First experimental version of pam_ftpfuck
authorHarvie <tomas@mudrunka.cz>
Sat, 3 Dec 2011 05:43:21 +0000 (06:43 +0100)
committerHarvie <tomas@mudrunka.cz>
Sat, 3 Dec 2011 05:43:21 +0000 (06:43 +0100)
src/mypam.c

index 31b3247..3bccdfd 100644 (file)
@@ -1,35 +1,29 @@
+//Harvie 2o11 - Warning: Not bulletproof yet!
+#define ENV_PREFIX "JAIL_"
+#define DEFAULT_JAIL "/var/ssh-chroot"
+
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-
-/* expected hook */
-PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
-       return PAM_SUCCESS;
-}
 
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
-       printf("Acct mgmt\n");
-       return PAM_SUCCESS;
-}
-
-/* expected hook, this is where custom stuff happens */
-PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
-       int retval;
+#define PAM_SM_SESSION
+#include <security/pam_modules.h>
 
-       const char* pUsername;
-       retval = pam_get_user(pamh, &pUsername, "Username: ");
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+       const char* user;
+       pam_get_user(pamh, &user, "login: ");
+       //printf("Welcome %s\n", user);
 
-       printf("Welcome %s\n", pUsername);
+       setenv(ENV_PREFIX "USER", user, 1);
+       setenv(ENV_PREFIX "DIR", DEFAULT_JAIL, 1);
+       if(argc > 0) setenv(ENV_PREFIX "DIR", argv[0], 1);
 
-       if (retval != PAM_SUCCESS) {
-               return retval;
-       }
 
-       if (strcmp(pUsername, "backdoor") != 0) {
-               return PAM_AUTH_ERR;
-       }
+       //system("echo start $HOME; echo a && true && echo b && false && echo c");
+       setuid(0); setgid(0);
+       system("mkdir -p \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
+       system("chown root:root \"$JAIL_DIR/$JAIL_USER\"");
+       system("chown \"$JAIL_USER:$JAIL_USER\" \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
+       system("mountpoint -q \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\" || mount -o bind \"$HOME\" \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
 
-       return PAM_SUCCESS;
+       return PAM_SUCCESS; //PAM_SESSION_ERR | PAM_SUCCESS
 }
This page took 0.206509 seconds and 4 git commands to generate.