mellon85 / shellinabox

Automatically exported from code.google.com/p/shellinabox
Other
0 stars 0 forks source link

Patch for using /etc/issue file as a login banner #29

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Hi,

I wanted to be able to issue a login banner when using the internal LOGIN
function of shellinabox, ala /sbin/getty -f issuefile.  I tried this when
starting shellinabox:

/usr/bin/shellinaboxd --user=0 --group=0 \
--service="/:root:root:/:/sbin/getty -f /etc/issue 38400 -"

But something wasn't happy, and I definitely lack the skill to troubleshoot
it.  

I hacked up the attached super-n00b patch, which does work, but is most
likely not the best solution.  agetty (the getty I'm using) allows for
string substitution in issue files, but the attached patch just cats the
issue file to the client, so ANSI escape sequences work (the client renders
them correctly) but no string substitution is performed.

Screenshot of the banner here (click through google's thingy):

http://psas.googlegroups.com/web/siab.issue_banner.26Aug2009.jpg

Also, any plans on setting up a mailing list for SIAB, using the issue
tracker for stuff like this seems like overkill.

Thanks,

Brian

Original issue reported on code.google.com by elspicyj...@gmail.com on 27 Aug 2009 at 2:15

Attachments:

GoogleCodeExporter commented 8 years ago
I need to think about this a little more. I am not quite sure this is the right 
solution. PAM already has support for outputting /etc/issue. But that currently 
doesn't seem to do anything in ShellInABox. That does look like a bug.

As for the mailing list, there is an old mailing list for this project. But it 
has 
always been very low traffic, so I have stopped advertising it, when I switched 
to 
the new code base.

The issue tracker works a little better for me, as helps me keep track of what 
still 
needs to be done before the next official release.

But if you think a mailing list would be more appropriate, I could certainly 
revive 
it.

Original comment by zod...@gmail.com on 27 Aug 2009 at 6:03

GoogleCodeExporter commented 8 years ago
I'm alright with using PAM for this if 1) it works :) and 2) I can figure out 
how to
work it, i.e. examples that I can use, as I'm not that PAM-saavy.  I'm currently
using busybox (http://www.busybox.net) for pretty much everything on the 
systems that
I'm using shellinabox with, but I have PAM support turned off inside it right 
now.

I don't really need the mailing list, however, it's not abundantly clear where 
people
can get help when they hit your main project page, and my experience has been 
that
people need things to be abundantly clear most of the time.  Right now, you 
sort of
have to click on everything and then find the issues page before you have a 
chance of
offering feedback.

Original comment by elspicyj...@gmail.com on 27 Aug 2009 at 6:16

GoogleCodeExporter commented 8 years ago
On Debian systems, you can create a file /etc/pam.d/shellinabox:

  auth required pam_issue.so issue=/etc/issue
  @include other

I haven't tested this on any distribution, but I would assume things should be 
very similar.

Please note that pam_issue has a bug in many commonly shipped versions. Unless 
you pass the "noesc" option, it 
won't be able to read any issue files. Alternatively, apply this patch:

--- pam-1.1.0/modules/pam_issue/pam_issue.c.orig    2009-11-21 14:08:21.866374292 
-0800
+++ pam-1.1.0/modules/pam_issue/pam_issue.c 2009-11-21 14:31:05.086176879 -0800
@@ -277,8 +277,8 @@ read_issue_quoted(pam_handle_t *pamh, FI
        return PAM_BUF_ERR;
        }
        issue = new_issue;
+       strcat(issue, buf);
    }
-   strcat(issue, buf);
     }

     if (ferror(fp)) {

Original comment by zod...@gmail.com on 21 Nov 2009 at 10:32