<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<a class="moz-txt-link-abbreviated" href="mailto:pam-list-request@redhat.com">pam-list-request@redhat.com</a> wrote:
<blockquote cite="mid20070308170007.F2128734AC@hormel.redhat.com"
type="cite">
<pre wrap="">Send Pam-list mailing list submissions to
<a class="moz-txt-link-abbreviated" href="mailto:pam-list@redhat.com">pam-list@redhat.com</a>
To subscribe or unsubscribe via the World Wide Web, visit
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pam-list">https://www.redhat.com/mailman/listinfo/pam-list</a>
or, via email, send a message with subject or body 'help' to
<a class="moz-txt-link-abbreviated" href="mailto:pam-list-request@redhat.com">pam-list-request@redhat.com</a>
You can reach the person managing the list at
<a class="moz-txt-link-abbreviated" href="mailto:pam-list-owner@redhat.com">pam-list-owner@redhat.com</a>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pam-list digest..."
</pre>
<pre wrap="">
<hr size="4" width="90%">
Today's Topics:
1. Why my module can not be added? (qin)
2. Re: How to compile the PAM module (qin)
</pre>
<br>
<hr size="4" width="90%"><br>
<table class="header-part1" border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Subject:
</div>
Why my module can not be added?</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">From: </div>
qin <a class="moz-txt-link-rfc2396E" href="mailto:junying.qin@gmail.com"><junying.qin@gmail.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Date: </div>
Thu, 8 Mar 2007 11:48:05 +0800</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">To: </div>
"Pluggable Authentication Modules" <a class="moz-txt-link-rfc2396E" href="mailto:pam-list@redhat.com"><pam-list@redhat.com></a></td>
</tr>
</tbody>
</table>
<table class="header-part2" border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">To: </div>
"Pluggable Authentication Modules" <a class="moz-txt-link-rfc2396E" href="mailto:pam-list@redhat.com"><pam-list@redhat.com></a></td>
</tr>
</tbody>
</table>
<table class="header-part3" border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Content-Transfer-Encoding:
</div>
7bit</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Precedence:
</div>
junk</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">MIME-Version:
</div>
1.0</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Reply-To:
</div>
Pluggable Authentication Modules <a class="moz-txt-link-rfc2396E" href="mailto:pam-list@redhat.com"><pam-list@redhat.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Message-ID:
</div>
<a class="moz-txt-link-rfc2396E" href="mailto:3f2011250703071948n43f63903v103badc6289d3ea5@mail.gmail.com"><3f2011250703071948n43f63903v103badc6289d3ea5@mail.gmail.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Content-Type:
</div>
text/plain; charset=ISO-8859-1; format=flowed</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Message:
</div>
1</td>
</tr>
</tbody>
</table>
<br>
Hi,
<br>
<br>
I have built a test pam module to run with sshd. The codes are as
following:
<br>
<br>
#define PAM_SM_AUTH
<br>
<br>
#define _PAM_EXTERN_FUNCTIONS
<br>
#include <security/_pam_macros.h>
<br>
#include <security/pam_modules.h>
<br>
#include <security/pam_ext.h>
<br>
<br>
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
<br>
,int argc, const char **argv)
<br>
{
<br>
unsigned int ctrl;
<br>
int retval;
<br>
const char *name;
<br>
const void *p;
<br>
<br>
<br>
<br>
ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
<br>
<br>
<br>
<br>
/* get the user'name' */
<br>
<br>
retval = pam_get_user(pamh, &name, NULL);
<br>
if (retval == PAM_SUCCESS)
<br>
{
<br>
pam_syslog(pamh, LOG_DEBUG,
<br>
"XOS:checking logins for '%s'", name);
<br>
}
<br>
return retval; <br>
}
<br>
<br>
#ifdef PAM_STATIC
<br>
struct pam_module _pam_xos_auth_modstruct = {
<br>
"pam_xos_auth",
<br>
pam_sm_authenticate,
<br>
NULL,
<br>
NULL,
<br>
NULL,
<br>
NULL,
<br>
NULL,
<br>
};
<br>
<br>
I compiled as pam_xos_auth.so, and inserted in pam.d/sshd
<br>
# cat sshd
<br>
auth required /path/to/pam_xos_auth.so
<br>
...
<br>
<br>
When I used the ssh to login, I was told I had no permission. And
<br>
also, I checked the
<br>
/var/log/secure and found:
<br>
# cat /var/log/secure
<br>
...
<br>
Mar 8 10:12:19 FedoraC4 sshd[4814]: PAM unable to
<br>
dlopen(/path/to/pam_xos_auth.so)
<br>
Mar 8 10:12:19 FedoraC4 sshd[4814]: PAM [dlerror:
<br>
/path/to/pam_xos_auth.so: undefined symbol: pam_syslog]
<br>
Mar 8 10:12:19 FedoraC4 sshd[4814]: PAM adding faulty module:
<br>
/path/to/pam_xos_auth.so
<br>
Mar 8 10:12:24 FedoraC4 sshd[4814]: Failed password for anqin from
<br>
::ffff:10.61.0.7 port 4228 ssh2
<br>
<br>
what is the matter with this? Could somebody give me some advices?
<br>
<br>
Thank you very much!
<br>
<br>
<br>
<br>
<hr size="4" width="90%"><br>
<table class="header-part1" border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Subject:
</div>
Re: How to compile the PAM module</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">From: </div>
qin <a class="moz-txt-link-rfc2396E" href="mailto:junying.qin@gmail.com"><junying.qin@gmail.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Date: </div>
Thu, 8 Mar 2007 13:36:25 +0800</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">To: </div>
"Pluggable Authentication Modules" <a class="moz-txt-link-rfc2396E" href="mailto:pam-list@redhat.com"><pam-list@redhat.com></a>,
"Kenneth Geisshirt" <a class="moz-txt-link-rfc2396E" href="mailto:kenneth@geisshirt.dk"><kenneth@geisshirt.dk></a></td>
</tr>
</tbody>
</table>
<table class="header-part2" border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">To: </div>
"Pluggable Authentication Modules" <a class="moz-txt-link-rfc2396E" href="mailto:pam-list@redhat.com"><pam-list@redhat.com></a>,
"Kenneth Geisshirt" <a class="moz-txt-link-rfc2396E" href="mailto:kenneth@geisshirt.dk"><kenneth@geisshirt.dk></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">CC: </div>
</td>
</tr>
</tbody>
</table>
<table class="header-part3" border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Content-Transfer-Encoding:
</div>
7bit</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Precedence:
</div>
junk</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">MIME-Version:
</div>
1.0</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">References:
</div>
<a class="moz-txt-link-rfc2396E" href="mailto:3f2011250703070358n34cd78b9ha677b0a56d69ab49@mail.gmail.com"><3f2011250703070358n34cd78b9ha677b0a56d69ab49@mail.gmail.com></a>
<a class="moz-txt-link-rfc2396E" href="mailto:45EEAF41.2090905@geisshirt.dk"><45EEAF41.2090905@geisshirt.dk></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">In-Reply-To:
</div>
<a class="moz-txt-link-rfc2396E" href="mailto:45EEAF41.2090905@geisshirt.dk"><45EEAF41.2090905@geisshirt.dk></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Reply-To:
</div>
Pluggable Authentication Modules <a class="moz-txt-link-rfc2396E" href="mailto:pam-list@redhat.com"><pam-list@redhat.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Message-ID:
</div>
<a class="moz-txt-link-rfc2396E" href="mailto:3f2011250703072136k60570998lf67073d72f0134d@mail.gmail.com"><3f2011250703072136k60570998lf67073d72f0134d@mail.gmail.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Content-Type:
</div>
text/plain; charset=ISO-8859-1; format=flowed</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display: inline;">Message:
</div>
2</td>
</tr>
</tbody>
</table>
<br>
I compiled with -lc:
<br>
<br>
$ gcc -fPIC -lc pam_module.c -lpam -lpam_misc -lpamc
<br>
$ ld -x --shared -o pam_module.so pam_module.o
<br>
<br>
and found some functions are not found.
<br>
<br>
...
<br>
....:pam_module.c:undefined reference to '_set_ctrl'
<br>
...: pam_module.c:undefined reference to 'pam_syslog'
<br>
<br>
I have linked the libpam.so, libpamc.so and lpam_misc.so, why it can
<br>
not found the missing functions?
<br>
<br>
<br>
2007/3/7, Kenneth Geisshirt <a class="moz-txt-link-rfc2396E" href="mailto:kenneth@geisshirt.dk"><kenneth@geisshirt.dk></a>:
<br>
<blockquote type="cite">qin wrote:
<br>
<br>
> I have no idea. Could sombody give me some advice?
<br>
<br>
Try:
<br>
<br>
$ gcc -fPIC -c pam_module.c
<br>
$ ld -x --shared -o pam_module.so pam_module.o
<br>
<br>
/kneth
<br>
<br>
_______________________________________________
<br>
Pam-list mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pam-list">https://www.redhat.com/mailman/listinfo/pam-list</a>
<br>
<br>
</blockquote>
<br>
<br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
Pam-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pam-list@redhat.com">Pam-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pam-list">https://www.redhat.com/mailman/listinfo/pam-list</a></pre>
</blockquote>
Are you sure pam_syslog is in one of those libraries ?<br>
Most distribs don't use PAM from the kernel repositiries but something<br>
from red hat & friends. E.g. the current version of pam in Debian
'Etch'<br>
(still testing, but reasonable up to date) is 0.79 !!!<br>
And there ist definitely NO pam_syslog in libpam_misc.<br>
If you really need pam_syslog try this:<br>
<br>
-------------------------- snip snip ----------------------------------<br>
<tt>#ifndef LOG_IDENT<br>
#define LOG_IDENT "pam"<br>
#endif<br>
<br>
#include <syslog.h><br>
#include <stdarg.h><br>
<br>
static void pam_syslog(pam_handle_t *pamh, int err, const char *format,
...)<br>
{<br>
va_list args;<br>
char *service;<br>
<br>
if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) !=
PAM_SUCCESS)<br>
service = "unknown";<br>
<br>
va_start(args, format);<br>
openlog(service, LOG_PID, LOG_AUTHPRIV);<br>
vsyslog(err, format, args);<br>
closelog();<br>
va_end(args);<br>
}</tt><br>
-------------------------- snip snip ----------------------------------<br>
<br>
Call this using: pam_syslog(pamh, format, arg, arg,....)<br>
<br>
The argument pamh is required to aotomatically extract the pam service
name from<br>
the pam environment. If you don't need it, just remove it and all the
corresponding statements.<br>
All logging goes to the 'authpriv' channel.<br>
<br>
Good luck!<br>
<br>
Andreas<br>
<pre class="moz-signature" cols="90">--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
<a class="moz-txt-link-abbreviated" href="mailto:schindler@az1.de">schindler@az1.de</a>
<a class="moz-txt-link-abbreviated" href="http://www.az1.de">www.az1.de</a>
</pre>
</body>
</html>