Article delegate-en/2651 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2650@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Problem with PAM authentication
14 Jun 2004 21:51:03 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


On 06/14/04(17:37) you Jehan-Guillaume de Rorthais <p4edabdyi-dyd2yvfqa6xr.ml@ml.delegate.org> wrote
in <_A2650@delegate-en.ML_>
 |I built and launch your test program on my server. Here the result (the same as
 |root or common user):
 |
 |   frpa01proxy:~/delegateTest# ./a.out
 |   stat=0 ph=8049720

I can't understand why this test program don't cause error, while you are
getting "PAM: cannot start" error by the same program in DeleGate.
So I enclosed more complete test program with code in pam.c in DeleGate.
It can be tested like follows:

$ su
# ./a.out passwd yuta xxxx          #### xxxx is correct password for yuta
## pam_authenticate [passwd][yuta] = 0
# ./a.out passwd yuta yyyy          #### yyyy is incorect password
## pam_authenticate [passwd][yuta] = 7

If it go successfuly like above in your machine too, then the question
is why it causes the problem when it is embedded into DeleGate.
It might be a kind of linking level problem...

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller


/**** PAM test  extracted from rary/pam.c *******************************/
/* compile: cc pam.c -lpam
 * testing: a.out passwd username password
 */
#include <stdio.h>
#include <string.h>

struct pam_message { int msg_style; char *msg; };
struct pam_response { char *resp; int resp_retcode; };
struct pam_conv { int (*conv)(); void *appdata_ptr; };
#define PAM_PROMPT_ECHO_OFF 1
#define PAM_SUCCESS 0

extern char *calloc();
static char *gpass;
static login_conv(nmsg,pmsg,resp,appdata)
	struct pam_message **pmsg;
	struct pam_response **resp;
	char *appdata;
{	int mi;

	for( mi = 0; mi < nmsg; mi++ ){
		switch( pmsg[mi]->msg_style ){
		case PAM_PROMPT_ECHO_OFF:
			resp[mi] = (struct pam_response*)calloc(1,sizeof(struct pam_response));
			resp[mi]->resp = strdup(gpass);
			break;
		}
	}
	return PAM_SUCCESS;
}
static struct pam_conv pam_conv = {login_conv, NULL};

pam_auth1(service,user,pass)
	char *service,*user,*pass;
{	int status;
	void *pamh;

	pamh = NULL;
	status = pam_start(service,user,&pam_conv,&pamh);
	if( status != PAM_SUCCESS ){
		printf("PAM: cannot start %s [%s] error=%d\n",
			service,user,status);
		return -1;
	}
	gpass = pass;
	status = pam_authenticate(pamh,0);
	pam_end(pamh,PAM_SUCCESS);
	printf("## pam_authenticate [%s][%s] = %d\n",service,user,status);

	if( status != PAM_SUCCESS ){
		return 0;
	}
	return 1;
}
main(ac,av)
	char *av[];
{ 
	if( ac < 4 )
		printf("Usage: %s passwd username password\n",av[0]);
	else	pam_auth1(av[1],av[2],av[3]);
}
/************************************************************************/

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V