summaryrefslogtreecommitdiff
path: root/modules/pam_exec
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_exec')
-rw-r--r--modules/pam_exec/.cvsignore6
-rw-r--r--modules/pam_exec/Makefile.am34
-rw-r--r--modules/pam_exec/README42
-rw-r--r--modules/pam_exec/README.xml41
-rw-r--r--modules/pam_exec/pam_exec.888
-rw-r--r--modules/pam_exec/pam_exec.8.xml189
-rw-r--r--modules/pam_exec/pam_exec.c285
-rwxr-xr-xmodules/pam_exec/tst-pam_exec2
8 files changed, 0 insertions, 687 deletions
diff --git a/modules/pam_exec/.cvsignore b/modules/pam_exec/.cvsignore
deleted file mode 100644
index 9fb98574..00000000
--- a/modules/pam_exec/.cvsignore
+++ /dev/null
@@ -1,6 +0,0 @@
-*.la
-*.lo
-.deps
-.libs
-Makefile
-Makefile.in
diff --git a/modules/pam_exec/Makefile.am b/modules/pam_exec/Makefile.am
deleted file mode 100644
index 55fe9297..00000000
--- a/modules/pam_exec/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
-#
-
-CLEANFILES = *~
-
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
-
-man_MANS = pam_exec.8
-
-XMLS = README.xml pam_exec.8.xml
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module
-if HAVE_VERSIONING
- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-securelib_LTLIBRARIES = pam_exec.la
-pam_exec_la_LIBADD = -L$(top_builddir)/libpam -lpam
-
-if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_exec.8.xml
-
--include $(top_srcdir)/Make.xml.rules
-endif
-
-TESTS = tst-pam_exec
diff --git a/modules/pam_exec/README b/modules/pam_exec/README
deleted file mode 100644
index 8ff9a742..00000000
--- a/modules/pam_exec/README
+++ /dev/null
@@ -1,42 +0,0 @@
-pam_exec — PAM module which calls an external command
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-pam_exec is a PAM module that can be used to run an external command.
-
-OPTIONS
-
-debug
-
- Print debug information.
-
-log=file
-
- The output of the command is appended to file
-
-seteuid
-
- Per default pam_exec.so will execute the external command with the real
- user ID of the calling process. Specifying this option means the command is
- run with the effective user ID.
-
-EXAMPLES
-
-Add the following line to /etc/pam.d/passwd to rebuild the NIS database after
-each local password change:
-
- passwd optional pam_exec.so seteuid make -C /var/yp
-
-
-This will execute the command
-
-make -C /var/yp
-
-with effective user ID.
-
-AUTHOR
-
-pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de>.
-
diff --git a/modules/pam_exec/README.xml b/modules/pam_exec/README.xml
deleted file mode 100644
index 5e76cab3..00000000
--- a/modules/pam_exec/README.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_exec.8.xml">
--->
-]>
-
-<article>
-
- <articleinfo>
-
- <title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/>
- </title>
-
- </articleinfo>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-description"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-options"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-examples"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-author"]/*)'/>
- </section>
-
-</article>
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
deleted file mode 100644
index ae8f8a46..00000000
--- a/modules/pam_exec/pam_exec.8
+++ /dev/null
@@ -1,88 +0,0 @@
-.\" Title: pam_exec
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
-.\" Date: 06/09/2006
-.\" Manual: Linux\-PAM Manual
-.\" Source: Linux\-PAM Manual
-.\"
-.TH "PAM_EXEC" "8" "06/09/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-pam_exec \- PAM module which calls an external command
-.SH "SYNOPSIS"
-.HP 12
-\fBpam_exec.so\fR [debug] [seteuid] [log=\fIfile\fR] \fIcommand\fR [\fI...\fR]
-.SH "DESCRIPTION"
-.PP
-pam_exec is a PAM module that can be used to run an external command.
-.SH "OPTIONS"
-.PP
-.TP 3n
-\fBdebug\fR
-Print debug information.
-.TP 3n
-\fBlog=\fR\fB\fIfile\fR\fR
-The output of the command is appended to
-\fIfile\fR
-.TP 3n
-\fBseteuid\fR
-Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID.
-.SH "MODULE SERVICES PROVIDED"
-.PP
-The services
-\fBauth\fR,
-\fBaccount\fR,
-\fBpassword\fR
-and
-\fBsession\fR
-are supported.
-.SH "RETURN VALUES"
-.PP
-.TP 3n
-PAM_SUCCESS
-The external command runs successfull.
-.TP 3n
-PAM_SERVICE_ERR
-No argument or a wrong number of arguments were given.
-.TP 3n
-PAM_SYSTEM_ERR
-A system error occured or the command to execute failed.
-.TP 3n
-PAM_IGNORE
-
-\fBpam_setcred\fR
-was called, which does not execute the command.
-.SH "EXAMPLES"
-.PP
-Add the following line to
-\fI/etc/pam.d/passwd\fR
-to rebuild the NIS database after each local password change:
-.sp
-.RS 3n
-.nf
- passwd optional pam_exec.so seteuid make \-C /var/yp
-
-.fi
-.RE
-.sp
-This will execute the command
-.sp
-.RS 3n
-.nf
-make \-C /var/yp
-.fi
-.RE
-.sp
-with effective user ID.
-.SH "SEE ALSO"
-.PP
-
-\fBpam.conf\fR(5),
-\fBpam.d\fR(8),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de>.
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
deleted file mode 100644
index 1e8bb0ba..00000000
--- a/modules/pam_exec/pam_exec.8.xml
+++ /dev/null
@@ -1,189 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_exec">
-
- <refmeta>
- <refentrytitle>pam_exec</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_exec-name">
- <refname>pam_exec</refname>
- <refpurpose>PAM module which calls an external command</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_exec-cmdsynopsis">
- <command>pam_exec.so</command>
- <arg choice="opt">
- debug
- </arg>
- <arg choice="opt">
- seteuid
- </arg>
- <arg choice="opt">
- log=<replaceable>file</replaceable>
- </arg>
- <arg choice="plain">
- <replaceable>command</replaceable>
- </arg>
- <arg choice="opt">
- <replaceable>...</replaceable>
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_exec-description">
-
- <title>DESCRIPTION</title>
-
- <para>
- pam_exec is a PAM module that can be used to run
- an external command.
- </para>
-
- </refsect1>
-
- <refsect1 id="pam_exec-options">
-
- <title>OPTIONS</title>
- <para>
- <variablelist>
-
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Print debug information.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>log=<replaceable>file</replaceable></option>
- </term>
- <listitem>
- <para>
- The output of the command is appended to
- <filename>file</filename>
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- <option>seteuid</option>
- </term>
- <listitem>
- <para>
- Per default pam_exec.so will execute the external command
- with the real user ID of the calling process.
- Specifying this option means the command is run
- with the effective user ID.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
-
- </para>
- </refsect1>
-
- <refsect1 id="pam_exec-services">
- <title>MODULE SERVICES PROVIDED</title>
- <para>
- The services <option>auth</option>, <option>account</option>,
- <option>password</option> and <option>session</option> are supported.
- </para>
- </refsect1>
-
- <refsect1 id='pam_exec-return_values'>
- <title>RETURN VALUES</title>
- <para>
- <variablelist>
-
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- The external command runs successfull.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>PAM_SERVICE_ERR</term>
- <listitem>
- <para>
- No argument or a wrong number of arguments were given.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>PAM_SYSTEM_ERR</term>
- <listitem>
- <para>
- A system error occured or the command to execute failed.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>PAM_IGNORE</term>
- <listitem>
- <para>
- <function>pam_setcred</function> was called, which
- does not execute the command.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
- </para>
- </refsect1>
-
- <refsect1 id='pam_exec-examples'>
- <title>EXAMPLES</title>
- <para>
- Add the following line to <filename>/etc/pam.d/passwd</filename> to
- rebuild the NIS database after each local password change:
- <programlisting>
- passwd optional pam_exec.so seteuid make -C /var/yp
- </programlisting>
-
- This will execute the command
- <programlisting>make -C /var/yp</programlisting>
- with effective user ID.
- </para>
- </refsect1>
-
- <refsect1 id='pam_exec-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_exec-author'>
- <title>AUTHOR</title>
- <para>
- pam_exec was written by Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;.
- </para>
- </refsect1>
-
-</refentry>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
deleted file mode 100644
index 34ba7404..00000000
--- a/modules/pam_exec/pam_exec.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, and the entire permission notice in its entirety,
- * including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- * products derived from this software without specific prior
- * written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions. (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#if defined(HAVE_CONFIG_H)
-#include "config.h"
-#endif
-
-#include <time.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <syslog.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
-#include <security/pam_modules.h>
-#include <security/pam_modutil.h>
-#include <security/pam_ext.h>
-
-static int
-call_exec (pam_handle_t *pamh, int argc, const char **argv)
-{
- int debug = 0;
- int call_setuid = 0;
- int optargc;
- const char *logfile = NULL;
- pid_t pid;
-
- if (argc < 1) {
- pam_syslog (pamh, LOG_ERR,
- "This module needs at least one argument");
- return PAM_SERVICE_ERR;
- }
-
- for (optargc = 0; optargc < argc; optargc++)
- {
- if (argv[optargc][0] == '/') /* paths starts with / */
- break;
-
- if (strcasecmp (argv[optargc], "debug") == 0)
- debug = 1;
- else if (strncasecmp (argv[optargc], "log=", 4) == 0)
- logfile = &argv[optargc][4];
- else if (strcasecmp (argv[optargc], "seteuid") == 0)
- call_setuid = 1;
- else
- break; /* Unknown option, assume program to execute. */
- }
-
-
- if (optargc >= argc) {
- pam_syslog (pamh, LOG_ERR, "No path given as argument");
- return PAM_SERVICE_ERR;
- }
-
- pid = fork();
- if (pid == -1)
- return PAM_SYSTEM_ERR;
- if (pid > 0) /* parent */
- {
- int status = 0;
- pid_t retval;
- while ((retval = waitpid (pid, &status, 0)) == -1 &&
- errno == EINTR);
- if (retval == (pid_t)-1)
- {
- pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m");
- return PAM_SYSTEM_ERR;
- }
- else if (status != 0)
- {
- if (WIFEXITED(status))
- {
- pam_syslog (pamh, LOG_ERR, "%s failed: exit code %d",
- argv[optargc], WEXITSTATUS(status));
- pam_error (pamh, _("%s failed: exit code %d"),
- argv[optargc], WEXITSTATUS(status));
- }
- else if (WIFSIGNALED(status))
- {
- pam_syslog (pamh, LOG_ERR, "%s failed: caught signal %d%s",
- argv[optargc], WTERMSIG(status),
- WCOREDUMP(status) ? " (core dumped)" : "");
- pam_error (pamh, _("%s failed: caught signal %d%s"),
- argv[optargc], WTERMSIG(status),
- WCOREDUMP(status) ? " (core dumped)" : "");
- }
- else
- {
- pam_syslog (pamh, LOG_ERR, "%s failed: unknown status 0x%x",
- argv[optargc], status);
- pam_error (pamh, _("%s failed: unknown status 0x%x"),
- argv[optargc], status);
- }
- return PAM_SYSTEM_ERR;
- }
- return PAM_SUCCESS;
- }
- else /* child */
- {
- char **arggv;
- int i;
-
- for (i = 0; i < sysconf (_SC_OPEN_MAX); i++)
- close (i);
-
- /* New stdin. */
- if ((i = open ("/dev/null", O_RDWR)) < 0)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m");
- exit (err);
- }
- /* New stdout and stderr. */
- if (logfile)
- {
- time_t tm = time (NULL);
- char *buffer = NULL;
-
- if ((i = open (logfile, O_CREAT|O_APPEND|O_WRONLY,
- S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "open of %s failed: %m",
- logfile);
- exit (err);
- }
- if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0)
- {
- pam_modutil_write (i, buffer, strlen (buffer));
- free (buffer);
- }
- }
- else
- if (dup (i) == -1)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "dup failed: %m");
- exit (err);
- }
- if (dup (i) == -1)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "dup failed: %m");
- exit (err);
- }
-
- if (call_setuid)
- if (setuid (geteuid ()) == -1)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m",
- (unsigned long) geteuid ());
- exit (err);
- }
-
- if (setsid () == -1)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "setsid failed: %m");
- exit (err);
- }
-
- arggv = calloc (argc + 4, sizeof (char *));
- if (arggv == NULL)
- exit (ENOMEM);
-
- for (i = 0; i < (argc - optargc); i++)
- arggv[i] = argv[i+optargc];
- arggv[i] = NULL;
-
- if (debug)
- pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]);
-
- if (execv (arggv[0], arggv) == -1)
- {
- int err = errno;
- pam_syslog (pamh, LOG_ERR, "execv(%s,...) failed: %m",
- arggv[0]);
- exit (err);
- }
- exit (1); /* should never be reached. */
- }
- return PAM_SYSTEM_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- return call_exec (pamh, argc, argv);
-}
-
-PAM_EXTERN int
-pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED,
- int argc UNUSED, const char **argv UNUSED)
-{
- return PAM_IGNORE;
-}
-
-/* password updating functions */
-
-PAM_EXTERN int
-pam_sm_chauthtok(pam_handle_t *pamh, int flags,
- int argc, const char **argv)
-{
- if (flags & PAM_PRELIM_CHECK)
- return PAM_SUCCESS;
- return call_exec (pamh, argc, argv);
-}
-
-PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- return call_exec (pamh, argc, argv);
-}
-
-PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- return call_exec (pamh, argc, argv);
-}
-
-PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- return call_exec (pamh, argc, argv);
-}
-
-#ifdef PAM_STATIC
-struct pam_module _pam_exec_modstruct = {
- "pam_exec",
- pam_sm_authenticate,
- pam_sm_setcred,
- pam_sm_acct_mgmt,
- pam_sm_open_session,
- pam_sm_close_session,
- pam_sm_chauthtok,
-};
-#endif
diff --git a/modules/pam_exec/tst-pam_exec b/modules/pam_exec/tst-pam_exec
deleted file mode 100755
index a0b00393..00000000
--- a/modules/pam_exec/tst-pam_exec
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_exec.so