int
main (void)
{
  int retval;

  /* 1: Call with NULL as pam handle */
  retval = pam_authenticate (NULL, 0);
  if (retval == PAM_SUCCESS)
    {
      fprintf (stderr, "tst-pam_authenticate (NULL, 0) returned PAM_SUCCESS\n");
      return 1;
    }

  return 0;
}
Exemple #2
0
int pam_auth_user_pass (char const * const user, char const * const pass)
{
    struct pam_conv pamc = { conv, pass };
    pam_handle_t * pamh = NULL; 
    int retval = PAM_ABORT;

    if ((retval = pam_start ("login", user, &pamc, &pamh)) == PAM_SUCCESS)
    {
        retval = pam_authenticate (pamh, 0);
    }

    LOG (pam_strerror (pamh, retval));
    pam_end (pamh, 0); 
    return retval;
}
Exemple #3
0
/** Check the users password against the standard UNIX password table + PAM.
 *
 * @note For most flexibility, passing a pamauth type to this function
 *	 allows you to have multiple authentication types (i.e. multiple
 *	 files associated with radius in /etc/pam.d).
 *
 * @param request The current request.
 * @param username User to authenticate.
 * @param passwd Password to authenticate with,
 * @param pamauth Type of PAM authentication.
 * @return 0 on success -1 on failure.
 */
static int do_pam(REQUEST *request, char const *username, char const *passwd, char const *pamauth)
{
	pam_handle_t *handle = NULL;
	int ret;
	rlm_pam_data_t pam_config;
	struct pam_conv conv;

	/*
	 *  Initialize the structures
	 */
	conv.conv = pam_conv;
	conv.appdata_ptr = &pam_config;
	pam_config.request = request;
	pam_config.username = username;
	pam_config.password = passwd;
	pam_config.error = false;

	RDEBUG2("Using pamauth string \"%s\" for pam.conf lookup", pamauth);

	ret = pam_start(pamauth, username, &conv, &handle);
	if (ret != PAM_SUCCESS) {
		RERROR("pam_start failed: %s", pam_strerror(handle, ret));
		return -1;
	}

	ret = pam_authenticate(handle, 0);
	if (ret != PAM_SUCCESS) {
		RERROR("pam_authenticate failed: %s", pam_strerror(handle, ret));
		pam_end(handle, ret);
		return -1;
	}

	/*
	 *	FreeBSD 3.x doesn't have account and session management
	 *	functions in PAM, while 4.0 does.
	 */
#if !defined(__FreeBSD_version) || (__FreeBSD_version >= 400000)
	ret = pam_acct_mgmt(handle, 0);
	if (ret != PAM_SUCCESS) {
		RERROR("pam_acct_mgmt failed: %s", pam_strerror(handle, ret));
		pam_end(handle, ret);
		return -1;
	}
#endif
	RDEBUG2("Authentication succeeded");
	pam_end(handle, ret);
	return 0;
}
/* returns boolean */
int DEFAULT_CC
auth_userpass(char *user, char *pass, int *errorcode)
{
    pam_handle_t *pamh;
    pam_userpass_t userpass;
    struct pam_conv conv = {pam_userpass_conv, &userpass};
    const void *template1;
    int status;

    userpass.user = user;
    userpass.pass = pass;

    if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
    {
        return 0;
    }

    status = pam_authenticate(pamh, 0);

    if (status != PAM_SUCCESS)
    {
        pam_end(pamh, status);
        return 0;
    }

    status = pam_acct_mgmt(pamh, 0);

    if (status != PAM_SUCCESS)
    {
        pam_end(pamh, status);
        return 0;
    }

    status = pam_get_item(pamh, PAM_USER, &template1);

    if (status != PAM_SUCCESS)
    {
        pam_end(pamh, status);
        return 0;
    }

    if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
    {
        return 0;
    }

    return 1;
}
Exemple #5
0
static int check_pw(const char *login, const char *pwd)
{
  struct pam_conv  pam_c;
  pam_handle_t    *phth;
  int              ret;

  pam_c.conv = conv_func;
  pam_c.appdata_ptr = (void *)pwd;

  assert(pam_start("lolock", login, &pam_c, &phth) == PAM_SUCCESS);

  ret = pam_authenticate(phth, PAM_SILENT);

  pam_end(phth, 0);
  return ret == PAM_SUCCESS;
}
Exemple #6
0
int main(int argc, char *argv[])
{
	pam_handle_t *pamh = NULL;
	int retval;
	struct pam_conv conv = { gradm_pam_conv, NULL };
	struct gr_arg_wrapper wrapper;
	struct gr_arg arg;
	int fd;

	if (argc != 2)
		exit(EXIT_FAILURE);

	wrapper.version = GRADM_VERSION;
	wrapper.size = sizeof(struct gr_arg);
	wrapper.arg = &arg;
	arg.mode = GRADM_STATUS;

	if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) {
		fprintf(stderr, "Could not open %s.\n", GRDEV_PATH);
		failure("open");
	}

	retval = write(fd, &wrapper, sizeof(struct gr_arg_wrapper));
	close(fd);

	if (retval != 1)
		exit(EXIT_FAILURE);

	retval = pam_start(PAM_SERVICENAME, argv[1], &conv, &pamh);

	if (retval == PAM_SUCCESS)
		retval = pam_authenticate(pamh, 0);

	if (retval == PAM_SUCCESS)
		retval = pam_acct_mgmt(pamh, 0);

	if (retval == PAM_AUTHTOK_EXPIRED)
		retval = pam_chauthtok(pamh, 0);

	if (pamh)
		pam_end(pamh, retval);

	if (retval != PAM_SUCCESS)
		exit(EXIT_FAILURE);

	return EXIT_SUCCESS;
}
Exemple #7
0
static int
auth_CheckPasswd(const char *name, const char *data, const char *key)
{
  if (!strcmp(data, "*")) {
#ifdef NOPAM
    /* Then look up the real password database */
    struct passwd *pw;
    int result = 0;
    char *cryptpw;
    
    pw = getpwnam(name);

    if (pw) {
      cryptpw = crypt(key, pw->pw_passwd);

      result = (cryptpw != NULL) && !strcmp(cryptpw, pw->pw_passwd);
    }

    endpwent();

    return result;
#else /* !NOPAM */
    /* Then consult with PAM. */
    pam_handle_t *pamh;
    int status;

    struct pam_conv pamc = {
#ifdef OPENPAM
      &openpam_nullconv, NULL
#else
      &pam_conv, key
#endif
    };

    if (pam_start("ppp", name, &pamc, &pamh) != PAM_SUCCESS)
      return (0);
#ifdef OPENPAM
    if ((status = pam_set_item(pamh, PAM_AUTHTOK, key)) == PAM_SUCCESS)
#endif
      status = pam_authenticate(pamh, 0);
    pam_end(pamh, status);
    return (status == PAM_SUCCESS);
#endif /* !NOPAM */
  }

  return !strcmp(data, key);
}
int
main(int argc, char *argv[])
{
  pam_handle_t *pamh=NULL;
  const char *user="******";
  const char *stack="tst-pam_authfail";
  int retval;
  int debug = 0;

  if (argc > 2) {
    stack = argv[2];
  }

  if (argc > 1) {
    if (strcmp (argv[1], "-d") == 0)
      debug = 1;
    else
      stack = argv[1];
  }


  retval = pam_start(stack, user, &conv, &pamh);
  if (retval != PAM_SUCCESS)
    {
      if (debug)
	fprintf (stderr, "test3: pam_start returned %d\n", retval);
      return 1;
    }

  retval = pam_authenticate(pamh, 0);
  if (retval == PAM_SUCCESS)
    {
      if (debug)
	fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
      return 1;
    }

  retval = pam_end(pamh,retval);
  if (retval != PAM_SUCCESS)
    {
      if (debug)
	fprintf (stderr, "test3: pam_end returned %d\n", retval);
      return 1;
    }
  return 0;
}
Exemple #9
0
/**
 * \brief Try to authentication user using PAM. Only password could be use now.
 */
int vs_pam_auth_user(struct vContext *C, const char *username, const char *pass)
{
	struct VSession *vsession = CTX_current_session(C);
	int retval;

	/* Use password for user authentication */
	vsession->conv.appdata_ptr = (void*)pass;

	/* Try to initialization PAM transaction */
	if((retval = pam_start("verse", username, &vsession->conv, &vsession->pamh)) != PAM_SUCCESS) {
		v_print_log(VRS_PRINT_ERROR, "pam_start() failed: %s\n", pam_strerror(vsession->pamh, retval));
		vs_pam_end_user_auth(vsession, retval);
		return -1;
	}

	/* Try to setup remote host for PAM */
	if((retval = pam_set_item(vsession->pamh, PAM_RHOST, vsession->peer_hostname))) {
		v_print_log(VRS_PRINT_ERROR, "pam_set_item(): hostname: %s failed: %s\n",
				vsession->peer_hostname, pam_strerror(vsession->pamh, retval));
		vs_pam_end_user_auth(vsession, retval);
		return -1;
	}

	/* Authenticate user: is the username in the "database" of valid usernames? */
	if((retval = pam_authenticate(vsession->pamh, 0)) != PAM_SUCCESS) {
		v_print_log(VRS_PRINT_ERROR, "pam_authenticate(): username: %s failed: %s\n", username, pam_strerror(vsession->pamh, retval));
		vs_pam_end_user_auth(vsession, retval);
		return -1;
	}

	/* Is user's account valid? */
	if((retval = pam_acct_mgmt(vsession->pamh, 0)) == PAM_SUCCESS) {
		v_print_log(VRS_PRINT_DEBUG_MSG, "pam_acct_mgmt(): username: %s: %s\n", username, pam_strerror(vsession->pamh, retval));
		vs_pam_end_user_auth(vsession, retval);
		/* TODO: get UID and return it */
		return -1;
	} else {
		v_print_log(VRS_PRINT_ERROR, "pam_cct_mgmt(): username: %s failed: %s\n", username, pam_strerror(vsession->pamh, retval));
		vs_pam_end_user_auth(vsession, retval);
		return -1;
	}

	vs_pam_end_user_auth(vsession, retval);

	return -1;
}
/**
 * EscalateHelperDoAction:
 * @self: #EscalateHelper instance.
 * @error: (out)(allow-none): Error return location or #NULL.
 *
 * Return: #TRUE if the action specified in the start message (just
 * pam_authenticate for now) was called successfully and the finish message was
 * sent.
 */
gboolean EscalateHelperDoAction(EscalateHelper *self, GError **error) {
  int setcred_result = PAM_SUCCESS;
  EscalateMessage *message = NULL;
  GVariantBuilder *env = NULL;
  gboolean result = FALSE;

  // Run the action specified in the start message.
  switch (self->action) {
    case ESCALATE_MESSAGE_ACTION_AUTHENTICATE:
      self->result = pam_authenticate(self->pamh, self->flags);
      if (self->result == PAM_SUCCESS || self->result == PAM_NEW_AUTHTOK_REQD) {
        // Refresh things like Kerberos credentials. This is safe to do here
        // even if the client never calls pam_setcred() because the entire auth
        // stack succeeded.
        // TODO(vonhollen): Make this configurable by pam_escalate.so.
        setcred_result = pam_setcred(self->pamh, PAM_REINITIALIZE_CRED);
        if (setcred_result != PAM_SUCCESS) {
          pam_syslog(self->pamh, LOG_NOTICE,
                     "pam_setcred() failed for user '%s': %s",
                     self->username, pam_strerror(self->pamh, setcred_result));
        }
      }
      break;
    default:
      self->result = PAM_SYSTEM_ERR;
      g_error("Unsupported action %d", self->action);
  }

  // Prevent this function from being run twice.
  self->action = ESCALATE_MESSAGE_ACTION_UNKNOWN;

  // Get the PAM environment to include in the result.
  env = EscalateUtilPamEnvToVariant(self->pamh, error);
  if (!env) {
    goto done;
  }

  // Send the final PAM result for the action and the complete environment.
  message = EscalateMessageNew(ESCALATE_MESSAGE_TYPE_FINISH, self->result, env);
  result = EscalateMessageWrite(message, self->writer, error);
  EscalateMessageUnref(message);
  g_variant_builder_unref(env);

done:
  return result;
}
Exemple #11
0
static void input_done(void) {
    STOP_TIMER(clear_pam_wrong_timeout);
    pam_state = STATE_PAM_VERIFY;
    redraw_screen();

    if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
        DEBUG("successfully authenticated\n");
        clear_password_memory();
        /* Turn the screen on, as it may have been turned off
         * on release of the 'enter' key. */
        turn_monitors_on();

        /* PAM credentials should be refreshed, this will for example update any kerberos tickets.
         * Related to credentials pam_end() needs to be called to cleanup any temporary
         * credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the
         * refresh of the credentials failed. */
        pam_setcred(pam_handle, PAM_REFRESH_CRED);
        pam_end(pam_handle, PAM_SUCCESS);

        exit(0);
    }

    if (debug_mode)
        fprintf(stderr, "Authentication failure\n");

    pam_state = STATE_PAM_WRONG;
    failed_attempts += 1;
    clear_input();
    if (unlock_indicator)
        redraw_screen();

    /* Clear this state after 2 seconds (unless the user enters another
     * password during that time). */
    ev_now_update(main_loop);
    START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);

    /* Cancel the clear_indicator_timeout, it would hide the unlock indicator
     * too early. */
    STOP_TIMER(clear_indicator_timeout);

    /* beep on authentication failure, if enabled */
    if (beep) {
        xcb_bell(conn, 100);
        xcb_flush(conn);
    }
}
Exemple #12
0
static bool
verify_root_pw( const char* pw)
{
     const char* superuser = "******";
#ifdef USESHADOW
     struct spwd *spws = getspnam( superuser);
#endif
#ifdef USE_PAM
     pam_handle_t *pamh;
     int pam_error;
#endif /* USE_PAM */
     struct passwd *pws = getpwnam( superuser);
     CHECK_PTR( pws);
#ifndef USE_PAM
#ifdef USESHADOW
     // If USESHADOW is defined, kdm will work for both shadow and non
     // shadow systems
     if( spws != NULL) {
       char* tmp = pws->pw_passwd;
       pws->pw_passwd = spws->sp_pwdp;
       spws->sp_pwdp = tmp;
     }
     endspent();
#endif /* USESHADOW */
     if( strcmp( crypt( pw, pws->pw_passwd), pws->pw_passwd)) {
	  printf("Root passwd verification failed\n");
	  
	  return false;
     }
#else /* USE_PAM */
     #define PAM_BAIL \
        if (pam_error != PAM_SUCCESS) { \
	pam_end(pamh, 0); \
        return false; \
      }
     PAM_password = pw;
     pam_error = pam_start(KDE_PAM, superuser, &PAM_conversation, &pamh);
     PAM_BAIL;
     pam_error = pam_authenticate( pamh, 0);
     PAM_BAIL;
     /* OK, if we get here, the user _should_ be root */
     pam_end( pamh, PAM_SUCCESS);
#endif /* USE_PAM */
     return true;
}
Exemple #13
0
/**
 * Authenticate a connecting client using PAM.
 * @param Client The client to authenticate.
 * @return true when authentication succeeded, false otherwise.
 */
GLOBAL bool
PAM_Authenticate(CLIENT *Client) {
	pam_handle_t *pam;
	int retval = PAM_SUCCESS;

	LogDebug("PAM: Authenticate \"%s\" (%s) ...",
		 Client_OrigUser(Client), Client_Mask(Client));

	/* Set supplied client password */
	if (password)
		free(password);
	password = strdup(Conn_Password(Client_Conn(Client)));
	conv.appdata_ptr = Conn_Password(Client_Conn(Client));

	/* Initialize PAM */
	retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam);
	if (retval != PAM_SUCCESS) {
		Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval);
		return false;
	}

	pam_set_item(pam, PAM_RUSER, Client_User(Client));
	pam_set_item(pam, PAM_RHOST, Client_Hostname(Client));
#if defined(HAVE_PAM_FAIL_DELAY) && !defined(NO_PAM_FAIL_DELAY)
	pam_fail_delay(pam, 0);
#endif

	/* PAM authentication ... */
	retval = pam_authenticate(pam, 0);

	/* Success? */
	if (retval == PAM_SUCCESS)
		Log(LOG_INFO, "PAM: Authenticated \"%s\" (%s).",
		    Client_OrigUser(Client), Client_Mask(Client));
	else
		Log(LOG_ERR, "PAM: Error on \"%s\" (%s): %s",
		    Client_OrigUser(Client), Client_Mask(Client),
		    pam_strerror(pam, retval));

	/* Free PAM structures */
	if (pam_end(pam, retval) != PAM_SUCCESS)
		Log(LOG_ERR, "PAM: Failed to release authenticator!");

	return (retval == PAM_SUCCESS);
}
Exemple #14
0
int
pam_pass(char *name, char *passwd, const char *pamauth, char **reply_msg)
{
        pam_handle_t *pamh = NULL;
        int rc;
        struct pam_conv_data data;
        struct pam_conv conv = {
                rad_pam_conv,
                NULL
        };
        
        /* input data */
        data.username = name;
        data.password = passwd;
        /* output data */
        data.error = 0;
        data.reply_msg = NULL;

        conv.appdata_ptr = &data;

        GRAD_DEBUG2(1, "username [%s], pamauth [%s]",  name, pamauth);

        /* fake loop needed so we don't have to use gotos */
        for (;;) {
                rc = pam_start(pamauth, name, &conv, &pamh);
                GRAD_DEBUG1(1, "pam_start: %d", rc);
                if (rc != PAM_SUCCESS)
                        break;

                rc = pam_authenticate(pamh, 0);
                GRAD_DEBUG1(1, "pam_authenticate: %d", rc);

                if (rc != PAM_SUCCESS) 
                        break;
                
                rc = pam_acct_mgmt(pamh, 0);
                break;
        }
        GRAD_DEBUG1(1, "pam_acct_mgmt: %d", rc);
        pam_end(pamh, 0);

        *reply_msg = data.reply_msg;
        
        return rc != PAM_SUCCESS;
}
/*
 * Attempt password authentication via PAM
 */
int
sshpam_auth_passwd(Authctxt *authctxt, const char *password)
{
	int flags = (options.permit_empty_passwd == 0 ?
	    PAM_DISALLOW_NULL_AUTHTOK : 0);
	char *fake = NULL;

	if (!options.use_pam || sshpam_handle == NULL)
		fatal("PAM: %s called when PAM disabled or failed to "
		    "initialise.", __func__);

	sshpam_password = password;
	sshpam_authctxt = authctxt;

	/*
	 * If the user logging in is invalid, or is root but is not permitted
	 * by PermitRootLogin, use an invalid password to prevent leaking
	 * information via timing (eg if the PAM config has a delay on fail).
	 */
	if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
	    options.permit_root_login != PERMIT_YES))
		sshpam_password = fake = fake_password(password);

	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	    (const void *)&passwd_conv);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
		    pam_strerror(sshpam_handle, sshpam_err));

	sshpam_err = pam_authenticate(sshpam_handle, flags);
	sshpam_password = NULL;
	free(fake);
	if (sshpam_err == PAM_MAXTRIES)
		sshpam_set_maxtries_reached(1);
	if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
		debug("PAM: password authentication accepted for %.100s",
		    authctxt->user);
		return 1;
	} else {
		debug("PAM: password authentication failed for %.100s: %s",
		    authctxt->valid ? authctxt->user : "******",
		    pam_strerror(sshpam_handle, sshpam_err));
		return 0;
	}
}
Exemple #16
0
/**
 * Note: PAM will free() 'password' during the process
 */
bool verify_password() {
	struct passwd *passwd = getpwuid(getuid());
	char *username = passwd->pw_name;

	const struct pam_conv local_conversation = { function_conversation, NULL };
	pam_handle_t *local_auth_handle = NULL;
	int pam_err;
	if ((pam_err = pam_start("swaylock", username, &local_conversation, &local_auth_handle)) != PAM_SUCCESS) {
		sway_abort("PAM returned %d\n", pam_err);
	}
	if ((pam_err = pam_authenticate(local_auth_handle, 0)) != PAM_SUCCESS) {
		return false;
	}
	if ((pam_err = pam_end(local_auth_handle, pam_err)) != PAM_SUCCESS) {
		return false;
	}
	return true;
}
Exemple #17
0
int authenticate_user(const char *user, const char *pass)
{
  pam_handle_t *pamh;
  tAppdata appdata = {user, pass};
  struct pam_conv pam_conv = {&pam_exchange, &appdata};

  if ((pam_start (PAM_SERVICE_NAME, NULL, &pam_conv, &pamh) != PAM_SUCCESS) ||
      (pam_authenticate (pamh,PAM_SILENT) != PAM_SUCCESS) ||
      (pam_acct_mgmt (pamh,0) != PAM_SUCCESS) ||
      (pam_setcred (pamh,PAM_ESTABLISH_CRED) != PAM_SUCCESS))
  {
    pam_end (pamh,PAM_AUTH_ERR); 
    return 0;
  }	

  pam_end (pamh,PAM_SUCCESS);	
  return 1;	
}
Exemple #18
0
main(){
	pam_hand_t* pamh;
	int result;
	struct passwd *pw;

	if((pw = getpwuid(getuid())) == NULL)
		perrror("getpwuid");
	else if((result=pam_start(MY_CONFIG, pw->pw_name, &conv, &pamh))!=PAM_SUCCESS)
		fprintf(stderr, "start Failed: %d\n", result);
	else if((result=pam_authenticate(pamh,0))!=PAM_SUCCESS)
		fprintf(stderr, "authenticate Failed: %d\n", result);
	else if((result=pam_acct_mgmt(pamh,0))!=PAM_SUCCESS)
		fprintf(stderr, "acct_mgmt Failed: %d\n", result);
	else if((result=pam_end(pamh,result))!=PAM_SUCCESS)
		fprintf(stderr, "end Failed: %d\n", result);
	else
		//corresponding application run.
		fprintf("Se ejecuta la aplicación");
}
Exemple #19
0
static int auth(char *service, char *user, char *password)
{
  struct pam_conv conv = {misc_conv, password};
  int retval;
  pam_handle_t *pamh = NULL;
  retval = pam_start(service, user, &conv, &pamh);
  if (retval == PAM_SUCCESS)
    retval = pam_set_item(pamh, PAM_RUSER, user);
#ifdef PAM_FAIL_DELAY
  if (retval == PAM_SUCCESS)
    retval = pam_set_item(pamh, PAM_FAIL_DELAY, (void *)delay_fn);
#endif
  if (retval == PAM_SUCCESS)
    retval = pam_authenticate(pamh, 0);
  if (retval == PAM_SUCCESS)
    retval = pam_acct_mgmt(pamh, 0);
  pam_end(pamh, retval);
  return retval;
}
Exemple #20
0
void check_password(void)
{
  static struct pam_conv conv =
  {
    ulock_conv,
    NULL
  };
  pam_handle_t *pamh;
  char username[1 << 8];
  username[0] = '\0';
  strncat(username, getpwuid(getuid())->pw_name, (sizeof username) - 1);
  pam_start("ulock", username, &conv, &pamh);
  writes(STDOUT_FILENO, "The terminal is now locked. Please enter the password to unlock it.\n");
  char *username2 = username;
  for (int i = 0; ; i++)
  {
    int pam_error;
    writes(STDOUT_FILENO, username2);
    writes(STDOUT_FILENO, "'s password: "******"Erm, one minute penalty...\n");
      sleep(60);
    }
    username2 = (username2 == username) ? "root" : username;
  }
  pam_end(pamh, PAM_SUCCESS);
  fatal("Something went *SERIOUSLY* wrong\n");
}
Exemple #21
0
int main()
{
	int ret = 0;
	struct pam_handle_t *pamh = NULL;
	struct pam_conv pamc = {
		pconv,
		NULL
	};

	ret = pam_start( "zxpam", "zx", &pamc, &pamh );

	if ( ret != PAM_SUCCESS )
	{
		perror("start failed");
		return -1;
	}
	
	(void) pam_set_item( pamh, PAM_USER, "zx" );
	//(void) pam_set_item( pamh, PAM_USER, "zxx" );
	
	ret = pam_authenticate( pamh, 0 );
	printf("ret %d\n", ret);
	if ( ret != PAM_SUCCESS )
	{
		//perror("auth failed");
		printf("pamerr:  %s\n", pam_strerror(pamh, ret));
		return -1;
	}
	
	ret = pam_acct_mgmt( pamh, 0 );
	if ( ret != PAM_SUCCESS )
	{
		perror("denied");
		return -1;
	} else 
	{
		printf("pass\n");
	}

	ret = pam_end( pamh, PAM_SUCCESS );

	return ret == PAM_SUCCESS ? 0 : -1;
}
Exemple #22
0
int main(int argc, char*argv[]) {
    static struct pam_conv pc = { misc_conv, NULL };
    pam_handle_t *ph = NULL;
    int r, ret;
    char *username, *procname, *service;

    if ((procname = strchr(argv[0], '/')))
        procname++;
    else
        procname = argv[0];

    if (argc <= 1 || argc > 3) {
        fprintf(stderr, "Usage: %s [<service>] [<username>]\n", procname);
        exit(1);
    }

    service = (argc >= 2) ? argv[1] : procname;
    username = (argc == 3) ? argv[2] : NULL;

    if (username)
        printf("Trying to authenticate <%s> for service <%s>.\n", username, service);
    else
        printf("Trying to authenticate for service <%s>.\n", service);
    
    if ((r = pam_start(service, username, &pc, &ph)) != PAM_SUCCESS) {
        fprintf(stderr, "Failure starting pam: %s\n", pam_strerror(ph, r));
        return 1;
    }

    if ((r = pam_authenticate(ph, 0)) != PAM_SUCCESS) {
        fprintf(stderr, "Failed to authenticate: %s\n", pam_strerror(ph, r));
        ret = 1;
    } else {
        printf("Authentication successful.\n");
        ret = 0;
    }

    if ((r = pam_end(ph, r)) != PAM_SUCCESS)
        fprintf(stderr, "Failure shutting down pam: %s\n", pam_strerror(ph, r));

    return ret;
}
Exemple #23
0
int main(int argc, char *argv[])
{
	char *user = (argc > 1) ? argv[1] : getlogin();
	char *service = (argc > 2) ? argv[2] : "pamtest";
	struct pam_conv conv;
	int rc;
	pam_handle_t *pamh = NULL;

	conv.conv = pamtestConv;
	conv.appdata_ptr = NULL;

	fprintf(stderr, "%s:%d Starting with user=%s service=%s\n",
		__FILE__, __LINE__, user, service);

	rc = pam_start(service, user, &conv, &pamh);
	CHECK_STATUS(pamh, "pam_start", rc);

	rc = pam_authenticate(pamh, 0);
	CHECK_STATUS(pamh, "pam_authenticate", rc);

	rc = pam_acct_mgmt(pamh, 0);
	CHECK_STATUS(pamh, "pam_acct_mgmt", rc);

	if (rc == PAM_SUCCESS) {
		rc = pam_open_session(pamh, 0);
		CHECK_STATUS(pamh, "pam_open_session", rc);

		rc = pam_close_session(pamh, 0);
		CHECK_STATUS(pamh, "pam_close_session", rc);
	}

	if (rc != PAM_SUCCESS) {
		return rc;
	}

	if (pamh != NULL) {
		rc = pam_end(pamh, PAM_SUCCESS);
		CHECK_STATUS(pamh, "pam_end", rc);
	}

	return rc;
}
gboolean pam_auth(void)
{
  g_pamLastStatus = pam_authenticate(g_pamHandle, 0);
  if (g_pamLastStatus != PAM_SUCCESS)
    {
      fprintf(stderr, "Jolicloud-DisplayManager: pam authentication failed. Error %d\n",
	      g_pamLastStatus);
      return FALSE;
    }

  g_pamLastStatus = pam_acct_mgmt(g_pamHandle, PAM_SILENT);
  if (g_pamLastStatus != PAM_SUCCESS)
    {
      fprintf(stderr, "Jolicloud-DisplayManager: pam account managment failed. Error %d\n",
	      g_pamLastStatus);
      return FALSE;
    }

  return TRUE;
}
Exemple #25
0
bool maValidatePamCredentials(MaConn *conn, cchar *realm, cchar *user, cchar *password, cchar *requiredPass, char **msg)
{
    pam_handle_t        *pamh;
    UserInfo            info;
    struct pam_conv     conv = { pamChat, &info };
    int                 res;
   
    info.name = (char*) user;
    info.password = (char*) password;
    pamh = NULL;
        
    if ((res = pam_start("login", user, &conv, &pamh)) != PAM_SUCCESS) {
        return 0;
    }
    if ((res = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
        return 0;
    }
    pam_end(pamh, PAM_SUCCESS);
    return 1;
}
Exemple #26
0
int authenticate(const char *service,const char *user, const char *passwd) {
        struct pam_conv conv = { conversation, (void *) passwd };
        pam_handle_t *pamh = NULL;
        int ret;

        ret = pam_start(service, user, &conv, &pamh);
        if (ret != PAM_SUCCESS) {
                return ret;
        }

        ret = pam_authenticate(pamh, PAM_SILENT);
        if (ret != PAM_SUCCESS) {
                return ret;
        }

        ret = pam_end(pamh, 0);
        if (ret != PAM_SUCCESS) {
                return ret;
        }
        return PAM_SUCCESS;
}
/**
 * EscalateHelperDoAction:
 * @self: #EscalateHelper instance.
 * @error: (out)(allow-none): Error return location or #NULL.
 *
 * Return: #TRUE if the action specified in the start message (just
 * pam_authenticate for now) was called successfully and the finish message was
 * sent.
 */
gboolean EscalateHelperDoAction(EscalateHelper *self, GError **error) {
  EscalateMessage *message = NULL;
  gboolean success = FALSE;

  switch (self->action) {
    case ESCALATE_MESSAGE_ACTION_AUTHENTICATE:
      self->result = pam_authenticate(self->pamh, self->flags);
      break;
    default:
      self->result = PAM_SYSTEM_ERR;
      g_error("Unsupported action %d", self->action);
  }

  // Prevents this function from being run twice.
  self->action = ESCALATE_MESSAGE_ACTION_UNKNOWN;

  message = EscalateMessageNew(ESCALATE_MESSAGE_TYPE_FINISH, self->result);
  success = EscalateMessageWrite(message, self->writer, error);
  EscalateMessageUnref(message);
  return success;
}
Exemple #28
0
int checkpass_pam(char *password)
{
	struct pam_conv conv = { conv_func, password };
	int retval = pam_start("bftpd", user, (struct pam_conv *) &conv,
						   (pam_handle_t **) & pamh);
	if (retval != PAM_SUCCESS) {
		printf("Error while initializing PAM: %s\n",
			   pam_strerror(pamh, retval));
		return 1;
	}
	pam_fail_delay(pamh, 0);
	retval = pam_authenticate(pamh, 0);
	if (retval == PAM_SUCCESS)
		retval = pam_acct_mgmt(pamh, 0);
	if (retval == PAM_SUCCESS)
		pam_open_session(pamh, 0);
	if (retval != PAM_SUCCESS)
		return 1;
	else
		return 0;
}
bool
PamAuthentication::validatePasswordToken(const QString &token) {
    pam_handle *pamHandle = 0;
    if (!initPam(&pamHandle)) {
        qDebug() << Q_FUNC_INFO << "Pam init failed";
        return false;
    }

    m_passwordToken = token;

    int status = pam_authenticate(pamHandle, 0);
    qDebug() << Q_FUNC_INFO << "Pam authenticate status" << status << pam_strerror(pamHandle, status);
    if (status == PAM_SUCCESS) {
        status = validateAccount(pamHandle);
    }
    pam_end(pamHandle, status);

    m_passwordToken.clear();

    return status == PAM_SUCCESS;
}
MainObject::MainObject(QObject *parent)
    :QObject(parent)
{
    int err;
    struct pam_conv conv;
    pam_handle_t *pamh=NULL;
    QString service_name="";

    //
    // Read Command Options
    //
    RDCmdSwitch *cmd=
        new RDCmdSwitch(qApp->argc(),qApp->argv(),"test_pam",TEST_PAM_USAGE);
    for(unsigned i=0; i<cmd->keys(); i++) {
        if(cmd->key(i)=="--service-name") {
            service_name=cmd->value(i);
            cmd->setProcessed(i,true);
        }
    }
    if(service_name.isEmpty()) {
        fprintf(stderr,"test_pam: missing service-name\n");
        exit(256);
    }

    memset(&conv,0,sizeof(conv));
    conv.conv=ConversationResponseCallback;
    if((err=pam_start(service_name,NULL,&conv,&pamh))!=PAM_SUCCESS) {
        perror(pam_strerror(pamh,err));
        exit(256);
    }
    err=pam_authenticate(pamh,0);
    if(err==PAM_SUCCESS) {
        printf("Success!\n");
    }
    else {
        perror(pam_strerror(pamh,err));
    }
    pam_end(pamh,err);
    exit(0);
}