/usr/sbin/pam_getenv is in libpam-runtime 1.1.3-7ubuntu2.3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 | #!/usr/bin/perl -w
=head1 NAME
pam_getenv - get environment variables from /etc/environment
=head1 SYNOPSIS
pam_getenv B<[-l] [-s]> I<env_var>
=head1 DESCRIPTION
This tool will print out the value of I<env_var> from F</etc/environment>. It will attempt to expand environment variable references in the definition of I<env_var> but will fail if PAM items are expanded.
The B<-l> option indicates the script should return an environment variable related to default locale information.
The B<-s> option indicates that the script should return an
system default environment variable.
Currently neither the B<-l> or B<-s> options do anything. They are
included because future versions of Debian may have a separate
repository for the initial environment used by init scripts and for
system locale information. These options will allow this script to be
a stable interface even in that environment.
=cut
# Copyright 2004 by Sam Hartman
# This script may be copied under the terms of the GNU GPL
# version 2, or at your option any later version.
use strict;
use vars qw(*CONFIGFILE *ENVFILE);
sub read_line($) {
my $fh = shift;
my $line;
local $_;
line: while (<$fh>) {
chomp;
s/^\s+//;
s/\#.*$//;
next if $_ eq "";
if (s/\\\s*$//) {
$line .= $_;
next line;
}
$line .= $_;
last;
}
$line;
}
sub parse_line($) {
my $var;
my (%x, @x);
local $_ = shift;
return undef unless defined $_ and s/(\S+)\s//;
$var->{Name} = $1;
s/^\s*//;
@x = split(/=([^"\s]\S*|"[^"]*")\s*/, $_);
unless (scalar(@x)%2 == 0) {
push @x, undef;
}
%x = @x;
@{$var}{"Default", "Override"} =
@x{"DEFAULT", "OVERRIDE"};
$var;
}
sub expand_val($) {
my ($val) = @_;
return undef unless $val;
die "Cannot handle PAM items\n" if /(?<!\\)\@/;
$val =~ s/(?<!\\)\${([^}]+)}/$ENV{$1}||""/eg;
return $val;
}
my $lookup;
while ($_ = shift) {
next if $_ eq "-s";
next if $_ eq "-l";
$lookup = $_;
last;
}
unless (defined $lookup) {
die "Usage: pam_getenv [-l] [-s] env_var\n";
}
my %allvars;
open (CONFIGFILE, "/etc/security/pam_env.conf")
or die "Cannot open environment file: $!\n";
while (my $var = parse_line(read_line(\*CONFIGFILE))) {
my $val;
unless ($val = expand_val($var->{Override})) {
$val = expand_val($var->{Default});
}
$allvars{$var->{Name}} = $val;
}
if (open (ENVFILE, "/etc/environment")) {
while (my $line = read_line(\*ENVFILE)) {
$line =~ s/^export //;
$line =~ /(.*?)=(.+)/ or next;
my ($var, $val) = ($1, $2);
# This is bizarre logic (" and ' match each other, quotes are only
# significant at the start and end of the string, and the trailing quote
# may be omitted), but it's what pam_env does.
$val =~ s/^["'](.*?)["']?$/$1/;
$allvars{$var} = $val;
}
}
if (exists $allvars{$lookup}) {
print $allvars{$lookup}, "\n";
exit(0);
}
|