lib/auth_user
Submitted by Daryle on Mon, 03/26/2012 - 22:18
|
Procedure Model Type: ( )Web Page ( )CGI Script (X)Shared Library ( )System API Name: lib/auth_user Assigned to: |
|
|
Description |
This suid program takes the username and password and returns a 0 if the username and password match the system password for the stated user. Any other return code indicates an error. |
|
Implementation Skills |
C, PAM |
|
Parameter List |
Username and password as string values |
|
Called By: |
user/login.cgi |
|
Can Call: |
PAM system libraries |
|
Function Description |
Example of a proper function call from a calling PERL script:
output=`/usr/local/csuite/lib/auth_user $user $passwd `;
/*****************************************************
** Library functions to interact with the Linux-PAM **
** modules in order to update a user's password on **
** the system. **
** **
** Make sure you add the following lines to the **
** pam.conf file (or equivalent): **
** cs_password auth required **
** /lib/security/pam_unix_auth.so **
** cs_password account required **
** /lib/security/pam_unix_acct.so **
** cs_password password required **
** /lib/security/pam_unix_passwd.so **
** cs_password session required **
** /lib/security/pam_unix_acct.so **
** **
** Author: Daryle Niedermayer (dpn) **
** daryle@gpfn.ca **
** Date: 2002-06-17 **
** **
******************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#define CS_BAD_DATA -2
#define CS_BAD_USAGE -1
#define CS_SUCCESS 0
#define COPY_STRING(s) (s) ? strdup(s) : NULL
/* DEFINE STATIC EXTERNAL STRUCTURES AND VARIABLES
SO THAT THEY ONLY HAVE SCOPE WITHIN THE METHODS
AND FUNCTIONS OF THIS SOURCE FILE */
static char* service_name = "cs_password";
static char* user;
static char* old_password;
static char* new_password;
static int PAM_conv (int, const struct pam_message**,
struct pam_response**, void*);
static struct pam_conv PAM_converse = {PAM_conv, NULL};
/*************************************************
** PAM Conversation function **
*************************************************/
static int PAM_conv (
int num_msg,
const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr) {
int replies = 0;
struct pam_response *reply = NULL;
reply =
malloc(sizeof(struct pam_response) * num_msg);
if (!reply) return PAM_CONV_ERR;
for (replies = 0; replies < num_msg; replies++) {
if (! strcmp(msg[replies]->msg,"Password: "))
reply[replies].resp =
COPY_STRING(old_password);
if (! strcmp(msg[replies]->msg,
"(current) UNIX password: "))
reply[replies].resp =
COPY_STRING(old_password);
}
*resp = reply;
return PAM_SUCCESS;
}
/*************************************************
** MAIN PROCEDURE **
*************************************************/
int main(int argc, char *argv[]) {
/* DEFINITIONS */
pam_handle_t* pamh = NULL;
int retval;
char* pw_check;
char* dict_path = "/usr/lib/cracklib_dict";
/* DETERMINE IF VARIABLE COUNT IS CORRECT */
if (argc != 3) {
printf("Usage: auth_user <USER> <PASSWORD>\n");
exit (CS_BAD_USAGE);
}
/* PARSE PARAMETERS FROM INPUTS */
user = argv[1];
old_password = argv[2];
if (!(user && old_password && strlen(user) && strlen(old_password)))
exit (CS_BAD_DATA);
/* GET A HANDLE TO A PAM INSTANCE */
retval = pam_start(service_name, user, &PAM_converse, &pamh);
/* IS THE USER REALLY A USER? */
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
else return retval;
/* IS USER PERMITTED ACCESS? */
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);
else return retval;
/* CLEAN UP OUR HANDLES AND VARIABLES */
if (pam_end(pamh, retval) != PAM_SUCCESS)
pamh = NULL;
else return retval;
exit (CS_SUCCESS);
} |
|
Possible Exit Conditions and Return Values |
This function returns a number of possible values:
|
|
Sign Off by: |
Project Manager |