本文整理汇总了C++中pam_authenticate函数的典型用法代码示例。如果您正苦于以下问题:C++ pam_authenticate函数的具体用法?C++ pam_authenticate怎么用?C++ pam_authenticate使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了pam_authenticate函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: main
int
main (void)
{
int retval;
/* 1: Call with NULL as pam handle */
retval = pam_authenticate (NULL, 0);
if (retval == PAM_SUCCESS)
{
fprintf (stderr, "tst-pam_authenticate (NULL, 0) returned PAM_SUCCESS\n");
return 1;
}
return 0;
}示例2: pam_auth_user_pass
int pam_auth_user_pass (char const * const user, char const * const pass)
{
struct pam_conv pamc = { conv, pass };
pam_handle_t * pamh = NULL;
int retval = PAM_ABORT;
if ((retval = pam_start ("login", user, &pamc, &pamh)) == PAM_SUCCESS)
{
retval = pam_authenticate (pamh, 0);
}
LOG (pam_strerror (pamh, retval));
pam_end (pamh, 0);
return retval;
}示例3: do_pam
/** Check the users password against the standard UNIX password table + PAM.
*
* @note For most flexibility, passing a pamauth type to this function
* allows you to have multiple authentication types (i.e. multiple
* files associated with radius in /etc/pam.d).
*
* @param request The current request.
* @param username User to authenticate.
* @param passwd Password to authenticate with,
* @param pamauth Type of PAM authentication.
* @return 0 on success -1 on failure.
*/
static int do_pam(REQUEST *request, char const *username, char const *passwd, char const *pamauth)
{
pam_handle_t *handle = NULL;
int ret;
rlm_pam_data_t pam_config;
struct pam_conv conv;
/*
* Initialize the structures
*/
conv.conv = pam_conv;
conv.appdata_ptr = &pam_config;
pam_config.request = request;
pam_config.username = username;
pam_config.password = passwd;
pam_config.error = false;
RDEBUG2("Using pamauth string \"%s\" for pam.conf lookup", pamauth);
ret = pam_start(pamauth, username, &conv, &handle);
if (ret != PAM_SUCCESS) {
RERROR("pam_start failed: %s", pam_strerror(handle, ret));
return -1;
}
ret = pam_authenticate(handle, 0);
if (ret != PAM_SUCCESS) {
RERROR("pam_authenticate failed: %s", pam_strerror(handle, ret));
pam_end(handle, ret);
return -1;
}
/*
* FreeBSD 3.x doesn't have account and session management
* functions in PAM, while 4.0 does.
*/
#if !defined(__FreeBSD_version) || (__FreeBSD_version >= 400000)
ret = pam_acct_mgmt(handle, 0);
if (ret != PAM_SUCCESS) {
RERROR("pam_acct_mgmt failed: %s", pam_strerror(handle, ret));
pam_end(handle, ret);
return -1;
}
#endif
RDEBUG2("Authentication succeeded");
pam_end(handle, ret);
return 0;
}示例4: auth_userpass
/* returns boolean */
int DEFAULT_CC
auth_userpass(char *user, char *pass, int *errorcode)
{
pam_handle_t *pamh;
pam_userpass_t userpass;
struct pam_conv conv = {pam_userpass_conv, &userpass};
const void *template1;
int status;
userpass.user = user;
userpass.pass = pass;
if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
{
return 0;
}
status = pam_authenticate(pamh, 0);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
status = pam_acct_mgmt(pamh, 0);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
status = pam_get_item(pamh, PAM_USER, &template1);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
{
return 0;
}
return 1;
}示例5: check_pw
static int check_pw(const char *login, const char *pwd)
{
struct pam_conv pam_c;
pam_handle_t *phth;
int ret;
pam_c.conv = conv_func;
pam_c.appdata_ptr = (void *)pwd;
assert(pam_start("lolock", login, &pam_c, &phth) == PAM_SUCCESS);
ret = pam_authenticate(phth, PAM_SILENT);
pam_end(phth, 0);
return ret == PAM_SUCCESS;
}示例6: main
int main(int argc, char *argv[])
{
pam_handle_t *pamh = NULL;
int retval;
struct pam_conv conv = { gradm_pam_conv, NULL };
struct gr_arg_wrapper wrapper;
struct gr_arg arg;
int fd;
if (argc != 2)
exit(EXIT_FAILURE);
wrapper.version = GRADM_VERSION;
wrapper.size = sizeof(struct gr_arg);
wrapper.arg = &arg;
arg.mode = GRADM_STATUS;
if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) {
fprintf(stderr, "Could not open %s.\n", GRDEV_PATH);
failure("open");
}
retval = write(fd, &wrapper, sizeof(struct gr_arg_wrapper));
close(fd);
if (retval != 1)
exit(EXIT_FAILURE);
retval = pam_start(PAM_SERVICENAME, argv[1], &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);
if (retval == PAM_AUTHTOK_EXPIRED)
retval = pam_chauthtok(pamh, 0);
if (pamh)
pam_end(pamh, retval);
if (retval != PAM_SUCCESS)
exit(EXIT_FAILURE);
return EXIT_SUCCESS;
}示例7: auth_CheckPasswd
static int
auth_CheckPasswd(const char *name, const char *data, const char *key)
{
if (!strcmp(data, "*")) {
#ifdef NOPAM
/* Then look up the real password database */
struct passwd *pw;
int result = 0;
char *cryptpw;
pw = getpwnam(name);
if (pw) {
cryptpw = crypt(key, pw->pw_passwd);
result = (cryptpw != NULL) && !strcmp(cryptpw, pw->pw_passwd);
}
endpwent();
return result;
#else /* !NOPAM */
/* Then consult with PAM. */
pam_handle_t *pamh;
int status;
struct pam_conv pamc = {
#ifdef OPENPAM
&openpam_nullconv, NULL
#else
&pam_conv, key
#endif
};
if (pam_start("ppp", name, &pamc, &pamh) != PAM_SUCCESS)
return (0);
#ifdef OPENPAM
if ((status = pam_set_item(pamh, PAM_AUTHTOK, key)) == PAM_SUCCESS)
#endif
status = pam_authenticate(pamh, 0);
pam_end(pamh, status);
return (status == PAM_SUCCESS);
#endif /* !NOPAM */
}
return !strcmp(data, key);
}示例8: main
int
main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
const char *user="nobody";
const char *stack="tst-pam_authfail";
int retval;
int debug = 0;
if (argc > 2) {
stack = argv[2];
}
if (argc > 1) {
if (strcmp (argv[1], "-d") == 0)
debug = 1;
else
stack = argv[1];
}
retval = pam_start(stack, user, &conv, &pamh);
if (retval != PAM_SUCCESS)
{
if (debug)
fprintf (stderr, "test3: pam_start returned %d\n", retval);
return 1;
}
retval = pam_authenticate(pamh, 0);
if (retval == PAM_SUCCESS)
{
if (debug)
fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
return 1;
}
retval = pam_end(pamh,retval);
if (retval != PAM_SUCCESS)
{
if (debug)
fprintf (stderr, "test3: pam_end returned %d\n", retval);
return 1;
}
return 0;
}示例9: vs_pam_auth_user
/**
* \brief Try to authentication user using PAM. Only password could be use now.
*/
int vs_pam_auth_user(struct vContext *C, const char *username, const char *pass)
{
struct VSession *vsession = CTX_current_session(C);
int retval;
/* Use password for user authentication */
vsession->conv.appdata_ptr = (void*)pass;
/* Try to initialization PAM transaction */
if((retval = pam_start("verse", username, &vsession->conv, &vsession->pamh)) != PAM_SUCCESS) {
v_print_log(VRS_PRINT_ERROR, "pam_start() failed: %s\n", pam_strerror(vsession->pamh, retval));
vs_pam_end_user_auth(vsession, retval);
return -1;
}
/* Try to setup remote host for PAM */
if((retval = pam_set_item(vsession->pamh, PAM_RHOST, vsession->peer_hostname))) {
v_print_log(VRS_PRINT_ERROR, "pam_set_item(): hostname: %s failed: %s\n",
vsession->peer_hostname, pam_strerror(vsession->pamh, retval));
vs_pam_end_user_auth(vsession, retval);
return -1;
}
/* Authenticate user: is the username in the "database" of valid usernames? */
if((retval = pam_authenticate(vsession->pamh, 0)) != PAM_SUCCESS) {
v_print_log(VRS_PRINT_ERROR, "pam_authenticate(): username: %s failed: %s\n", username, pam_strerror(vsession->pamh, retval));
vs_pam_end_user_auth(vsession, retval);
return -1;
}
/* Is user's account valid? */
if((retval = pam_acct_mgmt(vsession->pamh, 0)) == PAM_SUCCESS) {
v_print_log(VRS_PRINT_DEBUG_MSG, "pam_acct_mgmt(): username: %s: %s\n", username, pam_strerror(vsession->pamh, retval));
vs_pam_end_user_auth(vsession, retval);
/* TODO: get UID and return it */
return -1;
} else {
v_print_log(VRS_PRINT_ERROR, "pam_cct_mgmt(): username: %s failed: %s\n", username, pam_strerror(vsession->pamh, retval));
vs_pam_end_user_auth(vsession, retval);
return -1;
}
vs_pam_end_user_auth(vsession, retval);
return -1;
}示例10: EscalateHelperDoAction
/**
* EscalateHelperDoAction:
* @self: #EscalateHelper instance.
* @error: (out)(allow-none): Error return location or #NULL.
*
* Return: #TRUE if the action specified in the start message (just
* pam_authenticate for now) was called successfully and the finish message was
* sent.
*/
gboolean EscalateHelperDoAction(EscalateHelper *self, GError **error) {
int setcred_result = PAM_SUCCESS;
EscalateMessage *message = NULL;
GVariantBuilder *env = NULL;
gboolean result = FALSE;
// Run the action specified in the start message.
switch (self->action) {
case ESCALATE_MESSAGE_ACTION_AUTHENTICATE:
self->result = pam_authenticate(self->pamh, self->flags);
if (self->result == PAM_SUCCESS || self->result == PAM_NEW_AUTHTOK_REQD) {
// Refresh things like Kerberos credentials. This is safe to do here
// even if the client never calls pam_setcred() because the entire auth
// stack succeeded.
// TODO(vonhollen): Make this configurable by pam_escalate.so.
setcred_result = pam_setcred(self->pamh, PAM_REINITIALIZE_CRED);
if (setcred_result != PAM_SUCCESS) {
pam_syslog(self->pamh, LOG_NOTICE,
"pam_setcred() failed for user '%s': %s",
self->username, pam_strerror(self->pamh, setcred_result));
}
}
break;
default:
self->result = PAM_SYSTEM_ERR;
g_error("Unsupported action %d", self->action);
}
// Prevent this function from being run twice.
self->action = ESCALATE_MESSAGE_ACTION_UNKNOWN;
// Get the PAM environment to include in the result.
env = EscalateUtilPamEnvToVariant(self->pamh, error);
if (!env) {
goto done;
}
// Send the final PAM result for the action and the complete environment.
message = EscalateMessageNew(ESCALATE_MESSAGE_TYPE_FINISH, self->result, env);
result = EscalateMessageWrite(message, self->writer, error);
EscalateMessageUnref(message);
g_variant_builder_unref(env);
done:
return result;
}示例11: input_done
static void input_done(void) {
STOP_TIMER(clear_pam_wrong_timeout);
pam_state = STATE_PAM_VERIFY;
redraw_screen();
if (pam_authenticate(pam_handle, 0) == PAM_SUCCESS) {
DEBUG("successfully authenticated\n");
clear_password_memory();
/* Turn the screen on, as it may have been turned off
* on release of the 'enter' key. */
turn_monitors_on();
/* PAM credentials should be refreshed, this will for example update any kerberos tickets.
* Related to credentials pam_end() needs to be called to cleanup any temporary
* credentials like kerberos /tmp/krb5cc_pam_* files which may of been left behind if the
* refresh of the credentials failed. */
pam_setcred(pam_handle, PAM_REFRESH_CRED);
pam_end(pam_handle, PAM_SUCCESS);
exit(0);
}
if (debug_mode)
fprintf(stderr, "Authentication failure\n");
pam_state = STATE_PAM_WRONG;
failed_attempts += 1;
clear_input();
if (unlock_indicator)
redraw_screen();
/* Clear this state after 2 seconds (unless the user enters another
* password during that time). */
ev_now_update(main_loop);
START_TIMER(clear_pam_wrong_timeout, TSTAMP_N_SECS(2), clear_pam_wrong);
/* Cancel the clear_indicator_timeout, it would hide the unlock indicator
* too early. */
STOP_TIMER(clear_indicator_timeout);
/* beep on authentication failure, if enabled */
if (beep) {
xcb_bell(conn, 100);
xcb_flush(conn);
}
}示例12: verify_root_pw
static bool
verify_root_pw( const char* pw)
{
const char* superuser = "root";
#ifdef USESHADOW
struct spwd *spws = getspnam( superuser);
#endif
#ifdef USE_PAM
pam_handle_t *pamh;
int pam_error;
#endif /* USE_PAM */
struct passwd *pws = getpwnam( superuser);
CHECK_PTR( pws);
#ifndef USE_PAM
#ifdef USESHADOW
// If USESHADOW is defined, kdm will work for both shadow and non
// shadow systems
if( spws != NULL) {
char* tmp = pws->pw_passwd;
pws->pw_passwd = spws->sp_pwdp;
spws->sp_pwdp = tmp;
}
endspent();
#endif /* USESHADOW */
if( strcmp( crypt( pw, pws->pw_passwd), pws->pw_passwd)) {
printf("Root passwd verification failed\n");
return false;
}
#else /* USE_PAM */
#define PAM_BAIL \
if (pam_error != PAM_SUCCESS) { \
pam_end(pamh, 0); \
return false; \
}
PAM_password = pw;
pam_error = pam_start(KDE_PAM, superuser, &PAM_conversation, &pamh);
PAM_BAIL;
pam_error = pam_authenticate( pamh, 0);
PAM_BAIL;
/* OK, if we get here, the user _should_ be root */
pam_end( pamh, PAM_SUCCESS);
#endif /* USE_PAM */
return true;
}示例13: PAM_Authenticate
/**
* Authenticate a connecting client using PAM.
* @param Client The client to authenticate.
* @return true when authentication succeeded, false otherwise.
*/
GLOBAL bool
PAM_Authenticate(CLIENT *Client) {
pam_handle_t *pam;
int retval = PAM_SUCCESS;
LogDebug("PAM: Authenticate \"%s\" (%s) ...",
Client_OrigUser(Client), Client_Mask(Client));
/* Set supplied client password */
if (password)
free(password);
password = strdup(Conn_Password(Client_Conn(Client)));
conv.appdata_ptr = Conn_Password(Client_Conn(Client));
/* Initialize PAM */
retval = pam_start(Conf_PAMServiceName, Client_OrigUser(Client), &conv, &pam);
if (retval != PAM_SUCCESS) {
Log(LOG_ERR, "PAM: Failed to create authenticator! (%d)", retval);
return false;
}
pam_set_item(pam, PAM_RUSER, Client_User(Client));
pam_set_item(pam, PAM_RHOST, Client_Hostname(Client));
#if defined(HAVE_PAM_FAIL_DELAY) && !defined(NO_PAM_FAIL_DELAY)
pam_fail_delay(pam, 0);
#endif
/* PAM authentication ... */
retval = pam_authenticate(pam, 0);
/* Success? */
if (retval == PAM_SUCCESS)
Log(LOG_INFO, "PAM: Authenticated \"%s\" (%s).",
Client_OrigUser(Client), Client_Mask(Client));
else
Log(LOG_ERR, "PAM: Error on \"%s\" (%s): %s",
Client_OrigUser(Client), Client_Mask(Client),
pam_strerror(pam, retval));
/* Free PAM structures */
if (pam_end(pam, retval) != PAM_SUCCESS)
Log(LOG_ERR, "PAM: Failed to release authenticator!");
return (retval == PAM_SUCCESS);
}示例14: pam_pass
int
pam_pass(char *name, char *passwd, const char *pamauth, char **reply_msg)
{
pam_handle_t *pamh = NULL;
int rc;
struct pam_conv_data data;
struct pam_conv conv = {
rad_pam_conv,
NULL
};
/* input data */
data.username = name;
data.password = passwd;
/* output data */
data.error = 0;
data.reply_msg = NULL;
conv.appdata_ptr = &data;
GRAD_DEBUG2(1, "username [%s], pamauth [%s]", name, pamauth);
/* fake loop needed so we don't have to use gotos */
for (;;) {
rc = pam_start(pamauth, name, &conv, &pamh);
GRAD_DEBUG1(1, "pam_start: %d", rc);
if (rc != PAM_SUCCESS)
break;
rc = pam_authenticate(pamh, 0);
GRAD_DEBUG1(1, "pam_authenticate: %d", rc);
if (rc != PAM_SUCCESS)
break;
rc = pam_acct_mgmt(pamh, 0);
break;
}
GRAD_DEBUG1(1, "pam_acct_mgmt: %d", rc);
pam_end(pamh, 0);
*reply_msg = data.reply_msg;
return rc != PAM_SUCCESS;
}示例15: sshpam_auth_passwd
/*
* Attempt password authentication via PAM
*/
int
sshpam_auth_passwd(Authctxt *authctxt, const char *password)
{
int flags = (options.permit_empty_passwd == 0 ?
PAM_DISALLOW_NULL_AUTHTOK : 0);
char *fake = NULL;
if (!options.use_pam || sshpam_handle == NULL)
fatal("PAM: %s called when PAM disabled or failed to "
"initialise.", __func__);
sshpam_password = password;
sshpam_authctxt = authctxt;
/*
* If the user logging in is invalid, or is root but is not permitted
* by PermitRootLogin, use an invalid password to prevent leaking
* information via timing (eg if the PAM config has a delay on fail).
*/
if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
options.permit_root_login != PERMIT_YES))
sshpam_password = fake = fake_password(password);
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&passwd_conv);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: %s: failed to set PAM_CONV: %s", __func__,
pam_strerror(sshpam_handle, sshpam_err));
sshpam_err = pam_authenticate(sshpam_handle, flags);
sshpam_password = NULL;
free(fake);
if (sshpam_err == PAM_MAXTRIES)
sshpam_set_maxtries_reached(1);
if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
debug("PAM: password authentication accepted for %.100s",
authctxt->user);
return 1;
} else {
debug("PAM: password authentication failed for %.100s: %s",
authctxt->valid ? authctxt->user : "an illegal user",
pam_strerror(sshpam_handle, sshpam_err));
return 0;
}
}