pam_appl-9.html
Next
pam_appl-7.html
Previous
pam_appl.html#toc8
Contents
8. An example application
To get a flavor of the way a
Linux-PAM
application is written we
include the following example. It prompts the user for their password
and indicates whether their account is valid on the standard output,
its return code also indicates the success (
0
for success;
1
for failure).
/*
This program was contributed by Shane Watts
[modifications by AGM]
You need to add the following (or equivalent) to the /etc/pam.conf file.
# check authorization
check_user   auth       required     /usr/lib/security/pam_unix_auth.so
check_user   account    required     /usr/lib/security/pam_unix_acct.so
*/
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
static struct pam_conv conv = {
misc_conv,
NULL
};
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
retval = pam_start("check_user", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);    /* is user really user? */
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);       /* permitted access? */
/* This is where we have been authorized or not. */
if (retval == PAM_SUCCESS) {
fprintf(stdout, "Authenticated\n");
} else {
fprintf(stdout, "Not Authenticated\n");
}
if (pam_end(pamh,retval) != PAM_SUCCESS) {     /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 );       /* indicate success */
}
pam_appl-9.html
Next
pam_appl-7.html
Previous
pam_appl.html#toc8
Contents
