Attachment 741103 Details for Bug 1045886

[patch] Patch to add configuration of pam_keyinit to pam-config

pam-config-add-keyinit.patch (text/plain), 8.95 KB, created by Josef Möllers on 2017-09-19 14:11:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Josef Möllers

Created: 2017-09-19 14:11:53 UTC

Size: 8.95 KB

patch

obsolete

>Index: pam-config-0.91/src/Makefile.am
>===================================================================
>--- pam-config-0.91.orig/src/Makefile.am
>+++ pam-config-0.91/src/Makefile.am
>@@ -31,7 +31,8 @@ pam_config_SOURCES = pam-config.c load_c
> 	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
> 	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
> 	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
>-	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c
>+	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c \
>+	mod_pam_keyinit.c
> 
> noinst_HEADERS = pam-config.h pam-module.h
> 
>Index: pam-config-0.91/src/Makefile.in
>===================================================================
>--- pam-config-0.91.orig/src/Makefile.in
>+++ pam-config-0.91/src/Makefile.in
>@@ -123,7 +123,7 @@ am_pam_config_OBJECTS = pam-config.$(OBJ
> 	mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \
> 	mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \
> 	mod_pam_access.$(OBJEXT) \
>-	mod_pam_google_authenticator.$(OBJEXT)
>+	mod_pam_google_authenticator.$(OBJEXT) mod_pam_keyinit.$(OBJEXT)
> pam_config_OBJECTS = $(am_pam_config_OBJECTS)
> pam_config_LDADD = $(LDADD)
> AM_V_P = $(am__v_P_@AM_V@)
>@@ -350,7 +350,8 @@ pam_config_SOURCES = pam-config.c load_c
> 	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
> 	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
> 	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
>-	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c
>+	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c \
>+	mod_pam_keyinit.c
> 
> noinst_HEADERS = pam-config.h pam-module.h
> all: all-am
>@@ -475,6 +476,7 @@ distclean-compile:
> @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_gnome_keyring.Po@am__quote@
> @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_google_authenticator.Po@am__quote@
> @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_group.Po@am__quote@
>+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_keyinit.Po@am__quote@
> @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_krb5.Po@am__quote@
> @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_lastlog.Po@am__quote@
> @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mod_pam_ldap.Po@am__quote@
>Index: pam-config-0.91/src/mod_pam_keyinit.c
>===================================================================
>--- /dev/null
>+++ pam-config-0.91/src/mod_pam_keyinit.c
>@@ -0,0 +1,138 @@
>+/* Copyright (C) 2017 SUSE Linux GmbH
>+   Author: Josef MÃ¶llers <jmoellers@suse.de>
>+
>+   This program is free software; you can redistribute it and/or modify
>+   it under the terms of the GNU General Public License version 2 as
>+   published by the Free Software Foundation.
>+
>+   This program is distributed in the hope that it will be useful,
>+   but WITHOUT ANY WARRANTY; without even the implied warranty of
>+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>+   GNU General Public License for more details.
>+
>+   You should have received a copy of the GNU General Public License
>+   along with this program; if not, write to the Free Software Foundation,
>+   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
>+
>+#ifdef HAVE_CONFIG_H
>+#include <config.h>
>+#endif
>+
>+
>+#include <stdio.h>
>+#include <string.h>
>+#include <ctype.h>
>+
>+#include "pam-config.h"
>+#include "pam-module.h"
>+
>+static void write_entry(FILE *fp, option_set_t *opt_set);
>+
>+static int
>+write_config_keyinit (pam_module_t *this,
>+		      enum write_type op __attribute__ ((unused)),
>+		      FILE *unused __attribute__((unused)))
>+{
>+  option_set_t *opt_set = this->get_opt_set (this, SESSION);
>+  FILE *fp;
>+  config_content_t *cfg_content;
>+  int writeit = opt_set->is_enabled (opt_set, "is_enabled");
>+  int is_written = 0;
>+
>+  if (debug)
>+    debug_write_call (this, SESSION);
>+
>+  load_single_config (gl_service, &cfg_content);
>+
>+  fp = create_service_file (gl_service);
>+  if (!fp) return 0;
>+
>+  fprintf(stderr, "writeit=%d, is_written=%d\n", writeit, is_written);
>+  while (cfg_content != NULL)
>+  {
>+    fprintf(stderr, "cfg_content->line = >>%s", cfg_content->line);
>+    if (writeit)
>+    {
>+      fprintf(stderr, "writeit=%d\n", writeit);
>+      if (!is_written)
>+      {
>+	fprintf(stderr, "is_written=%d\n", is_written);
>+	/* write this entry as the first in the session part */
>+	if (strstr(cfg_content->line, "session") != NULL)
>+	{
>+	  fprintf(stderr, "strstr(cfg_content->line, \"session\") != NULL\n");
>+	  write_entry(fp, opt_set);
>+	  is_written = 1;
>+	}
>+      }
>+      /* skip old entries */
>+      if (strcasestr (cfg_content->line, "pam_keyinit.so") == NULL )
>+	fprintf (fp, "%s", cfg_content->line);
>+    }
>+    else
>+    {
>+      /* skip old entries */
>+      if (strcasestr (cfg_content->line, "pam_keyinit.so") == NULL)
>+	fprintf (fp, "%s", cfg_content->line);
>+      else
>+	is_written = 1;
>+    }
>+    cfg_content = cfg_content->next;
>+  }
>+
>+  /*
>+   * If it has not been written yet, write it now
>+   * This is highly unlikely as most config files include common-session
>+   * but then ...
>+   */
>+  if (!is_written)
>+  {
>+    write_entry(fp, opt_set);
>+    is_written = 1;
>+  }
>+
>+  return close_service_file (fp,gl_service);
>+}
>+
>+static void
>+write_entry(FILE *fp, option_set_t *opt_set)
>+{
>+  fprintf(stderr, "write_entry(fp, opt_set)\n");
>+  fprintf (fp, "session  optional\tpam_keyinit.so revoke ");
>+  if (opt_set->is_enabled (opt_set, "force"))
>+    fprintf (fp, "force ");
>+  if (opt_set->is_enabled (opt_set, "debug"))
>+    fprintf (fp, "debug ");
>+
>+  fprintf (fp, "\n");
>+
>+  return;
>+}
>+
>+GETOPT_START_ALL
>+  else if (strcmp ("force", opt) == 0)
>+    {
>+      opt_set = this->get_opt_set (this, SESSION);
>+      opt_set->enable (opt_set, "force", g_opt->opt_val);
>+    }
>+GETOPT_END_ALL
>+
>+PRINT_ARGS("keyinit")
>+PRINT_XMLHELP("keyinit")
>+
>+/* ---- contruct module object ---- */
>+DECLARE_BOOL_OPTS_3 (is_enabled, debug, force);
>+DECLARE_STRING_OPTS_0;
>+DECLARE_OPT_SETS;
>+
>+static module_helptext_t helptext[] = {{NULL, NULL, NULL}};
>+
>+/* at last construct the complete module object */
>+pam_module_t mod_pam_keyinit = { "pam_keyinit.so", opt_sets, helptext,
>+			      &def_parse_config,
>+			      &def_print_module,
>+			      &write_config_keyinit,
>+			      &get_opt_set,
>+			      &getopt,
>+			      &print_args,
>+			      &print_xmlhelp};
>Index: pam-config-0.91/src/pam-config.8
>===================================================================
>--- pam-config-0.91.orig/src/pam-config.8
>+++ pam-config-0.91/src/pam-config.8
>@@ -1198,6 +1198,25 @@ Add
> option to all pam_csync\&.so invocations\&.
> .RE
> .PP
>+\fB\-\-keyinit\fR
>+.RS 4
>+Enable/Disable pam_keyinit\&.so
>+.RE
>+.PP
>+\fB\-\-keyinit\-debug\fR
>+.RS 4
>+Add
>+\fBdebug\fR
>+option to all pam_keyinit\&.so invocations\&.
>+.RE
>+.PP
>+\fB\-\-keyinit\-force\fR
>+.RS 4
>+Add
>+\fBforce\fR
>+option to all pam_keyinit\&.so invocations\&.
>+.RE
>+.PP
> \fB\-\-lastlog\fR
> .RS 4
> Enable/Disable pam_lastlog\&.so
>@@ -1338,6 +1357,7 @@ Enable pam_umask\&.so whether installed
> \fBPAM\fR(8),
> \fBpam_unix\fR(8),
> \fBpam_cracklib\fR(8),
>+\fBpam_keyinit\fR(8),
> \fBpam_mkhomedir\fR(8),
> \fBpam_limits\fR(8),
> \fBpam_env\fR(8),
>Index: pam-config-0.91/src/pam-config.8.xml
>===================================================================
>--- pam-config-0.91.orig/src/pam-config.8.xml
>+++ pam-config-0.91/src/pam-config.8.xml
>@@ -561,6 +561,30 @@
>               </para>
>             </listitem>
>           </varlistentry>
>+	  <varlistentry>
>+	    <term><option>--keyinit</option></term>
>+	    <listitem>
>+	      <para>
>+	        Enable/Disable pam_keyinit.so
>+	      </para>
>+	    </listitem>
>+	  </varlistentry>
>+          <varlistentry>
>+            <term><option>--keyinit-debug</option></term>
>+            <listitem>
>+              <para>
>+                Add <option>debug</option> option to all pam_keyinit.so invocations.
>+              </para>
>+            </listitem>
>+          </varlistentry>
>+          <varlistentry>
>+            <term><option>--keyinit-force</option></term>
>+            <listitem>
>+              <para>
>+                Add <option>force</option> option to all pam_keyinit.so invocations.
>+              </para>
>+            </listitem>
>+          </varlistentry>
>           <varlistentry>
>             <term><option>--krb5</option></term>
>             <listitem>
>Index: pam-config-0.91/src/supported-modules.h
>===================================================================
>--- pam-config-0.91.orig/src/supported-modules.h
>+++ pam-config-0.91/src/supported-modules.h
>@@ -39,6 +39,7 @@ extern pam_module_t mod_pam_winbind;
> extern pam_module_t mod_pam_ck_connector;
> extern pam_module_t mod_pam_cryptpass;
> extern pam_module_t mod_pam_csync;
>+extern pam_module_t mod_pam_keyinit;
> extern pam_module_t mod_pam_loginuid;
> extern pam_module_t mod_pam_mount;
> extern pam_module_t mod_pam_systemd;
>@@ -166,6 +167,7 @@ pam_module_t *service_module_list[] = {
>   &mod_pam_ck_connector,
>   &mod_pam_cryptpass,
>   &mod_pam_csync,
>+  &mod_pam_keyinit,
>   &mod_pam_lastlog,
>   &mod_pam_loginuid,
>   &mod_pam_mount,

Actions: View | Diff

Attachments on bug 1045886: 734792 | 741103