Hi, I used the patch from ticket#24 and enhanced it with documentation. Ok to submit? diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index e04f5b5..1bfdf08 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -676,7 +676,7 @@ static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) const void *itemval; D(("Called.")); - if (strcmp(name, "PAM_USER") == 0) { + if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { item = PAM_USER; } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { item = PAM_USER_PROMPT; @@ -696,6 +696,19 @@ static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) D(("pam_get_item failed")); return NULL; /* let pam_get_item() log the error */ } + + if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { + struct passwd *user_entry; + user_entry = pam_modutil_getpwnam (pamh, (char *) itemval); + if (!user_entry) { + pam_syslog(pamh, LOG_ERR, "No such user!?"); + return NULL; + } + return (strcmp(name, "SHELL") == 0) ? + user_entry->pw_shell : + user_entry->pw_dir; + } + D(("Exit.")); return itemval; } diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml index 45950b8..4040275 100644 --- a/modules/pam_env/pam_env.conf.5.xml +++ b/modules/pam_env/pam_env.conf.5.xml @@ -43,14 +43,16 @@ <para> (Possibly non-existent) environment variables may be used in values - using the ${string} syntax and (possibly non-existent) PAM_ITEMs may - be used in values using the @{string} syntax. Both the $ and @ - characters can be backslash escaped to be used as literal values + using the ${string} syntax and (possibly non-existent) PAM_ITEMs as well + as HOME and SHELL may be used in values using the @{string} syntax. Both + the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported. Note that many environment variables that you would like to use may not be set by the time the module is called. - For example, HOME is used below several times, but + For example, ${HOME} is used below several times, but many PAM applications don't make it available by the time you need it. + The special variables @{HOME} and @{SHELL} are expanded to the values + for the user from his <emphasis>passwd</emphasis> entry. </para> <para> @@ -92,6 +94,7 @@ NNTPSERVER DEFAULT=localhost PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 + XDG_DATA_HOME @{HOME}/share/ </programlisting> <para> -- Thorsten Kukuk, Senior Architect SLES & Common Code Base SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)