using pam_sm_auth

leonel06013 at cfg.jovenclub.cu leonel06013 at cfg.jovenclub.cu
Thu Oct 6 16:12:04 UTC 2011 

this is the function I have redefine for get the user and password from the user in
the Gnome Windows login

#define PAM_SM_AUTH

#include <security/pam_modules.h>
#include <security/pam_appl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <pwd.h>
#include <syslog.h>


PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const
char  ** argv)
{
    const char * userName = NULL;	//var to get the user name
    char * userPasswd;       	               //var to get the user password
    //others var
    int pam_err, retry;

   //geting the users name, this work fine
    if (pam_get_user(pamh, &userName, NULL) != PAM_SUCCESS)
    {
	syslog(LOG_ERR, "cannot determine user name");
	return PAM_USER_UNKNOWN;
    }

    if ( pam_get_item(pamh, PAM_AUTHTOK, (const void **)&userPasswd) != PAM_SUCCESS)
    {
	syslog(LOG_ERR, "Error al extra el pass del usuario");
	return PAM_SYSTEM_ERR;
    }

    return PAM_SUCCESS;
}

this is the main instruction of my function, the part where I get the user name and
de password, getting the user name work fine, but I can't obtain his password.
This is a service module for PAM, not for and app.

I need obtain all this data when the user get login on Gnome, having this data I
authenticate those values against my database and them I set knew credentials with
pam_set_item, but this last part doesn't matter because the first part doesn't work
yet.

If I call pam_get_authtok() function all work ok, I get the password fine, but I
have to put the password twice, one for the function pam_get_authtok() and other for
the system I guess, the same thing happened when I use the conversation function.

Then my problem now are two, one how can I get the user password without use
pam_get_authtok or the conversation function? , and if I have to use one of those,
how can avoid the second authentication in the Gnome window login.

please if someone knows about this I need help.

> On Thu, 2011-10-06 at 00:16 -0400, leonel06013 at cfg.jovenclub.cu wrote:
>> Hi:
>>
>> I'm createing a pam_sm_authenticate module for the gnome login windows, in this I
>> need the userName and the password, I need to validate this information against a
>> database, I have already obtained the username, and use pam_get_item(pamh,
>> PAM_AUTHTOK, (const void **) pass);  to obtain the pass, where pass is a (char *),
>> everything works fine, but when the user logs on, the variable pass is NULL, and I
>> can not get the pass that the user put in the gnome login windows.
>>
>> How can I get the password of a user usign pam_get_item, using the item_type
>> (PAM_AUTHTOK), can somebody give an example.
>
> If the module is supposed to be used only with Linux-PAM you can use
> pam_get_authtok() extension function from it to get the password.
> Otherwise you have to copy the code that calls conversation functions to
> obtain the password.
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>

More information about the Pam-list mailing list