.\" Title: pam_putenv
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/27/2006
-.\" Manual: Linux\-PAM Manual
-.\" Source: Linux\-PAM Manual
+.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+.\" Date: 09/28/2007
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
.\"
-.TH "PAM_PUTENV" "3" "06/27/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_PUTENV" "3" "09/28/2007" "Linux-PAM Manual" "Linux-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
-pam_putenv \- set or change PAM environment variable
+pam_putenv - set or change PAM environment variable
.SH "SYNOPSIS"
.sp
.ft B
.nf
-#include <security/pam_appl.h>
+#include <security/pam_appl\.h>
.fi
.ft
.HP 15
\fBpam_putenv\fR
function is used to add or change the value of PAM environment variables as associated with the
\fIpamh\fR
-handle.
+handle\.
.PP
The
\fIpamh\fR
-argument is an authentication handle obtained by a prior call to pam_start(). The
+argument is an authentication handle obtained by a prior call to pam_start()\. The
\fIname_value\fR
argument is a single NUL terminated string of one of the following forms:
-.TP 3n
+.PP
NAME=value of variable
+.RS 4
In this case the environment variable of the given NAME is set to the indicated value:
-\fIvalue of variable\fR. If this variable is already known, it is overwritten. Otherwise it is added to the PAM environment.
-.TP 3n
+\fIvalue of variable\fR\. If this variable is already known, it is overwritten\. Otherwise it is added to the PAM environment\.
+.RE
+.PP
NAME=
-This function sets the variable to an empty value. It is listed separately to indicate that this is the correct way to achieve such a setting.
-.TP 3n
+.RS 4
+This function sets the variable to an empty value\. It is listed separately to indicate that this is the correct way to achieve such a setting\.
+.RE
+.PP
NAME
-Without an '=' the pam_putenv() function will delete the corresponding variable from the PAM environment.
+.RS 4
+Without an \'=\' the
+\fBpam_putenv\fR() function will delete the corresponding variable from the PAM environment\.
+.RE
+.PP
+
+\fBpam_putenv\fR() operates on a copy of
+\fIname_value\fR, which means in contrast to
+\fBputenv\fR(3), the application is responsible to free the data\.
.SH "RETURN VALUES"
-.TP 3n
+.PP
PAM_PERM_DENIED
+.RS 4
Argument
\fIname_value\fR
-given is a NULL pointer.
-.TP 3n
+given is a NULL pointer\.
+.RE
+.PP
PAM_BAD_ITEM
-Variable requested (for deletion) is not currently set.
-.TP 3n
+.RS 4
+Variable requested (for deletion) is not currently set\.
+.RE
+.PP
PAM_ABORT
+.RS 4
The
\fIpamh\fR
-handle is corrupt.
-.TP 3n
+handle is corrupt\.
+.RE
+.PP
PAM_BUF_ERR
-Memory buffer error.
-.TP 3n
+.RS 4
+Memory buffer error\.
+.RE
+.PP
PAM_SUCCESS
-The environment variable was successfully updated.
+.RS 4
+The environment variable was successfully updated\.
+.RE
.SH "SEE ALSO"
.PP
--- /dev/null
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in group.conf:
+
+ tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrp
+
+
+ pam_group should add group tstpamgrp to user tstpamgrp, but not
+ to tstpamgrp2.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <grp.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <security/pam_appl.h>
+
+#define GROUP_BLK 10
+#define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK)
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+static int debug = 0;
+
+static int
+run_test (const char *user, gid_t groupid, int needit)
+{
+ pam_handle_t *pamh = NULL;
+ int retval;
+
+ retval = pam_start("tst-pam_group1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_group1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_setcred returned %d\n", retval);
+ return 1;
+ }
+
+
+ int no_grps = getgroups(0, NULL); /* find the current number of groups */
+ if (no_grps > 0)
+ {
+ int i, found;
+ gid_t *grps = calloc (blk_size (no_grps), sizeof(gid_t));
+
+ if (getgroups(no_grps, grps) < 0)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: getroups returned error: %m\n");
+ pam_end (pamh, PAM_SYSTEM_ERR);
+ return 1;
+ }
+
+ found = 0;
+ for (i = 0; i < no_grps; ++i)
+ {
+#if 0
+ if (debug)
+ fprintf (stderr, "gid[%d]=%d\n", i, grps[i]);
+#endif
+ if (grps[i] == groupid)
+ found = 1;
+ }
+ if ((needit && found) || (!needit && !found))
+ {
+ /* everything is ok */
+ }
+ else
+ {
+ pam_end (pamh, PAM_SYSTEM_ERR);
+ if (debug)
+ fprintf (stderr,
+ "pam_group1: unexpected result for %s: needit=%d, found=%d\n",
+ user, needit, found);
+ return 1;
+ }
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+ struct group *grp;
+ gid_t grpid;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ grp = getgrnam ("tstpamgrp");
+ if (grp == NULL)
+ return 1;
+ grpid = grp->gr_gid;
+
+ if (run_test ("root", grpid, 0) != 0 ||
+ run_test ("tstpamgrp2", grpid, 0) != 0 ||
+ run_test ("tstpamgrp", grpid, 1) != 0)
+ return 1;
+
+ return 0;
+}