Blob Blame History Raw
/*
This simple pam module saves the content of SSH_USER_AUTH variable to /tmp/SSH_USER_AUTH
file.

Setup:
  - gcc -fPIC -DPIC -shared -rdynamic -o pam_save_ssh_var.o pam_save_ssh_var.c
  - copy pam_save_ssh_var.o to /lib/security resp. /lib64/security
  - add to /etc/pam.d/sshd
	auth	requisite	pam_save_ssh_var.o
*/

/* Define which PAM interfaces we provide */
#define PAM_SM_ACCOUNT
#define PAM_SM_AUTH
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION

/* Include PAM headers */
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <stdlib.h>
#include <stdio.h>

int save_ssh_var(pam_handle_t *pamh, const char *phase) {
	FILE *fp;
	const char *var;

	fp = fopen("/tmp/SSH_USER_AUTH","a");
	fprintf(fp, "BEGIN (%s)\n", phase);
	var = pam_getenv(pamh, "SSH_USER_AUTH");
	if (var != NULL) {
		fprintf(fp, "SSH_USER_AUTH: '%s'\n", var);
	}
	fprintf(fp, "END (%s)\n", phase);
	fclose(fp);

	return 0;
}

/* PAM entry point for session creation */
int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for session cleanup */
int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for accounting */
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for authentication verification */
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	save_ssh_var(pamh, "auth");
	return(PAM_IGNORE);
}

/*
   PAM entry point for setting user credentials (that is, to actually
   establish the authenticated user's credentials to the service provider)
 */
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}

/* PAM entry point for authentication token (password) changes */
int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
	return(PAM_IGNORE);
}