PAM environment variable exporting to usershell
Artur Artamonov
freeartman at wechall.net
Fri Dec 7 14:32:29 WST 2012
Here is patch that exports PAM environmental variables to user lunched
shell. This allows send some info to shell
that is authentificated trought dropbear
diff -upN a/auth.h b/auth.h
--- a/auth.h 2012-02-23 15:47:05.000000000 +0200
+++ b/auth.h 2012-12-05 13:01:58.161786510 +0200
@@ -76,6 +76,10 @@ void cli_auth_interactive();
char* getpass_or_cancel(char* prompt);
void cli_auth_pubkey_cleanup();
+#ifdef ENABLE_SVR_PAM_AUTH
+extern char **pam_env_list;
+#endif
+
#define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
diff -upN a/svr-authpam.c b/svr-authpam.c
--- a/svr-authpam.c 2012-02-23 15:47:06.000000000 +0200
+++ b/svr-authpam.c 2012-12-05 13:04:24.415780751 +0200
@@ -44,6 +44,8 @@ struct UserDataS {
char* passwd;
};
+char **pam_env_list=NULL;
+
/* PAM conversation function - for now we only handle one message */
int
pamConvFunc(int num_msg,
@@ -243,6 +245,8 @@ void svr_auth_pam() {
svr_ses.addrstring);
send_msg_userauth_success();
+ pam_env_list = pam_getenvlist( pamHandlep );
+
cleanup:
if (password != NULL) {
m_burn(password, passwordlen);
diff -upN a/svr-chansession.c b/svr-chansession.c
--- a/svr-chansession.c 2012-02-23 15:47:06.000000000 +0200
+++ b/svr-chansession.c 2012-12-05 13:07:42.470013005 +0200
@@ -936,6 +936,15 @@ static void execchild(void *user_data) {
}
#endif
+#ifdef ENABLE_SVR_PAM_AUTH
+ if ( pam_env_list ) {
+ while ( *pam_env_list ) {
+ putenv( *pam_env_list );
+ pam_env_list++;
+ }
+ }
+#endif
+
/* change directory */
if (chdir(ses.authstate.pw_dir) < 0) {
dropbear_exit("Error changing directory");
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 600-add_pamenv.patch
Type: text/x-patch
Size: 1451 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20121207/70f0e75b/attachment.bin
More information about the Dropbear
mailing list