summaryrefslogtreecommitdiff
path: root/modules/pam_shells
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_shells')
-rw-r--r--modules/pam_shells/Makefile.am8
-rw-r--r--modules/pam_shells/Makefile.in55
-rw-r--r--modules/pam_shells/README6
-rw-r--r--modules/pam_shells/README.xml32
-rw-r--r--modules/pam_shells/pam_shells.815
-rw-r--r--modules/pam_shells/pam_shells.8.xml43
-rw-r--r--modules/pam_shells/pam_shells.c73
7 files changed, 150 insertions, 82 deletions
diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am
index b91bada5..e44915f2 100644
--- a/modules/pam_shells/Makefile.am
+++ b/modules/pam_shells/Makefile.am
@@ -15,17 +15,21 @@ dist_check_SCRIPTS = tst-pam_shells
TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
+if HAVE_VENDORDIR
+secureconfdir = $(VENDOR_SCONFIGDIR)
+else
secureconfdir = $(SCONFIGDIR)
+endif
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
+ $(WARN_CFLAGS) $(ECONF_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
securelib_LTLIBRARIES = pam_shells.la
-pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la
+pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS)
if ENABLE_REGENERATE_MAN
dist_noinst_DATA = README
diff --git a/modules/pam_shells/Makefile.in b/modules/pam_shells/Makefile.in
index bc203c58..3c236b33 100644
--- a/modules/pam_shells/Makefile.in
+++ b/modules/pam_shells/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.3 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -96,18 +96,21 @@ host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_shells
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
- $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
- $(top_srcdir)/m4/japhar_grep_cflags.m4 \
+am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
+ $(top_srcdir)/m4/gettext.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/jh_path_xml_catalog.m4 \
$(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
- $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/ld-no-undefined.m4 \
+ $(top_srcdir)/m4/ld-z-now.m4 $(top_srcdir)/m4/lib-ld.m4 \
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
$(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+ $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/m4/warn_lang_flags.m4 \
+ $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
@@ -145,7 +148,9 @@ am__uninstall_files_from_dir = { \
}
am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"
LTLIBRARIES = $(securelib_LTLIBRARIES)
-pam_shells_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
+am__DEPENDENCIES_1 =
+pam_shells_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(am__DEPENDENCIES_1)
pam_shells_la_SOURCES = pam_shells.c
pam_shells_la_OBJECTS = pam_shells.lo
AM_V_lt = $(am__v_lt_@AM_V@)
@@ -373,6 +378,7 @@ am__set_TESTS_bases = \
bases='$(TEST_LOGS)'; \
bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
RECHECK_LOGS = $(TEST_LOGS)
AM_RECURSIVE_TARGETS = check recheck
TEST_SUITE_LOG = test-suite.log
@@ -417,10 +423,14 @@ CC_FOR_BUILD = @CC_FOR_BUILD@
CFLAGS = @CFLAGS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CRYPTO_LIBS = @CRYPTO_LIBS@
+CRYPT_CFLAGS = @CRYPT_CFLAGS@
+CRYPT_LIBS = @CRYPT_LIBS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
+DOCBOOK_RNG = @DOCBOOK_RNG@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -430,12 +440,16 @@ ECONF_CFLAGS = @ECONF_CFLAGS@
ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
+EXE_CFLAGS = @EXE_CFLAGS@
+EXE_LDFLAGS = @EXE_LDFLAGS@
FGREP = @FGREP@
+FILECMD = @FILECMD@
FO2PDF = @FO2PDF@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
+HTML_STYLESHEET = @HTML_STYLESHEET@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -449,7 +463,6 @@ LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBDB = @LIBDB@
LIBDL = @LIBDL@
@@ -468,12 +481,14 @@ LIBSELINUX = @LIBSELINUX@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
+LOGIND_CFLAGS = @LOGIND_CFLAGS@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
+MAN_STYLESHEET = @MAN_STYLESHEET@
MKDIR_P = @MKDIR_P@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
@@ -496,8 +511,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
+PDF_STYLESHEET = @PDF_STYLESHEET@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
@@ -508,11 +522,16 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@
STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
+SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@
+SYSTEMD_LIBS = @SYSTEMD_LIBS@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
+TXT_STYLESHEET = @TXT_STYLESHEET@
USE_NLS = @USE_NLS@
+VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@
VERSION = @VERSION@
WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
@@ -557,7 +576,6 @@ htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
@@ -565,9 +583,6 @@ localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
pam_xauth_path = @pam_xauth_path@
pdfdir = @pdfdir@
prefix = @prefix@
@@ -577,6 +592,7 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
+systemdunitdir = @systemdunitdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
@@ -589,13 +605,14 @@ XMLS = README.xml pam_shells.8.xml
dist_check_SCRIPTS = tst-pam_shells
TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
+@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR)
+@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
+ $(WARN_CFLAGS) $(ECONF_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_shells.la
-pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la
+pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS)
@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
@@ -912,7 +929,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
fi; \
echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
echo "$${col}$$br$${std}"; \
create_testsuite_report --maybe-color; \
echo "$$col$$br$$std"; \
diff --git a/modules/pam_shells/README b/modules/pam_shells/README
index e09dd205..bde6667c 100644
--- a/modules/pam_shells/README
+++ b/modules/pam_shells/README
@@ -7,7 +7,11 @@ DESCRIPTION
pam_shells is a PAM module that only allows access to the system if the user's
shell is listed in /etc/shells.
-It also checks if /etc/shells is a plain file and not world writable.
+If this file does not exist, entries are taken from files %vendordir%/shells,
+%vendordir%/shells.d/* and /etc/shells.d/* in that order.
+
+It also checks if needed files (e.g. /etc/shells) are plain files and not world
+writable.
OPTIONS
diff --git a/modules/pam_shells/README.xml b/modules/pam_shells/README.xml
index 154b97b5..c4da1a06 100644
--- a/modules/pam_shells/README.xml
+++ b/modules/pam_shells/README.xml
@@ -1,41 +1,27 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_shells.8.xml">
--->
-]>
+<article xmlns="http://docbook.org/ns/docbook" version="5.0">
-<article>
-
- <articleinfo>
+ <info>
<title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_shells.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_shells-name"]/*)'/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-name")/*)'/>
</title>
- </articleinfo>
+ </info>
<section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-description"]/*)'/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-description")/*)'/>
</section>
<section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-options"]/*)'/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-options")/*)'/>
</section>
<section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-examples"]/*)'/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-examples")/*)'/>
</section>
<section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-author"]/*)'/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-author")/*)'/>
</section>
-</article>
+</article> \ No newline at end of file
diff --git a/modules/pam_shells/pam_shells.8 b/modules/pam_shells/pam_shells.8
index ec9adf08..7962badc 100644
--- a/modules/pam_shells/pam_shells.8
+++ b/modules/pam_shells/pam_shells.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_shells
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 06/08/2020
+.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/>
+.\" Date: 05/07/2023
.\" Manual: Linux-PAM Manual
-.\" Source: Linux-PAM Manual
+.\" Source: Linux-PAM
.\" Language: English
.\"
-.TH "PAM_SHELLS" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_SHELLS" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -37,9 +37,8 @@ pam_shells \- PAM module to check for valid login shell
pam_shells is a PAM module that only allows access to the system if the user\*(Aqs shell is listed in
/etc/shells\&.
.PP
-It also checks if
-/etc/shells
-is a plain file and not world writable\&.
+It also checks if needed files (e\&.g\&.
+/etc/shells) are plain files and not world writable\&.
.SH "OPTIONS"
.PP
This module does not recognise any options\&.
@@ -85,7 +84,7 @@ auth required pam_shells\&.so
\fBshells\fR(5),
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
-\fBpam\fR(8)
+\fBpam\fR(7)
.SH "AUTHOR"
.PP
pam_shells was written by Erik Troan <ewt@redhat\&.com>\&.
diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml
index 15f47671..bff889fb 100644
--- a/modules/pam_shells/pam_shells.8.xml
+++ b/modules/pam_shells/pam_shells.8.xml
@@ -1,27 +1,24 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_shells">
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_shells">
<refmeta>
<refentrytitle>pam_shells</refentrytitle>
<manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ <refmiscinfo class="source">Linux-PAM</refmiscinfo>
+ <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
</refmeta>
- <refnamediv id="pam_shells-name">
+ <refnamediv xml:id="pam_shells-name">
<refname>pam_shells</refname>
<refpurpose>PAM module to check for valid login shell</refpurpose>
</refnamediv>
<refsynopsisdiv>
- <cmdsynopsis id="pam_shells-cmdsynopsis">
+ <cmdsynopsis xml:id="pam_shells-cmdsynopsis" sepchar=" ">
<command>pam_shells.so</command>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1 id="pam_shells-description">
+ <refsect1 xml:id="pam_shells-description">
<title>DESCRIPTION</title>
@@ -29,19 +26,27 @@
pam_shells is a PAM module that only allows access to the
system if the user's shell is listed in <filename>/etc/shells</filename>.
</para>
+
+ <para condition="with_vendordir_and_with_econf">
+ If this file does not exist, entries are taken from files
+ <filename>%vendordir%/shells</filename>,
+ <filename>%vendordir%/shells.d/*</filename> and
+ <filename>/etc/shells.d/*</filename> in that order.
+ </para>
+
<para>
- It also checks if <filename>/etc/shells</filename> is a plain
- file and not world writable.
+ It also checks if needed files (e.g. <filename>/etc/shells</filename>) are plain
+ files and not world writable.
</para>
</refsect1>
- <refsect1 id="pam_shells-options">
+ <refsect1 xml:id="pam_shells-options">
<title>OPTIONS</title>
<para> This module does not recognise any options.</para>
</refsect1>
- <refsect1 id="pam_shells-types">
+ <refsect1 xml:id="pam_shells-types">
<title>MODULE TYPES PROVIDED</title>
<para>
The <option>auth</option> and <option>account</option>
@@ -49,7 +54,7 @@
</para>
</refsect1>
- <refsect1 id='pam_shells-return_values'>
+ <refsect1 xml:id="pam_shells-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
@@ -80,7 +85,7 @@
</variablelist>
</refsect1>
- <refsect1 id='pam_shells-examples'>
+ <refsect1 xml:id="pam_shells-examples">
<title>EXAMPLES</title>
<para>
<programlisting>
@@ -89,7 +94,7 @@ auth required pam_shells.so
</para>
</refsect1>
- <refsect1 id='pam_shells-see_also'>
+ <refsect1 xml:id="pam_shells-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
@@ -102,16 +107,16 @@ auth required pam_shells.so
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>
</para>
</refsect1>
- <refsect1 id='pam_shells-author'>
+ <refsect1 xml:id="pam_shells-author">
<title>AUTHOR</title>
<para>
pam_shells was written by Erik Troan &lt;ewt@redhat.com&gt;.
</para>
</refsect1>
-</refentry>
+</refentry> \ No newline at end of file
diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c
index dc8f4878..abebdd0c 100644
--- a/modules/pam_shells/pam_shells.c
+++ b/modules/pam_shells/pam_shells.c
@@ -13,27 +13,47 @@
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <sys/stat.h>
#include <syslog.h>
#include <unistd.h>
+#if defined (USE_ECONF) && defined (VENDORDIR)
+#include <libeconf.h>
+#endif
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#define SHELL_FILE "/etc/shells"
-
+#define SHELLS "shells"
+#define ETCDIR "/etc"
#define DEFAULT_SHELL "/bin/sh"
+static bool check_file(const char *filename, const void *pamh)
+{
+ struct stat sb;
+
+ if (stat(filename, &sb)) {
+ pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", filename);
+ return false; /* must have /etc/shells */
+ }
+
+ if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
+ pam_syslog(pamh, LOG_ERR,
+ "%s is either world writable or not a normal file",
+ filename);
+ return false;
+ }
+ return true;
+}
+
static int perform_check(pam_handle_t *pamh)
{
int retval = PAM_AUTH_ERR;
const char *userName;
const char *userShell;
- char shellFileLine[256];
- struct stat sb;
struct passwd * pw;
- FILE * shellFile;
retval = pam_get_user(pamh, &userName, NULL);
if (retval != PAM_SUCCESS) {
@@ -48,18 +68,50 @@ static int perform_check(pam_handle_t *pamh)
if (userShell[0] == '\0')
userShell = DEFAULT_SHELL;
- if (stat(SHELL_FILE,&sb)) {
- pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE);
- return PAM_AUTH_ERR; /* must have /etc/shells */
+#if defined (USE_ECONF) && defined (VENDORDIR)
+ size_t size = 0;
+ econf_err error;
+ char **keys;
+ econf_file *key_file;
+
+ error = econf_readDirsWithCallback(&key_file,
+ VENDORDIR,
+ ETCDIR,
+ SHELLS,
+ NULL,
+ "", /* key only */
+ "#", /* comment */
+ check_file, pamh);
+ if (error) {
+ pam_syslog(pamh, LOG_ERR,
+ "Cannot parse shell files: %s",
+ econf_errString(error));
+ return PAM_AUTH_ERR;
}
- if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) {
+ error = econf_getKeys(key_file, NULL, &size, &keys);
+ if (error) {
pam_syslog(pamh, LOG_ERR,
- "%s is either world writable or not a normal file",
- SHELL_FILE);
+ "Cannot evaluate entries in shell files: %s",
+ econf_errString(error));
+ econf_free (key_file);
return PAM_AUTH_ERR;
}
+ retval = 1;
+ for (size_t i = 0; i < size; i++) {
+ retval = strcmp(keys[i], userShell);
+ if (!retval)
+ break;
+ }
+ econf_free (key_file);
+#else
+ char shellFileLine[256];
+ FILE * shellFile;
+
+ if (!check_file(SHELL_FILE, pamh))
+ return PAM_AUTH_ERR;
+
shellFile = fopen(SHELL_FILE,"r");
if (shellFile == NULL) { /* Check that we opened it successfully */
pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SHELL_FILE);
@@ -75,6 +127,7 @@ static int perform_check(pam_handle_t *pamh)
}
fclose(shellFile);
+ #endif
if (retval) {
return PAM_AUTH_ERR;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 16:57:51 +0000