From dade683fe1334eccfae157517fa4f8b9a77d36cb Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 19 Nov 2008 14:24:47 +0000 Subject: Relevant BUGIDs: Purpose of commit: missing part of new feature Commit summary: --------------- 2008-11-19 Thorsten Kukuk * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish implementation of type=STRING option. * modules/pam_pwhistory/pam_pwhistory.8.xml: Document "type=STRING" option. --- modules/pam_env/pam_env.c | 150 +++++++++++++++++------------- modules/pam_pwhistory/pam_pwhistory.8.xml | 18 ++++ modules/pam_pwhistory/pam_pwhistory.c | 13 ++- modules/pam_xauth/pam_xauth.c | 25 ++++- 4 files changed, 136 insertions(+), 70 deletions(-) (limited to 'modules') diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 80a20cd6..4d81f1c4 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -11,6 +11,9 @@ #define DEFAULT_ETC_ENVFILE "/etc/environment" #define DEFAULT_READ_ENVFILE 1 +#define DEFAULT_USER_ENVFILE ".environment" +#define DEFAULT_USER_READ_ENVFILE 1 + #include "config.h" #include @@ -75,16 +78,19 @@ static char quote='Z'; /* argument parsing */ #define PAM_DEBUG_ARG 0x01 -#define PAM_NEW_CONF_FILE 0x02 -#define PAM_ENV_SILENT 0x04 -#define PAM_NEW_ENV_FILE 0x10 static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, - const char **conffile, const char **envfile, int *readenv) + char **conffile, char **envfile, int *readenv, + char **user_envfile, int *user_readenv) { int ctrl=0; + *user_envfile = strdup (DEFAULT_USER_ENVFILE); + *envfile = strdup (DEFAULT_ETC_ENVFILE); + *readenv = DEFAULT_READ_ENVFILE; + *user_readenv = DEFAULT_USER_READ_ENVFILE; + *conffile = strdup (DEFAULT_CONF_FILE); /* step through arguments */ for (; argc-- > 0; ++argv) { @@ -94,49 +100,54 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strncmp(*argv,"conffile=",9)) { - *conffile = 9 + *argv; - if (**conffile != '\0') { - D(("new Configuration File: %s", *conffile)); - ctrl |= PAM_NEW_CONF_FILE; - } else { - pam_syslog(pamh, LOG_ERR, - "conffile= specification missing argument - ignored"); - } + if (*argv+9 == '\0') { + pam_syslog(pamh, LOG_ERR, + "conffile= specification missing argument - ignored"); + } else { + free(*conffile); + *conffile = x_strdup(9+*argv); + D(("new Configuration File: %s", *conffile)); + } } else if (!strncmp(*argv,"envfile=",8)) { - *envfile = 8 + *argv; - if (**envfile != '\0') { - D(("new Env File: %s", *envfile)); - ctrl |= PAM_NEW_ENV_FILE; - } else { - pam_syslog (pamh, LOG_ERR, - "envfile= specification missing argument - ignored"); - } + if (*argv+8 == '\0') { + pam_syslog (pamh, LOG_ERR, + "envfile= specification missing argument - ignored"); + } else { + free(*envfile); + *envfile = x_strdup(8+*argv); + D(("new Env File: %s", *envfile)); + } + } else if (!strncmp(*argv,"user_envfile=",13)) { + if (*argv+13 == '\0') { + pam_syslog (pamh, LOG_ERR, + "user_envfile= specification missing argument - ignored"); + } else { + free(*user_envfile); + *user_envfile = x_strdup(13+*argv); + D(("new User Env File: %s", *user_env_file)); + } } else if (!strncmp(*argv,"readenv=",8)) - *readenv = atoi(8+*argv); + *readenv = atoi(8+*argv); + else if (!strncmp(*argv,"user_readenv=",13)) + *user_readenv = atoi(13+*argv); else - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } return ctrl; } static int -_parse_config_file(pam_handle_t *pamh, int ctrl, const char *conffile) +_parse_config_file(pam_handle_t *pamh, char *file) { int retval; - const char *file; char buffer[BUF_SIZE]; FILE *conf; VAR Var, *var=&Var; - var->name=NULL; var->defval=NULL; var->override=NULL; D(("Called.")); - if (ctrl & PAM_NEW_CONF_FILE) { - file = conffile; - } else { - file = DEFAULT_CONF_FILE; - } + var->name=NULL; var->defval=NULL; var->override=NULL; D(("Config file name is: %s", file)); @@ -184,18 +195,12 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *conffile) } static int -_parse_env_file(pam_handle_t *pamh, int ctrl, const char *env_file) +_parse_env_file(pam_handle_t *pamh, char *file) { int retval=PAM_SUCCESS, i, t; - const char *file; char buffer[BUF_SIZE], *key, *mark; FILE *conf; - if (ctrl & PAM_NEW_ENV_FILE) - file = env_file; - else - file = DEFAULT_ETC_ENVFILE; - D(("Env file name is: %s", file)); if ((conf = fopen(file,"r")) == NULL) { @@ -702,7 +707,7 @@ static int _define_var(pam_handle_t *pamh, VAR *var) pam_syslog(pamh, LOG_ERR, "out of memory"); return PAM_BUF_ERR; } - + retval = pam_putenv(pamh, envvar); _pam_drop(envvar); D(("Exit.")); @@ -751,24 +756,60 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; - const char *conf_file = NULL, *env_file = NULL; + int user_readenv = DEFAULT_USER_READ_ENVFILE; + char *conf_file = NULL, *env_file = NULL, *user_env_file = NULL; + /* * this module sets environment variables read in from a file */ D(("Called.")); - ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv); + ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, + &readenv, &user_env_file, &user_readenv); - retval = _parse_config_file(pamh, ctrl, conf_file); + retval = _parse_config_file(pamh, conf_file); if(readenv && retval == PAM_SUCCESS) { - retval = _parse_env_file(pamh, ctrl, env_file); + retval = _parse_env_file(pamh, env_file); if (retval == PAM_IGNORE) retval = PAM_SUCCESS; } + if(user_readenv && retval == PAM_SUCCESS) { + char *envpath = NULL; + struct passwd *user_entry; + const char *username; + struct stat statbuf; + + username = _pam_get_item_byname(pamh, "PAM_USER"); + + user_entry = getpwnam(username); + if (!user_entry) { + pam_syslog(pamh, LOG_ERR, "No such user!?"); + } + else { + if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0) + { + pam_syslog(pamh, LOG_ERR, "Out of memory"); + free (conf_file); + free (env_file); + free (user_env_file); + return PAM_BUF_ERR; + } + if (stat(envpath, &statbuf) == 0) { + retval = _parse_config_file(pamh, envpath); + if (retval == PAM_IGNORE) + retval = PAM_SUCCESS; + } + free(envpath); + } + } + /* indicate success or failure */ + free (conf_file); + free (env_file); + free (user_env_file); D(("Exit.")); return retval; @@ -786,28 +827,9 @@ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; - const char *conf_file = NULL, *env_file = NULL; - - /* - * this module sets environment variables read in from a file - */ - - D(("Called.")); - ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv); - - retval = _parse_config_file(pamh, ctrl, conf_file); - - if(readenv && retval == PAM_SUCCESS) { - retval = _parse_env_file(pamh, ctrl, env_file); - if (retval == PAM_IGNORE) - retval = PAM_SUCCESS; - } - - /* indicate success or failure */ - - D(("Exit.")); - return retval; + /* Function was identical to pam_sm_setcred, so call it instead */ + D(("Called -- calling pam_sm_setcred instead...")); + return pam_sm_setcred(pamh, flags, argc, argv); } PAM_EXTERN int diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index 26d6bd15..f8c152ad 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -33,6 +33,9 @@ retry=N + + type=STRING + @@ -119,6 +122,21 @@ + + + + + + + The default action is for the module to use the + following prompts when requesting passwords: + "New UNIX password: " and "Retype UNIX password: ". + The default word UNIX can + be replaced with this option. + + + + diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index d3cce728..424be38e 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -58,7 +58,9 @@ #include "opasswd.h" +/* For Translators: "%s%s" could be replaced with " " or "". */ #define NEW_PASSWORD_PROMPT _("New %s%spassword: ") +/* For Translators: "%s%s" could be replaced with " " or "". */ #define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ") #define MISTYPED_PASSWORD _("Sorry, passwords do not match.") @@ -70,6 +72,7 @@ struct options_t { int enforce_for_root; int remember; int tries; + const char *prompt_type; }; typedef struct options_t options_t; @@ -101,6 +104,8 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) } else if (strcasecmp (argv, "enforce_for_root") == 0) options->enforce_for_root = 1; + else if (strncasecmp (argv, "type=", 5) == 0) + options->prompt_type = &argv[5]; else pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); } @@ -121,6 +126,7 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) /* Set some default values, which could be overwritten later. */ options.remember = 10; options.tries = 1; + options.prompt_type = "UNIX"; /* Parse parameters for module */ for ( ; argc-- > 0; argv++) @@ -209,7 +215,8 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) while ((newpass == NULL) && (tries++ < options.tries)) { retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass, - NEW_PASSWORD_PROMPT, "UNIX", " "); + NEW_PASSWORD_PROMPT, options.prompt_type, + strlen (options.prompt_type) > 0?" ":""); if (retval != PAM_SUCCESS) { _pam_drop (newpass); @@ -249,7 +256,9 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) char *new2; retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2, - AGAIN_PASSWORD_PROMPT, "UNIX", " "); + AGAIN_PASSWORD_PROMPT, + options.prompt_type, + strlen (options.prompt_type) > 0?" ":""); if (retval != PAM_SUCCESS) return retval; diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 36f30708..518c015a 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -280,7 +280,7 @@ check_acl(pam_handle_t *pamh, return noent_code; default: if (debug) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_DEBUG, "error opening %s: %m", path); } return PAM_PERM_DENIED; @@ -293,7 +293,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { char *cookiefile = NULL, *xauthority = NULL, - *cookie = NULL, *display = NULL, *tmp = NULL; + *cookie = NULL, *display = NULL, *tmp = NULL, + *xauthlocalhostname = NULL; const char *user, *xauth = NULL; struct passwd *tpwd, *rpwd; int fd, i, debug = 0; @@ -588,14 +589,30 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, if (asprintf(&d, "DISPLAY=%s", display) < 0) { - pam_syslog(pamh, LOG_DEBUG, "out of memory"); + pam_syslog(pamh, LOG_ERR, "out of memory"); cookiefile = NULL; retval = PAM_SESSION_ERR; goto cleanup; } if (pam_putenv (pamh, d) != PAM_SUCCESS) - pam_syslog (pamh, LOG_DEBUG, + pam_syslog (pamh, LOG_ERR, + "can't set environment variable '%s'", d); + free (d); + } + + /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ + if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) { + char *d; + + if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) { + pam_syslog(pamh, LOG_ERR, "out of memory"); + retval = PAM_SESSION_ERR; + goto cleanup; + } + + if (pam_putenv (pamh, d) != PAM_SUCCESS) + pam_syslog (pamh, LOG_ERR, "can't set environment variable '%s'", d); free (d); } -- cgit v1.2.3