本文整理汇总了C++中pam_chauthtok函数的典型用法代码示例。如果您正苦于以下问题:C++ pam_chauthtok函数的具体用法?C++ pam_chauthtok怎么用?C++ pam_chauthtok使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了pam_chauthtok函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ChangePlaintextPasswordUsingLibPam
static bool ChangePlaintextPasswordUsingLibPam(const char *puser, const char *password)
{
int status;
pam_handle_t *handle;
struct pam_conv conv;
conv.conv = PasswordSupplier;
conv.appdata_ptr = (void*)password;
status = pam_start("passwd", puser, &conv, &handle);
if (status != PAM_SUCCESS)
{
Log(LOG_LEVEL_ERR, "Could not initialize pam session. (pam_start: '%s')", pam_strerror(NULL, status));
return false;
}
Log(LOG_LEVEL_VERBOSE, "Changing password for user '%s'.", puser);
status = pam_chauthtok(handle, PAM_SILENT);
pam_end(handle, status);
if (status == PAM_SUCCESS)
{
return true;
}
else
{
Log(LOG_LEVEL_ERR, "Could not change password for user '%s'. (pam_chauthtok: '%s')",
puser, pam_strerror(handle, status));
return false;
}
}示例2: run_test_case
static enum pamtest_err run_test_case(pam_handle_t *ph,
struct pam_testcase *tc)
{
switch (tc->pam_operation) {
case PAMTEST_AUTHENTICATE:
tc->op_rv = pam_authenticate(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_SETCRED:
tc->op_rv = pam_setcred(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_ACCOUNT:
tc->op_rv = pam_acct_mgmt(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_OPEN_SESSION:
tc->op_rv = pam_open_session(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_CLOSE_SESSION:
tc->op_rv = pam_close_session(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_CHAUTHTOK:
tc->op_rv = pam_chauthtok(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_GETENVLIST:
tc->case_out.envlist = pam_getenvlist(ph);
return PAMTEST_ERR_OK;
case PAMTEST_KEEPHANDLE:
tc->case_out.ph = ph;
return PAMTEST_ERR_KEEPHANDLE;
default:
return PAMTEST_ERR_OP;
}
return PAMTEST_ERR_OP;
}示例3: pam_chauthtok
bool PamHandle::chAuthTok(int flags) {
m_result = pam_chauthtok(m_handle, flags | m_silent);
if (m_result != PAM_SUCCESS) {
qWarning() << "[PAM] chAuthTok:" << pam_strerror(m_handle, m_result);
}
return m_result == PAM_SUCCESS;
}示例4: main
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
retval = pam_start("sqlite3", user, &conv, &pamh);
if(retval == PAM_SUCCESS)
printf("PAM started.\n");
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0); /* is user really user? */
if(retval == PAM_SUCCESS)
printf("Authentication succeeded, checking access.\n");
else
printf("Authentication failed: %s\n", pam_strerror(pamh, retval));
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
if(retval == PAM_SUCCESS)
printf("Access permitted.\n");
else
printf("Access denied: %s\n", pam_strerror(pamh, retval));
/* lets try print password */
printf("Changing authentication token...\n");
retval = pam_chauthtok(pamh, 0);
if(retval != PAM_SUCCESS) {
printf("Failed: %s\n", pam_strerror(pamh, retval));
} else {
printf("Token changed.\n");
}
/* This is where we have been authorized or not. */
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}示例5: loginpam_acct
static void loginpam_acct(struct login_context *cxt)
{
int rc;
pam_handle_t *pamh = cxt->pamh;
rc = pam_acct_mgmt(pamh, 0);
if (rc == PAM_NEW_AUTHTOK_REQD)
rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (is_pam_failure(rc))
loginpam_err(pamh, rc);
/*
* Grab the user information out of the password file for future use.
* First get the username that we are actually using, though.
*/
rc = loginpam_get_username(pamh, &cxt->username);
if (is_pam_failure(rc))
loginpam_err(pamh, rc);
if (!cxt->username || !*cxt->username) {
warnx(_("\nSession setup problem, abort."));
syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."),
__FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
sleepexit(EXIT_FAILURE);
}
}示例6: do_pam_passwd
void
do_pam_passwd(const char *user, int silent, int change_expired)
{
pam_handle_t *pamh = NULL;
int flags = 0, ret;
if (silent)
flags |= PAM_SILENT;
if (change_expired)
flags |= PAM_CHANGE_EXPIRED_AUTHTOK;
ret = pam_start("passwd", user, &conv, &pamh);
if (ret != PAM_SUCCESS) {
fprintf(stderr, _("passwd: pam_start() failed, error %d\n"),
ret);
exit(10); /* XXX */
}
ret = pam_chauthtok(pamh, flags);
if (ret != PAM_SUCCESS) {
fprintf(stderr, _("passwd: %s\n"), PAM_STRERROR(pamh, ret));
pam_end(pamh, ret);
exit(10); /* XXX */
}
pam_end(pamh, PAM_SUCCESS);
}示例7: sudo_pam_verify
int
sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
const char *s;
int *pam_status = (int *) auth->data;
debug_decl(sudo_pam_verify, SUDO_DEBUG_AUTH)
def_prompt = prompt; /* for converse */
/* PAM_SILENT prevents the authentication service from generating output. */
*pam_status = pam_authenticate(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
*pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
debug_return_int(AUTH_SUCCESS);
case PAM_AUTH_ERR:
log_warning(NO_MAIL, N_("account validation failure, "
"is your account locked?"));
debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
log_warning(NO_MAIL, N_("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
debug_return_int(AUTH_SUCCESS);
if ((s = pam_strerror(pamh, *pam_status)) != NULL) {
log_warning(NO_MAIL,
N_("unable to change expired password: %s"), s);
}
debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
log_warning(NO_MAIL,
N_("Password expired, contact your system administrator"));
debug_return_int(AUTH_FATAL);
case PAM_ACCT_EXPIRED:
log_warning(NO_MAIL,
N_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
debug_return_int(AUTH_FATAL);
}
/* FALLTHROUGH */
case PAM_AUTH_ERR:
case PAM_AUTHINFO_UNAVAIL:
if (getpass_error) {
/* error or ^C from tgetpass() */
debug_return_int(AUTH_INTR);
}
/* FALLTHROUGH */
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
debug_return_int(AUTH_FAILURE);
default:
if ((s = pam_strerror(pamh, *pam_status)) != NULL)
log_warning(NO_MAIL, N_("PAM authentication error: %s"), s);
debug_return_int(AUTH_FATAL);
}
}示例8: pam_start
bool PAMAuthenticator::authenticate(void)
{
pam_conv c;
c.conv = PAMAuthenticator::conv;
c.appdata_ptr = this;
int res = pam_start("repwatchproxy", 0, &c, &this->m_ph);
if (res == PAM_SUCCESS) {
res = pam_set_item(this->m_ph, PAM_RUSER, this->m_user.constData());
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_set_item(this->m_ph, PAM_RHOST, this->m_host.constData());
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_authenticate(this->m_ph, 0);
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_acct_mgmt(this->m_ph, 0);
if (PAM_NEW_AUTHTOK_REQD == res) {
res = pam_chauthtok(this->m_ph, PAM_CHANGE_EXPIRED_AUTHTOK);
}
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_setcred(this->m_ph, PAM_ESTABLISH_CRED);
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_open_session(this->m_ph, 0);
if (res != PAM_SUCCESS) {
goto getout;
}
return true;
getout:
qWarning("%s: %s", Q_FUNC_INFO, pam_strerror(this->m_ph, res));
pam_end(this->m_ph, res);
}
else {
qCritical("PAM initialization failed");
}
this->m_ph = 0;
return false;
}示例9: pam_verify
int
pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
const char *s;
int *pam_status = (int *) auth->data;
def_prompt = prompt; /* for converse */
/* PAM_SILENT prevents the authentication service from generating output. */
*pam_status = pam_authenticate(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
*pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
return AUTH_SUCCESS;
case PAM_AUTH_ERR:
log_error(NO_EXIT|NO_MAIL, _("account validation failure, "
"is your account locked?"));
return AUTH_FATAL;
case PAM_NEW_AUTHTOK_REQD:
log_error(NO_EXIT|NO_MAIL, _("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
return AUTH_SUCCESS;
if ((s = pam_strerror(pamh, *pam_status)))
log_error(NO_EXIT|NO_MAIL, _("pam_chauthtok: %s"), s);
return AUTH_FAILURE;
case PAM_AUTHTOK_EXPIRED:
log_error(NO_EXIT|NO_MAIL,
_("Password expired, contact your system administrator"));
return AUTH_FATAL;
case PAM_ACCT_EXPIRED:
log_error(NO_EXIT|NO_MAIL,
_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
return AUTH_FATAL;
}
/* FALLTHROUGH */
case PAM_AUTH_ERR:
if (gotintr) {
/* error or ^C from tgetpass() */
return AUTH_INTR;
}
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
return AUTH_FAILURE;
default:
if ((s = pam_strerror(pamh, *pam_status)))
log_error(NO_EXIT|NO_MAIL, _("pam_authenticate: %s"), s);
return AUTH_FATAL;
}
}示例10: sshpam_chauthtok_ruid
static int
sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
{
int result;
if (sshpam_authctxt == NULL)
fatal("PAM: sshpam_authctxt not initialized");
if (setreuid(sshpam_authctxt->pw->pw_uid, -1) == -1)
fatal("%s: setreuid failed: %s", __func__, strerror(errno));
result = pam_chauthtok(pamh, flags);
if (setreuid(0, -1) == -1)
fatal("%s: setreuid failed: %s", __func__, strerror(errno));
return result;
}示例11: pm_do_auth
static void
pm_do_auth(adt_session_data_t *ah)
{
pam_handle_t *pm_pamh;
int err;
int pam_flag = 0;
int chpasswd_tries;
struct pam_conv pam_conv = {pam_tty_conv, NULL};
if (user[0] == '\0')
return;
if ((err = pam_start("sys-suspend", user, &pam_conv,
&pm_pamh)) != PAM_SUCCESS)
return;
pam_flag = PAM_DISALLOW_NULL_AUTHTOK;
do {
err = pam_authenticate(pm_pamh, pam_flag);
if (err == PAM_SUCCESS) {
err = pam_acct_mgmt(pm_pamh, pam_flag);
if (err == PAM_NEW_AUTHTOK_REQD) {
chpasswd_tries = 0;
do {
err = pam_chauthtok(pm_pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
chpasswd_tries++;
} while ((err == PAM_AUTHTOK_ERR ||
err == PAM_TRY_AGAIN) &&
chpasswd_tries < DEF_ATTEMPTS);
pm_audit_event(ah, ADT_passwd, err);
}
err = pam_setcred(pm_pamh, PAM_REFRESH_CRED);
}
if (err != PAM_SUCCESS) {
(void) fprintf(stdout, "%s\n",
pam_strerror(pm_pamh, err));
pm_audit_event(ah, ADT_screenunlock, err);
}
} while (err != PAM_SUCCESS);
pm_audit_event(ah, ADT_passwd, 0);
(void) pam_end(pm_pamh, err);
}示例12: main
int main(int argc, char **argv) {
pam_handle_t *pamh=NULL;
static struct pam_conv pamc = {
misc_conv,
NULL
};
if( PAM_SUCCESS != pam_start("test", "testa", &pamc, &pamh) )
{
fprintf(stderr, "ERR: pam_start failed!\n");
return 1;
}
/*
if( PAM_SUCCESS != pam_set_item(pamh, PAM_USER, "tester") )
{
fprintf(stderr, "ERR: pam_set_item user failed!\n");
return 1;
}
if( PAM_SUCCESS != pam_chauthtok(pamh, 0) )
{
fprintf(stderr, "ERR: pam_chauthtok failed!\n");
return 1;
}
if( PAM_SUCCESS != pam_set_item(pamh, PAM_AUTHTOK, "mypassword") )
{
fprintf(stderr, "ERR: pam_set_item password failed!\n");
return 1;
}
*/
if( PAM_SUCCESS != pam_chauthtok(pamh, 0) )
{
fprintf(stderr, "ERR: pam_chauthtok failed!\n");
return 1;
}
if( PAM_SUCCESS != pam_end(pamh, PAM_SUCCESS) )
{
fprintf(stderr, "ERR: pam_end failed!\n");
return 1;
}
return 0;
}示例13: do_pam_chauthtok
/*
* XXX this should be done in the authentication phase, but ssh1 doesn't
* support that
*/
void
do_pam_chauthtok(void)
{
if (use_privsep)
fatal("Password expired (unable to change with privsep)");
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&tty_conv);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
debug("PAM: changing password");
sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: pam_chauthtok(): %s",
pam_strerror(sshpam_handle, sshpam_err));
}示例14: main
int main(int argc, char *argv[])
{
pam_handle_t *pamh = NULL;
int retval;
struct pam_conv conv = { gradm_pam_conv, NULL };
struct gr_arg_wrapper wrapper;
struct gr_arg arg;
int fd;
if (argc != 2)
exit(EXIT_FAILURE);
wrapper.version = GRADM_VERSION;
wrapper.size = sizeof(struct gr_arg);
wrapper.arg = &arg;
arg.mode = GRADM_STATUS;
if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) {
fprintf(stderr, "Could not open %s.\n", GRDEV_PATH);
failure("open");
}
retval = write(fd, &wrapper, sizeof(struct gr_arg_wrapper));
close(fd);
if (retval != 1)
exit(EXIT_FAILURE);
retval = pam_start(PAM_SERVICENAME, argv[1], &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);
if (retval == PAM_AUTHTOK_EXPIRED)
retval = pam_chauthtok(pamh, 0);
if (pamh)
pam_end(pamh, retval);
if (retval != PAM_SUCCESS)
exit(EXIT_FAILURE);
return EXIT_SUCCESS;
}示例15: do_account_password_management
static int
do_account_password_management(pam_handle_t *pamh)
{
int rc;
/* Whether the authenticated user is allowed to log in? */
rc = pam_acct_mgmt(pamh, 0);
/* Do we need to prompt the user for a new password? */
if (rc == PAM_NEW_AUTHTOK_REQD)
rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
/* Extend the lifetime of the existing credentials. */
if (rc == PAM_SUCCESS)
rc = pam_setcred(pamh, PAM_REFRESH_CRED);
return rc;
}