PAM sample application

David Rohleder davro na ics.muni.cz
Středa Duben 7 16:59:17 MEST 1999 

xsorm na informatics.muni.cz (Milan Sorm) writes:

> Wed, Mar 31, 1999 ve 11:35:35PM +0200 Peter Mikula napsal:
> 
> tak fajn, tak ja udelam pres velikonoce ten PAM modul :)
> dik za kod.
> 
> milan

To je dosti optimisticke tvrzeni. Ta ukazka byla pouze trivialni
ukazkou autentizace pres PAM. Program pouzivajici PAM totiz musi
implementovat callback funkci, ktera se pouziva pro komunikaci modulu
s programem. Tuto funkci volaji funkce, ktere jsou uvnitr PAM
modulu. Dosahnout toho v perlu bude dost netrivialni.

V tom priklade je to funkce misc_conv ve strukture pam_conv. Je
definovana v pam_misc.h, coz navic neni standardni knihovna pro PAM
(je to pouze linuxova vymozenost).


Navic implementace PAM musi zvladat nejen autentizaci, ale i account
management, password management a session management.

> | :)) nie je to nic zlozite ...
> | 
> | ----------------# from pam_appl docs...
> | 
> | 
> |        #include <security/pam_appl.h>
> |        #include <security/pam_misc.h>
> |        #include <stdio.h>
> | 
> |        static struct pam_conv conv = {
> |            misc_conv,
> |            NULL
> |        };
> | 
> |        int main(int argc, char *argv[])
> |        {
> |            pam_handle_t *pamh=NULL;
> |            int retval;
> |            const char *user="nobody";
> | 
> |            if(argc == 2) {
> |                user = argv[1];
> |            }
> | 
> |            if(argc > 2) {
> |                fprintf(stderr, "Usage: check_user [username]\n");
> |                exit(1);
> |            }
> | 
> |            retval = pam_start("check_user", user, &conv, &pamh);
> | 
> |            if (retval == PAM_SUCCESS)
> |                retval = pam_authenticate(pamh, 0);    /* is user really user? */
> | 
> |            if (retval == PAM_SUCCESS)
> |                retval = pam_acct_mgmt(pamh, 0);       /* permitted access? */
> | 
> |            /* This is where we have been authorized or not. */
> | 
> |            if (retval == PAM_SUCCESS) {
> |                fprintf(stdout, "Authenticated\n");
> |            } else {
> |                fprintf(stdout, "Not Authenticated\n");
> |            }
> | 
> |            if (pam_end(pamh,retval) != PAM_SUCCESS) {     /* close Linux-PAM */
> |                pamh = NULL;
> |                fprintf(stderr, "check_user: failed to release authenticator\n");
> |                exit(1);
> |            }
> | 
> |            return ( retval == PAM_SUCCESS ? 0:1 );       /* indicate success */
> |        }

-- 
-------------------------------------------------------------------------
David Rohleder						davro na ics.muni.cz
Institute of Computer Science, Masaryk University
Brno, Czech Republic
-------------------------------------------------------------------------

Další informace o konferenci Perl