Date: Sat, 19 May 2007 14:29:01 -0400 From: "Z.C.B." <v.velox@vvelox.net> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: bin/112794: [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable Message-ID: <1179599341.33580@vixen42.vulpes> Resent-Message-ID: <200705191910.l4JJA2ER052265@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 112794
>Category: bin
>Synopsis: [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sat May 19 19:10:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Z.C.B.
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD 6.2-STABLE #3: Mon Mar 19 02:00:40 EDT 2007
root@vixen42.vulpes:/usr/obj/usr/src/sys/vixen42-2
>Description:
This modifies pam_exec to export PAM_AUTHTOK. This is the password that has been passed to pam. My reasons for starting work on this is things that require a password to perform can happen. My purpose for creating this to allow mounting of a users samba home directory from a script using pam_exec. In regards to mount_smbfs, I will be needing to do some work to allow a password to be specified by a specified enviromental variable.
This includes a updated for the man file as well that notes the new environmental variable.
tested on releng_6, but should work perfectly well on 7 as what is being changed is exactly the same on both versions....
>How-To-Repeat:
1: don't apply patch yet...
2:
3: touch /etc/pam.d/test
4: do what ever to the test servuce, but make sure it has this line "auth sufficient pam_exec.so /tmp/pam-test"
5: put this in /tmp/pam-test
#!/bin/sh
/usr/bin/env > /tmp/pam-test
6: download http://vvelox.net/src/perl/pam-pwcheck
7: setenv PAMPWCHECKuser user
8: setenv PAMPWCHECKpass password
9: ./pam-pwcheck -s test
10 cat /tmp/pam-test and notice PAM_AUTHTOK is not present
11: apply diffs
12: rerun 9 and notice /tmp/pam-test now contains PAM_AUTHTOK=password
13: enjoy
>Fix:
--- pam_exec.8.diff begins here ---
--- pam_exec.8.orig Sat May 19 14:01:44 2007
+++ pam_exec.8 Sat May 19 14:02:05 2007
@@ -57,6 +57,7 @@
.Ev PAM_RUSER ,
.Ev PAM_SERVICE ,
.Ev PAM_TTY ,
+.Ev PAM_AUTHTOK ,
and
.Ev PAM_USER .
.Sh SEE ALSO
--- pam_exec.8.diff ends here ---
--- pam_exec.c.diff begins here ---
--- pam_exec.c.orig Sat May 19 12:51:42 2007
+++ pam_exec.c Sat May 19 12:56:50 2007
@@ -57,6 +57,7 @@
ENV_ITEM(PAM_TTY),
ENV_ITEM(PAM_RHOST),
ENV_ITEM(PAM_RUSER),
+ ENV_ITEM(PAM_AUTHTOK),
};
static int
--- pam_exec.c.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1179599341.33580>