1 |
torben |
328 |
/* |
2 |
|
|
This program was contributed by Shane Watts |
3 |
|
|
[modifications by AGM] |
4 |
|
|
|
5 |
|
|
You need to add the following (or equivalent) to the /etc/pam.conf file. |
6 |
|
|
# check authorization |
7 |
|
|
check_user auth required /usr/lib/security/pam_unix_auth.so |
8 |
|
|
check_user account required /usr/lib/security/pam_unix_acct.so |
9 |
|
|
*/ |
10 |
|
|
|
11 |
|
|
#include <security/pam_appl.h> |
12 |
|
|
#include <security/pam_misc.h> |
13 |
|
|
#include <stdio.h> |
14 |
|
|
|
15 |
|
|
/* declare functions */ |
16 |
|
|
void dump(int retval); |
17 |
|
|
|
18 |
|
|
int my_conv(int num_msg, const struct pam_message **msg, |
19 |
|
|
struct pam_response **resp, |
20 |
|
|
void *appdata_ptr); |
21 |
|
|
|
22 |
|
|
|
23 |
|
|
static struct pam_conv conv = { |
24 |
|
|
misc_conv, |
25 |
|
|
/*my_conv,*/ |
26 |
|
|
NULL |
27 |
|
|
}; |
28 |
|
|
|
29 |
|
|
|
30 |
|
|
|
31 |
|
|
/*****************************************' |
32 |
|
|
* functions |
33 |
|
|
*/ |
34 |
|
|
|
35 |
|
|
void dump(int retval) { |
36 |
|
|
printf("Retval=%i\n",retval); |
37 |
|
|
} |
38 |
|
|
|
39 |
|
|
int my_conv(int num_msg, const struct pam_message **msg, |
40 |
|
|
struct pam_response **resp, |
41 |
|
|
void *appdata_ptr) |
42 |
|
|
{ |
43 |
|
|
|
44 |
|
|
// struct pam_message my_msg; |
45 |
|
|
|
46 |
|
|
return PAM_SUCCESS; |
47 |
|
|
} |
48 |
|
|
|
49 |
|
|
int main(int argc, char *argv[]) |
50 |
|
|
{ |
51 |
|
|
pam_handle_t *pamh=NULL; |
52 |
|
|
int retval; |
53 |
|
|
const char *user,*service; |
54 |
|
|
|
55 |
|
|
if(argc != 3 ) { |
56 |
|
|
fprintf(stderr, "Usage: check_user <service> <username>\n"); |
57 |
|
|
exit(1); |
58 |
|
|
} |
59 |
|
|
|
60 |
|
|
service = argv[1]; |
61 |
|
|
user = argv[2]; |
62 |
|
|
|
63 |
|
|
retval = pam_start(service, user, &conv, &pamh); |
64 |
|
|
dump(retval); |
65 |
|
|
if (retval == PAM_SUCCESS) |
66 |
|
|
retval = pam_authenticate(pamh, 0); /* is user really user? */ |
67 |
|
|
dump(retval); |
68 |
|
|
|
69 |
|
|
if (retval == PAM_SUCCESS) |
70 |
|
|
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ |
71 |
|
|
|
72 |
|
|
dump(retval); |
73 |
|
|
|
74 |
|
|
/* This is where we have been authorized or not. */ |
75 |
|
|
|
76 |
|
|
if (retval == PAM_SUCCESS) { |
77 |
|
|
fprintf(stdout, "Authenticated\n"); |
78 |
|
|
} else { |
79 |
|
|
fprintf(stdout, "Not Authenticated\n"); |
80 |
|
|
} |
81 |
|
|
|
82 |
|
|
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ |
83 |
|
|
pamh = NULL; |
84 |
|
|
fprintf(stderr, "check_user: failed to release authenticator\n"); |
85 |
|
|
exit(1); |
86 |
|
|
} |
87 |
|
|
|
88 |
|
|
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ |
89 |
|
|
} |