1 /*
2 * Copyright (c) 2021 Andrew G. Morgan <[email protected]>
3 *
4 * The purpose of this file is to provide an executable mode for the
5 * pam_cap.so binary. If you run it directly, all it does is print
6 * version information.
7 *
8 * It accepts the optional --help argument which causes the executable
9 * to display a summary of all the supported, pam stacked, module
10 * arguments.
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <string.h>
16
17 #include "../libcap/execable.h"
18
SO_MAIN(int argc,char ** argv)19 SO_MAIN(int argc, char **argv)
20 {
21 const char *cmd = "<pam_cap.so>";
22 if (argv != NULL) {
23 cmd = argv[0];
24 }
25
26 printf(
27 "%s (version " LIBCAP_VERSION ") is a PAM module to specify\n"
28 "inheritable (IAB) capabilities via the libpam authentication\n"
29 "abstraction. See the pam_cap License file for licensing information.\n"
30 "\n"
31 "Release notes and feature documentation for libcap and pam_cap.so\n"
32 "can be found at:\n"
33 "\n"
34 " https://sites.google.com/site/fullycapable/\n", cmd);
35 if (argc <= 1) {
36 return;
37 }
38
39 if (argc > 2 || argv[1] == NULL || strcmp(argv[1], "--help")) {
40 printf("\n%s only supports the optional argument --help\n", cmd);
41 exit(1);
42 }
43
44 printf("\n"
45 "%s supports the following module arguments:\n"
46 "\n"
47 "debug - verbose logging (ignored for now)\n"
48 "config=<file> - override the default config with file\n"
49 "keepcaps - workaround for apps that setuid without this\n"
50 "autoauth - pam_cap.so to always succeed for the 'auth' phase\n"
51 "default=<iab> - fallback IAB value if there is no '*' rule\n"
52 "defer - apply IAB value at pam_exit (not via setcred)\n",
53 cmd);
54 }
55