From owner-freebsd-bugs@FreeBSD.ORG Sat May 19 19:10:03 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1239B16A46D for ; Sat, 19 May 2007 19:10:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id DC46C13C465 for ; Sat, 19 May 2007 19:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4JJA2MR052266 for ; Sat, 19 May 2007 19:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4JJA2ER052265; Sat, 19 May 2007 19:10:02 GMT (envelope-from gnats) Resent-Date: Sat, 19 May 2007 19:10:02 GMT Resent-Message-Id: <200705191910.l4JJA2ER052265@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Z.C.B." Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2F64F16A400 for ; Sat, 19 May 2007 19:01:32 +0000 (UTC) (envelope-from SRS0=PBdUex=KU=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailout14.yourhostingaccount.com (mailout14.yourhostingaccount.com [65.254.253.112]) by mx1.freebsd.org (Postfix) with ESMTP id AA73513C455 for ; Sat, 19 May 2007 19:01:31 +0000 (UTC) (envelope-from SRS0=PBdUex=KU=vvelox.net=v.velox@yourhostingaccount.com) Received: from mailscan15.yourhostingaccount.com ([10.1.15.15] helo=mailscan15.yourhostingaccount.com) by mailout14.yourhostingaccount.com with esmtp (Exim) id 1HpTdW-00076m-Ga for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:38 -0400 Received: from authsmtp09.yourhostingaccount.com ([10.1.18.9] ident=exim) by mailscan15.yourhostingaccount.com with spamscanlookuphost (Exim) id 1HpTdW-0002JQ-Kz for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:38 -0400 Received: from authsmtp09.yourhostingaccount.com ([10.1.18.9] helo=authsmtp09.yourhostingaccount.com) by mailscan15.yourhostingaccount.com with esmtp (Exim) id 1HpTdW-0002JN-11 for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:38 -0400 Received: from cpe-65-185-51-114.columbus.res.rr.com ([65.185.51.114] helo=vixen42.vulpes) by authsmtp09.yourhostingaccount.com with esmtpa (Exim) id 1HpTdV-00080d-MX for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:37 -0400 Message-Id: <1179599341.33580@vixen42.vulpes> Date: Sat, 19 May 2007 14:29:01 -0400 From: "Z.C.B." Sender: "Z.C.B." To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.8 Cc: Subject: bin/112794: [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 May 2007 19:10:03 -0000 >Number: 112794 >Category: bin >Synopsis: [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat May 19 19:10:02 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Z.C.B. >Release: FreeBSD 6.2-STABLE i386 >Organization: >Environment: System: FreeBSD 6.2-STABLE #3: Mon Mar 19 02:00:40 EDT 2007 root@vixen42.vulpes:/usr/obj/usr/src/sys/vixen42-2 >Description: This modifies pam_exec to export PAM_AUTHTOK. This is the password that has been passed to pam. My reasons for starting work on this is things that require a password to perform can happen. My purpose for creating this to allow mounting of a users samba home directory from a script using pam_exec. In regards to mount_smbfs, I will be needing to do some work to allow a password to be specified by a specified enviromental variable. This includes a updated for the man file as well that notes the new environmental variable. tested on releng_6, but should work perfectly well on 7 as what is being changed is exactly the same on both versions.... >How-To-Repeat: 1: don't apply patch yet... 2: 3: touch /etc/pam.d/test 4: do what ever to the test servuce, but make sure it has this line "auth sufficient pam_exec.so /tmp/pam-test" 5: put this in /tmp/pam-test #!/bin/sh /usr/bin/env > /tmp/pam-test 6: download http://vvelox.net/src/perl/pam-pwcheck 7: setenv PAMPWCHECKuser user 8: setenv PAMPWCHECKpass password 9: ./pam-pwcheck -s test 10 cat /tmp/pam-test and notice PAM_AUTHTOK is not present 11: apply diffs 12: rerun 9 and notice /tmp/pam-test now contains PAM_AUTHTOK=password 13: enjoy >Fix: --- pam_exec.8.diff begins here --- --- pam_exec.8.orig Sat May 19 14:01:44 2007 +++ pam_exec.8 Sat May 19 14:02:05 2007 @@ -57,6 +57,7 @@ .Ev PAM_RUSER , .Ev PAM_SERVICE , .Ev PAM_TTY , +.Ev PAM_AUTHTOK , and .Ev PAM_USER . .Sh SEE ALSO --- pam_exec.8.diff ends here --- --- pam_exec.c.diff begins here --- --- pam_exec.c.orig Sat May 19 12:51:42 2007 +++ pam_exec.c Sat May 19 12:56:50 2007 @@ -57,6 +57,7 @@ ENV_ITEM(PAM_TTY), ENV_ITEM(PAM_RHOST), ENV_ITEM(PAM_RUSER), + ENV_ITEM(PAM_AUTHTOK), }; static int --- pam_exec.c.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: