int main (void) { int retval; /* 1: Call with NULL as pam handle */ retval = pam_authenticate (NULL, 0); if (retval == PAM_SUCCESS) { fprintf (stderr, "tst-pam_authenticate (NULL, 0) returned PAM_SUCCESS\n"); return 1; } return 0; }
int pam_auth_user_pass (char const * const user, char const * const pass) { struct pam_conv pamc = { conv, pass }; pam_handle_t * pamh = NULL; int retval = PAM_ABORT; if ((retval = pam_start ("login", user, &pamc, &pamh)) == PAM_SUCCESS) { retval = pam_authenticate (pamh, 0); } LOG (pam_strerror (pamh, retval)); pam_end (pamh, 0); return retval; }
/** Check the users password against the standard UNIX password table + PAM. * * @note For most flexibility, passing a pamauth type to this function * allows you to have multiple authentication types (i.e. multiple * files associated with radius in /etc/pam.d). * * @param request The current request. * @param username User to authenticate. * @param passwd Password to authenticate with, * @param pamauth Type of PAM authentication. * @return 0 on success -1 on failure. */ static int do_pam(REQUEST *request, char const *username, char const *passwd, char const *pamauth) { pam_handle_t *handle = NULL; int ret; rlm_pam_data_t pam_config; struct pam_conv conv; /* * Initialize the structures */ conv.conv = pam_conv; conv.appdata_ptr = &pam_config; pam_config.request = request; pam_config.username = username; pam_config.password = passwd; pam_config.error = false; RDEBUG2("Using pamauth string \"%s\" for pam.conf lookup", pamauth); ret = pam_start(pamauth, username, &conv, &handle); if (ret != PAM_SUCCESS) { RERROR("pam_start failed: %s", pam_strerror(handle, ret)); return -1; } ret = pam_authenticate(handle, 0); if (ret != PAM_SUCCESS) { RERROR("pam_authenticate failed: %s", pam_strerror(handle, ret)); pam_end(handle, ret); return -1; } /* * FreeBSD 3.x doesn't have account and session management * functions in PAM, while 4.0 does. */ #if !defined(__FreeBSD_version) || (__FreeBSD_version >= 400000) ret = pam_acct_mgmt(handle, 0); if (ret != PAM_SUCCESS) { RERROR("pam_acct_mgmt failed: %s", pam_strerror(handle, ret)); pam_end(handle, ret); return -1; } #endif RDEBUG2("Authentication succeeded"); pam_end(handle, ret); return 0; }
/* returns boolean */ int DEFAULT_CC auth_userpass(char *user, char *pass, int *errorcode) { pam_handle_t *pamh; pam_userpass_t userpass; struct pam_conv conv = {pam_userpass_conv, &userpass}; const void *template1; int status; userpass.user = user; userpass.pass = pass; if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS) { return 0; } status = pam_authenticate(pamh, 0); if (status != PAM_SUCCESS) { pam_end(pamh, status); return 0; } status = pam_acct_mgmt(pamh, 0); if (status != PAM_SUCCESS) { pam_end(pamh, status); return 0; } status = pam_get_item(pamh, PAM_USER, &template1); if (status != PAM_SUCCESS) { pam_end(pamh, status); return 0; } if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS) { return 0; } return 1; }
static int check_pw(const char *login, const char *pwd) { struct pam_conv pam_c; pam_handle_t *phth; int ret; pam_c.conv = conv_func; pam_c.appdata_ptr = (void *)pwd; assert(pam_start("lolock", login, &pam_c, &phth) == PAM_SUCCESS); ret = pam_authenticate(phth, PAM_SILENT); pam_end(phth, 0); return ret == PAM_SUCCESS; }
int main(int argc, char *argv[]) { pam_handle_t *pamh = NULL; int retval; struct pam_conv conv = { gradm_pam_conv, NULL }; struct gr_arg_wrapper wrapper; struct gr_arg arg; int fd; if (argc != 2) exit(EXIT_FAILURE); wrapper.version = GRADM_VERSION; wrapper.size = sizeof(struct gr_arg); wrapper.arg = &arg; arg.mode = GRADM_STATUS; if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) { fprintf(stderr, "Could not open %s.\n", GRDEV_PATH); failure("open"); } retval = write(fd, &wrapper, sizeof(struct gr_arg_wrapper)); close(fd); if (retval != 1) exit(EXIT_FAILURE); retval = pam_start(PAM_SERVICENAME, argv[1], &conv, &pamh); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); if (retval == PAM_AUTHTOK_EXPIRED) retval = pam_chauthtok(pamh, 0); if (pamh) pam_end(pamh, retval); if (retval != PAM_SUCCESS) exit(EXIT_FAILURE); return EXIT_SUCCESS; }
static int auth_CheckPasswd(const char *name, const char *data, const char *key) { if (!strcmp(data, "*")) { #ifdef NOPAM /* Then look up the real password database */ struct passwd *pw; int result = 0; char *cryptpw; pw = getpwnam(name); if (pw) { cryptpw = crypt(key, pw->pw_passwd); result = (cryptpw != NULL) && !strcmp(cryptpw, pw->pw_passwd); } endpwent(); return result; #else /* !NOPAM */ /* Then consult with PAM. */ pam_handle_t *pamh; int status; struct pam_conv pamc = { #ifdef OPENPAM &openpam_nullconv, NULL #else &pam_conv, key #endif }; if (pam_start("ppp", name, &pamc, &pamh) != PAM_SUCCESS) return (0); #ifdef OPENPAM if ((status = pam_set_item(pamh, PAM_AUTHTOK, key)) == PAM_SUCCESS) #endif status = pam_authenticate(pamh, 0); pam_end(pamh, status); return (status == PAM_SUCCESS); #endif /* !NOPAM */ } return !strcmp(data, key); }
int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; const char *user="******"; const char *stack="tst-pam_authfail"; int retval; int debug = 0; if (argc > 2) { stack = argv[2]; } if (argc > 1) { if (strcmp (argv[1], "-d") == 0) debug = 1; else stack = argv[1]; } retval = pam_start(stack, user, &conv, &pamh); if (retval != PAM_SUCCESS) { if (debug) fprintf (stderr, "test3: pam_start returned %d\n", retval); return 1; } retval = pam_authenticate(pamh, 0); if (retval == PAM_SUCCESS) { if (debug) fprintf (stderr, "test3: pam_authenticate returned %d\n", retval); return 1; } retval = pam_end(pamh,retval); if (retval != PAM_SUCCESS) { if (debug) fprintf (stderr, "test3: pam_end returned %d\n", retval); return 1; } return 0; }
/** * \brief Try to authentication user using PAM. Only password could be use now. */ int vs_pam_auth_user(struct vContext *C, const char *username, const char *pass) { struct VSession *vsession = CTX_current_session(C); int retval; /* Use password for user authentication */ vsession->conv.appdata_ptr = (void*)pass; /* Try to initialization PAM transaction */ if((retval = pam_start("verse", username, &vsession->conv, &vsession->pamh)) != PAM_SUCCESS) { v_print_log(VRS_PRINT_ERROR, "pam_start() failed: %s\n", pam_strerror(vsession->pamh, retval)); vs_pam_end_user_auth(vsession, retval); return -1; } /* Try to setup remote host for PAM */ if((retval = pam_set_item(vsession->pamh, PAM_RHOST, vsession->peer_hostname))) { v_print_log(VRS_PRINT_ERROR, "pam_set_item(): hostname: %s failed: %s\n", vsession->peer_hostname, pam_strerror(vsession->pamh, retval)); vs_pam_end_user_auth(vsession, retval); return -1; } /* Authenticate user: is the username in the "database" of valid usernames? */ if((retval = pam_authenticate(vsession->pamh, 0)) != PAM_SUCCESS) { v_print_log(VRS_PRINT_ERROR, "pam_authenticate(): username: %s failed: %s\n", username, pam_strerror(vsession->pamh, retval)); vs_pam_end_user_auth(vsession, retval); return -1; } /* Is user's account valid? */ if((retval = pam_acct_mgmt(vsession->pamh, 0)) == PAM_SUCCESS) { v_print_log(VRS_PRINT_DEBUG_MSG, "pam_acct_mgmt(): username: %s: %s\n", username, pam_strerror(vsession->pamh, retval)); vs_pam_end_user_auth(vsession, retval); /* TODO: get UID and return it */ return -1; } else { v_print_log(VRS_PRINT_ERROR, "pam_cct_mgmt(): username: %s failed: %s\n", username, pam_strerror(vsession->pamh, retval)); vs_pam_end_user_auth(vsession, retval); return -1; } vs_pam_end_user_auth(vsession, retval); return -1; }
/** * EscalateHelperDoAction: * @self: #EscalateHelper instance. * @error: (out)(allow-none): Error return location or #NULL. * * Return: #TRUE if the action specified in the start message (just * pam_authenticate for now) was called successfully and the finish message was * sent. */ gboolean EscalateHelperDoAction(EscalateHelper *self, GError **error) { int setcred_result = PAM_SUCCESS; EscalateMessage *message = NULL; GVariantBuilder *env = NULL; gboolean result = FALSE; // Run the action specified in the start message. switch (self->action) { case ESCALATE_MESSAGE_ACTION_AUTHENTICATE: self->result = pam_authenticate(self->pamh, self->flags); if (self->result == PAM_SUCCESS || self->result == PAM_NEW_AUTHTOK_REQD) { // Refresh things like Kerberos credentials. This is safe to do here // even if the client never calls pam_setcred() because the entire auth // stack succeeded. // TODO(vonhollen): Make this configurable by pam_escalate.so. setcred_result = pam_setcred(self->pamh, PAM_REINITIALIZE_CRED); if (setcred_result != PAM_SUCCESS) { pam_syslog(self->pamh, LOG_NOTICE, "pam_setcred() failed for user '%s': %s", self->username, pam_strerror(self->pamh, setcred_result)); } } break; default: self->result = PAM_SYSTEM_ERR; g_error("Unsupported action %d", self->action); } // Prevent this function from being run twice. self->action = ESCALATE_MESSAGE_ACTION_UNKNOWN; // Get the PAM environment to include in the result. env = EscalateUtilPamEnvToVariant(self->pamh, error); if (!env) { goto done; } // Send the final PAM result for the action and the complete environment. message = EscalateMessageNew(ESCALATE_MESSAGE_TYPE_FINISH, self->result, env); result = EscalateMessageWrite(message, self->writer, error); EscalateMessageUnref(message); g_variant_builder_unref(env); done: return result; }
static void input_done(void) { STOP_TIMER(clear_pam_wrong_timeout); pam_state = STATE_PAM_VERIFY; redraw_screen(); if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) { DEBUG("successfully authenticated\n"); clear_password_memory(); /* Turn the screen on, as it may have been turned off * on release of the 'enter' key. */ turn_monitors_on(); /* PAM credentials should be refreshed, this will for example update any kerberos tickets. * Related to credentials pam_end() needs to be called to cleanup any temporary * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the * refresh of the credentials failed. */ pam_setcred(pam_handle, PAM_REFRESH_CRED); pam_end(pam_handle, PAM_SUCCESS); exit(0); } if (debug_mode) fprintf(stderr, "Authentication failure\n"); pam_state = STATE_PAM_WRONG; failed_attempts += 1; clear_input(); if (unlock_indicator) redraw_screen(); /* Clear this state after 2 seconds (unless the user enters another * password during that time). */ ev_now_update(main_loop); START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong); /* Cancel the clear_indicator_timeout, it would hide the unlock indicator * too early. */ STOP_TIMER(clear_indicator_timeout); /* beep on authentication failure, if enabled */ if (beep) { xcb_bell(conn, 100); xcb_flush(conn); } }
static bool verify_root_pw( const char* pw) { const char* superuser = "******"; #ifdef USESHADOW struct spwd *spws = getspnam( superuser); #endif #ifdef USE_PAM pam_handle_t *pamh; int pam_error; #endif /* USE_PAM */ struct passwd *pws = getpwnam( superuser); CHECK_PTR( pws); #ifndef USE_PAM #ifdef USESHADOW // If USESHADOW is defined, kdm will work for both shadow and non // shadow systems if( spws != NULL) { char* tmp = pws->pw_passwd; pws->pw_passwd = spws->sp_pwdp; spws->sp_pwdp = tmp; } endspent(); #endif /* USESHADOW */ if( strcmp( crypt( pw, pws->pw_passwd), pws->pw_passwd)) { printf("Root passwd verification failed\n"); return false; } #else /* USE_PAM */ #define PAM_BAIL \ if (pam_error != PAM_SUCCESS) { \ pam_end(pamh, 0); \ return false; \ } PAM_password = pw; pam_error = pam_start(KDE_PAM, superuser, &PAM_conversation, &pamh); PAM_BAIL; pam_error = pam_authenticate( pamh, 0); PAM_BAIL; /* OK, if we get here, the user _should_ be root */ pam_end( pamh, PAM_SUCCESS); #endif /* USE_PAM */ return true; }
/** * Authenticate a connecting client using PAM. * @param Client The client to authenticate. * @return true when authentication succeeded, false otherwise. */ GLOBAL bool PAM_Authenticate(CLIENT *Client) { pam_handle_t *pam; int retval = PAM_SUCCESS; LogDebug("PAM: Authenticate \"%s\" (%s) ...", Client_OrigUser(Client), Client_Mask(Client)); /* Set supplied client password */ if (password) free(password); password = strdup(Conn_Password(Client_Conn(Client))); conv.appdata_ptr = Conn_Password(Client_Conn(Client)); /* Initialize PAM */ retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam); if (retval != PAM_SUCCESS) { Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval); return false; } pam_set_item(pam, PAM_RUSER, Client_User(Client)); pam_set_item(pam, PAM_RHOST, Client_Hostname(Client)); #if defined(HAVE_PAM_FAIL_DELAY) && !defined(NO_PAM_FAIL_DELAY) pam_fail_delay(pam, 0); #endif /* PAM authentication ... */ retval = pam_authenticate(pam, 0); /* Success? */ if (retval == PAM_SUCCESS) Log(LOG_INFO, "PAM: Authenticated \"%s\" (%s).", Client_OrigUser(Client), Client_Mask(Client)); else Log(LOG_ERR, "PAM: Error on \"%s\" (%s): %s", Client_OrigUser(Client), Client_Mask(Client), pam_strerror(pam, retval)); /* Free PAM structures */ if (pam_end(pam, retval) != PAM_SUCCESS) Log(LOG_ERR, "PAM: Failed to release authenticator!"); return (retval == PAM_SUCCESS); }
int pam_pass(char *name, char *passwd, const char *pamauth, char **reply_msg) { pam_handle_t *pamh = NULL; int rc; struct pam_conv_data data; struct pam_conv conv = { rad_pam_conv, NULL }; /* input data */ data.username = name; data.password = passwd; /* output data */ data.error = 0; data.reply_msg = NULL; conv.appdata_ptr = &data; GRAD_DEBUG2(1, "username [%s], pamauth [%s]", name, pamauth); /* fake loop needed so we don't have to use gotos */ for (;;) { rc = pam_start(pamauth, name, &conv, &pamh); GRAD_DEBUG1(1, "pam_start: %d", rc); if (rc != PAM_SUCCESS) break; rc = pam_authenticate(pamh, 0); GRAD_DEBUG1(1, "pam_authenticate: %d", rc); if (rc != PAM_SUCCESS) break; rc = pam_acct_mgmt(pamh, 0); break; } GRAD_DEBUG1(1, "pam_acct_mgmt: %d", rc); pam_end(pamh, 0); *reply_msg = data.reply_msg; return rc != PAM_SUCCESS; }
/* * Attempt password authentication via PAM */ int sshpam_auth_passwd(Authctxt *authctxt, const char *password) { int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); char *fake = NULL; if (!options.use_pam || sshpam_handle == NULL) fatal("PAM: %s called when PAM disabled or failed to " "initialise.", __func__); sshpam_password = password; sshpam_authctxt = authctxt; /* * If the user logging in is invalid, or is root but is not permitted * by PermitRootLogin, use an invalid password to prevent leaking * information via timing (eg if the PAM config has a delay on fail). */ if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)) sshpam_password = fake = fake_password(password); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&passwd_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: %s: failed to set PAM_CONV: %s", __func__, pam_strerror(sshpam_handle, sshpam_err)); sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_password = NULL; free(fake); if (sshpam_err == PAM_MAXTRIES) sshpam_set_maxtries_reached(1); if (sshpam_err == PAM_SUCCESS && authctxt->valid) { debug("PAM: password authentication accepted for %.100s", authctxt->user); return 1; } else { debug("PAM: password authentication failed for %.100s: %s", authctxt->valid ? authctxt->user : "******", pam_strerror(sshpam_handle, sshpam_err)); return 0; } }
/** * Note: PAM will free() 'password' during the process */ bool verify_password() { struct passwd *passwd = getpwuid(getuid()); char *username = passwd->pw_name; const struct pam_conv local_conversation = { function_conversation, NULL }; pam_handle_t *local_auth_handle = NULL; int pam_err; if ((pam_err = pam_start("swaylock", username, &local_conversation, &local_auth_handle)) != PAM_SUCCESS) { sway_abort("PAM returned %d\n", pam_err); } if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) { return false; } if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) { return false; } return true; }
int authenticate_user(const char *user, const char *pass) { pam_handle_t *pamh; tAppdata appdata = {user, pass}; struct pam_conv pam_conv = {&pam_exchange, &appdata}; if ((pam_start (PAM_SERVICE_NAME, NULL, &pam_conv, &pamh) != PAM_SUCCESS) || (pam_authenticate (pamh,PAM_SILENT) != PAM_SUCCESS) || (pam_acct_mgmt (pamh,0) != PAM_SUCCESS) || (pam_setcred (pamh,PAM_ESTABLISH_CRED) != PAM_SUCCESS)) { pam_end (pamh,PAM_AUTH_ERR); return 0; } pam_end (pamh,PAM_SUCCESS); return 1; }
main(){ pam_hand_t* pamh; int result; struct passwd *pw; if((pw = getpwuid(getuid())) == NULL) perrror("getpwuid"); else if((result=pam_start(MY_CONFIG, pw->pw_name, &conv, &pamh))!=PAM_SUCCESS) fprintf(stderr, "start Failed: %d\n", result); else if((result=pam_authenticate(pamh,0))!=PAM_SUCCESS) fprintf(stderr, "authenticate Failed: %d\n", result); else if((result=pam_acct_mgmt(pamh,0))!=PAM_SUCCESS) fprintf(stderr, "acct_mgmt Failed: %d\n", result); else if((result=pam_end(pamh,result))!=PAM_SUCCESS) fprintf(stderr, "end Failed: %d\n", result); else //corresponding application run. fprintf("Se ejecuta la aplicación"); }
static int auth(char *service, char *user, char *password) { struct pam_conv conv = {misc_conv, password}; int retval; pam_handle_t *pamh = NULL; retval = pam_start(service, user, &conv, &pamh); if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_RUSER, user); #ifdef PAM_FAIL_DELAY if (retval == PAM_SUCCESS) retval = pam_set_item(pamh, PAM_FAIL_DELAY, (void *)delay_fn); #endif if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); pam_end(pamh, retval); return retval; }
void check_password(void) { static struct pam_conv conv = { ulock_conv, NULL }; pam_handle_t *pamh; char username[1 << 8]; username[0] = '\0'; strncat(username, getpwuid(getuid())->pw_name, (sizeof username) - 1); pam_start("ulock", username, &conv, &pamh); writes(STDOUT_FILENO, "The terminal is now locked. Please enter the password to unlock it.\n"); char *username2 = username; for (int i = 0; ; i++) { int pam_error; writes(STDOUT_FILENO, username2); writes(STDOUT_FILENO, "'s password: "******"Erm, one minute penalty...\n"); sleep(60); } username2 = (username2 == username) ? "root" : username; } pam_end(pamh, PAM_SUCCESS); fatal("Something went *SERIOUSLY* wrong\n"); }
int main() { int ret = 0; struct pam_handle_t *pamh = NULL; struct pam_conv pamc = { pconv, NULL }; ret = pam_start( "zxpam", "zx", &pamc, &pamh ); if ( ret != PAM_SUCCESS ) { perror("start failed"); return -1; } (void) pam_set_item( pamh, PAM_USER, "zx" ); //(void) pam_set_item( pamh, PAM_USER, "zxx" ); ret = pam_authenticate( pamh, 0 ); printf("ret %d\n", ret); if ( ret != PAM_SUCCESS ) { //perror("auth failed"); printf("pamerr: %s\n", pam_strerror(pamh, ret)); return -1; } ret = pam_acct_mgmt( pamh, 0 ); if ( ret != PAM_SUCCESS ) { perror("denied"); return -1; } else { printf("pass\n"); } ret = pam_end( pamh, PAM_SUCCESS ); return ret == PAM_SUCCESS ? 0 : -1; }
int main(int argc, char*argv[]) { static struct pam_conv pc = { misc_conv, NULL }; pam_handle_t *ph = NULL; int r, ret; char *username, *procname, *service; if ((procname = strchr(argv[0], '/'))) procname++; else procname = argv[0]; if (argc <= 1 || argc > 3) { fprintf(stderr, "Usage: %s [<service>] [<username>]\n", procname); exit(1); } service = (argc >= 2) ? argv[1] : procname; username = (argc == 3) ? argv[2] : NULL; if (username) printf("Trying to authenticate <%s> for service <%s>.\n", username, service); else printf("Trying to authenticate for service <%s>.\n", service); if ((r = pam_start(service, username, &pc, &ph)) != PAM_SUCCESS) { fprintf(stderr, "Failure starting pam: %s\n", pam_strerror(ph, r)); return 1; } if ((r = pam_authenticate(ph, 0)) != PAM_SUCCESS) { fprintf(stderr, "Failed to authenticate: %s\n", pam_strerror(ph, r)); ret = 1; } else { printf("Authentication successful.\n"); ret = 0; } if ((r = pam_end(ph, r)) != PAM_SUCCESS) fprintf(stderr, "Failure shutting down pam: %s\n", pam_strerror(ph, r)); return ret; }
int main(int argc, char *argv[]) { char *user = (argc > 1) ? argv[1] : getlogin(); char *service = (argc > 2) ? argv[2] : "pamtest"; struct pam_conv conv; int rc; pam_handle_t *pamh = NULL; conv.conv = pamtestConv; conv.appdata_ptr = NULL; fprintf(stderr, "%s:%d Starting with user=%s service=%s\n", __FILE__, __LINE__, user, service); rc = pam_start(service, user, &conv, &pamh); CHECK_STATUS(pamh, "pam_start", rc); rc = pam_authenticate(pamh, 0); CHECK_STATUS(pamh, "pam_authenticate", rc); rc = pam_acct_mgmt(pamh, 0); CHECK_STATUS(pamh, "pam_acct_mgmt", rc); if (rc == PAM_SUCCESS) { rc = pam_open_session(pamh, 0); CHECK_STATUS(pamh, "pam_open_session", rc); rc = pam_close_session(pamh, 0); CHECK_STATUS(pamh, "pam_close_session", rc); } if (rc != PAM_SUCCESS) { return rc; } if (pamh != NULL) { rc = pam_end(pamh, PAM_SUCCESS); CHECK_STATUS(pamh, "pam_end", rc); } return rc; }
gboolean pam_auth(void) { g_pamLastStatus = pam_authenticate(g_pamHandle, 0); if (g_pamLastStatus != PAM_SUCCESS) { fprintf(stderr, "Jolicloud-DisplayManager: pam authentication failed. Error %d\n", g_pamLastStatus); return FALSE; } g_pamLastStatus = pam_acct_mgmt(g_pamHandle, PAM_SILENT); if (g_pamLastStatus != PAM_SUCCESS) { fprintf(stderr, "Jolicloud-DisplayManager: pam account managment failed. Error %d\n", g_pamLastStatus); return FALSE; } return TRUE; }
bool maValidatePamCredentials(MaConn *conn, cchar *realm, cchar *user, cchar *password, cchar *requiredPass, char **msg) { pam_handle_t *pamh; UserInfo info; struct pam_conv conv = { pamChat, &info }; int res; info.name = (char*) user; info.password = (char*) password; pamh = NULL; if ((res = pam_start("login", user, &conv, &pamh)) != PAM_SUCCESS) { return 0; } if ((res = pam_authenticate(pamh, 0)) != PAM_SUCCESS) { return 0; } pam_end(pamh, PAM_SUCCESS); return 1; }
int authenticate(const char *service,const char *user, const char *passwd) { struct pam_conv conv = { conversation, (void *) passwd }; pam_handle_t *pamh = NULL; int ret; ret = pam_start(service, user, &conv, &pamh); if (ret != PAM_SUCCESS) { return ret; } ret = pam_authenticate(pamh, PAM_SILENT); if (ret != PAM_SUCCESS) { return ret; } ret = pam_end(pamh, 0); if (ret != PAM_SUCCESS) { return ret; } return PAM_SUCCESS; }
/** * EscalateHelperDoAction: * @self: #EscalateHelper instance. * @error: (out)(allow-none): Error return location or #NULL. * * Return: #TRUE if the action specified in the start message (just * pam_authenticate for now) was called successfully and the finish message was * sent. */ gboolean EscalateHelperDoAction(EscalateHelper *self, GError **error) { EscalateMessage *message = NULL; gboolean success = FALSE; switch (self->action) { case ESCALATE_MESSAGE_ACTION_AUTHENTICATE: self->result = pam_authenticate(self->pamh, self->flags); break; default: self->result = PAM_SYSTEM_ERR; g_error("Unsupported action %d", self->action); } // Prevents this function from being run twice. self->action = ESCALATE_MESSAGE_ACTION_UNKNOWN; message = EscalateMessageNew(ESCALATE_MESSAGE_TYPE_FINISH, self->result); success = EscalateMessageWrite(message, self->writer, error); EscalateMessageUnref(message); return success; }
int checkpass_pam(char *password) { struct pam_conv conv = { conv_func, password }; int retval = pam_start("bftpd", user, (struct pam_conv *) &conv, (pam_handle_t **) & pamh); if (retval != PAM_SUCCESS) { printf("Error while initializing PAM: %s\n", pam_strerror(pamh, retval)); return 1; } pam_fail_delay(pamh, 0); retval = pam_authenticate(pamh, 0); if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); if (retval == PAM_SUCCESS) pam_open_session(pamh, 0); if (retval != PAM_SUCCESS) return 1; else return 0; }
bool PamAuthentication::validatePasswordToken(const QString &token) { pam_handle *pamHandle = 0; if (!initPam(&pamHandle)) { qDebug() << Q_FUNC_INFO << "Pam init failed"; return false; } m_passwordToken = token; int status = pam_authenticate(pamHandle, 0); qDebug() << Q_FUNC_INFO << "Pam authenticate status" << status << pam_strerror(pamHandle, status); if (status == PAM_SUCCESS) { status = validateAccount(pamHandle); } pam_end(pamHandle, status); m_passwordToken.clear(); return status == PAM_SUCCESS; }
MainObject::MainObject(QObject *parent) :QObject(parent) { int err; struct pam_conv conv; pam_handle_t *pamh=NULL; QString service_name=""; // // Read Command Options // RDCmdSwitch *cmd= new RDCmdSwitch(qApp->argc(),qApp->argv(),"test_pam",TEST_PAM_USAGE); for(unsigned i=0; i<cmd->keys(); i++) { if(cmd->key(i)=="--service-name") { service_name=cmd->value(i); cmd->setProcessed(i,true); } } if(service_name.isEmpty()) { fprintf(stderr,"test_pam: missing service-name\n"); exit(256); } memset(&conv,0,sizeof(conv)); conv.conv=ConversationResponseCallback; if((err=pam_start(service_name,NULL,&conv,&pamh))!=PAM_SUCCESS) { perror(pam_strerror(pamh,err)); exit(256); } err=pam_authenticate(pamh,0); if(err==PAM_SUCCESS) { printf("Success!\n"); } else { perror(pam_strerror(pamh,err)); } pam_end(pamh,err); exit(0); }