Pam-list Digest, Vol 37, Issue 8

Andreas Schindler schindler at az1.de
Wed Mar 14 08:43:18 UTC 2007 

pam-list-request at redhat.com wrote:
>
> Hello,
> I'm writing a new module for Python to support PAM authorization, it
> is written in C.
>
> What I currently do is what the misc_conv function does; I provide a
> password when it prompts for a message with pam_message.msg_style set
> to PAM_PROMPT_ECHO_OFF and a username when it prompts for
> PAM_PROMPT_ECHO_ON (which it doesn't ask for; I initialize the pam
> handle with a username already.)
>
> This is my conversation function: http://rafb.net/p/sOjqmC47.html
> I have tripple verified that userinfo is available and contains proper
> data. The function does reach the end.
>
> When I do pam_authenticate(), I receive the error "Authentication
> error" and the syslog just says the regular thing when a password is
> incorrect.
>
>
To Ludvic Ericson:

Looking at your conversion function i found you set the global return
code for the conversation
function itself but forget to set the return code for each message. Here
is a snippet of a working
conversation function:

switch (msgv[i]->msg_style) {
            case PAM_PROMPT_ECHO_ON: // Echo on; Username
                rsp[i].resp = strdup(userinfo->username);
		*rsp[i].resp_retcode = PAM_SUCCESS;*
                break;
            case PAM_PROMPT_ECHO_OFF: // Echo off; Password
                rsp[i].resp = strdup(userinfo->password);
		*rsp[i].resp_retcode = PAM_SUCCESS;*
                break;


I guess, if you had used 'calloc' instead of 'malloc' to create the
response structure, this missing link would have never shown up, because
PAM_SUCCESS == 0 ! So, be happy you found it.

Good Luck!
Andreas

-- 
Dr.-Ing. Andreas Schindler
 
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
 
Telefon 06103-57187-21
Telefax 06103-373245
 
schindler at az1.de
www.az1.de

Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund
HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20070314/ca2720f1/attachment.htm>

More information about the Pam-list mailing list