Difference between revisions of "C pam module"

Revision as of 11:41, 25 June 2014

PAM - Pluggable Authentication Module

PAM Modules are modules that can hook up to different applications that implement PAM patterns, such as SSH.

Setup

To begin development, some configuration may need to be done to some of the PAM configuration files. For this example I will use SSH.

These files are located

 /etc/pam.d/sshd

Tip* For SSH, if you need to conversate, turn on Challenge Response in the SSHD config file.

 /etc/ssh/sshd_config
 Line: ChallengeResponseAuthentication yes

C Code

/* Define which PAM interfaces we provide */

 #define PAM_SM_ACCOUNT
 #define PAM_SM_AUTH
 #define PAM_SM_PASSWORD
 #define PAM_SM_SESSION

 /* Include PAM headers */
 #include <stdio.h>
 #include <security/pam_appl.h>
 #include <security/pam_modules.h>
 #include <syslog.h>

 /* PAM entry point for session creation */
 int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
         printf("open_session\n");
         return(PAM_IGNORE);
 }

 /* PAM entry point for session cleanup */
 int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
         printf("close_session\n");
         return(PAM_IGNORE);
 }

 /* PAM entry point for accounting */
 int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
         printf("acct_mgmt\n");

         return(PAM_IGNORE);
 }

 /* PAM entry point for authentication verification */

PAM_EXTERN

 int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
         printf("authentication 2\n");

         //struct pam_conv *conv;
         int pam_err;
         struct pam_response *resp = NULL;

         int result = PAM_SUCCESS;

         if (1 == 1)
         {
              result = PAM_SESSION_ERR;
         }

         struct pam_message msg;
         const struct pam_message *msgp;

         //pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
         printf("pam_get_item:%d\n", pam_err);

         msg.msg_style = PAM_PROMPT_ECHO_ON;
         msg.msg = "What color is the sky:";

         msgp = &msg;

         if (pam_err != PAM_SUCCESS)
               printf("No Luck!\n");
         else
               printf("Lucky!\n");

struct pam_conv *conv;

 int retval = pam_get_item(pamh, PAM_CONV, (void *)&conv);
 if (retval != PAM_SUCCESS) {
   return retval;
 }
 pam_err = conv->conv(1, &msgp, &resp, conv->appdata_ptr);


      
         if (pam_err == PAM_CONV_ERR) {
              printf("PAM_CONV_ERR\n");
         }

         printf("error:%d\n", pam_err);

         if (resp != NULL) {
               printf("No null\n");
               resp->resp;
         } else {
               printf("NULL Time!\n");
         }


         return(result);
 }

int converse(pam_handle_t *pamh, int nargs,
                   const struct pam_message **message,
                   struct pam_response **response) {
 struct pam_conv *conv;
 int retval = pam_get_item(pamh, PAM_CONV, (void *)&conv);
 if (retval != PAM_SUCCESS) {
   return retval;
 }
 return conv->conv(nargs, message, response, conv->appdata_ptr);

}

 /*
    PAM entry point for setting user credentials (that is, to actually
    establish the authenticated user's credentials to the service provider)
  */
 int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
         printf("setcred\n");
         return(PAM_IGNORE);
 }

 /* PAM entry point for authentication token (password) changes */
 int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
         printf("chauthtok\n");
         return(PAM_IGNORE);
 }

Difference between revisions of "C pam module"

Revision as of 11:41, 25 June 2014

Setup

C Code

Navigation menu

Views

Personal tools

john freier

development

OS

Database

IAC

applications

wiki navigation

Search

Tools