libpam-foreground-0.5+nmu1/0000775002342100234210000000000011401651641014315 5ustar pereperelibpam-foreground-0.5+nmu1/Makefile0000664002342100234210000000056310645674013015770 0ustar perepereall: pam_foreground.so check-foreground-console check-foreground-console: check-foreground-console.c gcc -O0 -g -Wall -o check-foreground-console check-foreground-console.c pam_foreground.so: pam_foreground.c gcc -fPIC -O2 -Wall -c pam_foreground.c ld -lpam -x --shared -o pam_foreground.so pam_foreground.o -lpam -lc clean: - rm *.o *.so check-foreground-console libpam-foreground-0.5+nmu1/pam_foreground.c0000664002342100234210000000731610645673667017524 0ustar perepere#include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include #define AUTH_DIR "/var/run/console" #define DATANAME "pam_foreground_console_file" static void cleanup(pam_handle_t *pamh, void *filename, int err) { unlink((char *)filename); free(filename); filename = NULL; } /* --- authentication management functions --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags , int argc , const char **argv ) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh , int flags , int argc , const char **argv ) { return PAM_SUCCESS; } /* --- account management functions --- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh , int flags , int argc , const char **argv ) { return PAM_SUCCESS; } /* --- password management --- */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh , int flags , int argc , const char **argv ) { return PAM_SUCCESS; } /* --- session management --- */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh , int flags , int argc , const char **argv ) { const char *user=NULL; struct stat finfo; char *filename; unsigned short console; int fd; struct vt_stat vtstat; size_t len; int retval; void *rhost=NULL; retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) { D(("get user returned error: %s", pam_strerror(pamh,retval))); return retval; } retval = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); if (retval != PAM_SUCCESS) { D(("get remote host returned error: %s", pam_strerror(pamh,retval))); return retval; } /* Skip lockfile creation when non-local */ if (rhost != NULL && *(char *)rhost != '\0') { return PAM_SUCCESS; } if (stat (AUTH_DIR, &finfo)) { if (errno != ENOENT) { D(("Can't access %s - %s\n", AUTH_DIR, strerror(errno))); goto fail; } else { if (mkdir(AUTH_DIR, 0755)) { D(("Can't mkdir %s - %s\n", AUTH_DIR, strerror(errno))); goto fail; } stat (AUTH_DIR, &finfo); } } /* Check that it's a directory */ if (!S_ISDIR(finfo.st_mode)) { D(("%s isn't a directory\n",AUTH_DIR)); goto fail; } fd = open("/dev/console", O_RDWR); if (fd < 1) { D(("Can't open console - %s\n",strerror(errno))); goto fail; } if (ioctl(fd, VT_GETSTATE, &vtstat)) { D(("ioctl failed - %s\n",strerror(errno))); goto fail; } close (fd); console = vtstat.v_active; if (console > 99) { D(("Console number too large\n")); goto fail; } len = strlen(user); len += strlen(AUTH_DIR); len += 5; filename = malloc(sizeof(char) * len); if (filename == NULL) { D(("Malloc failed\n")); goto fail; } sprintf(filename,"%s/%s:%d",AUTH_DIR,user,console); fd = open(filename,O_CREAT|O_WRONLY|O_EXCL,0644); if (fd < 1) { D(("Can't open %s - %s\n",filename,strerr(errno))); goto free; } /* HURRAH WE GET THERE IN THE END */ close(fd); /* Store the damn thing */ if (pam_set_data(pamh, DATANAME, (void *) filename, cleanup) != PAM_SUCCESS) { D(("Can't store data\n")); goto remove; } user = NULL; return PAM_SUCCESS; remove: unlink(filename); free: free(filename); close(fd); fail: user = NULL; return PAM_SESSION_ERR; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { /* If errors happen here, we're screwed. So. */ void *filename; if (pam_get_data(pamh, DATANAME, (const void **) &filename) == PAM_SUCCESS) { unlink((char *)filename); } return PAM_SUCCESS; } libpam-foreground-0.5+nmu1/debian/0000775002342100234210000000000011401651641015537 5ustar pereperelibpam-foreground-0.5+nmu1/debian/rules0000775002342100234210000000314711401643676016635 0ustar perepere#!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 CFLAGS = -Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 else CFLAGS += -O2 endif build: build-stamp build-stamp: dh_testdir # Add here commands to compile the package. #$(MAKE) touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp configure-stamp # Add here commands to clean up after the build process. #[ ! -f Makefile] || $(MAKE) clean dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs # Add here commands to install the package into debian/libpam-foreground. #mkdir -p debian/libpam-foreground/lib/security #mkdir -p debian/libpam-foreground/bin #cp pam_foreground.so debian/libpam-foreground/lib/security #cp check-foreground-console debian/libpam-foreground/bin/ #chown root:root debian/libpam-foreground/bin/check-foreground-console #chmod u=rwxs,g=rx,o=rx debian/libpam-foreground/bin/check-foreground-console # Build architecture-dependent files here. binary-arch: build install # We have nothing to do by default. # Build architecture-independent files here. binary-indep: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples #dh_installinit --no-start -u "start 46 S ." #dh_installman debian/check-foreground-console.1 #dh_lintian dh_link dh_strip dh_compress dh_fixperms -Xcheck-foreground-console dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install configure libpam-foreground-0.5+nmu1/debian/control0000664002342100234210000000111111401643625017137 0ustar perepereSource: libpam-foreground Section: misc Priority: optional Maintainer: Debian QA Group Build-Depends: debhelper (>= 6.0.7~) Standards-Version: 3.8.4 Package: libpam-foreground Architecture: all Depends: libpam-ck-connector Description: transitional dummy package which can be safely removed This package used to contain a pam module creating a file in /var/run/console/ for all users logged in to the console. This functionallity is now provided by the libpam-ck-connector package, and this package is now a dummy package to pull in libpam-ck-connector. libpam-foreground-0.5+nmu1/debian/lintian-overrides0000664002342100234210000000011511016136773021123 0ustar pereperelibpam-foreground: setuid-binary bin/check-foreground-console 4755 root/root libpam-foreground-0.5+nmu1/debian/compat0000664002342100234210000000000211016263220016727 0ustar perepere6 libpam-foreground-0.5+nmu1/debian/libpam-foreground.init0000664002342100234210000000117010645673317022054 0ustar perepere#!/bin/sh ### BEGIN INIT INFO # Provides: libpam-foreground-clean # Required-Start: $local_fs $remote_fs # Required-Stop: # Default-Start: S # Default-Stop: # Short-Description: Clean old status files during boot. ### END INIT INFO set -e . /lib/lsb/init-functions PATH=/sbin:/bin STATEDIR=/var/run/console case "$1" in start) if [ -d $STATEDIR ]; then log_begin_msg "Cleaning up $STATEDIR/..." rm -f $STATEDIR/* log_end_msg 0 fi exit 0 ;; stop|restart|force-reload) exit 0 ;; *) echo "Usage: $0 {start|stop|restart|force-reload}" >&2 exit 3 ;; esac libpam-foreground-0.5+nmu1/debian/check-foreground-console.10000664002342100234210000000302311017615700022503 0ustar perepere.\" Hey, EMACS: -*- nroff -*- .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH CHECK-FOREGROUND-CONSOLE 1 "May 22, 2008" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME check-foreground-console \- A tool to check if the current console is owned by the calling user .SH SYNOPSIS .B check-foreground-console .SH DESCRIPTION .B check-foreground-console exits successfully if the current user has the foreground console. .PP The pam_foreground module must be enabled for check-foreground-console to work properly. .SH USAGE check-foreground-console .SH OPTIONS check-foreground-console accepts no options or parameters. .PP .\" TeX users may be more comfortable with the \fB\fP and .\" \fI\fP escape sequences to invode bold face and italics, .\" respectively. .SH AUTHOR check-foreground-console was written by Daniel Silverstone . .PP This manual page was written by Barry deFreese , for the Debian project (but may be used by others). libpam-foreground-0.5+nmu1/debian/copyright0000664002342100234210000000266411015323132017472 0ustar perepereThis package was written and debianized by Matthew Garrett on Sat, 24 Dec 2005 00:24:27 +0000. Upstream Author: Matthew Garrett Copyright: (C) 2005 Matthew Garrett License: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. libpam-foreground-0.5+nmu1/debian/libpam-foreground.preinst0000775002342100234210000000166011401651635022572 0ustar perepere#!/bin/sh set -e # Remove a no-longer used conffile # Copied from http://wiki.debian.org/DpkgConffileHandling rm_conffile() { local PKGNAME="$1" local CONFFILE="$2" [ -e "$CONFFILE" ] || return 0 local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" if [ "$md5sum" != "$old_md5sum" ]; then echo "Obsolete conffile $CONFFILE has been modified by you." echo "Saving as $CONFFILE.dpkg-bak ..." mv -f "$CONFFILE" "$CONFFILE".dpkg-bak else echo "Removing obsolete conffile $CONFFILE ..." rm -f "$CONFFILE" fi } case "$1" in install|upgrade) if dpkg --compare-versions "$2" le "0.6"; then rm_conffile libpam-foreground "/etc/init.d/libpam-foreground" update-rc.d -f libpam-foreground remove fi esac #DEBHELPER# libpam-foreground-0.5+nmu1/debian/changelog0000664002342100234210000000444311401651534017417 0ustar pereperelibpam-foreground (0.7) unstable; urgency=low * QA upload. * Remember to remove conffile /etc/init.d/libpam-foreground when upgrading to dummy package. -- Petter Reinholdtsen Thu, 03 Jun 2010 08:57:30 +0200 libpam-foreground (0.6) unstable; urgency=low * QA upload. * This package is obsolete and replaced by libpam-ck-connector. Convert it to a dummy package with architecture all pulling in libpam-ck-connector (Closes: #517039). * Update standards version to 3.8.4. * Drop build depend on libpam-dev. -- Petter Reinholdtsen Thu, 03 Jun 2010 08:02:52 +0200 libpam-foreground (0.5) unstable; urgency=low * QA upload. + Set maintainer to Debian QA Group . * Make clean not ignore errors. * Remove dashed version from native package. * Remove unnecessary and unneeded comments and commands from rules. * Add VERY minimalistic manpage for check-foreground-console. * Fix debian/copyright syntax to make lintian happy. * Add lintian override for setuid binary. * Bump debhelper build-depends and compat to 6 (for dh_lintian). * Bump Standards Version to 3.7.3. -- Barry deFreese Thu, 22 May 2008 12:49:13 -0400 libpam-foreground (0.4-1) unstable; urgency=low * Bring in the Ubuntu changes (Closes: #432066, #432067) * Clean /var/run/console on boot (Closes: #431475) * Check that the login isn't remote (Closes: #431730) * Ensure that full library dependency information is included (Closes: #432035) -- Matthew Garrett Fri, 13 Jul 2007 14:03:10 +0100 libpam-foreground (0.3-0ubuntu1) gutsy; urgency=low * Add missing linker options (LP: #76364), thanks to Bohdan Kmit'. * Split out of native packaging. -- Kees Cook Thu, 21 Jun 2007 12:55:26 -0700 libpam-foreground (0.3) dapper; urgency=low * Added check-foreground-console tool -- Daniel Silverstone Thu, 11 May 2006 11:49:11 +0100 libpam-foreground (0.2) dapper; urgency=low * Fix up minor bugs for main inclusion -- Matthew Garrett Mon, 23 Jan 2006 22:50:45 +0000 libpam-foreground (0.1-1) dapper; urgency=low * Initial release -- Matthew Garrett Sat, 24 Dec 2005 00:24:27 +0000 libpam-foreground-0.5+nmu1/debian/README.Debian0000664002342100234210000000046010645673125017612 0ustar pereperelibpam-foreground for Debian ---------------------------- This package will create a /var/run/console/username:vt whenever a user logs in if it's added to a session configuration. When the user logs out, it will be removed. -- Matthew Garrett , Sat, 24 Dec 2005 00:24:27 +0000 libpam-foreground-0.5+nmu1/check-foreground-console.c0000664002342100234210000000205010430613013021333 0ustar perepere/* * check-foreground-console: A tool to check if the current console is owned * by the calling user. * * Copyright 2006 Daniel Silverstone * * Licence: GPL v2 (but not later) */ #define CONSOLEDIR "/var/run/console" #define FILEPATTERN "%s/%s:%d" #define DIEIF(X) if ((X)) return 2; #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char **argv) { char buffer[PATH_MAX]; char *username; int fgvt; int fd; struct vt_stat vtstat; struct passwd *userinfo; fd = open("/dev/console", O_RDWR); DIEIF((fd < 1)); DIEIF((ioctl(fd, VT_GETSTATE, &vtstat))); close(fd); fgvt = vtstat.v_active; DIEIF((fgvt > 99)); userinfo = getpwuid(getuid()); username = userinfo->pw_name; /* All gathered together */ snprintf(buffer, PATH_MAX, FILEPATTERN, CONSOLEDIR, username, fgvt); return ((open(buffer, O_RDONLY)) == -1); }