Hi I am fairly new to these stuff so I don't know if this is actually pam_mount bug or pam...
I manage a lab. in my uni. so I needed to setup LDAP based authentication with SAMBA mounted home directories. The default behavior of pam_mount + smbmount couldn't do my job so I wrote a script (mysmbmount.sh) to do the job. This does the following 2 things:
1) check that home directory is not all ready mounted
2) check that the user is not local one (I support both local and LDAP users with the same username...)
- THE PROBLEM
My pam_mount config includes the following:
<smbmount>mysmbmount.sh //%(SERVER)/%(VOLUME) %(MNTPT) -o "users,username=%(USER)%(before=\",\" OPTIONS)"</smbmount>
<volume fstype="smbfs" server="neminas" path="%(USER)" mountpoint="~" options="users" />
Now my script follows:
# Check that the home is not already mounted
res=`mount | grep "$1"`
if [ "$res" != "" ]; then
# Check that the user is NOT local
# (if it is local and we mount the remote home
# we have no permissions to the home...)
# SECURITY BUG:
# The following results to the user password ???!!!
#user=`cut -d' ' -f1`
user=`echo "$1" | cut -d'/' -f4`
res=`cat /etc/passwd | grep "$user"`
if [ "$res" != "" ]; then
As you can see in the comments, when I was writing the script I forgot to add "echo $1" to the cut line. The cut though command alone produces output!!? And it is not random, it is the user's _password_ clear text. To test it add "echo $user > /tmp/test" and when you are in cat test file... Also the delimiter does not matter...
I cannot understand what is been cut? and I am not sure that this is a bug... but it seems weird to me to be able to have all my user's clear text passwords (seems like a flow in the pam stuff)
- Some more info:
urban@mig-manager:~$ cat /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 10.04.1 LTS"
urban@mig-manager:~$ uname -a
Linux mig-manager 2.6.32-27-server #49-Ubuntu SMP Thu Dec 2 02:05:21 UTC 2010 x86_64 GNU/Linux
urban@mig-manager:~$ dpkg -l | grep pam
ii auth-client-config 0.9 pam and NSS profile switcher
ii libpam-ck-connector 0.4.1-3ubuntu1 ConsoleKit PAM module
ii libpam-ldap 184-8.2ubuntu1 Pluggable Authentication Module for LDAP
ii libpam-modules 1.1.1-2ubuntu5 Pluggable Authentication Modules for PAM
ii libpam-mount 1.32-2 PAM module that can mount volumes for a user session
ii libpam-runtime 1.1.1-2ubuntu5 Runtime support for the PAM library
ii libpam-smbpass 2:3.4.7~dfsg-1ubuntu3.3 pluggable authentication module for Samba
ii libpam0g 1.1.1-2ubuntu5 Pluggable Authentication Modules library
ii python-pam 0.4.2-12.1ubuntu1 A Python interface to the PAM library
Log in to post a comment.