</refentry>
\ No newline at end of file diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 46f4fe61..8472dd64 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) } } -static int filter_dirents(const struct dirent *d) -{ - return (d->d_type == DT_REG || d->d_type == DT_LNK); -} - static void try_to_display_directories_with_overrides(pam_handle_t *pamh, char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) { @@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, for (i = 0; i < num_motd_dirs; i++) { int rv; - rv = scandir(motd_dir_path_split[i], &(dirscans[i]), - filter_dirents, alphasort); + rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); if (rv < 0) { if (errno != ENOENT || report_missing) { pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", @@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, if (dirscans_size_total == 0) goto out; + /* filter out unwanted names, directories, and complement data with lstat() */ + for (i = 0; i < num_motd_dirs; i++) { + struct dirent **d = dirscans[i]; + for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { + int rc; + char *fullpath; + struct stat s; + + switch(d[j]->d_type) { /* the filetype determines how to proceed */ + case DT_REG: /* regular files and */ + case DT_LNK: /* symlinks */ + continue; /* are good. */ + case DT_UNKNOWN: /* for file systems that do not provide */ + /* a filetype, we use lstat() */ + if (join_dir_strings(&fullpath, motd_dir_path_split[i], + d[j]->d_name) <= 0) + break; + rc = lstat(fullpath, &s); + _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ + if (rc != 0) /* if the lstat() somehow failed */ + break; + + if (S_ISREG(s.st_mode) || /* regular files and */ + S_ISLNK(s.st_mode)) continue; /* symlinks are good */ + break; + case DT_DIR: /* We don't want directories */ + default: /* nor anything else */ + break; + } + _pam_drop(d[j]); /* free memory */ + d[j] = NULL; /* indicate this one was dropped */ + dirscans_size_total--; + } + } + /* Allocate space for all file names found in the directories, including duplicates. */ if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); @@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, unsigned int j; for (j = 0; j < dirscans_sizes[i]; j++) { - dirnames_all[i_dirnames] = dirscans[i][j]->d_name; - i_dirnames++; + if (NULL != dirscans[i][j]) { + dirnames_all[i_dirnames] = dirscans[i][j]->d_name; + i_dirnames++; + } } } @@ -282,10 +313,77 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, _pam_drop(dirscans); } +static int drop_privileges(pam_handle_t *pamh, struct pam_modutil_privs *privs) +{ + struct passwd *pw; + const char *username; + int retval; + + retval = pam_get_user(pamh, &username, NULL); + + if (retval == PAM_SUCCESS) { + pw = pam_modutil_getpwnam (pamh, username); + } else { + return PAM_SESSION_ERR; + } + + if (pw == NULL || pam_modutil_drop_priv(pamh, privs, pw)) { + return PAM_SESSION_ERR; + } + + return PAM_SUCCESS; +} + +static int try_to_display(pam_handle_t *pamh, char **motd_path_split, + unsigned int num_motd_paths, + char **motd_dir_path_split, + unsigned int num_motd_dir_paths, int report_missing) +{ + PAM_MODUTIL_DEF_PRIVS(privs); + + if (drop_privileges(pamh, &privs) != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "Unable to drop privileges"); + return PAM_SESSION_ERR; + } + + if (motd_path_split != NULL) { + unsigned int i; + + for (i = 0; i < num_motd_paths; i++) { + int fd = open(motd_path_split[i], O_RDONLY, 0); + + if (fd >= 0) { + try_to_display_fd(pamh, fd); + close(fd); + + /* We found and displayed a file, + * move onto next filename. + */ + break; + } + } + } + + if (motd_dir_path_split != NULL) { + try_to_display_directories_with_overrides(pamh, + motd_dir_path_split, + num_motd_dir_paths, + report_missing); + } + + if (pam_modutil_regain_priv(pamh, &privs)) { + pam_syslog(pamh, LOG_ERR, "Unable to regain privileges"); + return PAM_SESSION_ERR; + } + + return PAM_SUCCESS; +} + int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; + int do_update = 1; const char *motd_path = NULL; char *motd_path_copy = NULL; unsigned int num_motd_paths = 0; @@ -295,6 +393,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, unsigned int num_motd_dir_paths = 0; char **motd_dir_path_split = NULL; int report_missing; + struct stat st; if (flags & PAM_SILENT) { return retval; @@ -324,6 +423,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, "motd_dir= specification missing argument - ignored"); } } + else if (!strcmp(*argv,"noupdate")) { + do_update = 0; + } else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } @@ -336,6 +438,19 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, report_missing = 1; } + /* Run the update-motd dynamic motd scripts, outputting to /run/motd.dynamic. + This will be displayed only when calling pam_motd with + motd=/run/motd.dynamic; current /etc/pam.d/login and /etc/pam.d/sshd + display both this file and /etc/motd. */ + if (do_update && (stat("/etc/update-motd.d", &st) == 0) + && S_ISDIR(st.st_mode)) + { + mode_t old_mask = umask(0022); + if (!system("/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new")) + rename("/run/motd.dynamic.new", "/run/motd.dynamic"); + umask(old_mask); + } + if (motd_path != NULL) { motd_path_copy = strdup(motd_path); } @@ -358,25 +473,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, } } - if (motd_path_split != NULL) { - unsigned int i; - - for (i = 0; i < num_motd_paths; i++) { - int fd = open(motd_path_split[i], O_RDONLY, 0); - - if (fd >= 0) { - try_to_display_fd(pamh, fd); - close(fd); - - /* We found and displayed a file, move onto next filename. */ - break; - } - } - } - - if (motd_dir_path_split != NULL) - try_to_display_directories_with_overrides(pamh, motd_dir_path_split, - num_motd_dir_paths, report_missing); + retval = try_to_display(pamh, motd_path_split, num_motd_paths, + motd_dir_path_split, num_motd_dir_paths, + report_missing); out: _pam_drop(motd_path_copy); @@ -384,9 +483,12 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, _pam_drop(motd_dir_path_copy); _pam_drop(motd_dir_path_split); - retval = pam_putenv(pamh, "MOTD_SHOWN=pam"); - - return retval == PAM_SUCCESS ? PAM_IGNORE : retval; + if (retval == PAM_SUCCESS) { + retval = pam_putenv(pamh, "MOTD_SHOWN=pam"); + return retval == PAM_SUCCESS ? PAM_IGNORE : retval; + } else { + return retval; + } } /* end of module definition */ |