pam_examples
blank.c
/*
* $Id$
*/ /* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank'
* application
*
* I am not very proud of this code. It makes use of a possibly ill-
* defined pamh pointer to call pam_strerror() with. The reason that
* I was sloppy with this is historical (pam_strerror, prior to 0.59,
* did not require a pamh argument) and if this program is used as a
* model for anything, I should wish that you will take this error into
* account.
*/ #include <stdio.h>
#include <stdlib.h> #include <security/pam_appl.h>
#include <security/pam_misc.h> /* ------ some local (static) functions ------- */ static void bail_out(pam_handle_t *pamh, int really, int code, const char *fn)
{
fprintf(stderr,"==> called %s()\n got: `%s'\n", fn,
pam_strerror(pamh, code));
if (really && code)
exit ();
} /* ------ some static data objects ------- */ static struct pam_conv conv = {
misc_conv,
NULL
}; /* ------- the application itself -------- */ int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
char *username=NULL;
int retcode; /* did the user call with a username as an argument ? */ if (argc > ) {
fprintf(stderr,"usage: %s [username]\n",argv[]);
} else if (argc == ) {
username = argv[];
} /* initialize the Linux-PAM library */
retcode = pam_start("blank", username, &conv, &pamh);
bail_out(pamh,,retcode,"pam_start"); /* test the environment stuff */
{
#define MAXENV 15
const char *greek[MAXENV] = {
"a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon",
"f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu",
"l=zeta", "h=", "d", "k=xi"
};
char **env;
int i; for (i=; i<MAXENV; ++i) {
retcode = pam_putenv(pamh,greek[i]);
bail_out(pamh,,retcode,"pam_putenv");
}
env = pam_getenvlist(pamh);
if (env)
env = pam_misc_drop_env(env);
else
fprintf(stderr,"???\n");
fprintf(stderr,"a test: c=[%s], j=[%s]\n"
, pam_getenv(pamh, "c"), pam_getenv(pamh, "j"));
} /* to avoid using goto we abuse a loop here */
for (;;) {
/* authenticate the user --- `0' here, could have been PAM_SILENT
* | PAM_DISALLOW_NULL_AUTHTOK */ retcode = pam_authenticate(pamh, );
bail_out(pamh,,retcode,"pam_authenticate"); /* has the user proved themself valid? */
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: invalid request\n",argv[]);
break;
} /* the user is valid, but should they have access at this
time? */ retcode = pam_acct_mgmt(pamh, ); /* `0' could be as above */
bail_out(pamh,,retcode,"pam_acct_mgmt"); if (retcode == PAM_NEW_AUTHTOK_REQD) {
fprintf(stderr,"Application must request new password...\n");
retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
bail_out(pamh,,retcode,"pam_chauthtok");
} if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: invalid request\n",argv[]);
break;
} /* `0' could be as above */
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
bail_out(pamh,,retcode,"pam_setcred1"); if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem setting user credentials\n"
,argv[]);
break;
} /* open a session for the user --- `0' could be PAM_SILENT */
retcode = pam_open_session(pamh,);
bail_out(pamh,,retcode,"pam_open_session");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem opening a session\n",argv[]);
break;
} fprintf(stderr,"The user has been authenticated and `logged in'\n"); /* close a session for the user --- `0' could be PAM_SILENT
* it is possible that this pam_close_call is in another program..
*/ retcode = pam_close_session(pamh,);
bail_out(pamh,,retcode,"pam_close_session");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem closing a session\n",argv[]);
break;
} retcode = pam_setcred(pamh, PAM_DELETE_CRED);
bail_out(pamh,,retcode,"pam_setcred2"); break; /* don't go on for ever! */
} /* close the Linux-PAM library */
retcode = pam_end(pamh, PAM_SUCCESS);
pamh = NULL; bail_out(pamh,,retcode,"pam_end"); exit();
}
check_user.c
/*
$Id$ This program was contributed by Shane Watts <shane@icarus.bofh.asn.au>
slight modifications by AGM. You need to add the following (or equivalent) to the /etc/pam.conf file.
# check authorization
check auth required pam_unix_auth.so
check account required pam_unix_acct.so
*/ #include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h> static struct pam_conv conv = {
misc_conv,
NULL
}; int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody"; if(argc == ) {
user = argv[];
} if(argc > ) {
fprintf(stderr, "Usage: check_user [username]\n");
exit();
} retval = pam_start("check", user, &conv, &pamh); if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, ); /* is user really user? */ if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, ); /* permitted access? */ /* This is where we have been authorized or not. */ if (retval == PAM_SUCCESS) {
fprintf(stdout, "Authenticated\n");
} else {
fprintf(stdout, "Not Authenticated\n");
} if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit();
} return ( retval == PAM_SUCCESS ? : ); /* indicate success */
}
vpass.c
#include "config.h" #include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <pwd.h>
#include <sys/types.h>
#include <security/pam_appl.h> static int
test_conv (int num_msg UNUSED, const struct pam_message **msgm UNUSED,
struct pam_response **response UNUSED, void *appdata_ptr UNUSED)
{
return ;
} static struct pam_conv conv = {
test_conv,
NULL
}; int main(void)
{
char *user;
pam_handle_t *pamh;
struct passwd *pw;
uid_t uid;
int res; uid = geteuid();
pw = getpwuid(uid);
if (pw) {
user = pw->pw_name;
} else {
fprintf(stderr, "Invalid userid: %lu\n", (unsigned long) uid);
exit();
} pam_start("vpass", user, &conv, &pamh);
pam_set_item(pamh, PAM_TTY, "/dev/tty");
if ((res = pam_authenticate(pamh, )) != PAM_SUCCESS) {
fprintf(stderr, "Oops: %s\n", pam_strerror(pamh, res));
exit();
} pam_end(pamh, res);
exit();
}
xsh.c
/* Andrew Morgan (morgan@kernel.org) -- an example application
* that invokes a shell, based on blank.c */ #include "config.h" #include <stdio.h>
#include <stdlib.h> #include <security/pam_appl.h>
#include <security/pam_misc.h> #include <pwd.h>
#include <sys/types.h>
#include <unistd.h> /* ------ some local (static) functions ------- */ static void bail_out(pam_handle_t *pamh,int really, int code, const char *fn)
{
fprintf(stderr,"==> called %s()\n got: `%s'\n", fn,
pam_strerror(pamh,code));
if (really && code)
exit ();
} /* ------ some static data objects ------- */ static struct pam_conv conv = {
misc_conv,
NULL
}; /* ------- the application itself -------- */ int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
const void *username=NULL;
const char *service="xsh";
int retcode; /* did the user call with a username as an argument ?
* did they also */ if (argc > ) {
fprintf(stderr,"usage: %s [username [service-name]]\n",argv[]);
}
if ((argc >= ) && (argv[][] != '-')) {
username = argv[];
}
if (argc == ) {
service = argv[];
} /* initialize the Linux-PAM library */
retcode = pam_start(service, username, &conv, &pamh);
bail_out(pamh,,retcode,"pam_start"); /* fill in the RUSER and RHOST etc. fields */
{
char buffer[];
struct passwd *pw;
const char *tty; pw = getpwuid(getuid());
if (pw != NULL) {
retcode = pam_set_item(pamh, PAM_RUSER, pw->pw_name);
bail_out(pamh,,retcode,"pam_set_item(PAM_RUSER)");
} retcode = gethostname(buffer, sizeof(buffer)-);
if (retcode) {
perror("failed to look up hostname");
retcode = pam_end(pamh, PAM_ABORT);
bail_out(pamh,,retcode,"pam_end");
}
retcode = pam_set_item(pamh, PAM_RHOST, buffer);
bail_out(pamh,,retcode,"pam_set_item(PAM_RHOST)"); tty = ttyname(fileno(stdin));
if (tty) {
retcode = pam_set_item(pamh, PAM_TTY, tty);
bail_out(pamh,,retcode,"pam_set_item(PAM_RHOST)");
}
} /* to avoid using goto we abuse a loop here */
for (;;) {
/* authenticate the user --- `0' here, could have been PAM_SILENT
* | PAM_DISALLOW_NULL_AUTHTOK */ retcode = pam_authenticate(pamh, );
bail_out(pamh,,retcode,"pam_authenticate"); /* has the user proved themself valid? */
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: invalid request\n",argv[]);
break;
} /* the user is valid, but should they have access at this
time? */ retcode = pam_acct_mgmt(pamh, ); /* `0' could be as above */
bail_out(pamh,,retcode,"pam_acct_mgmt"); if (retcode == PAM_NEW_AUTHTOK_REQD) {
fprintf(stderr,"Application must request new password...\n");
retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
bail_out(pamh,,retcode,"pam_chauthtok");
} if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: invalid request\n",argv[]);
break;
} /* `0' could be as above */
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
bail_out(pamh,,retcode,"pam_setcred"); if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem setting user credentials\n"
,argv[]);
break;
} /* open a session for the user --- `0' could be PAM_SILENT */
retcode = pam_open_session(pamh,);
bail_out(pamh,,retcode,"pam_open_session");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem opening a session\n",argv[]);
break;
} pam_get_item(pamh, PAM_USER, &username);
fprintf(stderr,
"The user [%s] has been authenticated and `logged in'\n",
(const char *)username); /* this is always a really bad thing for security! */
retcode = system("/bin/sh"); /* close a session for the user --- `0' could be PAM_SILENT
* it is possible that this pam_close_call is in another program..
*/ retcode = pam_close_session(pamh,);
bail_out(pamh,,retcode,"pam_close_session");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem closing a session\n",argv[]);
break;
} /* `0' could be as above */
retcode = pam_setcred(pamh, PAM_DELETE_CRED);
bail_out(pamh,,retcode,"pam_setcred");
if (retcode != PAM_SUCCESS) {
fprintf(stderr,"%s: problem deleting user credentials\n"
,argv[]);
break;
} break; /* don't go on for ever! */
} /* close the Linux-PAM library */
retcode = pam_end(pamh, PAM_SUCCESS);
pamh = NULL;
bail_out(pamh,,retcode,"pam_end"); return ();
}
pam_examples的更多相关文章
随机推荐
- iOS-开发中的时间处理
做App避免不了要和时间打交道,关于时间的处理,里面有不少门道,远不是一行API调用,获取当前系统时间这么简单.我们需要了解与时间相关的各种API之间的差别,再因场景而异去设计相应的机制. 时间的形式 ...
- BZOJ 1486 最小圈(01分数规划)
好像是很normal的01分数规划题.最小比率生成环. u(c)=sigma(E)/k.转化一下就是k*u(c)=sigma(E). sigma(E-u(c))=0. 所以答案对于这个式子是有单调性的 ...
- csrf漏洞攻击手段和影响详解
针对web应用安全中csrf漏洞两种典型的攻击方式:即输入和执行,这种简单模式下的攻击手段以及中途包含确认页面的攻击方法. 图解什么是csrf漏洞 我们先进行约束,比如存在csrf漏洞的网站叫webA ...
- 使用for循环遍历数组元素
循环可以将代码块执行指定的次数.如果您希望一遍又一遍地运行相同的代码,并且每次的值都不同,那么使用循环是很方便的.迭代语句又叫循环语句. JavaScript 支持不同类型的循环: for - 循环代 ...
- Socket网络编程实例1
Socket: 对所有上层协议(TCP/IP,UDP等)的底层封装. 网络上的两个程序通过一个双向的通信连接实现数据的交换,这个连接的一端称为一个socket. 建立网络通信连接至少要一对端口号(so ...
- P2805 [NOI2009]植物大战僵尸(最小割+拓扑排序)
题意: n*m的矩阵,每个位置都有一个植物.每个植物都有一个价值(可以为负),以及一些它可以攻击的位置.从每行的最右面开始放置僵尸,僵尸从右往左行动,当僵尸在植物攻击范围内时会立刻死亡.僵尸每到一个位 ...
- Android Service 生命周期
Service概念及用途: Android中的服务,它与Activity不同,它是不能与用户交互的,不能自己启动的,运行在后台的程序,如果我们退出应用时,Service进程并没有结束,它仍然在后台运行 ...
- BZOJ1823:[JSOI2010]满汉全席——题解
https://www.lydsy.com/JudgeOnline/problem.php?id=1823 https://www.luogu.org/problemnew/show/P4171 题面 ...
- BZOJ3542 DZY Loves March 【map + 线段树】
题目链接 BZOJ3542 题解 线段树裸题,,对每一行每一列开线段树 由于坐标很大,用\(map\)维护根下标 化一下式子,只用维护区间和,区间平方和,区间存在的个数 #include<alg ...
- selenium测试-open chrome
通过selenium来打开浏览器测试之前,需要确认本地已安装相应的webdriver,本例以chrome为例. 1. 查看本地chrome版本,以此确认需要安装的webdriver版本 查看chrom ...