PAM environment variable exporting to usershell

Artur Artamonov freeartman at wechall.net
Fri Dec 7 14:32:29 WST 2012


Here is patch that exports PAM environmental variables to user lunched
shell. This allows send some info to shell
that is authentificated trought dropbear


diff -upN a/auth.h b/auth.h
--- a/auth.h	2012-02-23 15:47:05.000000000 +0200
+++ b/auth.h	2012-12-05 13:01:58.161786510 +0200
@@ -76,6 +76,10 @@ void cli_auth_interactive();
 char* getpass_or_cancel(char* prompt);
 void cli_auth_pubkey_cleanup();
 
+#ifdef ENABLE_SVR_PAM_AUTH
+extern char **pam_env_list;
+#endif
+
 
 #define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
 
diff -upN a/svr-authpam.c b/svr-authpam.c
--- a/svr-authpam.c	2012-02-23 15:47:06.000000000 +0200
+++ b/svr-authpam.c	2012-12-05 13:04:24.415780751 +0200
@@ -44,6 +44,8 @@ struct UserDataS {
 	char* passwd;
 };
 
+char **pam_env_list=NULL;
+
 /* PAM conversation function - for now we only handle one message */
 int 
 pamConvFunc(int num_msg, 
@@ -243,6 +245,8 @@ void svr_auth_pam() {
 			svr_ses.addrstring);
 	send_msg_userauth_success();
 
+	pam_env_list = pam_getenvlist( pamHandlep );
+
 cleanup:
 	if (password != NULL) {
 		m_burn(password, passwordlen);
diff -upN a/svr-chansession.c b/svr-chansession.c
--- a/svr-chansession.c	2012-02-23 15:47:06.000000000 +0200
+++ b/svr-chansession.c	2012-12-05 13:07:42.470013005 +0200
@@ -936,6 +936,15 @@ static void execchild(void *user_data) {
 	}
 #endif
 
+#ifdef ENABLE_SVR_PAM_AUTH
+	if ( pam_env_list ) {
+		while ( *pam_env_list ) {
+			putenv( *pam_env_list );
+			pam_env_list++;
+		}
+	}
+#endif
+
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {
 		dropbear_exit("Error changing directory");
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 600-add_pamenv.patch
Type: text/x-patch
Size: 1451 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20121207/70f0e75b/attachment.bin 


More information about the Dropbear mailing list