/usr/share/doc/libpam0g-dev/examples/regress/test.secret@here is in libpam0g-dev 1.1.3-7ubuntu2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | #!/usr/bin/perl
##
## this is a test script for regressing changes to the secret@here PAM
## agent
##
$^W = 1;
use strict;
use IPC::Open2;
$| = 1;
my $whoami = `/usr/bin/whoami`; chomp $whoami;
my $cookie = "12345";
my $user_domain = "$whoami\@local.host";
my $pid = open2(\*Reader, \*Writer, "../agents/secret\@here blah")
or die "failed to load secret\@here agent";
unless (-f (getpwuid($<))[7]."/.secret\@here") {
print STDERR "server: ". "no " .(getpwuid($<))[7]. "/.secret\@here file\n";
die "no config file";
}
WriteBinaryPrompt(\*Writer, 0x02, "secret\@here/$user_domain|$cookie");
my ($control, $data) = ReadBinaryPrompt(\*Reader);
print STDERR "server: ". "reply: control=$control, data=$data\n";
if ($control != 1) {
die "expected 1 (OK) for the first agent reply; got $control";
}
my ($seqid, $a_cookie) = split '\|', $data;
# server needs to convince agent that it knows the secret before
# agent will give a valid response
my $secret = IdentifyLocalSecret($user_domain);
my $digest = CreateDigest($a_cookie."|".$cookie."|".$secret);
print STDERR "server: ". "digest = $digest\n";
WriteBinaryPrompt(\*Writer, 0x01, "$seqid|$digest");
# The agent will authenticate us and then reply with its
# authenticating digest. we check that before we're done.
($control, $data) = ReadBinaryPrompt(\*Reader);
if ($control != 0x03) {
die "server: agent did not reply with a 'done' prompt ($control)\n";
}
unless ($data eq CreateDigest($secret."|".$cookie."|".$a_cookie)) {
die "server: agent is not authenticated\n";
}
print STDERR "server: agent appears to know secret\n";
my $session_authenticated_ticket
= CreateDigest($cookie."|".$secret."|".$a_cookie);
print STDERR "server: should putenv("
."\"AUTH_SESSION_TICKET=$session_authenticated_ticket\")\n";
exit 0;
sub CreateDigest ($) {
my ($data) = @_;
my $pid = open2(\*MD5out, \*MD5in, "/usr/bin/md5sum -")
or die "you'll need /usr/bin/md5sum installed";
my $oldfd = select MD5in; $|=1; select $oldfd;
print MD5in "$data";
close MD5in;
my $reply = <MD5out>;
($reply) = split /\s/, $reply;
print STDERR "server: ". "md5 said: <$reply>\n";
close MD5out;
return $reply;
}
sub ReadBinaryPrompt ($) {
my ($fd) = @_;
my $buffer = " ";
my $count = read($fd, $buffer, 5);
if ($count == 0) {
# no more packets to read
return (0, "");
}
if ($count != 5) {
# broken packet header
return (-1, "");
}
my ($length, $control) = unpack("N C", $buffer);
if ($length < 5) {
# broken packet length
return (-1, "");
}
my $data = "";
$length -= 5;
while ($count = read($fd, $buffer, $length)) {
$data .= $buffer;
if ($count != $length) {
$length -= $count;
next;
}
print STDERR "server: ". "data is [$data]\n";
return ($control, $data);
}
# broken packet data
return (-1, "");
}
sub WriteBinaryPrompt ($$$) {
my ($fd, $control, $data) = @_;
my $length = 5 + length($data);
printf STDERR "server: ". "{%d|0x%.2x|%s}\n", $length, $control, $data;
my $bp = pack("N C a*", $length, $control, $data);
print $fd $bp;
print STDERR "server: ". "control passed to agent\@here\n";
}
sub IdentifyLocalSecret ($) {
my ($identifier) = @_;
my $secret;
my $whoami = `/usr/bin/whoami` ; chomp $whoami;
if (open SECRETS, "< " .(getpwuid($<))[7]. "/.secret\@here") {
my $line;
while (defined ($line = <SECRETS>)) {
my ($id, $sec) = split /[\s]/, $line;
if ((defined $id) && ($id eq $identifier)) {
$secret = $sec;
last;
}
}
close SECRETS;
}
return $secret;
}
|