Proper use of pam_get_item()

Jason Gerfen jason.gerfen at scl.utah.edu
Thu Nov 18 13:57:00 UTC 2004 

Gathering username/password from PAM.  I am having a hard time 
attempting to gather the user credentials.  Here is my code:

/* PAM includes */
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_appl.h>

/* PAM definitions */
#define PAM_SM_ACCOUNT
#define PAM_SM_AUTH
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION

typedef struct usrData * udataptr;
struct usrData {
    const char * usrname;
    char * password;
} localUser;

/* Handle our authentication process */
PAM_EXTERN
int pam_sm_authenticate( pam_handle_t *pamh, int flags, int argc,
                         const char **argv )
{
    int retval, i;
    udataptr myUser = &localUser;
    myConfigPtr myConfig = &localConfig;
    char user[15];
    const void ** password;

    myUser->usrname=user;

    struct pam_conv *conv = NULL;
    struct pam_message message;
    const struct pam_message *msg;
    struct pam_response *response;

    /* Get our username from PAM */
    if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test 
login: " ) != PAM_SUCCESS ) ) {
        _pam_log( LOG_ERR, "Error: %s", pam_strerror( pamh, retval ) );
        return 1;
    } else {
        _pam_log( LOG_ERR, "Obtained Username: %s", myUser->usrname );

    }

    /* PAM conversion stuff just to get to the bloody password */
    if( ( retval = pam_get_item( pamh, PAM_CONV, ( const void ** ) &conv 
) != PAM_SUCCESS ) ) {
        _pam_log( LOG_ERR, "Error: %s", pam_strerror( pamh, retval ) );
        return 1;
    } else {
        message.msg_style = PAM_PROMPT_ECHO_OFF;
        message.msg = "pam_test login: ";
        msg = &message;
        retval = ( *conv->conv )( 1, &msg, &response, conv->appdata_ptr );
        if( retval == PAM_SUCCESS ) {

    // THIS IS WHERE IT CRASHES??? I am passing the 3rd argument 
correctly as a const void **
            if( ( retval = pam_get_item( pamh, PAM_AUTHTOK, password ) 
!= PAM_SUCCESS ) ) {
                _pam_log( LOG_ERR, "Error: %s", pam_strerror( pamh, 
retval ) );
                return 1;
            } else {
                strcpy( *( &( myUser->password ) ), *password );
            }
        } else {
            _pam_log( LOG_ERR, "Error: %s", pam_strerror( pamh, retval ) );
            return 1;
        }
    }

Any help is appreciated...

-- 
Jason Gerfen
jason.gerfen at scl.utah.edu

"And remember... If the ladies
 don't find you handsome, they
 should at least find you handy..."
             ~The Red Green show

More information about the Pam-list mailing list