openssh/tests/pam_ssh_agent_auth/pam_save_ssh_var.c

/*
This simple pam module saves the content of SSH_USER_AUTH variable to /tmp/SSH_USER_AUTH
file.

Setup:
  - gcc -fPIC -DPIC -shared -rdynamic -o pam_save_ssh_var.o pam_save_ssh_var.c
  - copy pam_save_ssh_var.o to /lib/security resp. /lib64/security
  - add to /etc/pam.d/sshd
	auth	requisite	pam_save_ssh_var.o
*/

/* Define which PAM interfaces we provide */
#define PAM_SM_ACCOUNT
#define PAM_SM_AUTH
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION

/* Include PAM headers */
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <stdlib.h>
#include <stdio.h>

int save_ssh_var(pam_handle_t *pamh, const char *phase) {
	FILE *fp;
	const char *var;

	fp = fopen("/tmp/SSH_USER_AUTH","a");
	fprintf(fp, "BEGIN (%s)\n", phase);
	var = pam_getenv(pamh, "SSH_USER_AUTH");
	if (var != NULL) {
		fprintf(fp, "SSH_USER_AUTH: '%s'\n", var);
	}
	fprintf(fp, "END (%s)\n", phase);
	fclose(fp);

	return 0;
}

/* PAM entry point for session creation */
int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for session cleanup */
int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for accounting */
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for authentication verification */
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	save_ssh_var(pamh, "auth");
	return(PAM_IGNORE);
}

/*
   PAM entry point for setting user credentials (that is, to actually
   establish the authenticated user's credentials to the service provider)
 */
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for authentication token (password) changes */
int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}
RHEL 9.0.0 Alpha bootstrap The content of this branch was automatically imported from Fedora ELN with the following as its source: https://src.fedoraproject.org/rpms/openssh#a048fcc3d0920b13b79be801efbae08388212c5f 2020-10-15 20:26:16 +00:00			`/*`
			`This simple pam module saves the content of SSH_USER_AUTH variable to /tmp/SSH_USER_AUTH`
			`file.`

			`Setup:`
			`- gcc -fPIC -DPIC -shared -rdynamic -o pam_save_ssh_var.o pam_save_ssh_var.c`
			`- copy pam_save_ssh_var.o to /lib/security resp. /lib64/security`
			`- add to /etc/pam.d/sshd`
			`auth requisite pam_save_ssh_var.o`
			`*/`

			`/* Define which PAM interfaces we provide */`
			`#define PAM_SM_ACCOUNT`
			`#define PAM_SM_AUTH`
			`#define PAM_SM_PASSWORD`
			`#define PAM_SM_SESSION`

			`/* Include PAM headers */`
			`#include <security/pam_appl.h>`
			`#include <security/pam_modules.h>`
			`#include <stdlib.h>`
			`#include <stdio.h>`

			`int save_ssh_var(pam_handle_t pamh, const char phase) {`
			`FILE *fp;`
			`const char *var;`

			`fp = fopen("/tmp/SSH_USER_AUTH","a");`
			`fprintf(fp, "BEGIN (%s)\n", phase);`
			`var = pam_getenv(pamh, "SSH_USER_AUTH");`
			`if (var != NULL) {`
			`fprintf(fp, "SSH_USER_AUTH: '%s'\n", var);`
			`}`
			`fprintf(fp, "END (%s)\n", phase);`
			`fclose(fp);`

			`return 0;`
			`}`

			`/* PAM entry point for session creation */`
			`int pam_sm_open_session(pam_handle_t pamh, int flags, int argc, const char *argv) {`
			`return(PAM_IGNORE);`
			`}`

			`/* PAM entry point for session cleanup */`
			`int pam_sm_close_session(pam_handle_t pamh, int flags, int argc, const char *argv) {`
			`return(PAM_IGNORE);`
			`}`

			`/* PAM entry point for accounting */`
			`int pam_sm_acct_mgmt(pam_handle_t pamh, int flags, int argc, const char *argv) {`
			`return(PAM_IGNORE);`
			`}`

			`/* PAM entry point for authentication verification */`
			`int pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char *argv) {`
			`save_ssh_var(pamh, "auth");`
			`return(PAM_IGNORE);`
			`}`

			`/*`
			`PAM entry point for setting user credentials (that is, to actually`
			`establish the authenticated user's credentials to the service provider)`
			`*/`
			`int pam_sm_setcred(pam_handle_t pamh, int flags, int argc, const char *argv) {`
			`return(PAM_IGNORE);`
			`}`

			`/* PAM entry point for authentication token (password) changes */`
			`int pam_sm_chauthtok(pam_handle_t pamh, int flags, int argc, const char *argv) {`
			`return(PAM_IGNORE);`
			`}`