[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: verifying a username AND password...?



> Subject: Re: verifying a username AND password...?
> Date: 01 Mar 2002 20:58:35 +0800
> From: John Breen <locutus@borg.apana.org.au>
> Reply-To: pam-list@redhat.com
> To: pam-list@redhat.com
> References: <1014980314.388.26.camel@developer> <3C7F6F13.B8D4938B@gnet.tn>
> 
> On Fri, 2002-03-01 at 20:07, Fathi Ben Nasr wrote:
> 
> the USER is NOT connecting to the host.
> 
> situation is, A user is connecting to the host for purposes of
> maintaining a database connection.  the user won't be that user.
> 
> the actual user needs to authenticate to the client-side application.
> the authentication tokens will come from the local machine, BUT the
> user's login name for the application may be different to the login name
> for the database.
> 
> I hope that makes some kind of sense - it's sort of confusing to me now
> i come to think about it...


This does make sense to me, I had exactly this same problem with PAM and
Jabber. The issue was that the jabber client (running on a PC over the network)
was passing a user name and password pair to Jabber which I wanted to get
authenticated by PAM.

I wrote my own "conversation" function (the one that does the password
prompting) and used the "appdata_ptr" feature to pass the password through to
it (for it to return back again!). I never found out if there was a better way.

Here's some code, if it helps :-

----------------------------------------------------------------------------------
int my_conversation(
    int num_msg, 
    const struct pam_message **msgm,
    struct pam_response **response, 
    void *appdata_ptr)
{
int count=0;
struct pam_response *reply;

    log_debug(ZONE,"JAMES conversation, %d items",num_msg);
    reply = (struct pam_response *) calloc(num_msg, sizeof(struct
pam_response));
    for (count=0; count < num_msg; ++count) 
    {
    switch (msgm[count]->msg_style)
        {
        case PAM_PROMPT_ECHO_OFF:
        case PAM_PROMPT_ECHO_ON:
            log_debug(ZONE,"JAMES conversation '%s'",appdata_ptr);
            reply[count].resp_retcode = 0;
            reply[count].resp = strdup(appdata_ptr);
            break;
        }
    }
    *response = reply;
    return PAM_SUCCESS;
}


int pam_authentication_ok(char * user, char * pass)
{
struct pam_conv conv;
pam_handle_t *pamh=NULL;
int ret,so_far=0;

    log_debug(ZONE,"JAMES pam_authentication_ok '%s','%s'",pass,user);

    conv.appdata_ptr = (void *) pass;
    conv.conv = my_conversation;

    ret = pam_start("jabberd", user, &conv, &pamh);
    if (ret == PAM_SUCCESS) { so_far=1; ret = pam_fail_delay(pamh, 1); }
    if (ret == PAM_SUCCESS) { so_far=2; ret = pam_authenticate(pamh, 0);  }
    if (ret == PAM_SUCCESS) { so_far=3; ret = pam_acct_mgmt(pamh, 0); }
    if (ret == PAM_SUCCESS) { so_far=4; ret = pam_end(pamh,ret); }

    log_debug(ZONE,"JAMES pam_authentication_ok(so_far=%d, ret=%d) return %d",
        so_far,ret,((ret==PAM_SUCCESS) ? 1:0));

    return ((ret==PAM_SUCCESS) ? 1:0);
}


int pam_new_user_ok(char * user,char * pass)
{
    log_debug(ZONE,"JAMES pam_new_user_ok '%s','%s'",pass,user);
    return pam_authentication_ok(user,pass);
}
----------------------------------------------------------------------------------



James





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []