#define DEFAULT_ETC_ENVFILE "/etc/environment"
#define DEFAULT_READ_ENVFILE 1
+#define DEFAULT_USER_ENVFILE ".environment"
+#define DEFAULT_USER_READ_ENVFILE 1
+
#include "config.h"
#include <ctype.h>
/* argument parsing */
#define PAM_DEBUG_ARG 0x01
-#define PAM_NEW_CONF_FILE 0x02
-#define PAM_ENV_SILENT 0x04
-#define PAM_NEW_ENV_FILE 0x10
static int
_pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
- const char **conffile, const char **envfile, int *readenv)
+ char **conffile, char **envfile, int *readenv,
+ char **user_envfile, int *user_readenv)
{
int ctrl=0;
+ *user_envfile = strdup (DEFAULT_USER_ENVFILE);
+ *envfile = strdup (DEFAULT_ETC_ENVFILE);
+ *readenv = DEFAULT_READ_ENVFILE;
+ *user_readenv = DEFAULT_USER_READ_ENVFILE;
+ *conffile = strdup (DEFAULT_CONF_FILE);
/* step through arguments */
for (; argc-- > 0; ++argv) {
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
else if (!strncmp(*argv,"conffile=",9)) {
- *conffile = 9 + *argv;
- if (**conffile != '\0') {
- D(("new Configuration File: %s", *conffile));
- ctrl |= PAM_NEW_CONF_FILE;
- } else {
- pam_syslog(pamh, LOG_ERR,
- "conffile= specification missing argument - ignored");
- }
+ if (*argv+9 == '\0') {
+ pam_syslog(pamh, LOG_ERR,
+ "conffile= specification missing argument - ignored");
+ } else {
+ free(*conffile);
+ *conffile = x_strdup(9+*argv);
+ D(("new Configuration File: %s", *conffile));
+ }
} else if (!strncmp(*argv,"envfile=",8)) {
- *envfile = 8 + *argv;
- if (**envfile != '\0') {
- D(("new Env File: %s", *envfile));
- ctrl |= PAM_NEW_ENV_FILE;
- } else {
- pam_syslog (pamh, LOG_ERR,
- "envfile= specification missing argument - ignored");
- }
+ if (*argv+8 == '\0') {
+ pam_syslog (pamh, LOG_ERR,
+ "envfile= specification missing argument - ignored");
+ } else {
+ free(*envfile);
+ *envfile = x_strdup(8+*argv);
+ D(("new Env File: %s", *envfile));
+ }
+ } else if (!strncmp(*argv,"user_envfile=",13)) {
+ if (*argv+13 == '\0') {
+ pam_syslog (pamh, LOG_ERR,
+ "user_envfile= specification missing argument - ignored");
+ } else {
+ free(*user_envfile);
+ *user_envfile = x_strdup(13+*argv);
+ D(("new User Env File: %s", *user_env_file));
+ }
} else if (!strncmp(*argv,"readenv=",8))
- *readenv = atoi(8+*argv);
+ *readenv = atoi(8+*argv);
+ else if (!strncmp(*argv,"user_readenv=",13))
+ *user_readenv = atoi(13+*argv);
else
- pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
return ctrl;
}
static int
-_parse_config_file(pam_handle_t *pamh, int ctrl, const char *conffile)
+_parse_config_file(pam_handle_t *pamh, char *file)
{
int retval;
- const char *file;
char buffer[BUF_SIZE];
FILE *conf;
VAR Var, *var=&Var;
- var->name=NULL; var->defval=NULL; var->override=NULL;
D(("Called."));
- if (ctrl & PAM_NEW_CONF_FILE) {
- file = conffile;
- } else {
- file = DEFAULT_CONF_FILE;
- }
+ var->name=NULL; var->defval=NULL; var->override=NULL;
D(("Config file name is: %s", file));
}
static int
-_parse_env_file(pam_handle_t *pamh, int ctrl, const char *env_file)
+_parse_env_file(pam_handle_t *pamh, char *file)
{
int retval=PAM_SUCCESS, i, t;
- const char *file;
char buffer[BUF_SIZE], *key, *mark;
FILE *conf;
- if (ctrl & PAM_NEW_ENV_FILE)
- file = env_file;
- else
- file = DEFAULT_ETC_ENVFILE;
-
D(("Env file name is: %s", file));
if ((conf = fopen(file,"r")) == NULL) {
pam_syslog(pamh, LOG_ERR, "out of memory");
return PAM_BUF_ERR;
}
-
+
retval = pam_putenv(pamh, envvar);
_pam_drop(envvar);
D(("Exit."));
int argc, const char **argv)
{
int retval, ctrl, readenv=DEFAULT_READ_ENVFILE;
- const char *conf_file = NULL, *env_file = NULL;
+ int user_readenv = DEFAULT_USER_READ_ENVFILE;
+ char *conf_file = NULL, *env_file = NULL, *user_env_file = NULL;
+
/*
* this module sets environment variables read in from a file
*/
D(("Called."));
- ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv);
+ ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file,
+ &readenv, &user_env_file, &user_readenv);
- retval = _parse_config_file(pamh, ctrl, conf_file);
+ retval = _parse_config_file(pamh, conf_file);
if(readenv && retval == PAM_SUCCESS) {
- retval = _parse_env_file(pamh, ctrl, env_file);
+ retval = _parse_env_file(pamh, env_file);
if (retval == PAM_IGNORE)
retval = PAM_SUCCESS;
}
+ if(user_readenv && retval == PAM_SUCCESS) {
+ char *envpath = NULL;
+ struct passwd *user_entry;
+ const char *username;
+ struct stat statbuf;
+
+ username = _pam_get_item_byname(pamh, "PAM_USER");
+
+ user_entry = getpwnam(username);
+ if (!user_entry) {
+ pam_syslog(pamh, LOG_ERR, "No such user!?");
+ }
+ else {
+ if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0)
+ {
+ pam_syslog(pamh, LOG_ERR, "Out of memory");
+ free (conf_file);
+ free (env_file);
+ free (user_env_file);
+ return PAM_BUF_ERR;
+ }
+ if (stat(envpath, &statbuf) == 0) {
+ retval = _parse_config_file(pamh, envpath);
+ if (retval == PAM_IGNORE)
+ retval = PAM_SUCCESS;
+ }
+ free(envpath);
+ }
+ }
+
/* indicate success or failure */
+ free (conf_file);
+ free (env_file);
+ free (user_env_file);
D(("Exit."));
return retval;
pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- int retval, ctrl, readenv=DEFAULT_READ_ENVFILE;
- const char *conf_file = NULL, *env_file = NULL;
-
- /*
- * this module sets environment variables read in from a file
- */
-
- D(("Called."));
- ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv);
-
- retval = _parse_config_file(pamh, ctrl, conf_file);
-
- if(readenv && retval == PAM_SUCCESS) {
- retval = _parse_env_file(pamh, ctrl, env_file);
- if (retval == PAM_IGNORE)
- retval = PAM_SUCCESS;
- }
-
- /* indicate success or failure */
-
- D(("Exit."));
- return retval;
+ /* Function was identical to pam_sm_setcred, so call it instead */
+ D(("Called -- calling pam_sm_setcred instead..."));
+ return pam_sm_setcred(pamh, flags, argc, argv);
}
PAM_EXTERN int
#include "opasswd.h"
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
#define NEW_PASSWORD_PROMPT _("New %s%spassword: ")
+/* For Translators: "%s%s" could be replaced with "<service> " or "". */
#define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ")
#define MISTYPED_PASSWORD _("Sorry, passwords do not match.")
int enforce_for_root;
int remember;
int tries;
+ const char *prompt_type;
};
typedef struct options_t options_t;
}
else if (strcasecmp (argv, "enforce_for_root") == 0)
options->enforce_for_root = 1;
+ else if (strncasecmp (argv, "type=", 5) == 0)
+ options->prompt_type = &argv[5];
else
pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv);
}
/* Set some default values, which could be overwritten later. */
options.remember = 10;
options.tries = 1;
+ options.prompt_type = "UNIX";
/* Parse parameters for module */
for ( ; argc-- > 0; argv++)
while ((newpass == NULL) && (tries++ < options.tries))
{
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass,
- NEW_PASSWORD_PROMPT, "UNIX", " ");
+ NEW_PASSWORD_PROMPT, options.prompt_type,
+ strlen (options.prompt_type) > 0?" ":"");
if (retval != PAM_SUCCESS)
{
_pam_drop (newpass);
char *new2;
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2,
- AGAIN_PASSWORD_PROMPT, "UNIX", " ");
+ AGAIN_PASSWORD_PROMPT,
+ options.prompt_type,
+ strlen (options.prompt_type) > 0?" ":"");
if (retval != PAM_SUCCESS)
return retval;
return noent_code;
default:
if (debug) {
- pam_syslog(pamh, LOG_ERR,
+ pam_syslog(pamh, LOG_DEBUG,
"error opening %s: %m", path);
}
return PAM_PERM_DENIED;
int argc, const char **argv)
{
char *cookiefile = NULL, *xauthority = NULL,
- *cookie = NULL, *display = NULL, *tmp = NULL;
+ *cookie = NULL, *display = NULL, *tmp = NULL,
+ *xauthlocalhostname = NULL;
const char *user, *xauth = NULL;
struct passwd *tpwd, *rpwd;
int fd, i, debug = 0;
if (asprintf(&d, "DISPLAY=%s", display) < 0)
{
- pam_syslog(pamh, LOG_DEBUG, "out of memory");
+ pam_syslog(pamh, LOG_ERR, "out of memory");
cookiefile = NULL;
retval = PAM_SESSION_ERR;
goto cleanup;
}
if (pam_putenv (pamh, d) != PAM_SUCCESS)
- pam_syslog (pamh, LOG_DEBUG,
+ pam_syslog (pamh, LOG_ERR,
+ "can't set environment variable '%s'", d);
+ free (d);
+ }
+
+ /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */
+ if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) {
+ char *d;
+
+ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) {
+ pam_syslog(pamh, LOG_ERR, "out of memory");
+ retval = PAM_SESSION_ERR;
+ goto cleanup;
+ }
+
+ if (pam_putenv (pamh, d) != PAM_SUCCESS)
+ pam_syslog (pamh, LOG_ERR,
"can't set environment variable '%s'", d);
free (d);
}
projects / linux-pam / commitdiff