[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAP and PAM

Tuomo Pyhala writes:
>If you can point me sufficient documentation, i could try doing it myself
>too, it can't be a complicated task, or is it?

Not at all.

It tries to pass the password in using PAM_AUTHTOK, but the framework
doesn't let PAM_AUTHTOK pass into or out of the application as a
security measure.

Instead, you need to implement a conversation function that just
assumes that a request to get text with echoing turned off is a
request for the password, and pass it in that way.  I'm including
such a conversation function, just plug it in and play.  Make sure
that you call pam_start with the username specified so that it
doesn't ask the conversation function to get the username.

Thanks for asking!


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz

static char *PAM_password;
static int PAM_error = 0;

/* PAM conversation function
 * Here we assume that echo off means password.
static int PAM_conv (int num_msg,
                     const struct pam_message **msg,
                     struct pam_response **resp,
                     void *appdata_ptr) {
  int replies = 0;
  struct pam_response *reply = NULL;

  #define COPY_STRING(s) (s) ? strdup(s) : NULL

  reply = malloc(sizeof(struct pam_response) * num_msg);
  if (!reply) return PAM_CONV_ERR;

  for (replies = 0; replies < num_msg; replies++) {
    switch (msg[replies]->msg_style) {
        reply[replies].resp_retcode = PAM_SUCCESS;
        reply[replies].resp = COPY_STRING(PAM_password);
          /* PAM frees resp */
      case PAM_TEXT_INFO:
        /* fall through */
      case PAM_ERROR_MSG:
        /* ignore it, but pam still wants a NULL response... */
        reply[replies].resp_retcode = PAM_SUCCESS;
        reply[replies].resp = NULL;
      case PAM_PROMPT_ECHO_ON:
        /* fall through */
        /* Must be an error of some sort... */
        free (reply);
        PAM_error = 1;
        return PAM_CONV_ERR;
  *resp = reply;
  return PAM_SUCCESS;

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []