PAM environment variable exporting to usershell

Artur Artamonov Thu, 06 Dec 2012 22:33:13 -0800

Here is patch that exports PAM environmental variables to user lunched
shell. This allows send some info to shell
that is authentificated trought dropbear



diff -upN a/auth.h b/auth.h
--- a/auth.h    2012-02-23 15:47:05.000000000 +0200
+++ b/auth.h    2012-12-05 13:01:58.161786510 +0200
@@ -76,6 +76,10 @@ void cli_auth_interactive();
 char* getpass_or_cancel(char* prompt);
 void cli_auth_pubkey_cleanup();
 
+#ifdef ENABLE_SVR_PAM_AUTH
+extern char **pam_env_list;
+#endif
+
 
 #define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
 
diff -upN a/svr-authpam.c b/svr-authpam.c
--- a/svr-authpam.c     2012-02-23 15:47:06.000000000 +0200
+++ b/svr-authpam.c     2012-12-05 13:04:24.415780751 +0200
@@ -44,6 +44,8 @@ struct UserDataS {
        char* passwd;
 };
 
+char **pam_env_list=NULL;
+
 /* PAM conversation function - for now we only handle one message */
 int 
 pamConvFunc(int num_msg, 
@@ -243,6 +245,8 @@ void svr_auth_pam() {
                        svr_ses.addrstring);
        send_msg_userauth_success();
 
+       pam_env_list = pam_getenvlist( pamHandlep );
+
 cleanup:
        if (password != NULL) {
                m_burn(password, passwordlen);
diff -upN a/svr-chansession.c b/svr-chansession.c
--- a/svr-chansession.c 2012-02-23 15:47:06.000000000 +0200
+++ b/svr-chansession.c 2012-12-05 13:07:42.470013005 +0200
@@ -936,6 +936,15 @@ static void execchild(void *user_data) {
        }
 #endif
 
+#ifdef ENABLE_SVR_PAM_AUTH
+       if ( pam_env_list ) {
+               while ( *pam_env_list ) {
+                       putenv( *pam_env_list );
+                       pam_env_list++;
+               }
+       }
+#endif
+
        /* change directory */
        if (chdir(ses.authstate.pw_dir) < 0) {
                dropbear_exit("Error changing directory");

diff -upN a/auth.h b/auth.h
--- a/auth.h	2012-02-23 15:47:05.000000000 +0200
+++ b/auth.h	2012-12-05 13:01:58.161786510 +0200
@@ -76,6 +76,10 @@ void cli_auth_interactive();
 char* getpass_or_cancel(char* prompt);
 void cli_auth_pubkey_cleanup();
 
+#ifdef ENABLE_SVR_PAM_AUTH
+extern char **pam_env_list;
+#endif
+
 
 #define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
 
diff -upN a/svr-authpam.c b/svr-authpam.c
--- a/svr-authpam.c	2012-02-23 15:47:06.000000000 +0200
+++ b/svr-authpam.c	2012-12-05 13:04:24.415780751 +0200
@@ -44,6 +44,8 @@ struct UserDataS {
 	char* passwd;
 };
 
+char **pam_env_list=NULL;
+
 /* PAM conversation function - for now we only handle one message */
 int 
 pamConvFunc(int num_msg, 
@@ -243,6 +245,8 @@ void svr_auth_pam() {
 			svr_ses.addrstring);
 	send_msg_userauth_success();
 
+	pam_env_list = pam_getenvlist( pamHandlep );
+
 cleanup:
 	if (password != NULL) {
 		m_burn(password, passwordlen);
diff -upN a/svr-chansession.c b/svr-chansession.c
--- a/svr-chansession.c	2012-02-23 15:47:06.000000000 +0200
+++ b/svr-chansession.c	2012-12-05 13:07:42.470013005 +0200
@@ -936,6 +936,15 @@ static void execchild(void *user_data) {
 	}
 #endif
 
+#ifdef ENABLE_SVR_PAM_AUTH
+	if ( pam_env_list ) {
+		while ( *pam_env_list ) {
+			putenv( *pam_env_list );
+			pam_env_list++;
+		}
+	}
+#endif
+
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {
 		dropbear_exit("Error changing directory");

PAM environment variable exporting to usershell

Reply via email to