NEED HELP WITH A PAM MODULE (i wrote)
Results 1 to 2 of 2

Thread: NEED HELP WITH A PAM MODULE (i wrote)

  1. #1
    Member
    Join Date
    Sep 2001
    Posts
    61

    NEED HELP WITH A PAM MODULE (i wrote)

    hi guys,
    i am trying to write a pam module(just for fun and edu sake) that will take the user name and password typed at the login, pass it on to a server program that i wrote..the server part works just fine..i have named the module pam_uds.so..when i insert a line like the following in the login file for PAM things dont seem to work as i expected..i thought i would get a login..the server part checks the username and password in its local database and returns true if the user is found(not a problem in my present pam module)..however i am unable to get a login..when i inspect the logs i get the message

    USER unknown to underlying authentication mechanism

    this is the line i inserted in /etc/pam.d/login

    auth required /lib/security/pam_uds.so

    i hope someone can show me where i went wrong..where can i look for more info..i read the module writers guide and i am still struggling to understand it..ain the mean time a few tips and if possible a correction of the following code will be handy..

    thanks a lot every one
    /********************* CODE BEGINS ********************************/

    #define PAM_SM_AUTH
    #define PAM_SM_ACCOUNT
    #define PAM_SM_SESSION
    #define PAM_SM_PASSWORD

    #include <system/pam_modules.h>
    #include <sys/socket.h>
    #include <arpa/inet.h>
    #include <netinet/in.h>
    #include <stdio.h>
    #include <string.h>

    static char password_prompt[] = "ENTER UDS PASSWORD: ";

    #ifndef PAM_EXTERN
    #define PAM_EXTERN
    #endif

    PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc, const char *argv[])
    {
    struct pam_conv *conv;
    struct pam_message msg;
    const struct pam_message *msgp;
    struct pam_response *resp;

    int sockfd;
    struct sockaddr_in uds_server;

    const char *user;
    char *password;
    int pam_err,pam_retry;

    uds_server.sin_family = AF_INET;
    uds_server.sin_addr.s_addr = inet_addr("192.168.0.2");
    uds_server.sin_port = htons(12345);

    sockfd = socket(AF_INET,SOCK_STREAM,0);

    if(connect(sockfd,(struct sockaddr *)&uds_server,sizeof(uds_server)) < 0)
    perror("CONNECT");

    if ((pam_err = pam_get_user(pamh,&user,NULL)) != PAM_SUCCESS)
    return pam_err;

    if ((pam_err = pam_get_item(pamh,PAM_CONV,(const void *)&conv)) != PAM_SUCCESS)
    return pam_err;

    msg.msg_style = PAM_PROMPT_ECHO_OFF;
    msg.msg = password_prompt;
    msgp = &msg;

    #ifdef _OPENPAM
    pam_err = pam_get_authtok(pamh,PAM_AUTHTOK,(const char **)&password,NULL);
    #else
    resp = NULL;
    pam_err = (*conv->conv)(1,&msgp,&resp,conv->appdata_ptr);
    if(resp != NULL)
    if(pam_err = PAM_SUCCESS)
    password = resp->resp;
    #endif

    if (pam_err != PAM_SUCCESS) {
    return (PAM_AUTH_ERR);
    break;
    }

    write(sockfd,password,strlen(password));
    }


    PAM_EXTERN int
    pam_sm_setcred(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
    {

    return (PAM_SUCCESS);
    }

    PAM_EXTERN int
    pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
    {

    return (PAM_SUCCESS);
    }

    PAM_EXTERN int
    pam_sm_open_session(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
    {

    return (PAM_SUCCESS);
    }

    PAM_EXTERN int
    pam_sm_close_session(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
    {

    return (PAM_SUCCESS);
    }

    PAM_EXTERN int
    pam_sm_chauthtok(pam_handle_t *pamh, int flags,
    int argc, const char *argv[])
    {

    return (PAM_SERVICE_ERR);
    }

    #ifdef PAM_MODULE_ENTRY
    PAM_MODULE_ENTRY("pam_uds");
    #endif



    /****************************************END*********************************/

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Maybe you should first try to make a pam authentication module which uses a hard-coded login / password - don't try to run before walking.

    How does it determine the information required to log in (uid, gid, $HOME, $SHELL etc) ? Is there an entry in passwd for the user? Does there need to be?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •