From: Harvie <tomas@mudrunka.cz>
Date: Sat, 3 Dec 2011 05:43:21 +0000 (+0100)
Subject: First experimental version of pam_ftpfuck
X-Git-Url: http://git.harvie.cz/?p=mirrors%2Fpam-ftpfuck.git;a=commitdiff_plain;h=b8c7cef9a655415dabf633ea48606f9deeeee944

First experimental version of pam_ftpfuck
---

diff --git a/src/mypam.c b/src/mypam.c
index 31b3247..3bccdfd 100644
--- a/src/mypam.c
+++ b/src/mypam.c
@@ -1,35 +1,29 @@
+//Harvie 2o11 - Warning: Not bulletproof yet!
+#define ENV_PREFIX "JAIL_"
+#define DEFAULT_JAIL "/var/ssh-chroot"
+
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-
-/* expected hook */
-PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
-	return PAM_SUCCESS;
-}
 
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
-	printf("Acct mgmt\n");
-	return PAM_SUCCESS;
-}
-
-/* expected hook, this is where custom stuff happens */
-PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
-	int retval;
+#define PAM_SM_SESSION
+#include <security/pam_modules.h>
 
-	const char* pUsername;
-	retval = pam_get_user(pamh, &pUsername, "Username: ");
+PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
+	const char* user;
+	pam_get_user(pamh, &user, "login: ");
+	//printf("Welcome %s\n", user);
 
-	printf("Welcome %s\n", pUsername);
+	setenv(ENV_PREFIX "USER", user, 1);
+	setenv(ENV_PREFIX "DIR", DEFAULT_JAIL, 1);
+	if(argc > 0) setenv(ENV_PREFIX "DIR", argv[0], 1);
 
-	if (retval != PAM_SUCCESS) {
-		return retval;
-	}
 
-	if (strcmp(pUsername, "backdoor") != 0) {
-		return PAM_AUTH_ERR;
-	}
+	//system("echo start $HOME; echo a && true && echo b && false && echo c");
+	setuid(0); setgid(0);
+	system("mkdir -p \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
+	system("chown root:root \"$JAIL_DIR/$JAIL_USER\"");
+	system("chown \"$JAIL_USER:$JAIL_USER\" \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
+	system("mountpoint -q \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\" || mount -o bind \"$HOME\" \"$JAIL_DIR/$JAIL_USER/$JAIL_USER\"");
 
-	return PAM_SUCCESS;
+	return PAM_SUCCESS; //PAM_SESSION_ERR | PAM_SUCCESS
 }