Attachment #741103 for bug #1045886

View | Details | Raw Unified | Return to bug 1045886
Collapse All | Expand All

Lines 31-37 pam_config_SOURCES = pam-config.c load_c Link Here

(-)pam-config-0.91/src/Makefile.am (-1 / +2 lines)
31	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \	31	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
32	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \	32	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
33	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \	33	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
34	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c	34	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c \
		35	mod_pam_keyinit.c
35		36
36	noinst_HEADERS = pam-config.h pam-module.h	37	noinst_HEADERS = pam-config.h pam-module.h
37		38




	mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \
	mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \
	mod_pam_access.$(OBJEXT) \
	mod_pam_google_authenticator.$(OBJEXT) mod_pam_keyinit.$(OBJEXT)
pam_config_OBJECTS = $(am_pam_config_OBJECTS)
pam_config_LDADD = $(LDADD)
AM_V_P = $(am__v_P_@AM_V@)

	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c \
	mod_pam_keyinit.c

noinst_HEADERS = pam-config.h pam-module.h
all: all-am

@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_gnome_keyring.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_google_authenticator.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_group.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_keyinit.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_krb5.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_lastlog.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_ldap.Po@am__quote@




/* Copyright (C) 2017 SUSE Linux GmbH
   Author: Josef Möllers <jmoellers@suse.de>

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License version 2 as
   published by the Free Software Foundation.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software Foundation,
   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif


#include <stdio.h>
#include <string.h>
#include <ctype.h>

#include "pam-config.h"
#include "pam-module.h"

static void write_entry(FILE *fp, option_set_t *opt_set);

static int
write_config_keyinit (pam_module_t *this,
		      enum write_type op __attribute__ ((unused)),
		      FILE *unused __attribute__((unused)))
{
  option_set_t *opt_set = this->get_opt_set (this, SESSION);
  FILE *fp;
  config_content_t *cfg_content;
  int writeit = opt_set->is_enabled (opt_set, "is_enabled");
  int is_written = 0;

  if (debug)
    debug_write_call (this, SESSION);

  load_single_config (gl_service, &cfg_content);

  fp = create_service_file (gl_service);
  if (!fp) return 0;

  fprintf(stderr, "writeit=%d, is_written=%d\n", writeit, is_written);
  while (cfg_content != NULL)
  {
    fprintf(stderr, "cfg_content->line = >>%s", cfg_content->line);
    if (writeit)
    {
      fprintf(stderr, "writeit=%d\n", writeit);
      if (!is_written)
      {
	fprintf(stderr, "is_written=%d\n", is_written);
	/* write this entry as the first in the session part */
	if (strstr(cfg_content->line, "session") != NULL)
	{
	  fprintf(stderr, "strstr(cfg_content->line, \"session\") != NULL\n");
	  write_entry(fp, opt_set);
	  is_written = 1;
	}
      }
      /* skip old entries */
      if (strcasestr (cfg_content->line, "pam_keyinit.so") == NULL )
	fprintf (fp, "%s", cfg_content->line);
    }
    else
    {
      /* skip old entries */
      if (strcasestr (cfg_content->line, "pam_keyinit.so") == NULL)
	fprintf (fp, "%s", cfg_content->line);
      else
	is_written = 1;
    }
    cfg_content = cfg_content->next;
  }

  /*
   * If it has not been written yet, write it now
   * This is highly unlikely as most config files include common-session
   * but then ...
   */
  if (!is_written)
  {
    write_entry(fp, opt_set);
    is_written = 1;
  }

  return close_service_file (fp,gl_service);
}

static void
write_entry(FILE *fp, option_set_t *opt_set)
{
  fprintf(stderr, "write_entry(fp, opt_set)\n");
  fprintf (fp, "session  optional\tpam_keyinit.so revoke ");
  if (opt_set->is_enabled (opt_set, "force"))
    fprintf (fp, "force ");
  if (opt_set->is_enabled (opt_set, "debug"))
    fprintf (fp, "debug ");

  fprintf (fp, "\n");

  return;
}

GETOPT_START_ALL
  else if (strcmp ("force", opt) == 0)
    {
      opt_set = this->get_opt_set (this, SESSION);
      opt_set->enable (opt_set, "force", g_opt->opt_val);
    }
GETOPT_END_ALL

PRINT_ARGS("keyinit")
PRINT_XMLHELP("keyinit")

/* ---- contruct module object ---- */
DECLARE_BOOL_OPTS_3 (is_enabled, debug, force);
DECLARE_STRING_OPTS_0;
DECLARE_OPT_SETS;

static module_helptext_t helptext[] = {{NULL, NULL, NULL}};

/* at last construct the complete module object */
pam_module_t mod_pam_keyinit = { "pam_keyinit.so", opt_sets, helptext,
			      &def_parse_config,
			      &def_print_module,
			      &write_config_keyinit,
			      &get_opt_set,
			      &getopt,
			      &print_args,
			      &print_xmlhelp};




option to all pam_csync\&.so invocations\&.
.RE
.PP
\fB\-\-keyinit\fR
.RS 4
Enable/Disable pam_keyinit\&.so
.RE
.PP
\fB\-\-keyinit\-debug\fR
.RS 4
Add
\fBdebug\fR
option to all pam_keyinit\&.so invocations\&.
.RE
.PP
\fB\-\-keyinit\-force\fR
.RS 4
Add
\fBforce\fR
option to all pam_keyinit\&.so invocations\&.
.RE
.PP
\fB\-\-lastlog\fR
.RS 4
Enable/Disable pam_lastlog\&.so

\fBPAM\fR(8),
\fBpam_unix\fR(8),
\fBpam_cracklib\fR(8),
\fBpam_keyinit\fR(8),
\fBpam_mkhomedir\fR(8),
\fBpam_limits\fR(8),
\fBpam_env\fR(8),




              </para>
            </listitem>
          </varlistentry>
	  <varlistentry>
	    <term><option>--keyinit</option></term>
	    <listitem>
	      <para>
	        Enable/Disable pam_keyinit.so
	      </para>
	    </listitem>
	  </varlistentry>
          <varlistentry>
            <term><option>--keyinit-debug</option></term>
            <listitem>
              <para>
                Add <option>debug</option> option to all pam_keyinit.so invocations.
              </para>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term><option>--keyinit-force</option></term>
            <listitem>
              <para>
                Add <option>force</option> option to all pam_keyinit.so invocations.
              </para>
            </listitem>
          </varlistentry>
          <varlistentry>
            <term><option>--krb5</option></term>
            <listitem>

Lines 39-44 extern pam_module_t mod_pam_winbind; Link Here

(-)pam-config-0.91/src/supported-modules.h (+2 lines)
39	extern pam_module_t mod_pam_ck_connector;	39	extern pam_module_t mod_pam_ck_connector;
40	extern pam_module_t mod_pam_cryptpass;	40	extern pam_module_t mod_pam_cryptpass;
41	extern pam_module_t mod_pam_csync;	41	extern pam_module_t mod_pam_csync;
		42	extern pam_module_t mod_pam_keyinit;
42	extern pam_module_t mod_pam_loginuid;	43	extern pam_module_t mod_pam_loginuid;
43	extern pam_module_t mod_pam_mount;	44	extern pam_module_t mod_pam_mount;
44	extern pam_module_t mod_pam_systemd;	45	extern pam_module_t mod_pam_systemd;
Lines 166-171 pam_module_t *service_module_list[] = { Link Here
166	&mod_pam_ck_connector,	167	&mod_pam_ck_connector,
167	&mod_pam_cryptpass,	168	&mod_pam_cryptpass,
168	&mod_pam_csync,	169	&mod_pam_csync,
		170	&mod_pam_keyinit,
169	&mod_pam_lastlog,	171	&mod_pam_lastlog,
170	&mod_pam_loginuid,	172	&mod_pam_loginuid,
171	&mod_pam_mount,	173	&mod_pam_mount,

Return to bug 1045886

Lines 1198-1203 Add Link Here

(-)pam-config-0.91/src/pam-config.8 (+20 lines)
1198	option to all pam_csync\&.so invocations\&.	1198	option to all pam_csync\&.so invocations\&.
1199	.RE	1199	.RE
1200	.PP	1200	.PP
		1201	\fB\-\-keyinit\fR
		1202	.RS 4
		1203	Enable/Disable pam_keyinit\&.so
		1204	.RE
		1205	.PP
		1206	\fB\-\-keyinit\-debug\fR
		1207	.RS 4
		1208	Add
		1209	\fBdebug\fR
		1210	option to all pam_keyinit\&.so invocations\&.
		1211	.RE
		1212	.PP
		1213	\fB\-\-keyinit\-force\fR
		1214	.RS 4
		1215	Add
		1216	\fBforce\fR
		1217	option to all pam_keyinit\&.so invocations\&.
		1218	.RE
		1219	.PP
1201	\fB\-\-lastlog\fR	1220	\fB\-\-lastlog\fR
1202	.RS 4	1221	.RS 4
1203	Enable/Disable pam_lastlog\&.so	1222	Enable/Disable pam_lastlog\&.so
Lines 1338-1343 Enable pam_umask\&.so whether installed Link Here
1338	\fBPAM\fR(8),	1357	\fBPAM\fR(8),
1339	\fBpam_unix\fR(8),	1358	\fBpam_unix\fR(8),
1340	\fBpam_cracklib\fR(8),	1359	\fBpam_cracklib\fR(8),
		1360	\fBpam_keyinit\fR(8),
1341	\fBpam_mkhomedir\fR(8),	1361	\fBpam_mkhomedir\fR(8),
1342	\fBpam_limits\fR(8),	1362	\fBpam_limits\fR(8),
1343	\fBpam_env\fR(8),	1363	\fBpam_env\fR(8),

Lines 123-129 am_pam_config_OBJECTS = pam-config.$(OBJ Link Here

(-)pam-config-0.91/src/Makefile.in (-2 / +4 lines)
123	mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \	123	mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \
124	mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \	124	mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \
125	mod_pam_access.$(OBJEXT) \	125	mod_pam_access.$(OBJEXT) \
126	mod_pam_google_authenticator.$(OBJEXT)	126	mod_pam_google_authenticator.$(OBJEXT) mod_pam_keyinit.$(OBJEXT)
127	pam_config_OBJECTS = $(am_pam_config_OBJECTS)	127	pam_config_OBJECTS = $(am_pam_config_OBJECTS)
128	pam_config_LDADD = $(LDADD)	128	pam_config_LDADD = $(LDADD)
129	AM_V_P = $(am__v_P_@AM_V@)	129	AM_V_P = $(am__v_P_@AM_V@)
Lines 350-356 pam_config_SOURCES = pam-config.c load_c Link Here
350	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \	350	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
351	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \	351	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
352	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \	352	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
353	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c	353	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c \
		354	mod_pam_keyinit.c
354		355
355	noinst_HEADERS = pam-config.h pam-module.h	356	noinst_HEADERS = pam-config.h pam-module.h
356	all: all-am	357	all: all-am
Lines 475-480 distclean-compile: Link Here
475	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_gnome_keyring.Po@am__quote@	476	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_gnome_keyring.Po@am__quote@
476	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_google_authenticator.Po@am__quote@	477	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_google_authenticator.Po@am__quote@
477	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_group.Po@am__quote@	478	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_group.Po@am__quote@
		479	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_keyinit.Po@am__quote@
478	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_krb5.Po@am__quote@	480	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_krb5.Po@am__quote@
479	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_lastlog.Po@am__quote@	481	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_lastlog.Po@am__quote@
480	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_ldap.Po@am__quote@	482	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_ldap.Po@am__quote@

Line 0 Link Here

(-)pam-config-0.91/src/mod_pam_keyinit.c (+138 lines)
		1	/* Copyright (C) 2017 SUSE Linux GmbH
		2	Author: Josef Möllers <jmoellers@suse.de>
		3
		4	This program is free software; you can redistribute it and/or modify
		5	it under the terms of the GNU General Public License version 2 as
		6	published by the Free Software Foundation.
		7
		8	This program is distributed in the hope that it will be useful,
		9	but WITHOUT ANY WARRANTY; without even the implied warranty of
		10	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		11	GNU General Public License for more details.
		12
		13	You should have received a copy of the GNU General Public License
		14	along with this program; if not, write to the Free Software Foundation,
		15	Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
		16
		17	#ifdef HAVE_CONFIG_H
		18	#include <config.h>
		19	#endif
		20
		21
		22	#include <stdio.h>
		23	#include <string.h>
		24	#include <ctype.h>
		25
		26	#include "pam-config.h"
		27	#include "pam-module.h"
		28
		29	static void write_entry(FILE fp, option_set_t opt_set);
		30
		31	static int
		32	write_config_keyinit (pam_module_t *this,
		33	enum write_type op __attribute__ ((unused)),
		34	FILE *unused __attribute__((unused)))
		35	{
		36	option_set_t *opt_set = this->get_opt_set (this, SESSION);
		37	FILE *fp;
		38	config_content_t *cfg_content;
		39	int writeit = opt_set->is_enabled (opt_set, "is_enabled");
		40	int is_written = 0;
		41
		42	if (debug)
		43	debug_write_call (this, SESSION);
		44
		45	load_single_config (gl_service, &cfg_content);
		46
		47	fp = create_service_file (gl_service);
		48	if (!fp) return 0;
		49
		50	fprintf(stderr, "writeit=%d, is_written=%d\n", writeit, is_written);
		51	while (cfg_content != NULL)
		52	{
		53	fprintf(stderr, "cfg_content->line = >>%s", cfg_content->line);
		54	if (writeit)
		55	{
		56	fprintf(stderr, "writeit=%d\n", writeit);
		57	if (!is_written)
		58	{
		59	fprintf(stderr, "is_written=%d\n", is_written);
		60	/* write this entry as the first in the session part */
		61	if (strstr(cfg_content->line, "session") != NULL)
		62	{
		63	fprintf(stderr, "strstr(cfg_content->line, \"session\") != NULL\n");
		64	write_entry(fp, opt_set);
65	is_written = 1;
66	}
67	}
68	/* skip old entries */
69	if (strcasestr (cfg_content->line, "pam_keyinit.so") == NULL )
70	fprintf (fp, "%s", cfg_content->line);
71	}
72	else
73	{
74	/* skip old entries */
75	if (strcasestr (cfg_content->line, "pam_keyinit.so") == NULL)
76	fprintf (fp, "%s", cfg_content->line);
77	else
78	is_written = 1;
79	}
80	cfg_content = cfg_content->next;
81	}
82
83	/*
84	* If it has not been written yet, write it now
85	* This is highly unlikely as most config files include common-session
86	* but then ...
87	*/
88	if (!is_written)
89	{
90	write_entry(fp, opt_set);
91	is_written = 1;
92	}
93
94	return close_service_file (fp,gl_service);
95	}
96
97	static void
98	write_entry(FILE fp, option_set_t opt_set)
99	{
100	fprintf(stderr, "write_entry(fp, opt_set)\n");
101	fprintf (fp, "session optional\tpam_keyinit.so revoke ");
102	if (opt_set->is_enabled (opt_set, "force"))
103	fprintf (fp, "force ");
104	if (opt_set->is_enabled (opt_set, "debug"))
105	fprintf (fp, "debug ");
106
107	fprintf (fp, "\n");
108
109	return;
110	}
111
112	GETOPT_START_ALL
113	else if (strcmp ("force", opt) == 0)
114	{
115	opt_set = this->get_opt_set (this, SESSION);
116	opt_set->enable (opt_set, "force", g_opt->opt_val);
117	}
118	GETOPT_END_ALL
119
120	PRINT_ARGS("keyinit")
121	PRINT_XMLHELP("keyinit")
122
123	/* ---- contruct module object ---- */
124	DECLARE_BOOL_OPTS_3 (is_enabled, debug, force);
125	DECLARE_STRING_OPTS_0;
126	DECLARE_OPT_SETS;
127
128	static module_helptext_t helptext[] = {{NULL, NULL, NULL}};
129
130	/* at last construct the complete module object */
131	pam_module_t mod_pam_keyinit = { "pam_keyinit.so", opt_sets, helptext,
132	&def_parse_config,
133	&def_print_module,
134	&write_config_keyinit,
135	&get_opt_set,
136	&getopt,
137	&print_args,
138	&print_xmlhelp};

Lines 561-566 Link Here

(-)pam-config-0.91/src/pam-config.8.xml (+24 lines)
561	</para>	561	</para>
562	</listitem>	562	</listitem>
563	</varlistentry>	563	</varlistentry>
		564	<varlistentry>
		565	<term><option>--keyinit</option></term>
		566	<listitem>
		567	<para>
		568	Enable/Disable pam_keyinit.so
		569	</para>
		570	</listitem>
		571	</varlistentry>
		572	<varlistentry>
		573	<term><option>--keyinit-debug</option></term>
		574	<listitem>
		575	<para>
		576	Add <option>debug</option> option to all pam_keyinit.so invocations.
		577	</para>
		578	</listitem>
		579	</varlistentry>
		580	<varlistentry>
		581	<term><option>--keyinit-force</option></term>
		582	<listitem>
		583	<para>
		584	Add <option>force</option> option to all pam_keyinit.so invocations.
		585	</para>
		586	</listitem>
		587	</varlistentry>
564	<varlistentry>	588	<varlistentry>
565	<term><option>--krb5</option></term>	589	<term><option>--krb5</option></term>
566	<listitem>	590	<listitem>