/* This program was contributed by Shane Watts [modifications by AGM] You need to add the following (or equivalent) to the /etc/pam.conf file. # check authorization check_user auth required /usr/lib/security/pam_unix_auth.so check_user account required /usr/lib/security/pam_unix_acct.so */ #include #include #include /* declare functions */ void dump(int retval); int my_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); static struct pam_conv conv = { misc_conv, /*my_conv,*/ NULL }; /*****************************************' * functions */ void dump(int retval) { printf("Retval=%i\n",retval); } int my_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { // struct pam_message my_msg; return PAM_SUCCESS; } int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user,*service; if(argc != 3 ) { fprintf(stderr, "Usage: check_user \n"); exit(1); } service = argv[1]; user = argv[2]; retval = pam_start(service, user, &conv, &pamh); dump(retval); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); /* is user really user? */ dump(retval); if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ dump(retval); /* This is where we have been authorized or not. */ if (retval == PAM_SUCCESS) { fprintf(stdout, "Authenticated\n"); } else { fprintf(stdout, "Not Authenticated\n"); } if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ pamh = NULL; fprintf(stderr, "check_user: failed to release authenticator\n"); exit(1); } return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ }