Exemplos de pam_set_item em C++ (Cpp)

Exemplo n.º 1

Arquivo: pam_start.c Projeto: shankerwangmiao/OpenPAM

int
pam_start(const char *service,
	const char *user,
	const struct pam_conv *pam_conv,
	pam_handle_t **pamh)
{
	char hostname[HOST_NAME_MAX + 1];
	struct pam_handle *ph;
	int r;

	ENTER();
	if ((ph = calloc(1, sizeof *ph)) == NULL)
		RETURNC(PAM_BUF_ERR);
	if ((r = pam_set_item(ph, PAM_SERVICE, service)) != PAM_SUCCESS)
		goto fail;
	if (gethostname(hostname, sizeof hostname) != 0)
		strlcpy(hostname, "localhost", sizeof hostname);
	if ((r = pam_set_item(ph, PAM_HOST, hostname)) != PAM_SUCCESS)
		goto fail;
	if ((r = pam_set_item(ph, PAM_USER, user)) != PAM_SUCCESS)
		goto fail;
	if ((r = pam_set_item(ph, PAM_CONV, pam_conv)) != PAM_SUCCESS)
		goto fail;
	if ((r = openpam_configure(ph, service)) != PAM_SUCCESS)
		goto fail;
	*pamh = ph;
	openpam_log(PAM_LOG_DEBUG, "pam_start(\"%s\") succeeded", service);
	RETURNC(PAM_SUCCESS);
fail:
	pam_end(ph, r);
	RETURNC(r);
}

Exemplo n.º 2

Arquivo: xlsh.c Projeto: drwilly/xlsh

int xlsh_session_open(const char* service, const char* user,
                      pam_handle_t** handle)
{
  struct pam_conv conv = { xlsh_session_conv, NULL };
  pam_handle_t* pam_handle;

  if(pam_start(service, user, &conv, &pam_handle) != PAM_SUCCESS)
    return XLSH_ERROR;

  if(xlsh_X)
    pam_set_item(pam_handle, PAM_TTY, XLSH_XTTY);
  else
    pam_set_item(pam_handle, PAM_TTY, ttyname(0));

  if(pam_authenticate(pam_handle, 0) != PAM_SUCCESS) {
    pam_end(pam_handle, 0);
    return XLSH_ERROR;
  }
  if(pam_acct_mgmt(pam_handle, 0) != PAM_SUCCESS) {
    pam_end(pam_handle, 0);
    return XLSH_ERROR;
  }
  if(pam_setcred(pam_handle, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
    pam_end(pam_handle, 0);
    return XLSH_ERROR;
  }
  if(pam_open_session(pam_handle, 0) != PAM_SUCCESS) {
    pam_setcred(pam_handle, PAM_DELETE_CRED);
    pam_end(pam_handle, 0);
    return XLSH_ERROR;
  }

  *handle = pam_handle;
  return XLSH_EOK;
}

Exemplo n.º 3

Arquivo: verify-pam.c Projeto: ActusOS/mdm

/* Creates a pam handle for the auto login */
static gboolean
create_pamh (MdmDisplay *d,
	     const char *service,
	     const char *login,
	     struct pam_conv *conv,
	     const char *display,
	     int *pamerr)
{

	if (display == NULL) {
		mdm_error ("Cannot setup pam handle with null display");
		return FALSE;
	}

	if (pamh != NULL) {
		mdm_error ("create_pamh: Stale pamh around, cleaning up");
		pam_end (pamh, PAM_SUCCESS);
	}
	/* init things */
	pamh = NULL;
	opened_session = FALSE;
	did_setcred = FALSE;

	/* Initialize a PAM session for the user */
	if ((*pamerr = pam_start (service, login, conv, &pamh)) != PAM_SUCCESS) {
		pamh = NULL; /* be anal */
		if (mdm_slave_action_pending ())
			mdm_error ("Unable to establish service %s: %s\n", service, pam_strerror (NULL, *pamerr));
		return FALSE;
	}

	/* Inform PAM of the user's tty */
		if ((*pamerr = pam_set_item (pamh, PAM_TTY, display)) != PAM_SUCCESS) {
			if (mdm_slave_action_pending ())
				mdm_error ("Can't set PAM_TTY=%s", display);
			return FALSE;
		}

	if ( ! d->attached) {
		/* Only set RHOST if host is remote */
		/* From the host of the display */
		if ((*pamerr = pam_set_item (pamh, PAM_RHOST,
					     d->hostname)) != PAM_SUCCESS) {
			if (mdm_slave_action_pending ())
				mdm_error ("Can't set PAM_RHOST=%s", d->hostname);
			return FALSE;
		}
	}

	// Preselect the previous user
	if (do_we_need_to_preset_the_username) {		
		do_we_need_to_preset_the_username = FALSE;
		mdm_preselect_user(pamerr);
	}

	return TRUE;
}

Exemplo n.º 4

Arquivo: pamauthenticator.cpp Projeto: sjinks/repwatch_proxy

bool PAMAuthenticator::authenticate(void)
{
	pam_conv c;
	c.conv        = PAMAuthenticator::conv;
	c.appdata_ptr = this;

	int res = pam_start("repwatchproxy", 0, &c, &this->m_ph);
	if (res == PAM_SUCCESS) {
		res = pam_set_item(this->m_ph, PAM_RUSER, this->m_user.constData());
		if (res != PAM_SUCCESS) {
			goto getout;
		}

		res = pam_set_item(this->m_ph, PAM_RHOST, this->m_host.constData());
		if (res != PAM_SUCCESS) {
			goto getout;
		}

		res = pam_authenticate(this->m_ph, 0);
		if (res != PAM_SUCCESS) {
			goto getout;
		}

		res = pam_acct_mgmt(this->m_ph, 0);
		if (PAM_NEW_AUTHTOK_REQD == res) {
			res = pam_chauthtok(this->m_ph, PAM_CHANGE_EXPIRED_AUTHTOK);
		}

		if (res != PAM_SUCCESS) {
			goto getout;
		}

		res = pam_setcred(this->m_ph, PAM_ESTABLISH_CRED);
		if (res != PAM_SUCCESS) {
			goto getout;
		}

		res = pam_open_session(this->m_ph, 0);
		if (res != PAM_SUCCESS) {
			goto getout;
		}

		return true;

getout:
		qWarning("%s: %s", Q_FUNC_INFO, pam_strerror(this->m_ph, res));
		pam_end(this->m_ph, res);
	}
	else {
		qCritical("PAM initialization failed");
	}

	this->m_ph = 0;
	return false;
}

Exemplo n.º 5

Arquivo: pam_ses.c Projeto: IFCA/slurm

int
pam_setup (char *user, char *host)
{
	/*
	 * Any application using PAM must provide a conversion function, which
	 * is used for direct communication between a loaded module and the
	 * application. In this case, SLURM does need a communication mechanism,
	 * so the default (or null) conversation function may be used.
	 */
	struct pam_conv conv = {misc_conv, NULL};
        int             rc = 0;

	if (!conf->use_pam)
		return SLURM_SUCCESS;
	/*
	 * SLURM uses PAM to obtain resource limits established by the system
	 * administrator. PAM's session management library is responsible for
	 * handling resource limits. When a PAM session is opened on behalf of
	 * a user, the limits imposed by the sys admin are picked up. Opening
	 * a PAM session requires a PAM handle, which is obtained when the PAM
	 * interface is initialized. (PAM handles are required with essentially
	 * all PAM calls.) It's also necessary to have the users PAM credentials
	 * to open a user session.
 	 */
        if ((rc = pam_start (SLURM_SERVICE_PAM, user, &conv, &pam_h))
			!= PAM_SUCCESS) {
                error ("pam_start: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_set_item (pam_h, PAM_USER, user))
			!= PAM_SUCCESS) {
                error ("pam_set_item USER: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_set_item (pam_h, PAM_RUSER, user))
			!= PAM_SUCCESS) {
                error ("pam_set_item RUSER: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_set_item (pam_h, PAM_RHOST, host))
			!= PAM_SUCCESS) {
                error ("pam_set_item HOST: %s", pam_strerror(pam_h, rc));
              return SLURM_ERROR;
        } else if ((rc = pam_setcred (pam_h, PAM_ESTABLISH_CRED))
			!= PAM_SUCCESS) {
                error ("pam_setcred: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_open_session (pam_h, 0)) != PAM_SUCCESS) {
                error("pam_open_session: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        }

	return SLURM_SUCCESS;

}

Exemplo n.º 6

Arquivo: auth-pam.c Projeto: BobWall23/ironssh

static int
sshpam_init(Authctxt *authctxt)
{
	extern char *__progname;
	const char *pam_rhost, *pam_user, *user = authctxt->user;
	const char **ptr_pam_user = &pam_user;
	struct ssh *ssh = active_state; /* XXX */

	if (sshpam_handle != NULL) {
		/* We already have a PAM context; check if the user matches */
		sshpam_err = pam_get_item(sshpam_handle,
		    PAM_USER, (sshpam_const void **)ptr_pam_user);
		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
			return (0);
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
	}
	debug("PAM: initializing for \"%s\"", user);
	sshpam_err =
	    pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
	sshpam_authctxt = authctxt;

	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
	pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
#ifdef PAM_TTY_KLUDGE
	/*
	 * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
	 * sshd doesn't set the tty until too late in the auth process and
	 * may not even set one (for tty-less connections)
	 */
	debug("PAM: setting PAM_TTY to \"ssh\"");
	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
#endif
	return (0);
}

Exemplo n.º 7

Arquivo: mainwindow.cpp Projeto: creamy/qt-pam-example

bool MainWindow::doAuthenticate() {

    Authenticated = false;
    LoginDialog dialog(this);
    if (dialog.exec()) {
        pcode = dialog.getPass();

        static pam_handle_t *pamh;
        struct pam_conv pamc = { converse, this };
        char hostname[MAXHOSTNAMELEN];
        char *ruser;
        int retcode = 0;

        char user[] = "root";
        pam_start("su", user, &pamc, &pamh);

        gethostname(hostname, sizeof(hostname));
        if ((retcode = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) {
            pcode = "";
            dialog.clearPass();
            qDebug() << "pam_set_item hostname failed. " << pam_strerror(pamh, retcode);
            return false;
        }

        ruser = getlogin();
        if ((retcode = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS) {
            pcode = "";
            dialog.clearPass();
            qDebug() << "pam_set_item remote user failed. " << pam_strerror(pamh, retcode);
            return false;
        }

        if ((retcode = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
            pcode = "";
            dialog.clearPass();
            qDebug() << "pam_authenticate failed. " << pam_strerror(pamh, retcode);
            return false;
        }

        Authenticated = true;

        qDebug() << "Authenticated as root. ";
        pcode = "";
        dialog.clearPass();
        return true;
    }

    qDebug() << "Not Authenticated as root.";
    Authenticated = false;
    return false;
}

Exemplo n.º 8

Arquivo: pam_radius.c Projeto: ele7enxxh/dtrace-pf

static int
do_accept(pam_handle_t *pamh, struct rad_handle *radh)
{
	int attrtype;
	const void *attrval;
	size_t attrlen;
	char *s;

	while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) {
		if (attrtype == RAD_USER_NAME) {
			s = rad_cvt_string(attrval, attrlen);
			if (s == NULL) {
				syslog(LOG_CRIT,
				    "rad_cvt_string: out of memory");
				return (-1);
			}
			pam_set_item(pamh, PAM_USER, s);
			free(s);
		}
	}
	if (attrtype == -1) {
		syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh));
		return (-1);
	}
	return (0);
}

Exemplo n.º 9

Arquivo: pam.c Projeto: legionus/kbd

pam_handle_t *
init_pam(const char *username, const char *tty, int log)
{
	pam_handle_t *pamh = 0;
	int rc             = pam_start("vlock", username, &conv, &pamh);

	if (rc != PAM_SUCCESS) {
		/* pam_strerror is not available atm. */
		if (log)
			syslog(LOG_WARNING, "pam_start failed: %m");
		else
			kbd_warning(errno, "pam_start");
		return 0;
	}

	rc = pam_set_item(pamh, PAM_TTY, tty);
	if (rc != PAM_SUCCESS) {
		if (log)
			syslog(LOG_WARNING, "pam_set_item: %s",
			       pam_strerror(pamh, rc));
		else
			kbd_warning(0, "pam_set_item: %s",
			            pam_strerror(pamh, rc));
		pam_end(pamh, rc);
		return 0;
	}

	return pamh;
}

Exemplo n.º 10

Arquivo: slock.c Projeto: jackdoe/slock

static int auth(const char *password) {
    pam_handle_t* pamh; 
    struct passwd *pw;
    if ((pw = getpwuid(getuid())) == NULL)
        return 0;

    struct pam_response * reply = malloc(sizeof(struct pam_response));
    if (!reply)
        return 0;

    struct pam_conv pamc = { conversation, reply };
    int rc = 0;

    reply->resp = strdup(password);
    reply->resp_retcode = 0; 
    pam_start("slock", pw->pw_name, &pamc, &pamh);
    if (pam_set_item(pamh, PAM_AUTHTOK, password) == PAM_SUCCESS        &&
        pam_authenticate(pamh,PAM_DISALLOW_NULL_AUTHTOK) == PAM_SUCCESS &&
        pam_acct_mgmt(pamh, 0) == PAM_SUCCESS                           &&
        pam_setcred(pamh, PAM_REFRESH_CRED) == PAM_SUCCESS) {
           rc = 1;
    }
    pam_end(pamh,0);
    return rc;
}

Exemplo n.º 11

Arquivo: pam.cpp Projeto: dimitry-ishenko/camel

void context::erase(pam::item item)
{
    if(item == pam::item::conv || item == pam::item::fail_delay) throw item_error(_M_pamh, errc::bad_item);

    _M_code = pam_set_item(_M_pamh, static_cast<int>(item), nullptr);
    if(errc(_M_code) != errc::success) throw item_error(_M_pamh, _M_code);
}

Exemplo n.º 12

Arquivo: AuthorizationManager.cpp Projeto: codersean/pcbsd

bool AuthorizationManager::pam_checkPW(QString user, QString pass){
  //Convert the inputs to C character arrays for use in PAM
  QByteArray tmp = user.toUtf8();
  char* cUser = tmp.data();
  QByteArray tmp2 = pass.toUtf8();
  char* cPassword = tmp2.data();
  //initialize variables
  bool result = false;
  int ret;
  //Initialize PAM
  ret = pam_start( user=="root" ? "system": "login", cUser, &pamc, &pamh);
  if( ret == PAM_SUCCESS ){
    //Place the user-supplied password into the structure 
    ret = pam_set_item(pamh, PAM_AUTHTOK, cPassword);
    //Set the TTY 
    //ret = pam_set_item(pamh, PAM_TTY, "pcdm-terminal");
    //Authenticate with PAM
    ret = pam_authenticate(pamh,0);
    if( ret == PAM_SUCCESS ){
      //Check for valid, unexpired account and verify access restrictions
      ret = pam_acct_mgmt(pamh,0);
      if( ret == PAM_SUCCESS ){ result = true; }
    
    }else{
      pam_logFailure(ret);
    }
  }
  //return verification result
  return result;	
}

Exemplo n.º 13

static int
get_response(pam_handle_t *pamh, char *prompt, char **response)
{
	int ret;
	struct pam_message msg;
	const struct pam_message *msgp = &msg;
	const struct pam_conv *conv = NULL;
	struct pam_response *presponse = NULL;

	pam_get_item(pamh, PAM_CONV, (const void **)&conv);
	pam_set_item(pamh, PAM_AUTHTOK, NULL);

	msg.msg_style = PAM_PROMPT_ECHO_ON;
	msg.msg = prompt;

	ret = (*conv->conv) (1, &msgp, &presponse, conv->appdata_ptr);

	if (NULL != presponse) {
		if (PAM_SUCCESS == ret) {
			*response = presponse->resp;
			presponse->resp = NULL;
		}
	}
	return ret;
}

Exemplo n.º 14

Arquivo: testpam.c Projeto: Flameeyes/duo_unix

int
main(int argc, char *argv[])
{
	pam_handle_t *pamh = NULL;
	char *user, *host = NULL;
	int ret;
	
	if (argc < 2) {
		fprintf(stderr, "Usage: testpam <user> [host]\n");
		exit(EXIT_FAILURE);
	}
	user = argv[1];
	if (argc > 2)
		host = argv[2];
	
	if ((ret = pam_start("testpam", user, &conv, &pamh)) != PAM_SUCCESS) {
                die(pamh, ret);
	}
	if (host != NULL) {
		if ((ret = pam_set_item(pamh, PAM_RHOST, host)) != PAM_SUCCESS)
                        die(pamh, ret);
	}
        if ((ret = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
                die(pamh, ret);
	}
	if ((ret = pam_end(pamh, ret)) != PAM_SUCCESS) {
                die(pamh, ret);
	}
	exit(EXIT_SUCCESS);
}

Exemplo n.º 15

Arquivo: pam_debug.c Projeto: BackupTheBerlios/wl530g-svn

PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
			int argc, const char **argv)
{
    int retval;
    const char *user=NULL;

    /*
     * authentication requires we know who the user wants to be
     */
    retval = pam_get_user(pamh, &user, NULL);
    if (retval != PAM_SUCCESS) {
	D(("get user returned error: %s", pam_strerror(pamh,retval)));
	return retval;
    }
    if (user == NULL || *user == '\0') {
	D(("username not known"));
	retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
	if (retval != PAM_SUCCESS)
	    return retval;
    }
    user = NULL;                                            /* clean up */

    retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);

    return retval;
}

Exemplo n.º 16

Arquivo: pam_get_user.c Projeto: 2014-class/freerouter

int
pam_get_user(pam_handle_t *pamh,
	const char **user,
	const char *prompt)
{
	const void *promptp;
	char *resp;
	int r;

	ENTER();
	if (pamh == NULL || user == NULL)
		RETURNC(PAM_SYSTEM_ERR);
	r = pam_get_item(pamh, PAM_USER, (const void **)user);
	if (r == PAM_SUCCESS && *user != NULL)
		RETURNC(PAM_SUCCESS);
	if (prompt == NULL) {
		r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp);
		if (r != PAM_SUCCESS || promptp == NULL)
			prompt = user_prompt;
		else
			prompt = promptp;
	}
	r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt);
	if (r != PAM_SUCCESS)
		RETURNC(r);
	r = pam_set_item(pamh, PAM_USER, resp);
	FREE(resp);
	if (r != PAM_SUCCESS)
		RETURNC(r);
	r = pam_get_item(pamh, PAM_USER, (const void **)user);
	RETURNC(r);
}

Exemplo n.º 17

Arquivo: pcdm-xprocess.cpp Projeto: KdeOs/pcbsd

bool XProcess::pam_checkPW(){
 //Requires internal "xuser" and "xpwd" variables to be set
	
//Convert the inputs to C character arrays for use in PAM
  QByteArray tmp = xuser.toUtf8();
  char* cUser = tmp.data();
  QByteArray tmp2 = xpwd.toUtf8();
  char* cPassword = tmp2.data();
  //initialize variables
  bool result = FALSE;
  int ret;
  //Initialize PAM
  ret = pam_start("login", cUser, &pamc, &pamh);
  if( ret == PAM_SUCCESS ){
    pam_started = TRUE; //flag that pam is started
    //Place the user-supplied password into the structure 
    ret = pam_set_item(pamh, PAM_AUTHTOK, cPassword);
    //Set the TTY 
    //ret = pam_set_item(pamh, PAM_TTY, "pcdm-terminal");
    //Authenticate with PAM
    ret = pam_authenticate(pamh,0);
    if( ret == PAM_SUCCESS ){
      //Check for valid, unexpired account and verify access restrictions
      ret = pam_acct_mgmt(pamh,0);
      if( ret == PAM_SUCCESS ){ result = TRUE; }
    
    }else{
      pam_logFailure(ret);
    }
  }
  //return verification result
  return result;	
}

Exemplo n.º 18

Arquivo: pam_get_pass.c Projeto: irengine/people

int
pam_get_confirm_pass(pam_handle_t *pamh, const char **passp, const char *prompt1, const char *prompt2, int options)
{
    int retval = PAM_AUTH_ERR;
    int i;
    const void *item = NULL;
    const struct pam_conv *conv;
    struct pam_message msgs[2];
    const struct pam_message *pmsgs[2];
    struct pam_response *resp;

    /* Grab the already-entered password if we might want to use it.*/
	if (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS)) {

		if ((retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&item)) != PAM_SUCCESS)
			return retval;
	}

	if (item == NULL) {
		 
      if (options & PAM_OPT_USE_FIRST_PASS)
        return PAM_AUTH_ERR;

		if ((retval = pam_get_item(pamh, PAM_CONV, (const void **)&item)) != PAM_SUCCESS)
			return retval;

		conv = (const struct pam_conv *)item;
		for(i = 0; i < 2; i++)
			msgs[i].msg_style = (options & PAM_OPT_ECHO_PASS) ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;

		msgs[0].msg = prompt1;
		msgs[1].msg = prompt2;
		pmsgs[0] = &msgs[0];
		pmsgs[1] = &msgs[1];

		if((retval = conv->conv(2, pmsgs, &resp, conv->appdata_ptr)) != PAM_SUCCESS)
			return retval;     

		if(!resp)
			return PAM_AUTHTOK_RECOVERY_ERR;

		if(strcmp(resp[0].resp, resp[1].resp) != 0)
			return PAM_AUTHTOK_RECOVERY_ERR;

		retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp);
		memset(resp[0].resp, 0, strlen(resp[0].resp));
		memset(resp[1].resp, 0, strlen(resp[1].resp));
		free(resp[0].resp);
		free(resp[1].resp);
		free(resp);

		if(retval == PAM_SUCCESS) {
			item = NULL;
			retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&item);
		}
	}
	*passp = (const char*)item;

	return retval;
}

Exemplo n.º 19

Arquivo: auth.c Projeto: juanfra684/DragonFlyBSD

/*
 * plogout - Logout the user.
 */
static void
plogout(void)
{
#ifdef USE_PAM
    struct pam_conv pam_conversation;
    pam_handle_t *pamh;
    int pam_error;
/*
 * Fill the pam_conversion structure. The PAM specification states that the
 * session must be able to be closed by a totally different handle from which
 * it was created. Hold the PAM group to their own specification!
 */
    memset (&pam_conversation, '\0', sizeof (struct pam_conv));
    pam_conversation.conv = &pam_conv;

    pam_error = pam_start ("ppp", user, &pam_conversation, &pamh);
    if (pam_error == PAM_SUCCESS) {
        pam_set_item (pamh, PAM_TTY, devnam);
        pam_close_session (pamh, PAM_SILENT);
	pam_end (pamh, PAM_SUCCESS);
    }

#else
    char *tty;

    tty = devnam;
    if (strncmp(tty, _PATH_DEV, sizeof _PATH_DEV - 1) == 0)
	tty += 5;
    logwtmp(tty, "", "");		/* Wipe out wtmp logout entry */
    logout(tty);			/* Wipe out utmp */
#endif

    logged_in = FALSE;
}

Exemplo n.º 20

Arquivo: main.c Projeto: karlpilkington/entente

int auth_pam(const char *user, const char *pw, char **msg, ev_tstamp *delay)
{
	char status[BUF_SIZE] = "";
	int pam_res = -1;
	auth_pam_data_t data;
	struct pam_conv conv_info;
	pam_handle_t *pamh = NULL;

	data.user = user;
	data.pw = pw;
	data.delay = 0.0;
	conv_info.conv = &auth_pam_conv;
	conv_info.appdata_ptr = (void *)&data;
	/* Start pam. */
	if (PAM_SUCCESS != (pam_res = pam_start("entente", user, &conv_info, &pamh))) {
		sprintf(status, "PAM: Could not start pam service: %s\n", pam_strerror(pamh, pam_res));
	} else {
		/* Set failure delay handler function. */
		if (PAM_SUCCESS != (pam_res = pam_set_item(pamh, PAM_FAIL_DELAY, &auth_pam_delay)))
			sprintf(status, "PAM: Could not set failure delay handler: %s\n", pam_strerror(pamh, pam_res));
		/* Try auth. */
		else if (PAM_SUCCESS != (pam_res = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)))
			sprintf(status, "PAM: user %s - not authenticated: %s\n", user, pam_strerror(pamh, pam_res));
		/* Check that the account is healthy. */
		else if (PAM_SUCCESS != (pam_res = pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK)))
			sprintf(status, "PAM: user %s - invalid account: %s", user, pam_strerror(pamh, pam_res));
		pam_end(pamh, PAM_SUCCESS);
	}
	*msg = XSTRDUP(status);
	*delay = data.delay;
	return pam_res;
}

Exemplo n.º 21

Arquivo: newrole.c Projeto: GaloisInc/sk-dev-platform

/* authenticate_via_pam()
 *
 * in:     pw - struct containing data from our user's line in 
 *                         the passwd file.
 * out:    nothing
 * return: value   condition
 *         -----   ---------
 *           1     PAM thinks that the user authenticated themselves properly
 *           0     otherwise
 *
 * This function uses PAM to authenticate the user running this
 * program.  This is the only function in this program that makes PAM
 * calls.
 */
int authenticate_via_pam(const char *ttyn, pam_handle_t * pam_handle)
{

	int result = 0;		/* set to 0 (not authenticated) by default */
	int pam_rc;		/* pam return code */
	const char *tty_name;

	if (ttyn) {
		if (strncmp(ttyn, "/dev/", 5) == 0)
			tty_name = ttyn + 5;
		else
			tty_name = ttyn;

		pam_rc = pam_set_item(pam_handle, PAM_TTY, tty_name);
		if (pam_rc != PAM_SUCCESS) {
			fprintf(stderr, _("failed to set PAM_TTY\n"));
			goto out;
		}
	}

	/* Ask PAM to authenticate the user running this program */
	pam_rc = pam_authenticate(pam_handle, 0);
	if (pam_rc != PAM_SUCCESS) {
		goto out;
	}

	/* Ask PAM to verify acct_mgmt */
	pam_rc = pam_acct_mgmt(pam_handle, 0);
	if (pam_rc == PAM_SUCCESS) {
		result = 1;	/* user authenticated OK! */
	}

      out:
	return result;
}				/* authenticate_via_pam() */

Exemplo n.º 22

Arquivo: PamHandle.cpp Projeto: Acidburn0zzz/sddm-1

 bool PamHandle::setItem(int item_type, const void* item) {
     m_result = pam_set_item(m_handle, item_type, item);
     if (m_result != PAM_SUCCESS) {
         qWarning() << "[PAM] setItem:" << pam_strerror(m_handle, m_result);
     }
     return m_result == PAM_SUCCESS;
 }

Exemplo n.º 23

Arquivo: auth-pam.c Projeto: andreiw/polaris

/* Attempt password authentation using PAM */
int
auth_pam_password(Authctxt *authctxt, const char *password)
{
	int retval;

	/* Ensure we have a fresh PAM handle / state */
	new_start_pam(authctxt, &conv);

	retval = pam_set_item(authctxt->pam->h, PAM_AUTHTOK, password);
	if (retval != PAM_SUCCESS)
		return 1;

	retval = pam_authenticate(authctxt->pam->h,
			options.permit_empty_passwd ?  0 :
			PAM_DISALLOW_NULL_AUTHTOK);

	if (retval != PAM_SUCCESS)
		return 0;

	if ((retval = finish_userauth_do_pam(authctxt)) != PAM_SUCCESS)
		return 0;

	if (authctxt->method)
		authctxt->method->authenticated = 1;	/* SSHv2 */

	return 1;
}

Exemplo n.º 24

Arquivo: pam_get_pass.c Projeto: amanuel/libpam-sqlite

static int pam_conv_pass(pam_handle_t * pamh, const char *prompt, int options)
{
	int retval;
	const void *item;
	const struct pam_conv *conv;
	struct pam_message msg;
	const struct pam_message *msgs[1];
	struct pam_response *resp;

	if ((retval = pam_get_item(pamh, PAM_CONV, &item)) != PAM_SUCCESS)
		return retval;
	conv = (const struct pam_conv *)item;
	msg.msg_style = options & PAM_OPT_ECHO_PASS ?
	    PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
	msg.msg = prompt;
	msgs[0] = &msg;
	if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) !=
	    PAM_SUCCESS)
		return retval;
	if ((retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp)) !=
	    PAM_SUCCESS)
		return retval;
	memset(resp[0].resp, 0, strlen(resp[0].resp));
	free(resp[0].resp);
	free(resp);
	return PAM_SUCCESS;
}

Exemplo n.º 25

Arquivo: pam.cpp Projeto: dimitry-ishenko/camel

void context::insert(pam::item item, const std::string& value)
{
    if(item == pam::item::conv || item == pam::item::fail_delay) throw item_error(_M_pamh, errc::bad_item);

    _M_code = pam_set_item(_M_pamh, static_cast<int>(item), value.data());
    if(errc(_M_code) != errc::success) throw item_error(_M_pamh, _M_code);
}

Exemplo n.º 26

Arquivo: pam_userdb.c Projeto: ssem/rat

/*
 * Conversation function to obtain the user's password
 */
static int
obtain_authtok(pam_handle_t *pamh)
{
    char *resp;
    const void *item;
    int retval;

    retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &resp, _("Password: "));

    if (retval != PAM_SUCCESS)
	return retval;

    if (resp == NULL)
	return PAM_CONV_ERR;

    /* set the auth token */
    retval = pam_set_item(pamh, PAM_AUTHTOK, resp);

    /* clean it up */
    _pam_overwrite(resp);
    _pam_drop(resp);

    if ( (retval != PAM_SUCCESS) ||
	 (retval = pam_get_item(pamh, PAM_AUTHTOK, &item))
	 != PAM_SUCCESS ) {
	return retval;
    }

    return retval;
}

Exemplo n.º 27

Arquivo: auth-pam.c Projeto: Alkzndr/freebsd

void
do_pam_setcred(int init)
{
	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	    (const void *)&store_conv);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: failed to set PAM_CONV: %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	if (init) {
		debug("PAM: establishing credentials");
		sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
	} else {
		debug("PAM: reinitializing credentials");
		sshpam_err = pam_setcred(sshpam_handle, PAM_REINITIALIZE_CRED);
	}
	if (sshpam_err == PAM_SUCCESS) {
		sshpam_cred_established = 1;
		return;
	}
	if (sshpam_authenticated)
		fatal("PAM: pam_setcred(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	else
		debug("PAM: pam_setcred(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
}

Exemplo n.º 28

Arquivo: pam_captcha.c Projeto: minos-org/libpam-captcha

static void pamvprompt(pam_handle_t *pamh, int style, char **resp, char *fmt, va_list ap) {/*{{{*/
  struct pam_conv *conv;
  struct pam_message msg;
  const struct pam_message *msgp;
  struct pam_response *pamresp;
  int pam_err;
  char *text = "";

  vasprintf(&text, fmt, ap);

  pam_get_item(pamh, PAM_CONV, (const void **)&conv);
  pam_set_item(pamh, PAM_AUTHTOK, NULL);

  msg.msg_style = style;;
  msg.msg = text;
  msgp = &msg;
  pamresp = NULL;
  pam_err = (*conv->conv)(1, &msgp, &pamresp, conv->appdata_ptr);

  if (pamresp != NULL) {
    if (resp != NULL)
      *resp = pamresp->resp;
    else
      free(pamresp->resp);
    free(pamresp);
  }

  free(text);
}/*}}}*/

Exemplo n.º 29

Arquivo: weston-launch.c Projeto: kendling/weston

static int
setup_pam(struct weston_launch *wl)
{
	int err;

	wl->pc.conv = pam_conversation_fn;
	wl->pc.appdata_ptr = wl;

	err = pam_start("login", wl->pw->pw_name, &wl->pc, &wl->ph);
	if (err != PAM_SUCCESS) {
		fprintf(stderr, "failed to start pam transaction: %d: %s\n",
			err, pam_strerror(wl->ph, err));
		return -1;
	}

	err = pam_set_item(wl->ph, PAM_TTY, ttyname(wl->tty));
	if (err != PAM_SUCCESS) {
		fprintf(stderr, "failed to set PAM_TTY item: %d: %s\n",
			err, pam_strerror(wl->ph, err));
		return -1;
	}

	err = pam_open_session(wl->ph, 0);
	if (err != PAM_SUCCESS) {
		fprintf(stderr, "failed to open pam session: %d: %s\n",
			err, pam_strerror(wl->ph, err));
		return -1;
	}

	return 0;
}

Exemplo n.º 30

Arquivo: auth-pam.c Projeto: andreiw/polaris

/* Called at exit to cleanly shutdown PAM */
static void
do_pam_cleanup_proc(void *context)
{
	int pam_retval;
	pam_stuff *pam = (pam_stuff *) context;

	if (pam == NULL)
		return;

	if (pam->authctxt != NULL && pam->authctxt->pam == pam) {
		pam->authctxt->pam_retval = pam->last_pam_retval;
		pam->authctxt->pam = NULL;
		pam->authctxt = NULL;
	}

	if (pam->h == NULL)
		return;

	/*
	 * We're in fatal_cleanup() or not in userauth or without a
	 * channel -- can't converse now, too bad.
	 */
	pam_retval = pam_set_item(pam->h, PAM_CONV, NULL);
	if (pam_retval != PAM_SUCCESS) {
		log("Cannot remove PAM conv, close session or delete creds[%d]: %.200s",
			pam_retval, PAM_STRERROR(pam->h, pam_retval));
		goto cleanup;
	}

	if (pam->state & PAM_S_DONE_OPEN_SESSION) {
		pam_retval = pam_close_session(pam->h, 0);
		if (pam_retval != PAM_SUCCESS)
			log("Cannot close PAM session[%d]: %.200s",
			    pam_retval, PAM_STRERROR(pam->h, pam_retval));
	}

	if (pam->state & PAM_S_DONE_SETCRED) {
		pam_retval = pam_setcred(pam->h, PAM_DELETE_CRED);
		if (pam_retval != PAM_SUCCESS)
			debug("Cannot delete credentials[%d]: %.200s", 
			    pam_retval, PAM_STRERROR(pam->h, pam_retval));
	}

cleanup:

	/* Use the previous PAM result, if not PAM_SUCCESS for pam_end() */
	if (pam->last_pam_retval != PAM_SUCCESS)
		pam_retval = pam_end(pam->h, pam->last_pam_retval);
	else if (pam_retval != PAM_SUCCESS)
		pam_retval = pam_end(pam->h, pam_retval);
	else
		pam_retval = pam_end(pam->h, PAM_ABORT);

	if (pam_retval != PAM_SUCCESS)
		log("Cannot release PAM authentication[%d]: %.200s",
		    pam_retval, PAM_STRERROR(pam->h, pam_retval));

	xfree(pam);
}