A user can add his public keys to the authorized_keys file without disturbing
the key synchronization from the LDAP database. The #:end comment in the file
marks the end of area synchronized with LDAP. Everything below this comment
is preserved intact.
* pam_ldaphome/pam_ldaphome.c (pubkeyfile): New struct.
(pubkeyfile_open,pubkeyfile_read,pubkeyfile_init)
(pubkeyfile_write,pubkeyfile_remove_lines)
(pubkeyfile_alloc_lines,pubkeyfile_insert_lines)
(pubkeyfile_close): New functions.
(store_pubkeys): Use pubkeyfile functions to operate on
the authorized_keys file.
* pam_ldaphome/pam_ldaphome.c (create_exists): New return code.
(create_home_dir): Return create_exists if the directory already
exists.
(ldaphome_main): Run initrc only after creating the home dir.
* NEWS: Document new features.
* doc/pam-modules.texi: Document usergitconfig.
* doc/pam_ldaphome.8in: Update.
* examples/ldappubkey: New file.
* examples/usergitconfig: Refer to perldoc on error.
* lib/env.c (gray_env_get_bool): New function.
* lib/graypam.h (gray_env_get_bool): New proto.
* pam_ldaphome/pam_ldaphome.c (import_public_key): Do nothing if
"import-public-keys" is set to "no".
(pam_sm_authenticate): New function.
* pam_ldaphome/pam_ldaphome.c (find_env,locate_unset)
(env_concat,parsenv,env_setup): New statics.
(run_prog): Use execve and env_setup to set up the
environment.
* doc/pam-modules.texi: Document new statements.
* doc/pam_ldaphome.8in: Likewise.
This allows for dynamic modifications of the initial directory contents,
depending on the login name of the user. The name of the external program
is given with the initrc-command configuration statement. It is invoked
with the single argument, specifying the login name. The standard input
is closed, standard output is diverted to standard error. Standard error
can be diverted to a file using the initrc-log statement.
* Makefile.am (EXTRA_DIST): Add examples.
* examples/usergitconfig: New file.
* pam_ldaphome/pam_ldaphome.c (run_prog, run_initrc): New statics.
(pam_sm_authenticate): Call run_initrc prior to calling
import_public_key.
* pam_ldaphome/pam_ldaphome.c (create_interdir): Fail if unable to chown,
(store_pubkeys): Log error if fchown or ftruncate fails.
(dir_in_path): New static function.
(create_home_dir): Return enum create_status.
If allow-home-dir statement is present, create directory only if
it is located in one of the directories listed in it, otherwise
return create_skip.
(pam_sm_authenticate): Import keys only if home dir exists.
* doc/pam-modules.texi: Document allow-home-dir.
New keywords: bindpwfile and keyfile-mode.
* doc/pam-modules.texi: Document bindpwfile and keyfile-mode.
* pam_ldaphome/pam_ldaphome.c (ldap_bind): Read password from
file, if bindpwfile is given.
(store_pubkeys): Optionally enforce file mode, given by the
keyfile-mode configuration statement.
* pamck/pamck.c (main): Fix a typo.
* doc/pam-modules.texi: Document new configuration keywords.
* pam_ldaphome/pam_ldaphome.c (get_intval): Take additional
"base" argument. Return 1 if the requested keyword is not
present in the database, -1 on error and 0 on success.
(ldap_connect): Consult the "ldap-version" configuration
variable for the LDAP version to use.
(create_home_dir): Read mode for the home directory from
the configuration variable "home-dir-mode".
* pam_ldaphome/pam_ldaphome.c (argcvz_free,trimnl): New functions.
(get_ldap_attr): Trim trailing newlines from the return value.
(ldap_search): Rename to get_pubkeys. Return null-terminated array
of sorted lexicographically keys.
(store_pubkey): Rename to store_pubkeys, take char ** as its
first argument. Store all keys unless the file already contains
exactly that set of keys.
(import_public_key): Call store_pubkeys. Use argcvz_free to
free the keys.
