From SRS0=PBdUex=KU=vvelox.net=v.velox@yourhostingaccount.com  Sat May 19 19:01:32 2007
Return-Path: <SRS0=PBdUex=KU=vvelox.net=v.velox@yourhostingaccount.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2F64F16A400
	for <freebsd-gnats-submit@freebsd.org>; Sat, 19 May 2007 19:01:32 +0000 (UTC)
	(envelope-from SRS0=PBdUex=KU=vvelox.net=v.velox@yourhostingaccount.com)
Received: from mailout14.yourhostingaccount.com (mailout14.yourhostingaccount.com [65.254.253.112])
	by mx1.freebsd.org (Postfix) with ESMTP id AA73513C455
	for <freebsd-gnats-submit@freebsd.org>; Sat, 19 May 2007 19:01:31 +0000 (UTC)
	(envelope-from SRS0=PBdUex=KU=vvelox.net=v.velox@yourhostingaccount.com)
Received: from mailscan15.yourhostingaccount.com ([10.1.15.15] helo=mailscan15.yourhostingaccount.com)
	by mailout14.yourhostingaccount.com with esmtp (Exim)
	id 1HpTdW-00076m-Ga
	for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:38 -0400
Received: from authsmtp09.yourhostingaccount.com ([10.1.18.9] ident=exim)
	by mailscan15.yourhostingaccount.com with spamscanlookuphost (Exim)
	id 1HpTdW-0002JQ-Kz
	for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:38 -0400
Received: from authsmtp09.yourhostingaccount.com ([10.1.18.9] helo=authsmtp09.yourhostingaccount.com)
	by mailscan15.yourhostingaccount.com with esmtp (Exim)
	id 1HpTdW-0002JN-11
	for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:38 -0400
Received: from cpe-65-185-51-114.columbus.res.rr.com ([65.185.51.114] helo=vixen42.vulpes)
	by authsmtp09.yourhostingaccount.com with esmtpa (Exim)
	id 1HpTdV-00080d-MX
	for FreeBSD-gnats-submit@freebsd.org; Sat, 19 May 2007 14:26:37 -0400
Message-Id: <1179599341.33580@vixen42.vulpes>
Date: Sat, 19 May 2007 14:29:01 -0400
From: "Z.C.B." <v.velox@vvelox.net>
Sender: "Z.C.B." <v.velox@vvelox.net>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org>
Subject: [patch] allow pam_exec to export PAM_AUTHTOK as a environmental variable
X-Send-Pr-Version: gtk-send-pr 0.4.8 
X-GNATS-Notify:

>Number:         112794
>Category:       bin
>Synopsis:       [patch] [request] pam_exec(8): allow pam_exec to export PAM_AUTHTOK as a environmental variable
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 19 19:10:02 GMT 2007
>Closed-Date:    
>Last-Modified:  Sun Jan 27 09:09:36 UTC 2008
>Originator:     Z.C.B.
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
>Environment:


System: FreeBSD 6.2-STABLE #3: Mon Mar 19 02:00:40 EDT 2007
    root@vixen42.vulpes:/usr/obj/usr/src/sys/vixen42-2



>Description:


This modifies pam_exec to export PAM_AUTHTOK. This is the password that
has been passed to pam. My reasons for starting work on this is things
that require a password to perform can happen. My purpose for creating
this to allow mounting of a users samba home directory from a script
using pam_exec. In regards to mount_smbfs, I will be needing to do some
work to allow a password to be specified by a specified enviromental variable.

This includes a updated for the man file as well that notes the new
environmental variable.

tested on releng_6, but should work perfectly well on 7 as what is being
changed is exactly the same on both versions....


>How-To-Repeat:


1: don't apply patch yet...
2:
3: touch /etc/pam.d/test
4: do what ever to the test servuce, but make sure it has this line "auth            sufficient      pam_exec.so             /tmp/pam-test"
5: put this in /tmp/pam-test
#!/bin/sh

/usr/bin/env > /tmp/pam-test
6: download http://vvelox.net/src/perl/pam-pwcheck
7: setenv PAMPWCHECKuser user
8: setenv PAMPWCHECKpass password
9: ./pam-pwcheck -s test
10 cat /tmp/pam-test and notice PAM_AUTHTOK is not present
11: apply diffs
12: rerun 9 and notice /tmp/pam-test now contains PAM_AUTHTOK=password
13: enjoy


>Fix:


--- pam_exec.8.diff begins here ---
--- pam_exec.8.orig	Sat May 19 14:01:44 2007
+++ pam_exec.8	Sat May 19 14:02:05 2007
@@ -57,6 +57,7 @@
 .Ev PAM_RUSER ,
 .Ev PAM_SERVICE ,
 .Ev PAM_TTY ,
+.Ev PAM_AUTHTOK ,
 and
 .Ev PAM_USER .
 .Sh SEE ALSO
--- pam_exec.8.diff ends here ---

--- pam_exec.c.diff begins here ---
--- pam_exec.c.orig	Sat May 19 12:51:42 2007
+++ pam_exec.c	Sat May 19 12:56:50 2007
@@ -57,6 +57,7 @@
 	ENV_ITEM(PAM_TTY),
 	ENV_ITEM(PAM_RHOST),
 	ENV_ITEM(PAM_RUSER),
+	ENV_ITEM(PAM_AUTHTOK),
 };
 
 static int
--- pam_exec.c.diff ends here ---




>Release-Note:
>Audit-Trail:
>Unformatted:
