#!/usr/bin/less ################################################################################ Program : pam_watch (part of pam_modules) Version : internal version 0.3.9 Purpose : Allows watching and controling user console License : GNU GPL v2 or later (see LICENSE and file LICENSE) Author : Samuel Behan (c) 2001 Requirements : pam system ################################################################################ ABOUT ----- This module creates two fifos (actualy it creates them on request) for each session - one for STDIN and one for STDOUT. Connecting them you can take 'remote' session under your control, seeing anything what 'remote' user can see and being able to write to it. For user it has additional (but experimental ?) feature - they can suspend the session so it will leave current terminal and it will be avaible only trought pam_watch viewer (see PAM_WATCHER and '-S' argument). FEATURES: - console output receiving (STDOUT + STDERR) - console input sending (STDIN) - console current screen caching (see SCREEN CACHE) - console suspend (!EXPERIMENTAL!) - enhanced suspend features (remote window resize - !EXPERIMENAL!) - user input disabling - user input echoing (messes the screen) - (no)watch users specification <<>> - PostgreSQL sometimes fails to start using 'su -c postmaster...' + make more UNiX independent (aka use libtool, autoconf...) + change **argv line (but how to get argv pointer?) + need better screen caching - Is there anybody (out) there who will do it ??? > I'll try in close future to implement simplier version of screen bassed on pam_watch functions. Any other bugs or tips (to make work this module better) report to (me) Samuel Behan and I'll try to help you (if I can) INSTALATION ----------- To compile and install this module just type: $ make install This command will build and install pam_watch.so to /lib/security. ( Note: for debugging reasons there is 'make link' provided that will just make symbolic link in /lib/security directory ) To activate this module for specific program (supporting pam), you have to modify pam service file placed in /etc/pam.d directory. Simply add line similar to this one to the service file: account required /lib/security/pam_watch.so path=/tmp/watch Module supports all pam management modes (auth, password...), but it is recommended to define it as first module (it should start as soon as possible) and run it in account mode (session mode). If you have some PROBLEMS starting application using pam_watch module, use argument 'debug', to enable verbose messages to syslog. To uninstall module just type: $ make uninstall and it will be removed. Uninstalation process automaticaly checks dependencies, so it will report any programs (files in /etc/pam.d) that will break down, by removing pam_watch from your system (you can type 'make depends' to invoke the check yourself). However unistalation will continue even if dependency check has failed !!! ARGUMENTS --------- path= - path to directory where fifos will be placed in. This argument is REQUIRED (ie. path=/tmp/watch) (this directory should be WRITEABLE by root group) !spy= spy= - you can specify names of users that should/should not be watched. If you'll use 'spy=' argument ONLY specified users WILL be watched, else if you will use '!spy=' argument ONLY specified users WILL NOT be watched Example: spy=sam,badguy1 #spy users sam and badguy1 ;-) !spy=root,www,postgres #spy any other user except # root and www and postgres nowrite - do not allow writing to terminal from outside, just watch (will not enable input fifo) nosuspend - do not allow session suspend nocache - disable screen caching (saves memory - at least 4.8k) debug - if something goes wrong setting this will say what it is... non_term new_term no_warn - accepted generic arguments (actualy they doesn't do anything usefull, their implementation has been inherited from pam_filter module) PAM_WATCHER ----------- pam_watcher is a perl script that is defaultly used for viewing session controled by pam_watch module (it is invoked by running session script). Arguments: pid:serivce[:suspended] - specifies pid (numeric), name of the service and optionaly suspended state (1/0) of the session -o fifo - fifo used for reading from session -i fifo - fifo used for writing to session -n - disable console input -a - disable auto-open hack (see AUTO-OPEN hack) -v - verbose mode -s - enhanced viewing features (see REMOTE RESIZE) -S - suspend current session (see SUSPENDED SESSION) -H - print HOW-TO for viewer keys -h - print help Viewer keys: Alt + X - exit viewer Alt + R - refresh screen from pam_watch screen cache Alt + I - togle user input Alt + E - togle user input echoing (messes the screen) Alt + D - disable local input to session Alt + W - resize remote terminal to size of current terminal SUSPENDED SESSION ( -S ) ----------------- pam_watch module implements experimental feature SUSPEND SESSION. When called (by running pam_watcher -S), session will 'leave' current terminal (it stops printing to and reading from it), and it will be avaible only via the viewer (see also REMOTE RESIZE). TECHNICAL NOTE: To let known pam_watch module it has to suspend the session string '\033[s' is printed to terminal ( running pam_watcher -S is equal to echo -en "\033[s" - both will suspend sesion ). However this string may be used for other actions by any other system. Please let me know if you have some problems with it - I'll try to find better solution. AUTO-OPEN hack ( -a ) -------------- Conception of pam_watch module asumes, that just a few of controled sessions will be realy viewed. A due to this pam_watch trys to open IO fifos only when announced (by sending signal commmad) and only when any IO operation is done. This can block opening of output fifo while any IO activity is not detected. Pam_watcher implements simple (== ugly) hack for overriding this - it invokes activity itself, by writing to input fifo. BUT if this hack is disabled or input fifo is not avaible you have to wait until IO operation is done (user input, program output) - since that time your viewer will be blocked - waiting for I/O open. REMOTE RESIZE (Alt + W | :suspended | -s) ------------- Since size of the original (the one session started from) and viewing (the one you use with pam_watcher) terminal may differ, pam_watch uses remote resize to set resize remote terminal to size of the current one. !!! This function requires additional file (for ioctl), that can be missing on some systems or perl instalations. You can create it converting file /usr/include/asm/ioctls.h (its position may be different on your system) using h2ph script : $ h2ph /usr/include/asm/ioctls.h However if this fails or you don't want to use this feature, you can changing the variable $ALLOWS_SUSPEND found at the top of the pam_watcher script. By default it is set to 'auto', so the script will enable this feature only on LINUX systems. If you set the value to 'yes', no check will be done and it will be automaticaly enabled, and if you set it to 'no' this feature will be automaticaly disabled. TECHNCAL NOTE: For remote resizing I use special string '\033[S' followed by the new sizes ROWSxCOLS. However this string may be used for other actions by kernel console driver or any other application playing with screen. Please let me know, it you have some problems with this - I'll look for better solution. KNOW-HOW -------- pam_watch module creates for each session it is runned, simple shell script placed in the directory specified as 'path=' argument under directory named by the user running the module. The name of the script is created from the name of the service and its pid Example: running 'su devel' will create file simmilar to this /tmp/watch/devel/su-1234+ + /tmp/watch - is path as defined by by 'path=' argument + devel - is name of the user we are su-ing to + su - name of service (from /etc/pam.d/su) + 1234 - pid of the pam_watch module (can be any number) This script will invoke pam_watch viewer (see PAM_WATCHER), that will do all work for you and automatically connects to the session. You can override default use of pam_watcher script by defining shell variable $PAM_WATCHER pointing to another pam_watch compatible session viewer. IPC & FIFOS ----------- pam_watch uses special (bit stupit, but easy to implement) 'ipc' communication model. It interpretes signals (SIGUSR1 and SIGUSR2) as command 'bits' and from set of this bits it is created number specific for each signal set and for each command. Each signal set consists from 3 signals - this way pam_watch can receive 8 different commands. NOTE: Each non complete signal set will expire after 10 secconds, this can be good if any error occurs, but it is neccessary to say that there is no way to determine signal sender. So more senders can confuse the module - simply it is not very reliable. I use this communcation model because I've not found nothing more simplier and easily implementable.... In this signal set SIGUSR1 represents 0 and SIGUSR2 represents 1. Currently accepted 'commands': 111 - initializes 'remote' session, pam_watch will create I/O fifos and starts trying to open them. 110 - refreshes screen from screen cache 100 - togle user input 000 - recreates session script 001 - togle user input echoing (ie. to see passwords ???) Input and output fifo are created in the same directory as the script of the session, they look like this (according to previous example) /tmp/watch/devel/su-1234< - INPUT fifo, for writing to sessions STDIN /tmp/watch/devel/su-1234> - OUTPUT fifo, for reading sessions STDOUT + STDERR SCREEN CACHE ------------ I've implemented an art of screen cache (cscreen.c) that is very fast (uses one, maximaly two memcpy() calls) but not very reliable. It simply puts every STDOUT output to non-growing memory buffer. When buffer is full it starts to owerwrite oldest data with the newest one. This method is not very reliable because 'screen' applications (like MC) update only little parts of screen - and this little parts will almost fill whole buffer (do you know MURPHY's law ?), so on screen dump you will get only some sections from the current screen. However (most) of 'screen' applications accepts command key CTRL+L that will refresh the screen. - SIZE of screen buffer depends on size of your terminal (ROWS*COLS*2 + 500). - Default size is 9.6k (60*80*2) and maximum is 19.2k (60*60*4). - You can SWITCH screen cache OFF by passing 'nocache' argument to module. LICENSE ------- This program is distibuted under terms of General Public License version 2 or later from Free Software Foundation (see file LICENSE ditributed within this package). If terms of GNU GPL license are in contradiction of your copyright law, this program should be used as freeware - you can use it for free, but you can not distribute or modify it or use it's components in your programs.