| 1 |
torben |
328 |
/* |
| 2 |
|
|
This program was contributed by Shane Watts |
| 3 |
|
|
[modifications by AGM] |
| 4 |
|
|
|
| 5 |
|
|
You need to add the following (or equivalent) to the /etc/pam.conf file. |
| 6 |
|
|
# check authorization |
| 7 |
|
|
check_user auth required /usr/lib/security/pam_unix_auth.so |
| 8 |
|
|
check_user account required /usr/lib/security/pam_unix_acct.so |
| 9 |
|
|
*/ |
| 10 |
|
|
|
| 11 |
|
|
#include <security/pam_appl.h> |
| 12 |
|
|
#include <security/pam_misc.h> |
| 13 |
|
|
#include <stdio.h> |
| 14 |
|
|
|
| 15 |
|
|
/* declare functions */ |
| 16 |
|
|
void dump(int retval); |
| 17 |
|
|
|
| 18 |
|
|
int my_conv(int num_msg, const struct pam_message **msg, |
| 19 |
|
|
struct pam_response **resp, |
| 20 |
|
|
void *appdata_ptr); |
| 21 |
|
|
|
| 22 |
|
|
|
| 23 |
|
|
static struct pam_conv conv = { |
| 24 |
|
|
misc_conv, |
| 25 |
|
|
/*my_conv,*/ |
| 26 |
|
|
NULL |
| 27 |
|
|
}; |
| 28 |
|
|
|
| 29 |
|
|
|
| 30 |
|
|
|
| 31 |
|
|
/*****************************************' |
| 32 |
|
|
* functions |
| 33 |
|
|
*/ |
| 34 |
|
|
|
| 35 |
|
|
void dump(int retval) { |
| 36 |
|
|
printf("Retval=%i\n",retval); |
| 37 |
|
|
} |
| 38 |
|
|
|
| 39 |
|
|
int my_conv(int num_msg, const struct pam_message **msg, |
| 40 |
|
|
struct pam_response **resp, |
| 41 |
|
|
void *appdata_ptr) |
| 42 |
|
|
{ |
| 43 |
|
|
|
| 44 |
|
|
// struct pam_message my_msg; |
| 45 |
|
|
|
| 46 |
|
|
return PAM_SUCCESS; |
| 47 |
|
|
} |
| 48 |
|
|
|
| 49 |
|
|
int main(int argc, char *argv[]) |
| 50 |
|
|
{ |
| 51 |
|
|
pam_handle_t *pamh=NULL; |
| 52 |
|
|
int retval; |
| 53 |
|
|
const char *user,*service; |
| 54 |
|
|
|
| 55 |
|
|
if(argc != 3 ) { |
| 56 |
|
|
fprintf(stderr, "Usage: check_user <service> <username>\n"); |
| 57 |
|
|
exit(1); |
| 58 |
|
|
} |
| 59 |
|
|
|
| 60 |
|
|
service = argv[1]; |
| 61 |
|
|
user = argv[2]; |
| 62 |
|
|
|
| 63 |
|
|
retval = pam_start(service, user, &conv, &pamh); |
| 64 |
|
|
dump(retval); |
| 65 |
|
|
if (retval == PAM_SUCCESS) |
| 66 |
|
|
retval = pam_authenticate(pamh, 0); /* is user really user? */ |
| 67 |
|
|
dump(retval); |
| 68 |
|
|
|
| 69 |
|
|
if (retval == PAM_SUCCESS) |
| 70 |
|
|
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ |
| 71 |
|
|
|
| 72 |
|
|
dump(retval); |
| 73 |
|
|
|
| 74 |
|
|
/* This is where we have been authorized or not. */ |
| 75 |
|
|
|
| 76 |
|
|
if (retval == PAM_SUCCESS) { |
| 77 |
|
|
fprintf(stdout, "Authenticated\n"); |
| 78 |
|
|
} else { |
| 79 |
|
|
fprintf(stdout, "Not Authenticated\n"); |
| 80 |
|
|
} |
| 81 |
|
|
|
| 82 |
|
|
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ |
| 83 |
|
|
pamh = NULL; |
| 84 |
|
|
fprintf(stderr, "check_user: failed to release authenticator\n"); |
| 85 |
|
|
exit(1); |
| 86 |
|
|
} |
| 87 |
|
|
|
| 88 |
|
|
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ |
| 89 |
|
|
} |
Parent Directory
| 
Revision Log