[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAMifying network apps

On Mon, 27 Oct 1997, Michael K. Johnson wrote:

> Yes!  If you aren't using Mustang, use the conversation function from an
> older version of xlockmore, say from Red Hat Linux 4.2.

Ok, I have cut and pasted that code out and it's giving me the same
results (perhaps for different reasons, though).

Here's my sample prog (you will undoubtedly recognize most of this code):

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <security/pam_appl.h>

/* used to pass the password to the conversation function */
static char *PAM_password;

char user[256];	/* arbitrary value */

/* PAM conversation function
 * Here we assume (for now, at least) that echo on means login name, and
 * echo off means password.
static int PAM_conv (int num_msg,
                     const struct pam_message **msg,
                     struct pam_response **resp,
                     void *appdata_ptr) {
  int count = 0, replies = 0;
  struct pam_response *reply = NULL;
  int size = sizeof(struct pam_response);

  #define GET_MEM if (reply) realloc(reply, size); else reply = malloc(size); \
  if (!reply) return PAM_CONV_ERR; \
  size += sizeof(struct pam_response)
  #define COPY_STRING(s) (s) ? strdup(s) : NULL

  for (count = 0; count < num_msg; count++) {
    switch (msg[count]->msg_style) {
      case PAM_PROMPT_ECHO_ON:
        reply[replies].resp_retcode = PAM_SUCCESS;
        reply[replies++].resp = COPY_STRING(user);
          /* PAM frees resp */
        reply[replies].resp_retcode = PAM_SUCCESS;
        reply[replies++].resp = COPY_STRING(PAM_password);
          /* PAM frees resp */
      case PAM_TEXT_INFO:
        /* ignore it... */
      case PAM_ERROR_MSG:
        /* Must be an error of some sort... */
        free (reply);
        return PAM_CONV_ERR;
  if (reply) *resp = reply;
  return PAM_SUCCESS;

static struct pam_conv PAM_conversation = {

main(int argc, char *argv[])

  pam_handle_t *pamh;
  int pam_error;
	char buffer[256];

	strcpy(user, "username");
	strcpy(buffer, "password");

  #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
	  printf("Error code: %d\n", pam_error); \
     pam_end(pamh, 0); return 0; \
  PAM_password = buffer;
  pam_error = pam_start("pamtest", user, &PAM_conversation, &pamh);
  printf("After pam_start()\n");
  pam_error = pam_authenticate(pamh, 0);
  printf("After pam_authenticate()\n");
  if (pam_error != PAM_SUCCESS) {
    /* Try as root; bail if no success there either */
    pam_error = pam_set_item(pamh, PAM_USER, "root");
    pam_error = pam_authenticate(pamh, 0);
  /* Don't do account management or credentials; credentials
   * aren't needed and account management would just lock up
   * a computer and require root to come and unlock it.  Blech.
  pam_end(pamh, PAM_SUCCESS);
  /* If this point is reached, the user has been authenticated. */


	return 0;

("username" & "password" is valid on my system- confirmed with telnet)


auth       required     /lib/security/pam_pwdb.so shadow nullok debug

Program exits with failed authentication (PAM_AUTH_ERR).

RH 4.2 (kernel 2.0.29), pam-0.57-4

Any ideas?



  Mike Frisch                         Email: mfrisch@saturn.tlug.org
  Northstar Technologies        WWW: http://saturn.tlug.org/~mfrisch
  Newmarket, Ontario, CANADA

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []