diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-09-06 16:30:54 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-09-09 19:03:48 +0200 |
| commit | 229d4a980607e9478cf1935793652ddd9a14618b (patch) | |
| tree | 67a8fa54e607e3d1aa16427829dda3dcc08f87f9 /src/login | |
| parent | machinectl: suppress redirection notice if --quiet is specified (diff) | |
| download | systemd-229d4a980607e9478cf1935793652ddd9a14618b.tar.xz systemd-229d4a980607e9478cf1935793652ddd9a14618b.zip | |
shell: define three system credentials we can propagate into shell prompts and welcome messages
Diffstat (limited to 'src/login')
| -rw-r--r-- | src/login/pam_systemd.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 40721ebfd9..77b23d54db 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -27,6 +27,7 @@ #include "cap-list.h" #include "capability-util.h" #include "cgroup-setup.h" +#include "creds-util.h" #include "devnum-util.h" #include "errno-util.h" #include "fd-util.h" @@ -567,6 +568,31 @@ static int update_environment(pam_handle_t *handle, const char *key, const char return PAM_SUCCESS; } +static int propagate_credential_to_environment(pam_handle_t *handle, const char *credential, const char *varname) { + int r; + + assert(handle); + assert(credential); + assert(varname); + + _cleanup_free_ char *value = NULL; + + /* Read a service credential, and propagate it into an environment variable */ + + r = read_credential(credential, (void**) &value, /* ret_size= */ NULL); + if (r < 0) { + log_debug_errno(r, "Failed to read credential '%s', ignoring: %m", credential); + return PAM_SUCCESS; + } + + r = pam_misc_setenv(handle, varname, value, 0); + if (r != PAM_SUCCESS) + return pam_syslog_pam_error(handle, LOG_ERR, r, + "Failed to set environment variable %s: @PAMERR@", varname); + + return PAM_SUCCESS; +} + static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) { struct stat st; @@ -1192,6 +1218,19 @@ _public_ PAM_EXTERN int pam_sm_open_session( if (r != PAM_SUCCESS) return r; + static const char *const propagate[] = { + "shell.prompt.prefix", "SHELL_PROMPT_PREFIX", + "shell.prompt.suffix", "SHELL_PROMPT_SUFFIX", + "shell.welcome", "SHELL_WELCOME", + NULL + }; + + STRV_FOREACH_PAIR(k, v, propagate) { + r = propagate_credential_to_environment(handle, *k, *v); + if (r != PAM_SUCCESS) + return r; + } + if (vtnr > 0) { char buf[DECIMAL_STR_MAX(vtnr)]; sprintf(buf, "%u", vtnr); |