1a76a4d44SDag-Erling Smørgrav.\" Copyright (c) 2001,2003 Networks Associates Technology, Inc. 24d34b914SDag-Erling Smørgrav.\" Copyright (c) 2017-2019 Dag-Erling Smørgrav 3bb3ba83eSDag-Erling Smørgrav.\" Copyright (c) 2018 Thomas Munro 4f65b2180SDag-Erling Smørgrav.\" All rights reserved. 5f65b2180SDag-Erling Smørgrav.\" 6f65b2180SDag-Erling Smørgrav.\" Portions of this software were developed for the FreeBSD Project by 7f65b2180SDag-Erling Smørgrav.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 8f65b2180SDag-Erling Smørgrav.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9f65b2180SDag-Erling Smørgrav.\" ("CBOSS"), as part of the DARPA CHATS research program. 10f65b2180SDag-Erling Smørgrav.\" 11f65b2180SDag-Erling Smørgrav.\" Redistribution and use in source and binary forms, with or without 12f65b2180SDag-Erling Smørgrav.\" modification, are permitted provided that the following conditions 13f65b2180SDag-Erling Smørgrav.\" are met: 14f65b2180SDag-Erling Smørgrav.\" 1. Redistributions of source code must retain the above copyright 15f65b2180SDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer. 16f65b2180SDag-Erling Smørgrav.\" 2. Redistributions in binary form must reproduce the above copyright 17f65b2180SDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer in the 18f65b2180SDag-Erling Smørgrav.\" documentation and/or other materials provided with the distribution. 19f65b2180SDag-Erling Smørgrav.\" 3. The name of the author may not be used to endorse or promote 20f65b2180SDag-Erling Smørgrav.\" products derived from this software without specific prior written 21f65b2180SDag-Erling Smørgrav.\" permission. 22f65b2180SDag-Erling Smørgrav.\" 23f65b2180SDag-Erling Smørgrav.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24f65b2180SDag-Erling Smørgrav.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25f65b2180SDag-Erling Smørgrav.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26f65b2180SDag-Erling Smørgrav.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27f65b2180SDag-Erling Smørgrav.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28f65b2180SDag-Erling Smørgrav.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29f65b2180SDag-Erling Smørgrav.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30f65b2180SDag-Erling Smørgrav.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31f65b2180SDag-Erling Smørgrav.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32f65b2180SDag-Erling Smørgrav.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33f65b2180SDag-Erling Smørgrav.\" SUCH DAMAGE. 34f65b2180SDag-Erling Smørgrav.\" 354d34b914SDag-Erling Smørgrav.Dd May 24, 2019 36f65b2180SDag-Erling Smørgrav.Dt PAM_EXEC 8 37f65b2180SDag-Erling Smørgrav.Os 38f65b2180SDag-Erling Smørgrav.Sh NAME 39f65b2180SDag-Erling Smørgrav.Nm pam_exec 40f65b2180SDag-Erling Smørgrav.Nd Exec PAM module 41f65b2180SDag-Erling Smørgrav.Sh SYNOPSIS 42f65b2180SDag-Erling Smørgrav.Op Ar service-name 43f65b2180SDag-Erling Smørgrav.Ar module-type 44f65b2180SDag-Erling Smørgrav.Ar control-flag 45f65b2180SDag-Erling Smørgrav.Pa pam_exec 46f65b2180SDag-Erling Smørgrav.Op Ar arguments 47f65b2180SDag-Erling Smørgrav.Sh DESCRIPTION 487e3d5c1fSJean-Sébastien PédronThe exec service module for PAM executes the program designated by 497e3d5c1fSJean-Sébastien Pédronits first argument if no options are specified, with its remaining 507e3d5c1fSJean-Sébastien Pédronarguments as command-line arguments. 517e3d5c1fSJean-Sébastien PédronIf options are specified, the program and its arguments follow the last 527e3d5c1fSJean-Sébastien Pédronoption or 537e3d5c1fSJean-Sébastien Pédron.Cm -- 547e3d5c1fSJean-Sébastien Pédronif the program name conflicts with an option name. 557e3d5c1fSJean-Sébastien Pédron.Pp 567e3d5c1fSJean-Sébastien PédronThe following options may be passed before the program and its 577e3d5c1fSJean-Sébastien Pédronarguments: 583869fb78SDag-Erling Smørgrav.Bl -tag -width indent 593869fb78SDag-Erling Smørgrav.It Cm capture_stderr 603869fb78SDag-Erling SmørgravCapture text printed by the program to its standard error stream and 613869fb78SDag-Erling Smørgravpass it to the conversation function as error messages. 623869fb78SDag-Erling SmørgravNo attempt is made at buffering the text, so results may vary. 633869fb78SDag-Erling Smørgrav.It Cm capture_stdout 643869fb78SDag-Erling SmørgravCapture text printed by the program to its standard output stream and 653869fb78SDag-Erling Smørgravpass it to the conversation function as informational messages. 663869fb78SDag-Erling SmørgravNo attempt is made at buffering the text, so results may vary. 673869fb78SDag-Erling Smørgrav.It Cm debug 683869fb78SDag-Erling SmørgravIgnored for compatibility reasons. 693869fb78SDag-Erling Smørgrav.It Cm no_warn 703869fb78SDag-Erling SmørgravIgnored for compatibility reasons. 717e3d5c1fSJean-Sébastien Pédron.It Cm return_prog_exit_status 727e3d5c1fSJean-Sébastien PédronUse the program exit status as the return code of the pam_sm_* function. 737e3d5c1fSJean-Sébastien PédronIt must be a valid return value for this function. 74bb3ba83eSDag-Erling Smørgrav.It Cm expose_authtok 75e165d7bcSDag-Erling SmørgravWrite the authentication token to the program's standard input stream, 76e165d7bcSDag-Erling Smørgravfollowed by a NUL character. 774d34b914SDag-Erling SmørgravIgnored for 784d34b914SDag-Erling Smørgrav.Fn pam_sm_setcred . 794d34b914SDag-Erling Smørgrav.It Cm use_first_pass 804d34b914SDag-Erling SmørgravIf 814d34b914SDag-Erling Smørgrav.Cm expose_authtok 824d34b914SDag-Erling Smørgravwas specified, do not prompt for an authentication token if one is not 834d34b914SDag-Erling Smørgravalready available. 847e3d5c1fSJean-Sébastien Pédron.It Cm -- 857e3d5c1fSJean-Sébastien PédronStop options parsing; 867e3d5c1fSJean-Sébastien Pédronprogram and its arguments follow. 877e3d5c1fSJean-Sébastien Pédron.El 887e3d5c1fSJean-Sébastien Pédron.Pp 89a76a4d44SDag-Erling SmørgravThe child's environment is set to the current PAM environment list, 90a76a4d44SDag-Erling Smørgravas returned by 91a76a4d44SDag-Erling Smørgrav.Xr pam_getenvlist 3 . 929d97c7eeSDag-Erling SmørgravIn addition, the following PAM items are exported as environment 939d97c7eeSDag-Erling Smørgravvariables: 949d97c7eeSDag-Erling Smørgrav.Ev PAM_RHOST , 959d97c7eeSDag-Erling Smørgrav.Ev PAM_RUSER , 969d97c7eeSDag-Erling Smørgrav.Ev PAM_SERVICE , 977e3d5c1fSJean-Sébastien Pédron.Ev PAM_SM_FUNC , 987e3d5c1fSJean-Sébastien Pédron.Ev PAM_TTY 999d97c7eeSDag-Erling Smørgravand 1009d97c7eeSDag-Erling Smørgrav.Ev PAM_USER . 1017e3d5c1fSJean-Sébastien Pédron.Pp 1027e3d5c1fSJean-Sébastien PédronThe 1037e3d5c1fSJean-Sébastien Pédron.Ev PAM_SM_FUNC 1047e3d5c1fSJean-Sébastien Pédronvariable contains the name of the PAM service module function being 1057e3d5c1fSJean-Sébastien Pédroncalled. 1067e3d5c1fSJean-Sébastien PédronIt may be: 1077e3d5c1fSJean-Sébastien Pédron.Bl -dash -offset indent -compact 1087e3d5c1fSJean-Sébastien Pédron.It 1097e3d5c1fSJean-Sébastien Pédronpam_sm_acct_mgmt 1107e3d5c1fSJean-Sébastien Pédron.It 1117e3d5c1fSJean-Sébastien Pédronpam_sm_authenticate 1127e3d5c1fSJean-Sébastien Pédron.It 1137e3d5c1fSJean-Sébastien Pédronpam_sm_chauthtok 1147e3d5c1fSJean-Sébastien Pédron.It 1157e3d5c1fSJean-Sébastien Pédronpam_sm_close_session 1167e3d5c1fSJean-Sébastien Pédron.It 1177e3d5c1fSJean-Sébastien Pédronpam_sm_open_session 1187e3d5c1fSJean-Sébastien Pédron.It 1197e3d5c1fSJean-Sébastien Pédronpam_sm_setcred 1207e3d5c1fSJean-Sébastien Pédron.El 1217e3d5c1fSJean-Sébastien Pédron.Pp 1227e3d5c1fSJean-Sébastien PédronIf 1237e3d5c1fSJean-Sébastien Pédron.Cm return_prog_exit_status 1247e3d5c1fSJean-Sébastien Pédronis not set (default), the 1257e3d5c1fSJean-Sébastien Pédron.Ev PAM_SM_FUNC 1267e3d5c1fSJean-Sébastien Pédronfunction returns 1277e3d5c1fSJean-Sébastien Pédron.Er PAM_SUCCESS 1287e3d5c1fSJean-Sébastien Pédronif the program exit status is 0, 1297e3d5c1fSJean-Sébastien Pédron.Er PAM_PERM_DENIED 1307e3d5c1fSJean-Sébastien Pédronotherwise. 1317e3d5c1fSJean-Sébastien Pédron.Pp 1327e3d5c1fSJean-Sébastien PédronIf 1337e3d5c1fSJean-Sébastien Pédron.Cm return_prog_exit_status 1347e3d5c1fSJean-Sébastien Pédronis set, the program exit status is used. 1357e3d5c1fSJean-Sébastien PédronIt should be 1367e3d5c1fSJean-Sébastien Pédron.Er PAM_SUCCESS 1377e3d5c1fSJean-Sébastien Pédronor one of the error codes allowed by the calling 1387e3d5c1fSJean-Sébastien Pédron.Ev PAM_SM_FUNC 1397e3d5c1fSJean-Sébastien Pédronfunction. 1407e3d5c1fSJean-Sébastien PédronThe valid codes are documented in each function man page. 1417e3d5c1fSJean-Sébastien PédronIf the exit status is not a valid return code, 1427e3d5c1fSJean-Sébastien Pédron.Er PAM_SERVICE_ERR 1437e3d5c1fSJean-Sébastien Pédronis returned. 1447e3d5c1fSJean-Sébastien PédronEach valid codes numerical value is available as an environment variable 1457e3d5c1fSJean-Sébastien Pédron(eg.\& 1467e3d5c1fSJean-Sébastien Pédron.Ev PAM_SUCESS , 1477e3d5c1fSJean-Sébastien Pédron.Ev PAM_USER_UNKNOWN , 1487e3d5c1fSJean-Sébastien Pédronetc). 1497e3d5c1fSJean-Sébastien PédronThis is useful in shell scripts for instance. 150f65b2180SDag-Erling Smørgrav.Sh SEE ALSO 15159a1db5bSJens Schweikhardt.Xr pam 3 , 152*6e1fc011SGraham Percival.Xr pam_get_item 3 , 15359a1db5bSJens Schweikhardt.Xr pam_sm_acct_mgmt 3 , 15459a1db5bSJens Schweikhardt.Xr pam_sm_authenticate 3 , 15559a1db5bSJens Schweikhardt.Xr pam_sm_chauthtok 3 , 15659a1db5bSJens Schweikhardt.Xr pam_sm_close_session 3 , 15759a1db5bSJens Schweikhardt.Xr pam_sm_open_session 3 , 158*6e1fc011SGraham Percival.Xr pam_sm_setcred 3 , 159*6e1fc011SGraham Percival.Xr pam.conf 5 160f65b2180SDag-Erling Smørgrav.Sh AUTHORS 161f65b2180SDag-Erling SmørgravThe 162f65b2180SDag-Erling Smørgrav.Nm 163f65b2180SDag-Erling Smørgravmodule and this manual page were developed for the 164f65b2180SDag-Erling Smørgrav.Fx 165f65b2180SDag-Erling SmørgravProject by 166f65b2180SDag-Erling SmørgravThinkSec AS and NAI Labs, the Security Research Division of Network 1671a0a9345SRuslan ErmilovAssociates, Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035 168f65b2180SDag-Erling Smørgrav.Pq Dq CBOSS , 169f65b2180SDag-Erling Smørgravas part of the DARPA CHATS research program. 170