diff options
Diffstat (limited to 'pam_cap/execable.c')
-rw-r--r-- | pam_cap/execable.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/pam_cap/execable.c b/pam_cap/execable.c new file mode 100644 index 0000000..0bf42d3 --- /dev/null +++ b/pam_cap/execable.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2021 Andrew G. Morgan <morgan@kernel.org> + * + * The purpose of this file is to provide an executable mode for the + * pam_cap.so binary. If you run it directly, all it does is print + * version information. + * + * It accepts the optional --help argument which causes the executable + * to display a summary of all the supported, pam stacked, module + * arguments. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "../libcap/execable.h" + +SO_MAIN(int argc, char **argv) +{ + const char *cmd = "<pam_cap.so>"; + if (argv != NULL) { + cmd = argv[0]; + } + + printf( + "%s (version " LIBCAP_VERSION ") is a PAM module to specify\n" + "inheritable (IAB) capabilities via the libpam authentication\n" + "abstraction. See the libcap License file for licensing information.\n" + "\n" + "Release notes and feature documentation for libcap and pam_cap.so\n" + "can be found at:\n" + "\n" + " https://sites.google.com/site/fullycapable/\n", cmd); + if (argc <= 1) { + return; + } + + if (argc > 2 || strcmp(argv[1], "--help")) { + printf("\n%s only supports the optional argument --help\n", cmd); + exit(1); + } + + printf("\n" + "%s supports the following module arguments:\n" + "\n" + "debug - verbose logging (ignored for now)\n" + "config=<file> - override the default config with file\n" + "keepcaps - workaround for apps that setuid without this\n" + "autoauth - pam_cap.so to always succeed for the 'auth' phase\n" + "default=<iab> - fallback IAB value if there is no '*' rule\n", + cmd); +} |