C++ (Cpp) pam_get_user Beispiele

Beispiel #1

Datei: pam_debug.c Projekt: BackupTheBerlios/wl530g-svn

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
			int argc, const char **argv)
{
    int retval;
    const char *user=NULL;

    /*
     * authentication requires we know who the user wants to be
     */
    retval = pam_get_user(pamh, &user, NULL);
    if (retval != PAM_SUCCESS) {
	D(("get user returned error: %s", pam_strerror(pamh,retval)));
	return retval;
    }
    if (user == NULL || *user == '\0') {
	D(("username not known"));
	retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
	if (retval != PAM_SUCCESS)
	    return retval;
    }
    user = NULL;                                            /* clean up */

    retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);

    return retval;
}

Beispiel #2

Datei: pam_warn.c Projekt: ysleu/RTL8685

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc
			, const char **argv)
{
     const char *service=NULL, *user=NULL, *terminal=NULL
	 , *rhost=NULL, *ruser=NULL;

     (void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
     (void) pam_get_item(pamh, PAM_TTY, (const void **)&terminal);
     _pam_log(LOG_NOTICE, "service: %s [on terminal: %s]"
	      , service ? service : "<unknown>"
	      , terminal ? terminal : "<unknown>"
	 );
     (void) pam_get_user(pamh, &user, "Who are you? ");
     (void) pam_get_item(pamh, PAM_RUSER, (const void **)&ruser);
     (void) pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
     _pam_log(LOG_NOTICE, "user: (uid=%d) -> %s [remote: %s@%s]"
	      , getuid()
	      , user ? user : "******"
	      , ruser ? ruser : "******"
	      , rhost ? rhost : "?nowhere"
	      );

     /* we are just a fly on the wall */

     return PAM_IGNORE;
}

Beispiel #3

Datei: pam_whawty.c Projekt: PeterTheOne/auth

int _whawty_ctx_init(whawty_ctx_t* ctx, pam_handle_t *pamh, int flags, int argc, const char **argv)
{
  ctx->flags_ = 0;
  ctx->pamh_ = pamh;
  ctx->username_ = NULL;
  ctx->password_ = NULL;
  ctx->sockpath_ = NULL;
  ctx->sock_ = -1;
  ctx->timeout_ = 3;

  if(flags & PAM_SILENT)
    ctx->flags_ |= WHAWTY_CONF_SILENT;
  // flag PAM_DISALLOW_NULL_AUTHTOK is not applicable and will therefore be ignored

  int ret = _whawty_parse_args(ctx, argc, argv);
  if(ret != PAM_SUCCESS)
    return ret;

  ret = pam_get_user(pamh, &(ctx->username_), NULL);
  if(ret == PAM_SUCCESS) {
    _whawty_logf(ctx, LOG_DEBUG, "successfully initialized [sock=%s]", ctx->sockpath_);
  } else {
    _whawty_logf(ctx, LOG_ERR, "pam_get_user() failed [%s]", pam_strerror(ctx->pamh_, ret));
  }
  return ret;
}

Beispiel #4

Datei: gkr-pam-module.c Projekt: bhull2010/mate-keyring

PAM_EXTERN int
pam_sm_chauthtok (pam_handle_t *ph, int flags, int argc, const char **argv)
{
	const char *user;
	struct passwd *pwd;
	uint args;
	int ret;
	
	args = parse_args (ph, argc, argv);

	if (args & ARG_IGNORE_SERVICE)
		return PAM_SUCCESS;

	/* Figure out and/or prompt for the user name */
	ret = pam_get_user (ph, &user, NULL);
	if (ret != PAM_SUCCESS) {
		syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the user name: %s", 
		        pam_strerror (ph, ret));
		return PAM_SERVICE_ERR;
	}
	
	pwd = getpwnam (user);
	if (!pwd) {
		syslog (GKR_LOG_ERR, "gkr-pam: error looking up user information for: %s", user);
		return PAM_SERVICE_ERR;
	}

	if (flags & PAM_PRELIM_CHECK) 
		return pam_chauthtok_preliminary (ph, pwd);
	else if (flags & PAM_UPDATE_AUTHTOK)
		return pam_chauthtok_update (ph, pwd, args);
	else 
		return PAM_IGNORE;
}

Beispiel #5

Datei: pam_safebox_pw.c Projekt: joelpinheiro/Safebox-Smartcard-Auth

PAM_EXTERN int
pam_sm_authenticate ( pam_handle_t *pamh, int flags, int argc,
			const char *argv[] )
{
	int retval;
	const char *user, *prompt;
	char *data,*data2,*flag;
	char * pwdt,*pwds;
	retval = pam_get_user ( pamh, &user, NULL );
	if (retval != PAM_SUCCESS)
		return retval;
 
	D(("Got user: %s", user));

	D(("cenas"));
	pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &data,"attempt");
	if(data == NULL)
		return PAM_AUTH_ERR;
	Base64Decode(data,&pwdt);
	D(("Attempted Password: %s \n", pwdt));

	pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &data2,"storedpassword");
	Base64Decode(data2,&pwds);
	if(strlen(data2) == 0)
		return PAM_AUTH_ERR;
	D(("Stored Password: %s \n", pwds));

	if(strcmp(pwdt,pwds) == 0){
		D(("PTEID CC authentication: success!"));
		return PAM_SUCCESS;
	}

	return PAM_AUTH_ERR;
}

Beispiel #6

Datei: pam_tally.c Projekt: aosm/pam

static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp ) 
  {
    const char *user;
    struct passwd *pw;

#ifdef MAIN
    user = cline_user;
#else
    pam_get_user( pamh, &user, NULL );
#endif

    if ( !user || !*user ) {
      _pam_log(LOG_ERR, MODULE_NAME ": pam_get_uid; user?");
      return PAM_AUTH_ERR;
    }

    if ( ! ( pw = getpwnam( user ) ) ) {
      _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user %s",user);
      return PAM_USER_UNKNOWN;
    }
    
    if ( uid )   *uid   = pw->pw_uid;
    if ( userp ) *userp = user;
    return PAM_SUCCESS;
  }

Beispiel #7

Datei: pam_cgm.c Projekt: hallyn/pam-cgm

int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
		const char **argv)
{
	const char *PAM_user = NULL;
	int ret;

	if (!cgm_dbus_connect()) {
		mysyslog(LOG_ERR, "Failed to connect to cgmanager\n");
		return PAM_SESSION_ERR;
	}
	if (argc > 1 && strcmp(argv[0], "-c") == 0)
		ctrl_list = validate_and_dup(argv[1]);
	if (!ctrl_list) 
		get_active_controllers();
	cgm_escape();

	ret = pam_get_user(pamh, &PAM_user, NULL);
	if (ret != PAM_SUCCESS) {
		cgm_dbus_disconnect();
		mysyslog(LOG_ERR, "PAM-CGM: couldn't get user\n");
		return PAM_SESSION_ERR;
	}

	ret = handle_login(PAM_user);
	cgm_dbus_disconnect();
	return ret;
}

Beispiel #8

Datei: pam_mkhomedir.c Projekt: djbclark/bb10qnx

PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags,
		    int argc, const char **argv)
{
	const struct passwd *pwent;
	const char *user;
	struct stat di;
	void (*sh)(int);
	pid_t child;
	int res;

	/* Who are we talking about anyway? */
	res = pam_get_user(pamh, &user, NULL);
	if (res != PAM_SUCCESS)
		return res;

	/* Fetch passwd entry */
	pwent = getpwnam(user);
	if (!pwent)
	{
		pam_error(pamh, "User not found in passwd?");
		return PAM_CRED_INSUFFICIENT;
	}

	openlog("pam_mkhomedir", LOG_PID, LOG_AUTH);
	if (stat(pwent->pw_dir, &di))
		return pam_mkhd_copy(pamh, pwent, "/etc/skel", pwent->pw_dir);

	return PAM_SUCCESS;
}

Beispiel #9

Datei: pam_pgsql.c Projekt: ZachGreen-ShipOffers/pam-pgsql

PAM_VISIBLE int
pam_sm_close_session(pam_handle_t *pamh, int flags,
            int argc, const char *argv[])
{
	modopt_t *options = NULL;
	const char *user, *rhost;
	int rc;
	PGresult *res;
	PGconn *conn;

	user = NULL; rhost = NULL;

	if ((options = mod_options(argc, argv)) != NULL) {

		if (options->query_session_close) {

			if ((rc = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost)) == PAM_SUCCESS) {

				if ((rc = pam_get_user(pamh, &user, NULL)) == PAM_SUCCESS) {
					DBGLOG("Session opened for user: %s", user);
					if ((conn = db_connect(options))) {
                          pg_execParam(conn, &res, options->query_session_close, pam_get_service(pamh), user, NULL, rhost);
                          PQclear(res);
                          PQfinish(conn);
					}
				}
			}
		}
	//free_module_options(options);
	}

	return (PAM_SUCCESS);

}

Beispiel #10

Datei: util.c Projekt: DHTC-Tools/ubolt

/* Create and populate a context based on a given PAM handle and
 * module name. */
struct context *
get_context(pam_handle_t *pamh, char *name, char *module)
{
	struct context *ctx;

	syslog(LOG_AUTH|LOG_DEBUG, "get_context (%s) in", module ? module : "??");

	ctx = malloc(sizeof(struct context));
	memset(ctx, 0, sizeof(struct context));

	syslog(LOG_AUTH|LOG_DEBUG, "uname");
	uname(&ctx->uts);
	syslog(LOG_AUTH|LOG_DEBUG, "pam_get_user");
	pam_get_user(pamh, &ctx->user, NULL);
	syslog(LOG_AUTH|LOG_DEBUG, "pam_get_item(PAM_SERVICE)");
	pam_get_item(pamh, PAM_SERVICE, (PAM_CONST void **)&ctx->svc);
	syslog(LOG_AUTH|LOG_DEBUG, "pam_get_item(PAM_RHOST)");
	pam_get_item(pamh, PAM_RHOST, (PAM_CONST void **)&ctx->rhost);
	syslog(LOG_AUTH|LOG_DEBUG, "strdup");
	ctx->module = strdup(module);
	ctx->name = strdup(name);
	ctx->log = LOG_AUTH;

	if (ctx->user == NULL)
		ctx->user = "******";
	if (ctx->svc == NULL)
		ctx->svc = "(unknown)";
	if (ctx->rhost == NULL)
		ctx->rhost = "(local)";

	syslog(LOG_AUTH|LOG_DEBUG, "get_context (%s) out", module ? module : "??");
	return ctx;
}

Beispiel #11

Datei: gkr-pam-module.c Projekt: bhull2010/mate-keyring

PAM_EXTERN int
pam_sm_close_session (pam_handle_t *ph, int flags, int argc, const char **argv)
{
	struct passwd *pwd;
	const char *user;
	int ret;
	
	ret = pam_get_user (ph, &user, NULL);
	if (ret != PAM_SUCCESS) {
		syslog (GKR_LOG_ERR, "gkr-pam: couldn't get user from pam: %s", 
		        pam_strerror (ph, ret));
		return PAM_SERVICE_ERR;
	}
	
	pwd = getpwnam (user);
	if (!pwd) {
		syslog (GKR_LOG_ERR, "gkr-pam: error looking up user information for: %s", user);
		return PAM_SERVICE_ERR;
	}

	stop_daemon (ph, pwd);
	
	/* Don't bother user when daemon can't be stopped */
	return PAM_SUCCESS; 
}

Beispiel #12

Datei: gkr-pam-module.c Projekt: bhull2010/mate-keyring

PAM_EXTERN int
pam_sm_open_session (pam_handle_t *ph, int flags, int argc, const char **argv)
{
	const char *user = NULL, *password = NULL;
	struct passwd *pwd;
	int ret;
	uint args;
	int started_daemon;

	args = parse_args (ph, argc, argv);

	if (args & ARG_IGNORE_SERVICE)
		return PAM_SUCCESS;

	/* Figure out the user name */
	ret = pam_get_user (ph, &user, NULL);
	if (ret != PAM_SUCCESS) {
		syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the user name: %s", 
		        pam_strerror (ph, ret));
		return PAM_SERVICE_ERR;
	}

	pwd = getpwnam (user);
	if (!pwd) {
		syslog (GKR_LOG_ERR, "gkr-pam: error looking up user information for: %s", user);
		return PAM_SERVICE_ERR;
	}

	/* Get the stored authtok here */
	if (pam_get_data (ph, "gkr_system_authtok", (const void**)&password) != PAM_SUCCESS) {
		/* 
		 * No password, no worries, maybe this (PAM using) application 
		 * didn't do authentication, or is hopeless and wants to call 
		 * different PAM callbacks from different processes.
		 * 
		 * No use complaining
		 */
		password = NULL;
	}
	
	started_daemon = 0;
	
	/* Should we start the daemon? */
	if (args & ARG_AUTO_START) {
		ret = start_daemon_if_necessary (ph, pwd, password, &started_daemon);
		if (ret != PAM_SUCCESS)
			return ret;
	}

	/* If mate keyring is running, but we didn't start it here, then unlock now */
	if (get_any_env (ph, ENV_CONTROL) != NULL) {
		if (!started_daemon && password != NULL) {
			if (unlock_keyring (ph, pwd, password) != PAM_SUCCESS)
				return PAM_SERVICE_ERR;
		}
	}
	
	return PAM_SUCCESS;
}

Beispiel #13

Datei: escalate_module.c Projekt: passy/libpam-policycache

/**
 * EscalateModuleNew:
 * @pamh: PAM handle.
 * @flags: PAM flags.
 * @argc: Number of arguments given to the PAM module.
 * @argv: Array of argument strings given to the PAM module.
 * @helper: Path to helper executable, or #NULL for the default path.
 * @error: (out)(allow-none): Error return location or #NULL.
 *
 * Returns: New #EscalateModule instance.
 */
EscalateModule *EscalateModuleNew(pam_handle_t *pamh, gint flags, gint argc,
                                  const gchar **argv, const gchar *helper,
                                  GError **error) {
  EscalateModule *self = g_new0(EscalateModule, 1);
  gint pam_result = PAM_SYSTEM_ERR;
  const gchar *username = NULL;

  self->pamh = pamh;
  self->flags = flags;
  self->keep_going = TRUE;
  self->result = PAM_SYSTEM_ERR;

  for (guint i = 0; i < argc; i++) {
    const gchar *arg = argv[i];
    if (g_str_equal(arg, "use_first_pass")) {
      self->use_first_pass = TRUE;
    } else if (g_str_equal(arg, "try_first_pass")) {
      self->try_first_pass = TRUE;
    } else {
      g_set_error(error, ESCALATE_MODULE_ERROR,
                  ESCALATE_MODULE_ERROR_UNKNOWN_ARG,
                  "Unknown argument '%s'", arg);
      goto failed;
    }
  }

  pam_result = pam_get_item(pamh, PAM_CONV, (const void **) &self->conv);
  if (pam_result != PAM_SUCCESS) {
    g_error("Failed to get conversation function: %s",
            pam_strerror(pamh, pam_result));
  }

  if (!self->conv) {
    g_set_error(error, ESCALATE_MODULE_ERROR, ESCALATE_MODULE_ERROR_CONV,
                "No conversation function available");
    goto failed;
  }

  pam_result = pam_get_user(pamh, &username, NULL);
  if (pam_result != PAM_SUCCESS) {
    g_set_error(error, ESCALATE_MODULE_ERROR, ESCALATE_MODULE_ERROR_NO_USERNAME,
                "Failed to find a username");
    goto failed;
  }
  self->username = g_strdup(username);

  // TODO(vonhollen): Handle SIGCHLD for this process without messing up an
  // existing handler.
  self->child = EscalateSubprocessNew(helper, error);
  if (!self->child)
    goto failed;

  return self;

failed:
  EscalateModuleFree(self);
  return NULL;
}

Beispiel #14

Datei: pam_sql.c Projekt: Gnitset/pam-modules

PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	const char *username;
	char *password;
	int retval = PAM_AUTH_ERR;
	gray_pam_init(PAM_SERVICE_ERR);

	/* parse arguments */
	_pam_parse(argc, argv);
	
	/* Get the username */
	retval = pam_get_user(pamh, &username, NULL);
	if (retval != PAM_SUCCESS || !username) {
		DEBUG(1, ("can not get the username"));
		return PAM_SERVICE_ERR;
	}

	/* Get the password */
	if (_pam_get_password(pamh, &password, "Password:"******"Could not retrive user's password");
		return PAM_SERVICE_ERR;
	}

	if (gray_env_read(gpam_sql_config_file, &config_env)) 
		retval = PAM_SERVICE_ERR;
	else {
		gray_slist_t slist;
		/* FIXME: This comment is needed to pacify
		   `make check-sql-config' in doc:
		   gpam_sql_find_config("passwd-query") */
		retval = gpam_sql_verify_user_pass(pamh, password,
					     get_query2(pamh, "passwd-query",
					     "query",  &slist, 1));
		gray_slist_free(&slist);
	}
	
	gray_env_free(config_env);
	config_env = NULL;
	
	switch (retval) {
	case PAM_ACCT_EXPIRED:
		_pam_log(LOG_NOTICE, "user '%s': account expired", username);
		break;
	case PAM_SUCCESS:
		_pam_log(LOG_NOTICE, "user '%s' granted access", username);
		break;
	default:
		_pam_log(LOG_NOTICE, "user '%s' failed to authenticate",
			 username);
	}

	return retval;
}

Beispiel #15

Datei: pam_pgsql.c Projekt: ZachGreen-ShipOffers/pam-pgsql

/* public: check if account has expired, or needs new password */
PAM_VISIBLE int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
                            const char **argv)
{
	modopt_t *options = NULL;
	const char *user, *rhost;
	int rc = PAM_AUTH_ERR;
	PGconn *conn;
	PGresult *res;

	user = NULL; rhost = NULL;

	if ((options = mod_options(argc, argv)) != NULL) {

		/* query not specified, just succeed. */
		if (options->query_acct == NULL) {
			//free_module_options(options);
			return PAM_SUCCESS;
		}

		if ((rc = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost)) == PAM_SUCCESS) {
			if((rc = pam_get_user(pamh, &user, NULL)) == PAM_SUCCESS) {
				if(!(conn = db_connect(options))) {
					rc = PAM_AUTH_ERR;
				} else {
					DBGLOG("query: %s", options->query_acct);
					rc = PAM_AUTH_ERR;
					if(pg_execParam(conn, &res, options->query_acct, pam_get_service(pamh), user, NULL, rhost) == PAM_SUCCESS) {
						if (PQntuples(res) == 1 &&
						    PQnfields(res) >= 2 && PQnfields(res) <= 3) {
							char *expired_db = PQgetvalue(res, 0, 0);
							char *newtok_db = PQgetvalue(res, 0, 1);
							rc = PAM_SUCCESS;
							if (PQnfields(res)>=3) {
								char *nulltok_db = PQgetvalue(res, 0, 2);
								if ((!strcmp(nulltok_db, "t")) && (flags & PAM_DISALLOW_NULL_AUTHTOK))
									rc = PAM_NEW_AUTHTOK_REQD;
							}
							if (!strcmp(newtok_db, "t"))
								rc = PAM_NEW_AUTHTOK_REQD;
							if (!strcmp(expired_db, "t"))
								rc = PAM_ACCT_EXPIRED;
						} else {
							DBGLOG("query_acct should return one row and two or three columns");
							rc = PAM_PERM_DENIED;
						}
						PQclear(res);
					}
					PQfinish(conn);
				}
			}
		}
	}

	//free_module_options(options);
	return rc;
}

Beispiel #16

Datei: pam.c Projekt: slaweksiluk/BlueAuth

PAM_EXTERN int
pam_sm_authenticate(pam_handle_t *pamh, int flags, 	int argc, const char *argv[]){

// log 
pam_syslog(pamh, LOG_INFO, "moje logiii");

          struct passwd *pw = NULL, pw_s;
        const char *user = NULL;
        char btaddr[50];
        int port; 

          char buffer[1024], checkfile[1024];
          int pgu_ret, gpn_ret, snp_ret, a_ret;



          pgu_ret = pam_get_user(pamh, &user, NULL);



fprintf(stderr, "%s", user);
fprintf(stderr, "\n");

          if (pgu_ret != PAM_SUCCESS || user == NULL) {
                  return(PAM_IGNORE);
          }

/*          gpn_ret = getpwnam_r(user, &pw_s, buffer, sizeof(buffer), &pw);*/
/*          if (gpn_ret != 0 || pw == NULL || pw->pw_dir == NULL || pw->pw_dir[0] != '/') {*/
/*                  return(PAM_IGNORE);*/
/*          }*/

          //snp_ret = snprintf(checkfile, sizeof(checkfile), "%s/.pam_blue_auth", pw->pw_dir);
          //if (snp_ret >= sizeof(checkfile)) {
          //        return(PAM_IGNORE);
          //}

            a_ret = check_user_rules(&user, &btaddr, &port);

          //a_ret = access(checkfile, F_OK);
          if (a_ret == 0) {
			fprintf(stderr, "The user's file exists\n");
			if(rfcomm_client(btaddr, port)==0){
			//if(1==1){
				fprintf(stderr, "return authentication success\n");
                 return(PAM_SUCCESS);
			}
			else{
				fprintf(stderr, "return authentication success\n");
				return(PAM_AUTH_ERR);
			}
		}
		 else{
fprintf(stderr, "The user's doesn't file exist, return authentication PAM_IGNORE\n");
                  return(PAM_AUTH_ERR);
          }
}

Beispiel #17

Datei: pam_local.c Projekt: millken/zhuxianB30

/*****************************************************************************
    Func Name: pam_sm_authenticate
 Date Created: 2009/2/23
       Author: chendong
  Description: PAM 认证接口函数
        Input: pam_handle_t * pamh  PAM HANDLE
               int flags            调试标记
               int argc             参数列表大小
               const char ** argv   参数列表
       Output: 无
       Return: PAM错误码
      Caution:
-----------------------------------------------------------------------------
   Modification History
   DATE        NAME             DESCRIPTION
-----------------------------------------------------------------------------

******************************************************************************/
PAM_EXTERN int
pam_sm_authenticate (pam_handle_t * pamh, int flags, int argc,
                     const char **argv)
{
    int method;
    int ret;
    struct pam_ext_item *item = NULL;
    char user_name[256];
    const char *user;
	void *item_tmp = (void *)item;
    int auth_mode = 1;

    pam_local_parse_option (argc, argv);

    method = PAM_EXT_METHOD_PAP;
    ret = pam_get_item (pamh, PAM_EXT_METHOD, (const void **)&item_tmp);
	item = (struct pam_ext_item *)item_tmp;
    if (PAM_SUCCESS == ret)
    {
        method = *(int *) item->item_value;
    }

    switch (method)
    {
        case PAM_EXT_METHOD_EAP:
            ret = pam_local_eap_auth (pamh, user_name);
            user = user_name;
            break;
        case PAM_EXT_METHOD_PAP:
        default:
            /* 取用户名 */
            ret = pam_get_user (pamh, &user, NULL);
            if (ret != PAM_SUCCESS)
            {
                return ret;
            }
            ret = pam_local_pap_auth (pamh, user);	/**/
			if (ret != PAM_SUCCESS)
            {
                return ret;
            }
            pam_set_extern_item(pamh, PAM_EXT_WEB_AUTH_MODE, sizeof(int), 
                                (void *)&auth_mode);
            break;
    }

    if (PAM_SUCCESS == ret)
    {
        pam_local_authorization (pamh, user);	/**/
    }
    pam_local_logger ("Local authenticate user %s %s", user,
                      (PAM_SUCCESS == ret)?"succeeded":"failed");

    (void) flags;
    return ret;
}

Beispiel #18

Datei: pam_envoy.c Projekt: RagnarDanneskjold/envoy

/* PAM entry point for authentication verification */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t _unused_ *ph, int _unused_ flags,
                                   int _unused_ argc, const char _unused_ **argv)
{
    struct agent_data_t data;
    const struct passwd *pwd;
    const char *user, *password;
    enum agent id = AGENT_DEFAULT;
    int ret;

    ret = pam_get_user(ph, &user, NULL);
    if (ret != PAM_SUCCESS) {
        syslog(PAM_LOG_ERR, "pam-envoy: couldn't get the user name: %s",
               pam_strerror(ph, ret));
        return PAM_SERVICE_ERR;
    }

    pwd = getpwnam(user);
    if (!pwd) {
        syslog(PAM_LOG_ERR, "pam-envoy: error looking up user information: %s",
               strerror(errno));
        return PAM_SERVICE_ERR;
    }

    /* Look up the password */
    ret = pam_get_item(ph, PAM_AUTHTOK, (const void**)&password);
    if (ret != PAM_SUCCESS || password == NULL) {
        if (ret == PAM_SUCCESS)
            syslog(PAM_LOG_WARN, "pam-envoy: no password is available for user");
        else
            syslog(PAM_LOG_WARN, "pam-envoy: no password is available for user: %s",
                   pam_strerror(ph, ret));
        return PAM_SUCCESS;
    }

    if (pam_get_agent(&data, id, pwd->pw_uid, pwd->pw_gid) < 0) {
        syslog(PAM_LOG_WARN, "pam-envoy: failed to get agent for user");
        return PAM_SUCCESS;
    }

    if (data.status == ENVOY_RUNNING && data.type == AGENT_GPG_AGENT) {
        _cleanup_gpg_ struct gpg_t *agent = gpg_agent_connection(data.gpg);

        if (password) {
            const struct fingerprint_t *fpt = gpg_keyinfo(agent);
            for (; fpt; fpt = fpt->next) {
                if (gpg_preset_passphrase(agent, fpt->fingerprint, -1, password) < 0)
                    syslog(PAM_LOG_ERR, "failed to unlock '%s'", fpt->fingerprint);
            }
        }

        gpg_close(agent);
    }

    return PAM_SUCCESS;
}

Beispiel #19

Datei: support.c Projekt: jeroennijhof/pam_tacplus

char *_pam_get_user(pam_handle_t *pamh) {
    int retval;
    char *user;

    retval = pam_get_user(pamh, (void *)&user, "Username: "******"unable to obtain username");
        user = NULL;
    }
    return user;
}

Beispiel #20

Datei: pam_nologin.c Projekt: Claruarius/stblinux-2.6.37

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
                        const char **argv)
{
     int retval = PAM_SUCCESS;
     int fd;
     const char *username;
     char *mtmp=NULL;
     struct passwd *user_pwd;
     struct pam_conv *conversation;
     struct pam_message message;
     struct pam_message *pmessage = &message;
     struct pam_response *resp = NULL;
     struct stat st;

     if ((fd = open("/etc/nologin", O_RDONLY, 0)) >= 0) {
       /* root can still log in; lusers cannot */
       if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS)
           || !username) {
         return PAM_SERVICE_ERR;
       }
       user_pwd = getpwnam(username);
       if (user_pwd && user_pwd->pw_uid == 0) {
         message.msg_style = PAM_TEXT_INFO;
       } else {
	   if (!user_pwd) {
	       retval = PAM_USER_UNKNOWN;
	   } else {
	       retval = PAM_AUTH_ERR;
	   }
	   message.msg_style = PAM_ERROR_MSG;
       }

       /* fill in message buffer with contents of /etc/nologin */
       if (fstat(fd, &st) < 0) /* give up trying to display message */
         return retval;
       message.msg = mtmp = malloc(st.st_size+1);
       /* if malloc failed... */
       if (!message.msg) return retval;
       read(fd, mtmp, st.st_size);
       mtmp[st.st_size] = '\000';

       /* Use conversation function to give user contents of /etc/nologin */
       pam_get_item(pamh, PAM_CONV, (const void **)&conversation);
       conversation->conv(1, (const struct pam_message **)&pmessage,
			  &resp, conversation->appdata_ptr);
       free(mtmp);
       if (resp)
	   _pam_drop_reply(resp, 1);
     }

     return retval;
}

Beispiel #21

Datei: pam_hermes.c Projekt: ralt/hermes

PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
	const char *user;
	int retval;
	retval = pam_get_user(pamh, &user, NULL);
	if (retval != PAM_SUCCESS)
	{
		return retval;
	}

	return is_authenticated(user) ? PAM_SUCCESS : PAM_AUTH_ERR;
}

Beispiel #22

Datei: pam_module.c Projekt: ColumPaget/pam_usbkey

// PAM entry point for authentication. This function gets called by pam when
//a login occurs. argc and argv work just like argc and argv for the 'main' 
//function of programs, except they pass in the options defined for this
//module in the pam configuration files in /etc/pam.conf or /etc/pam.d/
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) 
{
	char *Tempstr=NULL, *KeyList=NULL;
	char *ActiveUSBKeys=NULL;
	const char *ptr;
	int result=PAM_IGNORE, i;

	//These are defined as 'const char' because they passwd to us from the parent
	//library. When we called pam_get_<whatever> the pam library passes pointers
	//to strings in it's own code. Thus we must not change or free them
	const char *pam_user = NULL, *pam_tty=NULL, *pam_rhost=NULL;

	//get the user. If something goes wrong we return PAM_IGNORE. This tells
	//pam that our module failed in some way, so ignore it. Perhaps we should
	//return PAM_PERM_DENIED to deny login, but this runs the risk of a broken
	//module preventing anyone from logging into the system!
	if (pam_get_user(pamh, &pam_user, NULL) != PAM_SUCCESS) return(PAM_IGNORE);
	if (pam_user == NULL) return(PAM_IGNORE);

	//perhaps there will not be a tty if we are logging in remotely
	pam_get_item(pamh, PAM_TTY, (const void **) &pam_tty);
	if (! pam_tty) pam_tty="";

	//perhaps there will not be a remote host if we are logging in locally
	pam_get_item(pamh, PAM_RHOST, (const void **) &pam_rhost);
	if (! pam_rhost) pam_rhost="";


	for (i=0; i < argc; i++)
	{
		ptr=argv[i];

		if (strncmp(ptr,"key=",4)==0)   Tempstr=MCatStr(Tempstr, ptr, " ", NULL);
		if (strncmp(ptr,"keys=",5)==0)  Tempstr=MCatStr(Tempstr, ptr, " ", NULL);
		if (strncmp(ptr,"tty=",4)==0)   Tempstr=MCatStr(Tempstr, ptr, " ", NULL);
		if (strncmp(ptr,"ttys=",5)==0)  Tempstr=MCatStr(Tempstr, ptr, " ", NULL);
		if (strncmp(ptr,"user="******" ", NULL);
		if (strncmp(ptr,"users=",6)==0) Tempstr=MCatStr(Tempstr, ptr, " ", NULL);
	}

	if (StrLen(Tempstr)) KeyList=MCopyStr(KeyList, Tempstr, "|", NULL);


	ActiveUSBKeys=LoadActiveUSBSerialNums(ActiveUSBKeys);
	result=CheckAuth(KeyList, ActiveUSBKeys, pam_user, pam_tty, pam_rhost);

	Destroy(ActiveUSBKeys);
	Destroy(Tempstr);
	Destroy(KeyList);

  return(result);
}

Beispiel #23

Datei: pam_auth_ticket.c Projekt: mhoran/pam_auth_ticket

PAM_EXTERN int
pam_sm_open_session(pam_handle_t *pamh, int flags,
                    int argc, const char *argv[])
{
    const char *user;
    const void *data;

    if (pam_get_user(pamh, &user, NULL) == PAM_SUCCESS &&
            pam_get_data(pamh, "pam_auth_ticket", &data) == PAM_SUCCESS)
        write_ticket(user, (const char*)data);

    return (PAM_SUCCESS);
}

Beispiel #24

Datei: pam_securetty.c Projekt: OpenDarwin-CVS/SEDarwin

PAM_EXTERN int 
pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
{
	struct options options;
	struct ttyent *ttyfileinfo;
	struct passwd *pwd;
	int retval;
	const char *user, *ttyname;

	pam_std_option(&options, NULL, argc, argv);

	PAM_LOG("Options processed");

	retval = pam_get_user(pamh, &user, NULL);
	if (retval != PAM_SUCCESS)
		PAM_RETURN(retval);

	PAM_LOG("Got user: %s", user);

	retval = pam_get_item(pamh, PAM_TTY, (const void **)&ttyname);
	if (retval != PAM_SUCCESS)
		PAM_RETURN(retval);

	PAM_LOG("Got TTY: %s", ttyname);

	/* Ignore any "/dev/" on the PAM_TTY item */
	if (strncmp(TTY_PREFIX, ttyname, sizeof(TTY_PREFIX) - 1) == 0)
		ttyname += sizeof(TTY_PREFIX) - 1;

	/* If the user is not root, secure ttys do not apply */
	pwd = getpwnam(user);
	if (pwd == NULL)
		PAM_RETURN(PAM_IGNORE);
	else if (pwd->pw_uid != 0)
		PAM_RETURN(PAM_SUCCESS);

	PAM_LOG("User is not root");

	ttyfileinfo = getttynam(ttyname);
	if (ttyfileinfo == NULL)
		PAM_RETURN(PAM_SERVICE_ERR);

	PAM_LOG("Got ttyfileinfo");

	if (ttyfileinfo->ty_status & TTY_SECURE)
		PAM_RETURN(PAM_SUCCESS);
	else {
		PAM_VERBOSE_ERROR("Not on secure TTY");
		PAM_RETURN(PAM_PERM_DENIED);
	}
}

Beispiel #25

Datei: pam.cpp Projekt: greyson/pam_couchdb

int pam_sm_authenticate( pam_handle_t * pamh,
                         int flags,
                         int argc, char const ** argv )
{
   int retval = PAM_AUTH_ERR;
   char const * username = NULL;
   char const * password = NULL;

   // Parse arguments
   int argmask = _pam_parse( argc, argv );

   // Get the username
   retval = pam_get_user( pamh, &username, NULL );
   if( (retval != PAM_SUCCESS) || (!username) )
   {
      return PAM_SERVICE_ERR;
   }

   // If we've been told to use the first pass, we don't converse with
   // the user for a password.
   if( ! argmask & CPAMARG_USEFIRSTPASS )
   {
      // Converse just to be sure we have a password
      retval = conversation( pamh );
      if( retval != PAM_SUCCESS )
      {
         return PAM_CONV_ERR;
      }
   }

   // Check if we got a password.  If use_authtok wasn't specified,
   // then we've already asked once and needn't do so again.
   retval = pam_get_item( pamh, PAM_AUTHTOK, (void const **) & password );
   if( retval != PAM_SUCCESS )
   {
      return -2;
   }

   Curl curl;
   if( username != NULL && password != NULL &&
       curl.checkAuthorized( username, password ) )
   {
      return PAM_SUCCESS;
   }
   else
   {
      return PAM_AUTH_ERR;
   }

   return PAM_USER_UNKNOWN;
}

Beispiel #26

Datei: pam_time.c Projekt: aosm/pam

PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
		     ,const char **argv)
{
    const char *service=NULL, *tty=NULL;
    const char *user=NULL;

    /* set service name */

    if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service)
	!= PAM_SUCCESS || service == NULL) {
	_log_err("cannot find the current service name");
	return PAM_ABORT;
    }

    /* set username */

    if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
	|| *user == '\0') {
	_log_err("cannot determine the user's name");
	return PAM_USER_UNKNOWN;
    }

    /* set tty name */

    if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS
	|| tty == NULL) {
	D(("PAM_TTY not set, probing stdin"));
	tty = ttyname(STDIN_FILENO);
	if (tty == NULL) {
	    _log_err("couldn't get the tty name");
	    return PAM_ABORT;
	}
	if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) {
	    _log_err("couldn't set tty name");
	    return PAM_ABORT;
	}
    }

    if (strncmp("/dev/",tty,5) == 0) {          /* strip leading /dev/ */
	tty += 5;
    }

    /* good, now we have the service name, the user and the terminal name */

    D(("service=%s", service));
    D(("user=%s", user));
    D(("tty=%s", tty));

    return check_account(service,tty,user);
}

Beispiel #27

Datei: pam.c Projekt: jmhbrown/nss-pam-ldapd

static int init(pam_handle_t *pamh, struct pld_cfg *cfg, struct pld_ctx **ctx,
                const char **username, const char **service, const char **ruser,
                const char **rhost, const char **tty)
{
  int rc;
  struct passwd *pwent;
  /* get user name */
  rc = pam_get_user(pamh, username, NULL);
  if (rc != PAM_SUCCESS)
  {
    pam_syslog(pamh, LOG_ERR, "failed to get user name: %s", pam_strerror(pamh, rc));
    return rc;
  }
  if ((*username == NULL) || ((*username)[0] == '\0'))
  {
    pam_syslog(pamh, LOG_ERR, "got empty user name");
    return PAM_USER_UNKNOWN;
  }
  /* check uid */
  if (cfg->minimum_uid > 0)
  {
    pwent = pam_modutil_getpwnam(args->pamh, *username);
    if ((pwent != NULL) && (pwent->pw_uid < cfg->minimum_uid))
    {
      if (cfg->debug)
        pam_syslog(pamh, LOG_DEBUG, "uid below minimum_uid; user=%s uid=%ld",
                   *username, (long)pwent->pw_uid);
      return cfg->ignore_unknown_user ? PAM_IGNORE : PAM_USER_UNKNOWN;
    }
  }
  /* get our context */
  rc = ctx_get(pamh, *username, ctx);
  if (rc != PAM_SUCCESS)
    return rc;
  /* get service name */
  rc = pam_get_item(pamh, PAM_SERVICE, (PAM_ITEM_CONST void **)service);
  if (rc != PAM_SUCCESS)
  {
    pam_syslog(pamh, LOG_ERR, "failed to get service name: %s",
               pam_strerror(pamh, rc));
    return rc;
  }
  /* get more PAM information (ignore errors) */
  pam_get_item(pamh, PAM_RUSER, (PAM_ITEM_CONST void **)ruser);
  pam_get_item(pamh, PAM_RHOST, (PAM_ITEM_CONST void **)rhost);
  pam_get_item(pamh, PAM_TTY, (PAM_ITEM_CONST void **)tty);
  return PAM_SUCCESS;
}

Beispiel #28

Datei: pam_kwallet.c Projekt: amaramrahul/pam-kwallet

PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
    pam_syslog(pamh, LOG_INFO, "pam_sm_open_session\n");

    if (get_env(pamh, "PAM_KWALLET_LOGIN") != NULL) {
        pam_syslog(pamh, LOG_INFO, "pam_kwallet: we were already executed");
        return PAM_SUCCESS;
    }

    parseArguments(argc, argv);

    int result;
    result = pam_set_data(pamh, "sm_open_session", "1", NULL);
    if (result != PAM_SUCCESS) {
        pam_syslog(pamh, LOG_ERR, "pam_kwallet: Impossible to store sm_open_session: %s"
            , pam_strerror(pamh, result));
        return PAM_IGNORE;
    }

     //Fetch the user, needed to get user information
    const char *username;
    result = pam_get_user(pamh, &username, NULL);
    if (result != PAM_SUCCESS) {
        pam_syslog(pamh, LOG_ERR, "pam_kwallet: Couldn't get username %s",
                   pam_strerror(pamh, result));
        return PAM_IGNORE;//Since we are not an essential module, just make pam ignore us
    }

    struct passwd *userInfo;
    userInfo = getpwnam(username);
    if (!userInfo) {
        pam_syslog(pamh, LOG_ERR, "pam_kwallet: Couldn't get user info (passwd) info");
        return PAM_IGNORE;
    }

    const char *kwalletKey;
    result = pam_get_data(pamh, "kwallet_key", (const void **)&kwalletKey);

    if (result != PAM_SUCCESS) {
        pam_syslog(pamh, LOG_INFO, "pam_kwallet: open_session called without kwallet_key");
        return PAM_SUCCESS;//We will wait for pam_sm_authenticate
    }

    start_kwallet(pamh, userInfo, kwalletKey);

    return PAM_SUCCESS;
}

Beispiel #29

Datei: pam_envoy.c Projekt: RagnarDanneskjold/envoy

/* PAM entry point for session creation */
PAM_EXTERN int pam_sm_open_session(pam_handle_t *ph, int _unused_ flags,
                                   int argc, const char **argv)
{
    struct agent_data_t data;
    const struct passwd *pwd;
    const char *user;
    enum agent id = AGENT_DEFAULT;
    int ret;

    ret = pam_get_user(ph, &user, NULL);
    if (ret != PAM_SUCCESS) {
        syslog(PAM_LOG_ERR, "pam-envoy: couldn't get the user name: %s",
               pam_strerror(ph, ret));
        return PAM_SERVICE_ERR;
    }

    pwd = getpwnam(user);
    if (!pwd) {
        syslog(PAM_LOG_ERR, "pam-envoy: error looking up user information: %s",
               strerror(errno));
        return PAM_SERVICE_ERR;
    }

    if (argc > 1) {
        syslog(PAM_LOG_WARN, "pam-envoy: too many arguments");
        return PAM_SUCCESS;
    } else if (argc == 1) {
        id = lookup_agent(argv[0]);
    }

    if (pam_get_agent(&data, id, pwd->pw_uid, pwd->pw_gid) < 0) {
        syslog(PAM_LOG_WARN, "pam-envoy: failed to get agent for user");
        return PAM_SUCCESS;
    }

    if (data.type == AGENT_GPG_AGENT) {
        _cleanup_gpg_ struct gpg_t *agent = gpg_agent_connection(data.gpg);
        gpg_update_tty(agent);

        pam_setenv(ph, "GPG_AGENT_INFO=%s", data.gpg);
    }

    pam_setenv(ph, "SSH_AUTH_SOCK=%s", data.sock);
    pam_setenv(ph, "SSH_AGENT_PID=%d", data.pid);

    return PAM_SUCCESS;
}

Beispiel #30

Datei: pam_local.c Projekt: millken/zhuxianB30

/*****************************************************************************
    Func Name: pam_sm_chauthtok
 Date Created: 2009/2/23
       Author: chendong
  Description: PAM修改密码接口函数
        Input: pam_handle_t * pamh  PAM HANDLE
               int flags            调试标记
               int argc             参数列表大小
               const char ** argv   参数列表
       Output: 无
       Return: PAM错误码
      Caution:
-----------------------------------------------------------------------------
   Modification History
   DATE        NAME             DESCRIPTION
-----------------------------------------------------------------------------

******************************************************************************/
PAM_EXTERN int
pam_sm_chauthtok (pam_handle_t * pamh, int flags, int argc, const char **argv)
{
    struct pam_ext_item *item = NULL;
    const char *user;
    const char *new_password;
    int ret;
    int method;
	void *item_tmp = (void *)item;

    pam_local_parse_option (argc, argv);

    /* 获取认证方法， 只有PAP才支持修改密码 */
    method = PAM_EXT_METHOD_PAP;
    ret = pam_get_item (pamh, PAM_EXT_METHOD, (const void **)&item_tmp);
	item = (struct pam_ext_item *)item_tmp;
    if (PAM_SUCCESS == ret)
    {
        method = *(int *) item->item_value;
    }

    if (PAM_EXT_METHOD_PAP != method)
    {
        return PAM_AUTH_ERR;
    }

    /* 取用户名 */
    ret = pam_get_user (pamh, &user, NULL);
    if (ret != PAM_SUCCESS)
    {
        return ret;
    }

    /* 取新密码 */
    /*!! 调用会话函数获取 */
    new_password = NULL;

    /* 更新用户密码 */
    if (0 != pam_local_update_password (user, new_password))
    {
        return PAM_SYSTEM_ERR;
    }

    (void) flags;
    return (PAM_SUCCESS);

}