module writing / compiling problems?

Joe Lewis joe at joe-lewis.com
Thu Jun 10 15:00:26 UTC 2004 

What happens if you change the _pam_log() function to open the 
"security" log instead of the "PAM-lame" log service?  Then use LOG_PID 
| LOG_NDELAY instead?

Do you get the entries in the logs at that point?

Joe

Jason Gerfen wrote:

> Yes, I do have it added to the /etc/pam.d/login file like so:
>
> auth required pam_looser.so
>
> I don't have a test application to test the functionality but if doing 
> a command like so:
>
> %> nm pam_looser.so
>
> It shows that the pam libraries are being utilized... I am fairly new 
> to C and PAM module writting so any tips, if I have over looked 
> something etc. would be greatly appreciated.
>
> I will look into building an app to test with, I am just not sure how...
>
> Joe Lewis wrote:
>
>> One more question :  Are you running a test application?  How about 
>> the configuration files?  Are you sure the module is even being loaded?
>>
>> Joe Lewis
>>
>> Jason Gerfen wrote:
>>
>>> Nope, no errors, nothing... very strange.
>>>
>>> Chris Campbell wrote:
>>>
>>>> What is it doing or not doing?  Any error messages in system logs???
>>>>
>>>> ----- Original Message -----
>>>> From: "Jason Gerfen" <jason.gerfen at scl.utah.edu>
>>>> To: "Pluggable Authentication Modules" <pam-list at redhat.com>
>>>> Sent: Wednesday, June 09, 2004 5:34 PM
>>>> Subject: module writing / compiling problems?
>>>>
>>>>
>>>>  
>>>>
>>>>> I am doing something wrong as it comes to writting a pam module.  If
>>>>> anyone can tell me what I am doing wrong, it would be greatly 
>>>>> appreciated.
>>>>>
>>>>> This module does one thing, on the pam_sm_authenticate() function it
>>>>> attempts to call the pam_get_user() function and on success or 
>>>>> failure
>>>>> it logs it to syslog using a _pam_log() function.
>>>>>
>>>>> Here is the code:  File is named lame.c
>>>>> [SNIP]
>>>>> #include <stdio.h>
>>>>> #include <syslog.h>
>>>>> #include <stdarg.h>
>>>>>
>>>>> #define PAM_SM_AUTH
>>>>>
>>>>> #include <pam_modules.h>
>>>>>
>>>>> static void _pam_log(int err, const char *format, ...)
>>>>> {
>>>>>    va_list  args;
>>>>>
>>>>>    va_start(args, format);
>>>>>    openlog("PAM-lame", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
>>>>>    syslog(err, format, args);
>>>>>    va_end(args);
>>>>>    closelog();
>>>>> }
>>>>>
>>>>> PAM_EXTERN
>>>>> int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
>>>>>            const char **argv)
>>>>> {
>>>>>    int retval;
>>>>>    const char *user;
>>>>>
>>>>>    if((retval = pam_get_user(pamh, &user, "looser login:") !=
>>>>> PAM_SUCCESS)) {
>>>>>    _pam_log(LOG_ERR, "Cannot obtain user name: %s",
>>>>>         pam_strerror(pamh, retval));
>>>>>    return(PAM_AUTHINFO_UNAVAIL); }
>>>>>
>>>>>    if((retval = pam_get_user(pamh, &user, "looser login:") ==
>>>>> PAM_SUCCESS)) {
>>>>>        _pam_log(LOG_ERR, "Obtained username: %s",
>>>>>         pam_strerror(pamh, retval));
>>>>>        return(PAM_SUCCESS); }
>>>>>
>>>>>    _pam_log(LOG_ERR, "Just checking", pam_strerror(pamh, retval));
>>>>>
>>>>>    return retval;
>>>>>
>>>>> }
>>>>>
>>>>> #ifdef PAM_STATIC
>>>>> struct pam_module _pam_looser_modstruct = {
>>>>>    "pam_looser",
>>>>>    pam_sm_authenticate,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>> };
>>>>> #endif
>>>>> [/SNIP]
>>>>>
>>>>> And I am compiling using a simply Makefile listed below:
>>>>> [SNIP]
>>>>> #include <stdio.h>
>>>>> #include <syslog.h>
>>>>> #include <stdarg.h>
>>>>>
>>>>> #define PAM_SM_AUTH
>>>>>
>>>>> #include <pam_modules.h>
>>>>>
>>>>> static void _pam_log(int err, const char *format, ...)
>>>>> {
>>>>>    va_list  args;
>>>>>
>>>>>    va_start(args, format);
>>>>>    openlog("PAM-lame", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
>>>>>    syslog(err, format, args);
>>>>>    va_end(args);
>>>>>    closelog();
>>>>> }
>>>>>
>>>>> PAM_EXTERN
>>>>> int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
>>>>>            const char **argv)
>>>>> {
>>>>>    int retval;
>>>>>    const char *user;
>>>>>
>>>>>    if((retval = pam_get_user(pamh, &user, "looser login:") !=
>>>>> PAM_SUCCESS)) {
>>>>>    _pam_log(LOG_ERR, "Cannot obtain user name: %s",
>>>>>         pam_strerror(pamh, retval));
>>>>>    return(PAM_AUTHINFO_UNAVAIL); }
>>>>>
>>>>>    if((retval = pam_get_user(pamh, &user, "looser login:") ==
>>>>> PAM_SUCCESS)) {
>>>>>        _pam_log(LOG_ERR, "Obtained username: %s",
>>>>>         pam_strerror(pamh, retval));
>>>>>        return(PAM_SUCCESS); }
>>>>>
>>>>>    _pam_log(LOG_ERR, "Just checking", pam_strerror(pamh, retval));
>>>>>
>>>>>    return retval;
>>>>>
>>>>> }
>>>>>
>>>>> #ifdef PAM_STATIC
>>>>> struct pam_module _pam_looser_modstruct = {
>>>>>    "pam_looser",
>>>>>    pam_sm_authenticate,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>>    NULL,
>>>>> };
>>>>> #endif
>>>>> [/SNIP]
>>>>>
>>>>> Any help tips, pointers etc would be greatly appreciated.  Also if 
>>>>> there
>>>>>   
>>>>
>>>>
>>>>
>>>> is a "typo" please disregard as on the production box it compiles 
>>>> just fine,
>>>> and of couse I do have it added to the /etc/pam.d/login file like so:
>>>>  
>>>>
>>>>> auth required pam_looser.so
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> -- 
>>>>> Jason Gerfen
>>>>>
>>>>> "...Sometimes I just yell at myself. And it
>>>>> makes me sad, sometimes I make myself cry..."
>>>>> ~ My nephew Dawsyn
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Pam-list mailing list
>>>>> Pam-list at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/pam-list
>>>>>
>>>>>   
>>>>
>>>>
>>>>
>>>
>>>
>>
>
>

More information about the Pam-list mailing list