[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

conversion function doesn't get called



Hmm, it looks like Anthonys work got a bit delayed, so I hacked up a
little authentication module myself. I have a problem though: the
conversation function never gets invoked. As you see in the code below, I
placed a printf right at the start but nothing gets printed out and
pam_authenticate fails. 

I attached the source in question, please look at the pam_auth_basic_user
function for pam structure initialization. I hope somebody here can point
out my error.

----

/* supply authentication information to PAM when asked */
int auth_pam_talker(int num_msg, const struct pam_message **msg, struct
pam_response **resp, void *appdata_ptr)
{
  unsigned short i = 0;
  auth_pam_userinfo *userinfo = (auth_pam_userinfo*)appdata_ptr;

  printf("auth_pam_talker invoked\n");

  /* we can provide a maximum of two responses -- username and password */
  if(num_msg > 2)
    return PAM_CONV_ERR;

  /* allocate memory to store response */
  resp = malloc(num_msg * sizeof(struct pam_response*));
  if(!resp)
    return PAM_CONV_ERR;
  *resp = malloc(sizeof(struct pam_response)*2);
  if(!*resp) {
    free(resp);
    resp = 0;
    return PAM_CONV_ERR;
  }
  
  /* copy values */
  for(i = 0; i < num_msg; i++) {
    /* select response based on requested output style */
    switch(msg[i]->msg_style) {
    case PAM_PROMPT_ECHO_ON:
      resp[i]->resp = xstrdup(userinfo->name);
      break;
    case PAM_PROMPT_ECHO_OFF:
      resp[i]->resp = xstrdup(userinfo->pw);
      break;
    }
  }
}

/* 
 * Determine user ID, and check if it really is that user, for HTTP
 * basic authentication...
 */
int pam_auth_basic_user (request_rec *r)
{
    int res = 0;
    /* mod_auth_pam specific */
    auth_pam_userinfo userinfo = { NULL, NULL };
    /* PAM specific  */
    struct pam_conv conv_info = { &auth_pam_talker, &userinfo};
    pam_handle_t *pamh  = NULL;

    /* read sent pw */
    if ((res = get_basic_auth_pw (r, &(userinfo.pw))))
      return res;
    
    /* this is only set after get_basic_auth_pw was called */
    userinfo.name = r->connection->user;
    
    /* initialize pam */
    if((res = pam_start(auth_pam_info.service, 
		 auth_pam_info.user, 
		 &conv_info, &pamh)) != PAM_SUCCESS) {
      log_reason(pam_strerror(res), r->uri, r);
      return DECLINED;
    }
    
    /* try to authenticate user, log error on failure */
    if((res = pam_authenticate(pamh, PAM_SILENT)) != PAM_SUCCESS) {
      log_reason(pam_strerror(res), r->uri, r);
      note_basic_auth_failure(r);
      pam_end(pamh, PAM_SUCCESS);
      return AUTH_REQUIRED;
    }

    pam_end(pamh, PAM_SUCCESS);
    return OK;
}
---

---Ingo



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []