Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libpam/modules/pam_exec Merge PAM20050226.
details: https://anonhg.NetBSD.org/src/rev/fbe014e37c7c
branches: trunk
changeset: 574290:fbe014e37c7c
user: thorpej <thorpej%NetBSD.org@localhost>
date: Sat Feb 26 16:03:58 2005 +0000
description:
Merge PAM20050226.
XXX Hack here until we import OpenPAM Feterita.
diffstat:
lib/libpam/modules/pam_exec/pam_exec.8 | 15 +++++-
lib/libpam/modules/pam_exec/pam_exec.c | 78 ++++++++++++++++++++++++++++++---
2 files changed, 81 insertions(+), 12 deletions(-)
diffs (172 lines):
diff -r b044d4951025 -r fbe014e37c7c lib/libpam/modules/pam_exec/pam_exec.8
--- a/lib/libpam/modules/pam_exec/pam_exec.8 Sat Feb 26 15:57:57 2005 +0000
+++ b/lib/libpam/modules/pam_exec/pam_exec.8 Sat Feb 26 16:03:58 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: pam_exec.8,v 1.2 2004/12/12 08:18:44 christos Exp $
+.\" $NetBSD: pam_exec.8,v 1.3 2005/02/26 16:03:58 thorpej Exp $
.\" Copyright (c) 2001,2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
@@ -31,9 +31,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.8,v 1.4 2004/07/02 23:52:16 ru Exp $
+.\" $FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.8,v 1.5 2005/02/01 10:37:07 des Exp $
.\"
-.Dd February 6, 2003
+.Dd February 1, 2005
.Dt PAM_EXEC 8
.Os
.Sh NAME
@@ -52,8 +52,17 @@
The child's environment is set to the current PAM environment list,
as returned by
.Xr pam_getenvlist 3 .
+In addition, the following PAM items are exported as environment
+variables:
+.Ev PAM_RHOST ,
+.Ev PAM_RUSER ,
+.Ev PAM_SERVICE ,
+.Ev PAM_TTY ,
+and
+.Ev PAM_USER .
.Sh SEE ALSO
.Xr pam.conf 5 ,
+.Xr pam_get_item 3 ,
.Xr pam 8
.Sh AUTHORS
The
diff -r b044d4951025 -r fbe014e37c7c lib/libpam/modules/pam_exec/pam_exec.c
--- a/lib/libpam/modules/pam_exec/pam_exec.c Sat Feb 26 15:57:57 2005 +0000
+++ b/lib/libpam/modules/pam_exec/pam_exec.c Sat Feb 26 16:03:58 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_exec.c,v 1.2 2004/12/12 08:18:44 christos Exp $ */
+/* $NetBSD: pam_exec.c,v 1.3 2005/02/26 16:03:58 thorpej Exp $ */
/*-
* Copyright (c) 2001,2003 Networks Associates Technology, Inc.
@@ -36,9 +36,9 @@
#include <sys/cdefs.h>
#ifdef __FreeBSD__
-__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.c,v 1.3 2003/02/06 12:56:51 des Exp $");
+__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_exec/pam_exec.c,v 1.4 2005/02/01 10:37:07 des Exp $");
#else
-__RCSID("$NetBSD: pam_exec.c,v 1.2 2004/12/12 08:18:44 christos Exp $");
+__RCSID("$NetBSD: pam_exec.c,v 1.3 2005/02/26 16:03:58 thorpej Exp $");
#endif
#include <sys/types.h>
@@ -46,6 +46,7 @@
#include <errno.h>
#include <stdlib.h>
+#include <stdio.h>
#include <string.h>
#include <unistd.h>
@@ -53,12 +54,37 @@
#include <security/pam_modules.h>
#include <security/openpam.h>
+#define ENV_ITEM(n) { (n), #n }
+static struct {
+ int item;
+ const char *name;
+} env_items[] = {
+ ENV_ITEM(PAM_SERVICE),
+ ENV_ITEM(PAM_USER),
+ ENV_ITEM(PAM_TTY),
+ ENV_ITEM(PAM_RHOST),
+ ENV_ITEM(PAM_RUSER),
+};
+
+/*
+ * XXX Until we import OpenPAM Feterita.
+ */
+static void
+openpam_free_envlist(char **envlist)
+{
+ char **env;
+
+ for (env = envlist; *env != NULL; ++env)
+ free(*env);
+ free(envlist);
+}
+
static int
_pam_exec(pam_handle_t *pamh __unused, int flags __unused,
int argc, const char *argv[])
{
- int childerr, status;
- char **env, **envlist;
+ int childerr, envlen, i, nitems, pam_err, status;
+ char **envlist, **tmp;
pid_t pid;
if (argc < 1)
@@ -68,7 +94,43 @@
* XXX For additional credit, divert child's stdin/stdout/stderr
* to the conversation function.
*/
+
+ /*
+ * Set up the child's environment list. It consists of the PAM
+ * environment, plus a few hand-picked PAM items.
+ */
envlist = pam_getenvlist(pamh);
+ for (envlen = 0; envlist[envlen] != NULL; ++envlen)
+ /* nothing */ ;
+ nitems = sizeof(env_items) / sizeof(*env_items);
+ tmp = realloc(envlist, (envlen + nitems + 1) * sizeof **envlist);
+ if (tmp == NULL) {
+ openpam_free_envlist(envlist);
+ return (PAM_BUF_ERR);
+ }
+ envlist = tmp;
+ for (i = 0; i < nitems; ++i) {
+ const void *item;
+ char *envstr;
+
+ pam_err = pam_get_item(pamh, env_items[i].item, &item);
+ if (pam_err != PAM_SUCCESS || item == NULL)
+ continue;
+ asprintf(&envstr, "%s=%s", env_items[i].name,
+ (const char *)item);
+ if (envstr == NULL) {
+ openpam_free_envlist(envlist);
+ return (PAM_BUF_ERR);
+ }
+ envlist[envlen++] = envstr;
+ envlist[envlen] = NULL;
+ }
+
+ /*
+ * Fork and run the command. By using vfork() instead of fork(),
+ * we can distinguish between an execve() failure and a non-zero
+ * exit code from the command.
+ */
childerr = 0;
if ((pid = vfork()) == 0) {
/*LINTED const cast*/
@@ -76,9 +138,7 @@
childerr = errno;
_exit(1);
}
- for (env = envlist; *env != NULL; ++env)
- free(*env);
- free(envlist);
+ openpam_free_envlist(envlist);
if (pid == -1) {
openpam_log(PAM_LOG_ERROR, "vfork(): %m");
return (PAM_SYSTEM_ERR);
@@ -88,7 +148,7 @@
return (PAM_SYSTEM_ERR);
}
if (childerr != 0) {
- openpam_log(PAM_LOG_ERROR, "execv(): %m");
+ openpam_log(PAM_LOG_ERROR, "execve(): %m");
return (PAM_SYSTEM_ERR);
}
if (WIFSIGNALED(status)) {
Home |
Main Index |
Thread Index |
Old Index