diff options
Diffstat (limited to 'modules/pam_succeed_if')
-rw-r--r-- | modules/pam_succeed_if/Makefile.am | 4 | ||||
-rw-r--r-- | modules/pam_succeed_if/Makefile.in | 15 | ||||
-rw-r--r-- | modules/pam_succeed_if/README.xml | 32 | ||||
-rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.8 | 52 | ||||
-rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.8.xml | 78 | ||||
-rw-r--r-- | modules/pam_succeed_if/pam_succeed_if.c | 36 |
6 files changed, 103 insertions, 114 deletions
diff --git a/modules/pam_succeed_if/Makefile.am b/modules/pam_succeed_if/Makefile.am index cb54f843..f79a4b03 100644 --- a/modules/pam_succeed_if/Makefile.am +++ b/modules/pam_succeed_if/Makefile.am @@ -15,7 +15,11 @@ dist_check_SCRIPTS = tst-pam_succeed_if TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) +if HAVE_VENDORDIR +secureconfdir = $(VENDOR_SCONFIGDIR) +else secureconfdir = $(SCONFIGDIR) +endif AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) diff --git a/modules/pam_succeed_if/Makefile.in b/modules/pam_succeed_if/Makefile.in index 995b6db5..5028fe07 100644 --- a/modules/pam_succeed_if/Makefile.in +++ b/modules/pam_succeed_if/Makefile.in @@ -428,6 +428,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ +DOCBOOK_RNG = @DOCBOOK_RNG@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -440,11 +441,13 @@ EXEEXT = @EXEEXT@ EXE_CFLAGS = @EXE_CFLAGS@ EXE_LDFLAGS = @EXE_LDFLAGS@ FGREP = @FGREP@ +FILECMD = @FILECMD@ FO2PDF = @FO2PDF@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ +HTML_STYLESHEET = @HTML_STYLESHEET@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -476,12 +479,14 @@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ +LOGIND_CFLAGS = @LOGIND_CFLAGS@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ +MAN_STYLESHEET = @MAN_STYLESHEET@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ @@ -504,6 +509,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ +PDF_STYLESHEET = @PDF_STYLESHEET@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ @@ -514,12 +520,16 @@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ -STRINGPARAM_HMAC = @STRINGPARAM_HMAC@ +STRINGPARAM_PROFILECONDITIONS = @STRINGPARAM_PROFILECONDITIONS@ STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ TIRPC_CFLAGS = @TIRPC_CFLAGS@ TIRPC_LIBS = @TIRPC_LIBS@ +TXT_STYLESHEET = @TXT_STYLESHEET@ USE_NLS = @USE_NLS@ +VENDOR_SCONFIGDIR = @VENDOR_SCONFIGDIR@ VERSION = @VERSION@ WARN_CFLAGS = @WARN_CFLAGS@ XGETTEXT = @XGETTEXT@ @@ -593,7 +603,8 @@ XMLS = README.xml pam_succeed_if.8.xml dist_check_SCRIPTS = tst-pam_succeed_if TESTS = $(dist_check_SCRIPTS) securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) +@HAVE_VENDORDIR_FALSE@secureconfdir = $(SCONFIGDIR) +@HAVE_VENDORDIR_TRUE@secureconfdir = $(VENDOR_SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ $(WARN_CFLAGS) diff --git a/modules/pam_succeed_if/README.xml b/modules/pam_succeed_if/README.xml index c52f00a0..1c174af0 100644 --- a/modules/pam_succeed_if/README.xml +++ b/modules/pam_succeed_if/README.xml @@ -1,41 +1,27 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_succeed_if.8.xml"> ---> -]> +<article xmlns="http://docbook.org/ns/docbook" version="5.0"> -<article> - - <articleinfo> + <info> <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_succeed_if.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_succeed_if-name"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-name")/*)'/> </title> - </articleinfo> + </info> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-description"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-description")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-options"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-options")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-examples"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-examples")/*)'/> </section> <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-author"]/*)'/> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-author")/*)'/> </section> -</article> +</article>
\ No newline at end of file diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8 index 8b33c62a..e61af0cb 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8 +++ b/modules/pam_succeed_if/pam_succeed_if.8 @@ -1,13 +1,13 @@ '\" t .\" Title: pam_succeed_if .\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 09/03/2021 -.\" Manual: Linux-PAM +.\" Generator: DocBook XSL Stylesheets v1.79.2 <http://docbook.sf.net/> +.\" Date: 05/07/2023 +.\" Manual: Linux-PAM Manual .\" Source: Linux-PAM .\" Language: English .\" -.TH "PAM_SUCCEED_IF" "8" "09/03/2021" "Linux-PAM" "Linux\-PAM" +.TH "PAM_SUCCEED_IF" "8" "05/07/2023" "Linux\-PAM" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -42,32 +42,32 @@ The module should be given one or more conditions as module arguments, and authe The following \fIflag\fRs are supported: .PP -\fBdebug\fR +debug .RS 4 Turns on debugging messages sent to syslog\&. .RE .PP -\fBuse_uid\fR +use_uid .RS 4 Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&. .RE .PP -\fBquiet\fR +quiet .RS 4 Don\*(Aqt log failure or success to the system log\&. .RE .PP -\fBquiet_fail\fR +quiet_fail .RS 4 Don\*(Aqt log failure to the system log\&. .RE .PP -\fBquiet_success\fR +quiet_success .RS 4 Don\*(Aqt log success to the system log\&. .RE .PP -\fBaudit\fR +audit .RS 4 Log unknown users to the system log\&. .RE @@ -86,82 +86,82 @@ Available fields are and \fIservice\fR: .PP -\fBfield < number\fR +field < number .RS 4 Field has a value numerically less than number\&. .RE .PP -\fBfield <= number\fR +field <= number .RS 4 Field has a value numerically less than or equal to number\&. .RE .PP -\fBfield eq number\fR +field eq number .RS 4 Field has a value numerically equal to number\&. .RE .PP -\fBfield >= number\fR +field >= number .RS 4 Field has a value numerically greater than or equal to number\&. .RE .PP -\fBfield > number\fR +field > number .RS 4 Field has a value numerically greater than number\&. .RE .PP -\fBfield ne number\fR +field ne number .RS 4 Field has a value numerically different from number\&. .RE .PP -\fBfield = string\fR +field = string .RS 4 Field exactly matches the given string\&. .RE .PP -\fBfield != string\fR +field != string .RS 4 Field does not match the given string\&. .RE .PP -\fBfield =~ glob\fR +field =~ glob .RS 4 Field matches the given glob\&. .RE .PP -\fBfield !~ glob\fR +field !~ glob .RS 4 Field does not match the given glob\&. .RE .PP -\fBfield in item:item:\&.\&.\&.\fR +field in item:item:\&.\&.\&. .RS 4 Field is contained in the list of items separated by colons\&. .RE .PP -\fBfield notin item:item:\&.\&.\&.\fR +field notin item:item:\&.\&.\&. .RS 4 Field is not contained in the list of items separated by colons\&. .RE .PP -\fBuser ingroup group[:group:\&.\&.\&.\&.]\fR +user ingroup group[:group:\&.\&.\&.\&.] .RS 4 User is in given group(s)\&. .RE .PP -\fBuser notingroup group[:group:\&.\&.\&.\&.]\fR +user notingroup group[:group:\&.\&.\&.\&.] .RS 4 User is not in given group(s)\&. .RE .PP -\fBuser innetgr netgroup\fR +user innetgr netgroup .RS 4 (user,host) is in given netgroup\&. .RE .PP -\fBuser notinnetgr group\fR +user notinnetgr group .RS 4 (user,host) is not in given netgroup\&. .RE diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml index 14d939a3..90fd1145 100644 --- a/modules/pam_succeed_if/pam_succeed_if.8.xml +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -1,34 +1,30 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - - -<refentry id='pam_succeed_if'> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_succeed_if"> <!-- Copyright 2003, 2004 Red Hat, Inc. --> <!-- Written by Nalin Dahyabhai <nalin@redhat.com> --> <refmeta> <refentrytitle>pam_succeed_if</refentrytitle> <manvolnum>8</manvolnum> - <refmiscinfo class='sectdesc'>Linux-PAM</refmiscinfo> + <refmiscinfo class="source">Linux-PAM</refmiscinfo> + <refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo> </refmeta> - <refnamediv id='pam_succeed_if-name'> + <refnamediv xml:id="pam_succeed_if-name"> <refname>pam_succeed_if</refname> <refpurpose>test account characteristics</refpurpose> </refnamediv> <refsynopsisdiv> - <cmdsynopsis id='pam_succeed_if-cmdsynopsis'> + <cmdsynopsis xml:id="pam_succeed_if-cmdsynopsis" sepchar=" "> <command>pam_succeed_if.so</command> - <arg choice='opt' rep='repeat'><replaceable>flag</replaceable></arg> - <arg choice='opt' rep='repeat'><replaceable>condition</replaceable></arg> + <arg choice="opt" rep="repeat"><replaceable>flag</replaceable></arg> + <arg choice="opt" rep="repeat"><replaceable>condition</replaceable></arg> </cmdsynopsis> </refsynopsisdiv> - <refsect1 id='pam_succeed_if-description'> + <refsect1 xml:id="pam_succeed_if-description"> <title>DESCRIPTION</title> <para> pam_succeed_if.so is designed to succeed or fail authentication @@ -43,7 +39,7 @@ </para> </refsect1> - <refsect1 id="pam_succeed_if-options"> + <refsect1 xml:id="pam_succeed_if-options"> <title>OPTIONS</title> <para> The following <emphasis>flag</emphasis>s are supported: @@ -51,13 +47,13 @@ <variablelist> <varlistentry> - <term><option>debug</option></term> + <term>debug</term> <listitem> <para>Turns on debugging messages sent to syslog.</para> </listitem> </varlistentry> <varlistentry> - <term><option>use_uid</option></term> + <term>use_uid</term> <listitem> <para> Evaluate conditions using the account of the user whose UID @@ -67,13 +63,13 @@ </listitem> </varlistentry> <varlistentry> - <term><option>quiet</option></term> + <term>quiet</term> <listitem> <para>Don't log failure or success to the system log.</para> </listitem> </varlistentry> <varlistentry> - <term><option>quiet_fail</option></term> + <term>quiet_fail</term> <listitem> <para> Don't log failure to the system log. @@ -81,7 +77,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>quiet_success</option></term> + <term>quiet_success</term> <listitem> <para> Don't log success to the system log. @@ -89,7 +85,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>audit</option></term> + <term>audit</term> <listitem> <para> Log unknown users to the system log. @@ -112,13 +108,13 @@ <variablelist> <varlistentry> - <term><option>field < number</option></term> + <term>field < number</term> <listitem> <para>Field has a value numerically less than number.</para> </listitem> </varlistentry> <varlistentry> - <term><option>field <= number</option></term> + <term>field <= number</term> <listitem> <para> Field has a value numerically less than or equal to number. @@ -126,7 +122,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field eq number</option></term> + <term>field eq number</term> <listitem> <para> Field has a value numerically equal to number. @@ -134,7 +130,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field >= number</option></term> + <term>field >= number</term> <listitem> <para> Field has a value numerically greater than or equal to number. @@ -142,7 +138,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field > number</option></term> + <term>field > number</term> <listitem> <para> Field has a value numerically greater than number. @@ -150,7 +146,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field ne number</option></term> + <term>field ne number</term> <listitem> <para> Field has a value numerically different from number. @@ -158,7 +154,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field = string</option></term> + <term>field = string</term> <listitem> <para> Field exactly matches the given string. @@ -166,7 +162,7 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field != string</option></term> + <term>field != string</term> <listitem> <para> Field does not match the given string. @@ -174,49 +170,49 @@ </listitem> </varlistentry> <varlistentry> - <term><option>field =~ glob</option></term> + <term>field =~ glob</term> <listitem> <para>Field matches the given glob.</para> </listitem> </varlistentry> <varlistentry> - <term><option>field !~ glob</option></term> + <term>field !~ glob</term> <listitem> <para>Field does not match the given glob.</para> </listitem> </varlistentry> <varlistentry> - <term><option>field in item:item:...</option></term> + <term>field in item:item:...</term> <listitem> <para>Field is contained in the list of items separated by colons.</para> </listitem> </varlistentry> <varlistentry> - <term><option>field notin item:item:...</option></term> + <term>field notin item:item:...</term> <listitem> <para>Field is not contained in the list of items separated by colons.</para> </listitem> </varlistentry> <varlistentry> - <term><option>user ingroup group[:group:....]</option></term> + <term>user ingroup group[:group:....]</term> <listitem> <para>User is in given group(s).</para> </listitem> </varlistentry> <varlistentry> - <term><option>user notingroup group[:group:....]</option></term> + <term>user notingroup group[:group:....]</term> <listitem> <para>User is not in given group(s).</para> </listitem> </varlistentry> <varlistentry> - <term><option>user innetgr netgroup</option></term> + <term>user innetgr netgroup</term> <listitem> <para>(user,host) is in given netgroup.</para> </listitem> </varlistentry> <varlistentry> - <term><option>user notinnetgr group</option></term> + <term>user notinnetgr group</term> <listitem> <para>(user,host) is not in given netgroup.</para> </listitem> @@ -224,7 +220,7 @@ </variablelist> </refsect1> - <refsect1 id="pam_succeed_if-types"> + <refsect1 xml:id="pam_succeed_if-types"> <title>MODULE TYPES PROVIDED</title> <para> All module types (<option>account</option>, <option>auth</option>, @@ -232,7 +228,7 @@ </para> </refsect1> - <refsect1 id='pam_succeed_if-return_values'> + <refsect1 xml:id="pam_succeed_if-return_values"> <title>RETURN VALUES</title> <variablelist> @@ -267,7 +263,7 @@ </refsect1> - <refsect1 id='pam_succeed_if-examples'> + <refsect1 xml:id="pam_succeed_if-examples"> <title>EXAMPLES</title> <para> To emulate the behaviour of <emphasis>pam_wheel</emphasis>, except @@ -288,7 +284,7 @@ type required othermodule.so arguments... </programlisting> </refsect1> - <refsect1 id='pam_succeed_if-see_also'> + <refsect1 xml:id="pam_succeed_if-see_also"> <title>SEE ALSO</title> <para> <citerefentry> @@ -300,8 +296,8 @@ type required othermodule.so arguments... </para> </refsect1> - <refsect1 id='pam_succeed_if-author'> + <refsect1 xml:id="pam_succeed_if-author"> <title>AUTHOR</title> <para>Nalin Dahyabhai <nalin@redhat.com></para> </refsect1> -</refentry> +</refentry>
\ No newline at end of file diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 7103ae30..5bf79c45 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -294,13 +294,6 @@ evaluate(pam_handle_t *pamh, int debug, { char buf[LINE_MAX] = ""; const char *attribute = left; - /* Figure out what we're evaluating here, and convert it to a string.*/ - if ((strcasecmp(left, "login") == 0) || - (strcasecmp(left, "name") == 0) || - (strcasecmp(left, "user") == 0)) { - snprintf(buf, sizeof(buf), "%s", user); - left = buf; - } /* Get information about the user if needed. */ if ((*pwd == NULL) && ((strcasecmp(left, "uid") == 0) || @@ -314,33 +307,34 @@ evaluate(pam_handle_t *pamh, int debug, return PAM_USER_UNKNOWN; } } - if (strcasecmp(left, "uid") == 0) { + /* Figure out what we're evaluating here, and convert it to a string.*/ + if ((strcasecmp(left, "login") == 0) || + (strcasecmp(left, "name") == 0) || + (strcasecmp(left, "user") == 0)) { + snprintf(buf, sizeof(buf), "%s", user); + left = buf; + } else if (strcasecmp(left, "uid") == 0) { snprintf(buf, sizeof(buf), "%lu", (unsigned long) (*pwd)->pw_uid); left = buf; - } - if (strcasecmp(left, "gid") == 0) { + } else if (strcasecmp(left, "gid") == 0) { snprintf(buf, sizeof(buf), "%lu", (unsigned long) (*pwd)->pw_gid); left = buf; - } - if (strcasecmp(left, "shell") == 0) { + } else if (strcasecmp(left, "shell") == 0) { snprintf(buf, sizeof(buf), "%s", (*pwd)->pw_shell); left = buf; - } - if ((strcasecmp(left, "home") == 0) || + } else if ((strcasecmp(left, "home") == 0) || (strcasecmp(left, "dir") == 0) || (strcasecmp(left, "homedir") == 0)) { snprintf(buf, sizeof(buf), "%s", (*pwd)->pw_dir); left = buf; - } - if (strcasecmp(left, "service") == 0) { + } else if (strcasecmp(left, "service") == 0) { const void *svc; if (pam_get_item(pamh, PAM_SERVICE, &svc) != PAM_SUCCESS || svc == NULL) svc = ""; snprintf(buf, sizeof(buf), "%s", (const char *)svc); left = buf; - } - if (strcasecmp(left, "ruser") == 0) { + } else if (strcasecmp(left, "ruser") == 0) { const void *ruser; if (pam_get_item(pamh, PAM_RUSER, &ruser) != PAM_SUCCESS || ruser == NULL) @@ -348,16 +342,14 @@ evaluate(pam_handle_t *pamh, int debug, snprintf(buf, sizeof(buf), "%s", (const char *)ruser); left = buf; user = buf; - } - if (strcasecmp(left, "rhost") == 0) { + } else if (strcasecmp(left, "rhost") == 0) { const void *rhost; if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS || rhost == NULL) rhost = ""; snprintf(buf, sizeof(buf), "%s", (const char *)rhost); left = buf; - } - if (strcasecmp(left, "tty") == 0) { + } else if (strcasecmp(left, "tty") == 0) { const void *tty; if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS || tty == NULL) |