bin/112794: [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable

Z.C.B. v.velox at vvelox.net
Sat May 19 19:10:03 UTC 2007 

>Number:         112794
>Category:       bin
>Synopsis:       [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 19 19:10:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Z.C.B.
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
>Environment:


System: FreeBSD 6.2-STABLE #3: Mon Mar 19 02:00:40 EDT 2007
    root at vixen42.vulpes:/usr/obj/usr/src/sys/vixen42-2



>Description:


This modifies pam_exec to export PAM_AUTHTOK. This is the password that has been passed to pam. My reasons for starting work on this is things that require a password to perform can happen. My purpose for creating this to allow mounting of a users samba home directory from a script using pam_exec. In regards to mount_smbfs, I will be needing to do some work to allow a password to be specified by a specified enviromental variable.

This includes a updated for the man file as well that notes the new environmental variable.

tested on releng_6, but should work perfectly well on 7 as what is being changed is exactly the same on both versions....


>How-To-Repeat:


1: don't apply patch yet...
2:
3: touch /etc/pam.d/test
4: do what ever to the test servuce, but make sure it has this line "auth            sufficient      pam_exec.so             /tmp/pam-test"
5: put this in /tmp/pam-test
#!/bin/sh

/usr/bin/env > /tmp/pam-test
6: download http://vvelox.net/src/perl/pam-pwcheck
7: setenv PAMPWCHECKuser user
8: setenv PAMPWCHECKpass password
9: ./pam-pwcheck -s test
10 cat /tmp/pam-test and notice PAM_AUTHTOK is not present
11: apply diffs
12: rerun 9 and notice /tmp/pam-test now contains PAM_AUTHTOK=password
13: enjoy


>Fix:


--- pam_exec.8.diff begins here ---
--- pam_exec.8.orig	Sat May 19 14:01:44 2007
+++ pam_exec.8	Sat May 19 14:02:05 2007
@@ -57,6 +57,7 @@
 .Ev PAM_RUSER ,
 .Ev PAM_SERVICE ,
 .Ev PAM_TTY ,
+.Ev PAM_AUTHTOK ,
 and
 .Ev PAM_USER .
 .Sh SEE ALSO
--- pam_exec.8.diff ends here ---

--- pam_exec.c.diff begins here ---
--- pam_exec.c.orig	Sat May 19 12:51:42 2007
+++ pam_exec.c	Sat May 19 12:56:50 2007
@@ -57,6 +57,7 @@
 	ENV_ITEM(PAM_TTY),
 	ENV_ITEM(PAM_RHOST),
 	ENV_ITEM(PAM_RUSER),
+	ENV_ITEM(PAM_AUTHTOK),
 };
 
 static int
--- pam_exec.c.diff ends here ---




>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list