module writing / compiling problems?
Joe Lewis
joe at joe-lewis.com
Thu Jun 10 15:00:26 UTC 2004
What happens if you change the _pam_log() function to open the
"security" log instead of the "PAM-lame" log service? Then use LOG_PID
| LOG_NDELAY instead?
Do you get the entries in the logs at that point?
Joe
Jason Gerfen wrote:
> Yes, I do have it added to the /etc/pam.d/login file like so:
>
> auth required pam_looser.so
>
> I don't have a test application to test the functionality but if doing
> a command like so:
>
> %> nm pam_looser.so
>
> It shows that the pam libraries are being utilized... I am fairly new
> to C and PAM module writting so any tips, if I have over looked
> something etc. would be greatly appreciated.
>
> I will look into building an app to test with, I am just not sure how...
>
> Joe Lewis wrote:
>
>> One more question : Are you running a test application? How about
>> the configuration files? Are you sure the module is even being loaded?
>>
>> Joe Lewis
>>
>> Jason Gerfen wrote:
>>
>>> Nope, no errors, nothing... very strange.
>>>
>>> Chris Campbell wrote:
>>>
>>>> What is it doing or not doing? Any error messages in system logs???
>>>>
>>>> ----- Original Message -----
>>>> From: "Jason Gerfen" <jason.gerfen at scl.utah.edu>
>>>> To: "Pluggable Authentication Modules" <pam-list at redhat.com>
>>>> Sent: Wednesday, June 09, 2004 5:34 PM
>>>> Subject: module writing / compiling problems?
>>>>
>>>>
>>>>
>>>>
>>>>> I am doing something wrong as it comes to writting a pam module. If
>>>>> anyone can tell me what I am doing wrong, it would be greatly
>>>>> appreciated.
>>>>>
>>>>> This module does one thing, on the pam_sm_authenticate() function it
>>>>> attempts to call the pam_get_user() function and on success or
>>>>> failure
>>>>> it logs it to syslog using a _pam_log() function.
>>>>>
>>>>> Here is the code: File is named lame.c
>>>>> [SNIP]
>>>>> #include <stdio.h>
>>>>> #include <syslog.h>
>>>>> #include <stdarg.h>
>>>>>
>>>>> #define PAM_SM_AUTH
>>>>>
>>>>> #include <pam_modules.h>
>>>>>
>>>>> static void _pam_log(int err, const char *format, ...)
>>>>> {
>>>>> va_list args;
>>>>>
>>>>> va_start(args, format);
>>>>> openlog("PAM-lame", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
>>>>> syslog(err, format, args);
>>>>> va_end(args);
>>>>> closelog();
>>>>> }
>>>>>
>>>>> PAM_EXTERN
>>>>> int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
>>>>> const char **argv)
>>>>> {
>>>>> int retval;
>>>>> const char *user;
>>>>>
>>>>> if((retval = pam_get_user(pamh, &user, "looser login:") !=
>>>>> PAM_SUCCESS)) {
>>>>> _pam_log(LOG_ERR, "Cannot obtain user name: %s",
>>>>> pam_strerror(pamh, retval));
>>>>> return(PAM_AUTHINFO_UNAVAIL); }
>>>>>
>>>>> if((retval = pam_get_user(pamh, &user, "looser login:") ==
>>>>> PAM_SUCCESS)) {
>>>>> _pam_log(LOG_ERR, "Obtained username: %s",
>>>>> pam_strerror(pamh, retval));
>>>>> return(PAM_SUCCESS); }
>>>>>
>>>>> _pam_log(LOG_ERR, "Just checking", pam_strerror(pamh, retval));
>>>>>
>>>>> return retval;
>>>>>
>>>>> }
>>>>>
>>>>> #ifdef PAM_STATIC
>>>>> struct pam_module _pam_looser_modstruct = {
>>>>> "pam_looser",
>>>>> pam_sm_authenticate,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> };
>>>>> #endif
>>>>> [/SNIP]
>>>>>
>>>>> And I am compiling using a simply Makefile listed below:
>>>>> [SNIP]
>>>>> #include <stdio.h>
>>>>> #include <syslog.h>
>>>>> #include <stdarg.h>
>>>>>
>>>>> #define PAM_SM_AUTH
>>>>>
>>>>> #include <pam_modules.h>
>>>>>
>>>>> static void _pam_log(int err, const char *format, ...)
>>>>> {
>>>>> va_list args;
>>>>>
>>>>> va_start(args, format);
>>>>> openlog("PAM-lame", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
>>>>> syslog(err, format, args);
>>>>> va_end(args);
>>>>> closelog();
>>>>> }
>>>>>
>>>>> PAM_EXTERN
>>>>> int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
>>>>> const char **argv)
>>>>> {
>>>>> int retval;
>>>>> const char *user;
>>>>>
>>>>> if((retval = pam_get_user(pamh, &user, "looser login:") !=
>>>>> PAM_SUCCESS)) {
>>>>> _pam_log(LOG_ERR, "Cannot obtain user name: %s",
>>>>> pam_strerror(pamh, retval));
>>>>> return(PAM_AUTHINFO_UNAVAIL); }
>>>>>
>>>>> if((retval = pam_get_user(pamh, &user, "looser login:") ==
>>>>> PAM_SUCCESS)) {
>>>>> _pam_log(LOG_ERR, "Obtained username: %s",
>>>>> pam_strerror(pamh, retval));
>>>>> return(PAM_SUCCESS); }
>>>>>
>>>>> _pam_log(LOG_ERR, "Just checking", pam_strerror(pamh, retval));
>>>>>
>>>>> return retval;
>>>>>
>>>>> }
>>>>>
>>>>> #ifdef PAM_STATIC
>>>>> struct pam_module _pam_looser_modstruct = {
>>>>> "pam_looser",
>>>>> pam_sm_authenticate,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> NULL,
>>>>> };
>>>>> #endif
>>>>> [/SNIP]
>>>>>
>>>>> Any help tips, pointers etc would be greatly appreciated. Also if
>>>>> there
>>>>>
>>>>
>>>>
>>>>
>>>> is a "typo" please disregard as on the production box it compiles
>>>> just fine,
>>>> and of couse I do have it added to the /etc/pam.d/login file like so:
>>>>
>>>>
>>>>> auth required pam_looser.so
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> --
>>>>> Jason Gerfen
>>>>>
>>>>> "...Sometimes I just yell at myself. And it
>>>>> makes me sad, sometimes I make myself cry..."
>>>>> ~ My nephew Dawsyn
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Pam-list mailing list
>>>>> Pam-list at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/pam-list
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>
>
More information about the Pam-list
mailing list