summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2024-09-06 16:30:54 +0200
committerLennart Poettering <lennart@poettering.net>2024-09-09 19:03:48 +0200
commit229d4a980607e9478cf1935793652ddd9a14618b (patch)
tree67a8fa54e607e3d1aa16427829dda3dcc08f87f9 /src
parentmachinectl: suppress redirection notice if --quiet is specified (diff)
downloadsystemd-229d4a980607e9478cf1935793652ddd9a14618b.tar.xz
systemd-229d4a980607e9478cf1935793652ddd9a14618b.zip
shell: define three system credentials we can propagate into shell prompts and welcome messages
Diffstat (limited to 'src')
-rw-r--r--src/login/pam_systemd.c39
1 files changed, 39 insertions, 0 deletions
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 40721ebfd9..77b23d54db 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -27,6 +27,7 @@
#include "cap-list.h"
#include "capability-util.h"
#include "cgroup-setup.h"
+#include "creds-util.h"
#include "devnum-util.h"
#include "errno-util.h"
#include "fd-util.h"
@@ -567,6 +568,31 @@ static int update_environment(pam_handle_t *handle, const char *key, const char
return PAM_SUCCESS;
}
+static int propagate_credential_to_environment(pam_handle_t *handle, const char *credential, const char *varname) {
+ int r;
+
+ assert(handle);
+ assert(credential);
+ assert(varname);
+
+ _cleanup_free_ char *value = NULL;
+
+ /* Read a service credential, and propagate it into an environment variable */
+
+ r = read_credential(credential, (void**) &value, /* ret_size= */ NULL);
+ if (r < 0) {
+ log_debug_errno(r, "Failed to read credential '%s', ignoring: %m", credential);
+ return PAM_SUCCESS;
+ }
+
+ r = pam_misc_setenv(handle, varname, value, 0);
+ if (r != PAM_SUCCESS)
+ return pam_syslog_pam_error(handle, LOG_ERR, r,
+ "Failed to set environment variable %s: @PAMERR@", varname);
+
+ return PAM_SUCCESS;
+}
+
static bool validate_runtime_directory(pam_handle_t *handle, const char *path, uid_t uid) {
struct stat st;
@@ -1192,6 +1218,19 @@ _public_ PAM_EXTERN int pam_sm_open_session(
if (r != PAM_SUCCESS)
return r;
+ static const char *const propagate[] = {
+ "shell.prompt.prefix", "SHELL_PROMPT_PREFIX",
+ "shell.prompt.suffix", "SHELL_PROMPT_SUFFIX",
+ "shell.welcome", "SHELL_WELCOME",
+ NULL
+ };
+
+ STRV_FOREACH_PAIR(k, v, propagate) {
+ r = propagate_credential_to_environment(handle, *k, *v);
+ if (r != PAM_SUCCESS)
+ return r;
+ }
+
if (vtnr > 0) {
char buf[DECIMAL_STR_MAX(vtnr)];
sprintf(buf, "%u", vtnr);