当前位置: 首页>>代码示例>>C++>>正文


C++ pam_start函数代码示例

本文整理汇总了C++中pam_start函数的典型用法代码示例。如果您正苦于以下问题:C++ pam_start函数的具体用法?C++ pam_start怎么用?C++ pam_start使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了pam_start函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。

示例1: pam_setup

int
pam_setup (char *user, char *host)
{
	/*
	 * Any application using PAM must provide a conversion function, which
	 * is used for direct communication between a loaded module and the
	 * application. In this case, SLURM does need a communication mechanism,
	 * so the default (or null) conversation function may be used.
	 */
	struct pam_conv conv = {misc_conv, NULL};
        int             rc = 0;

	if (!conf->use_pam)
		return SLURM_SUCCESS;
	/*
	 * SLURM uses PAM to obtain resource limits established by the system
	 * administrator. PAM's session management library is responsible for
	 * handling resource limits. When a PAM session is opened on behalf of
	 * a user, the limits imposed by the sys admin are picked up. Opening
	 * a PAM session requires a PAM handle, which is obtained when the PAM
	 * interface is intialized. (PAM handles are required with essentially
	 * all PAM calls.) It's also necessary to have the users PAM credentials
	 * to open a user session.
 	 */
        if ((rc = pam_start (SLURM_SERVICE_PAM, user, &conv, &pam_h))
			!= PAM_SUCCESS) {
                error ("pam_start: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_set_item (pam_h, PAM_USER, user))
			!= PAM_SUCCESS) {
                error ("pam_set_item USER: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_set_item (pam_h, PAM_RUSER, user))
			!= PAM_SUCCESS) {
                error ("pam_set_item RUSER: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_set_item (pam_h, PAM_RHOST, host))
			!= PAM_SUCCESS) {
                error ("pam_set_item HOST: %s", pam_strerror(pam_h, rc));
              return SLURM_ERROR;
        } else if ((rc = pam_setcred (pam_h, PAM_ESTABLISH_CRED))
			!= PAM_SUCCESS) {
                error ("pam_setcred: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        } else if ((rc = pam_open_session (pam_h, 0)) != PAM_SUCCESS) {
                error("pam_open_session: %s", pam_strerror(pam_h, rc));
                return SLURM_ERROR;
        }

	return SLURM_SUCCESS;

}
开发者ID:alepharchives,项目名称:slurm,代码行数:52,代码来源:pam_ses.c

示例2: x11_shadow_pam_authenticate

int x11_shadow_pam_authenticate(x11ShadowSubsystem* subsystem, const char* user, const char* domain, const char* password)
{
	int pam_status;
	SHADOW_PAM_AUTH_INFO* info;

	info = calloc(1, sizeof(SHADOW_PAM_AUTH_INFO));

	if (!info)
		return PAM_CONV_ERR;

	if (x11_shadow_pam_get_service_name(info) < 0)
		return -1;

	info->appdata.user = user;
	info->appdata.domain = domain;
	info->appdata.password = password;

	info->pamc.conv = &x11_shadow_pam_conv;
	info->pamc.appdata_ptr = &(info->appdata);

	pam_status = pam_start(info->service_name, 0, &(info->pamc), &(info->handle));

	if (pam_status != PAM_SUCCESS)
	{
		WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info->handle, pam_status));
		free(info);
		return -1;
	}

	pam_status = pam_authenticate(info->handle, 0);

	if (pam_status != PAM_SUCCESS)
	{
		WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info->handle, pam_status));
		free(info);
		return -1;
	}

	pam_status = pam_acct_mgmt(info->handle, 0);

	if (pam_status != PAM_SUCCESS)
	{
		WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info->handle, pam_status));
		free(info);
		return -1;
	}

	free(info);

	return 1;
}
开发者ID:AMV007,项目名称:FreeRDP,代码行数:51,代码来源:x11_shadow.c

示例3: httpPamVerifyUser

bool httpPamVerifyUser(HttpConn *conn)
{
    MprBuf              *abilities;
    pam_handle_t        *pamh;
    UserInfo            info;
    struct pam_conv     conv = { pamChat, &info };
    struct group        *gp;
    int                 res, i;
   
    mprAssert(conn->username);
    mprAssert(conn->password);
    mprAssert(!conn->encoded);

    info.name = (char*) conn->username;
    info.password = (char*) conn->password;
    pamh = NULL;
    if ((res = pam_start("login", info.name, &conv, &pamh)) != PAM_SUCCESS) {
        return 0;
    }
    if ((res = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
        pam_end(pamh, PAM_SUCCESS);
        mprLog(5, "httpPamVerifyUser failed to verify %s", conn->username);
        return 0;
    }
    pam_end(pamh, PAM_SUCCESS);
    mprLog(5, "httpPamVerifyUser verified %s", conn->username);

    if (!conn->user) {
        conn->user = mprLookupKey(conn->rx->route->auth->users, conn->username);
    }
    if (!conn->user) {
        Gid     groups[32];
        int     ngroups;
        /* 
            Create a temporary user with a abilities set to the groups 
         */
        ngroups = sizeof(groups) / sizeof(Gid);
        if ((i = getgrouplist(conn->username, 99999, groups, &ngroups)) >= 0) {
            abilities = mprCreateBuf(0, 0);
            for (i = 0; i < ngroups; i++) {
                if ((gp = getgrgid(groups[i])) != 0) {
                    mprPutFmtToBuf(abilities, "%s ", gp->gr_name);
                }
            }
            mprAddNullToBuf(abilities);
            mprLog(5, "Create temp user \"%s\" with abilities: %s", conn->username, mprGetBufStart(abilities));
            conn->user = httpCreateUser(conn->rx->route->auth, conn->username, 0, mprGetBufStart(abilities));
        }
    }
    return 1;
}
开发者ID:ni-webtech,项目名称:http,代码行数:51,代码来源:pam.c

示例4: freerds_authenticate

long freerds_authenticate(char* username, char* password, int* errorcode)
{
	int error;
	char service_name[256];
	struct t_auth_info* auth_info;

	get_service_name(service_name);
	auth_info = malloc(sizeof(struct t_auth_info));
	ZeroMemory(auth_info, sizeof(struct t_auth_info));
	strcpy(auth_info->user_pass.user, username);
	strcpy(auth_info->user_pass.pass, password);
	auth_info->pamc.conv = &verify_pam_conv;
	auth_info->pamc.appdata_ptr = &(auth_info->user_pass);
	error = pam_start(service_name, 0, &(auth_info->pamc), &(auth_info->ph));

	if (error != PAM_SUCCESS)
	{
		if (errorcode != NULL)
			*errorcode = error;

		printf("pam_start failed: %s\n", pam_strerror(auth_info->ph, error));
		free(auth_info);
		return 0;
	}

	error = pam_authenticate(auth_info->ph, 0);

	if (error != PAM_SUCCESS)
	{
		if (errorcode != NULL)
			*errorcode = error;

		printf("pam_authenticate failed: %s\n", pam_strerror(auth_info->ph, error));
		free(auth_info);
		return 0;
	}

	error = pam_acct_mgmt(auth_info->ph, 0);

	if (error != PAM_SUCCESS)
	{
		if (errorcode != NULL)
			*errorcode = error;

		printf("pam_acct_mgmt failed: %s\n", pam_strerror(auth_info->ph, error));
		free(auth_info);
		return 0;
	}

	return (long) auth_info;
}
开发者ID:FreeRDS,项目名称:FreeRDS,代码行数:51,代码来源:auth.c

示例5: sshpam_init

static int
sshpam_init(Authctxt *authctxt)
{
	extern char *__progname;
	const char *pam_rhost, *pam_user, *user = authctxt->user;
	const char **ptr_pam_user = &pam_user;
	struct ssh *ssh = active_state; /* XXX */

	if (sshpam_handle != NULL) {
		/* We already have a PAM context; check if the user matches */
		sshpam_err = pam_get_item(sshpam_handle,
		    PAM_USER, (sshpam_const void **)ptr_pam_user);
		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
			return (0);
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
	}
	debug("PAM: initializing for \"%s\"", user);
	sshpam_err =
	    pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
	sshpam_authctxt = authctxt;

	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
	pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
#ifdef PAM_TTY_KLUDGE
	/*
	 * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
	 * sshd doesn't set the tty until too late in the auth process and
	 * may not even set one (for tty-less connections)
	 */
	debug("PAM: setting PAM_TTY to \"ssh\"");
	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
	if (sshpam_err != PAM_SUCCESS) {
		pam_end(sshpam_handle, sshpam_err);
		sshpam_handle = NULL;
		return (-1);
	}
#endif
	return (0);
}
开发者ID:BobWall23,项目名称:ironssh,代码行数:51,代码来源:auth-pam.c

示例6: dialog

bool MainWindow::doAuthenticate() {

    Authenticated = false;
    LoginDialog dialog(this);
    if (dialog.exec()) {
        pcode = dialog.getPass();

        static pam_handle_t *pamh;
        struct pam_conv pamc = { converse, this };
        char hostname[MAXHOSTNAMELEN];
        char *ruser;
        int retcode = 0;

        char user[] = "root";
        pam_start("su", user, &pamc, &pamh);

        gethostname(hostname, sizeof(hostname));
        if ((retcode = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) {
            pcode = "";
            dialog.clearPass();
            qDebug() << "pam_set_item hostname failed. " << pam_strerror(pamh, retcode);
            return false;
        }

        ruser = getlogin();
        if ((retcode = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS) {
            pcode = "";
            dialog.clearPass();
            qDebug() << "pam_set_item remote user failed. " << pam_strerror(pamh, retcode);
            return false;
        }

        if ((retcode = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
            pcode = "";
            dialog.clearPass();
            qDebug() << "pam_authenticate failed. " << pam_strerror(pamh, retcode);
            return false;
        }

        Authenticated = true;

        qDebug() << "Authenticated as root. ";
        pcode = "";
        dialog.clearPass();
        return true;
    }

    qDebug() << "Not Authenticated as root.";
    Authenticated = false;
    return false;
}
开发者ID:creamy,项目名称:qt-pam-example,代码行数:51,代码来源:mainwindow.cpp

示例7: do_auth

static void do_auth(char *service, char*user, char*pwd, char* mode, int sid)
{
    pam_handle_t *pamh=NULL;
    int retval;
    struct session *sessp;

    conv.appdata_ptr = (void*)strdup(pwd);
    retval = pam_start(service, user, &conv, &pamh);
    
    if (retval != PAM_SUCCESS) {
        werr(pamh, sid, retval, "start");
        return;
    }
    pam_set_item(pamh, PAM_RUSER, user);

    retval = pam_authenticate(pamh, 0); 
    if (retval != PAM_SUCCESS) {
        werr(pamh, sid, retval, "auth");
        return;
    }
    if (mode[0] == 'A') {
        retval = pam_acct_mgmt(pamh, 0); 
        if (retval != PAM_SUCCESS) {
            werr(pamh, sid, retval, "accounting");
            return;
        }
        /*fprintf(stderr, "did ok acct \n\r");*/
    }
    if (mode[1] == 'S') {
        retval = pam_open_session(pamh, 0);
        if (retval != PAM_SUCCESS) {
            werr(pamh, sid, retval, "session");
            return;
        }
        /*fprintf(stderr, "did ok open sess \n\r"); */
    }
    if ((sessp = malloc(sizeof(struct session))) == NULL) {
        werr(pamh, sid, -1, "malloc");
        return;
    }
    if (mode[1] == 'S') 
        sessp->session_mode = 1;
    else
        sessp->session_mode = 0;
    sessp->sid = sid;
    sessp->pamh = pamh;
    sessp->next = sessions;
    sessions = sessp;
    
    wok(sid);
}
开发者ID:AugustoFernandes,项目名称:yaws,代码行数:51,代码来源:epam.c

示例8: lxdm_auth_user_authenticate

int lxdm_auth_user_authenticate(LXDM_AUTH *a,const char *user,const char *pass,int type)
{
	struct passwd *pw;
	if(!user || !user[0])
	{
		g_debug("user==NULL\n");
		return AUTH_ERROR;
	}
	pw = getpwnam(user);
	endpwent();
	if(!pw)
	{
		g_debug("user %s not found\n",user);
		return AUTH_BAD_USER;
	}
	if(strstr(pw->pw_shell, "nologin"))
	{
		g_debug("user %s have nologin shell\n",user);
		return AUTH_PRIV;
	}
	if(a->handle) pam_end(a->handle,0);
	if(PAM_SUCCESS != pam_start("lxdm", pw->pw_name, &conv, (pam_handle_t**)&a->handle))
	{
		a->handle=NULL;
		g_debug("user %s start pam fail\n",user);
		return AUTH_FAIL;
	}
	else
	{
		int ret;
		if(type==AUTH_TYPE_AUTO_LOGIN && !pass)
			goto out;
		user_pass[0]=(char*)user;user_pass[1]=(char*)pass;
		ret=pam_authenticate(a->handle,PAM_SILENT);
		user_pass[0]=0;user_pass[1]=0;
		if(ret!=PAM_SUCCESS)
		{
			g_debug("user %s auth fail with %d\n",user,ret);
			return AUTH_FAIL;
		}
		ret=pam_acct_mgmt(a->handle,PAM_SILENT);
		if(ret!=PAM_SUCCESS)
		{
			g_debug("user %s acct mgmt fail with %d\n",user,ret);
			return AUTH_FAIL;
		}
	}
out:
	passwd_copy(&a->pw,pw);
	return AUTH_SUCCESS;
}
开发者ID:carlodoro88,项目名称:lxdm,代码行数:51,代码来源:pam.c

示例9: pam_authenticate_with_login_password

static authn_status pam_authenticate_with_login_password(request_rec * r, const char * pam_service,
	const char * login, const char * password, int steps) {
	pam_handle_t * pamh = NULL;
	struct pam_conv pam_conversation = { &pam_authenticate_conv, (void *) password };
	const char * stage = "PAM transaction failed for service";
	const char * param = pam_service;
	int ret;
	ret = pam_start(pam_service, login, &pam_conversation, &pamh);
	if (ret == PAM_SUCCESS) {
		const char * remote_host_or_ip = ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL);
		if (remote_host_or_ip) {
			stage = "PAM pam_set_item PAM_RHOST failed for service";
			ret = pam_set_item(pamh, PAM_RHOST, remote_host_or_ip);
		}
	}
	if (ret == PAM_SUCCESS) {
		if (steps & _PAM_STEP_AUTH) {
			param = login;
			stage = "PAM authentication failed for user";
			ret = pam_authenticate(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK);
		}
		if ((ret == PAM_SUCCESS) && (steps & _PAM_STEP_ACCOUNT)) {
			param = login;
			stage = "PAM account validation failed for user";
			ret = pam_acct_mgmt(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK);
			if (ret == PAM_NEW_AUTHTOK_REQD) {
				authnz_pam_config_rec * conf = ap_get_module_config(r->per_dir_config, &authnz_pam_module);
				if (conf && conf->expired_redirect_url) {
					ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
						"mod_authnz_pam: PAM_NEW_AUTHTOK_REQD: redirect to [%s]",
						conf->expired_redirect_url);
					apr_table_addn(r->headers_out, "Location", format_location(r, conf->expired_redirect_url, login));
					return HTTP_TEMPORARY_REDIRECT;
				}
			}
		}
	}
	if (ret != PAM_SUCCESS) {
		const char * strerr = pam_strerror(pamh, ret);
		ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "mod_authnz_pam: %s %s: %s", stage, param, strerr);
		apr_table_setn(r->subprocess_env, _EXTERNAL_AUTH_ERROR_ENV_NAME, apr_pstrdup(r->pool, strerr));
		pam_end(pamh, ret);
		return AUTH_DENIED;
	}
	apr_table_setn(r->subprocess_env, _REMOTE_USER_ENV_NAME, login);
	r->user = apr_pstrdup(r->pool, login);
	ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, r->server, "mod_authnz_pam: PAM authentication passed for user %s", login);
	pam_end(pamh, ret);
	return AUTH_GRANTED;
}
开发者ID:zetan503,项目名称:mod_authnz_pam,代码行数:50,代码来源:mod_authnz_pam.c

示例10: pam_pass

/* cjd 19980706
 *
 * for most flexibility, passing a pamauth type to this function
 * allows you to have multiple authentication types (i.e. multiple
 * files associated with radius in /etc/pam.d)
 */
static int pam_pass(char const *name, char const *passwd, char const *pamauth)
{
    pam_handle_t *pamh=NULL;
    int retval;
    my_PAM pam_config;
    struct pam_conv conv;

    /*
     *  Initialize the structures.
     */
    conv.conv = PAM_conv;
    conv.appdata_ptr = &pam_config;
    pam_config.username = name;
    pam_config.password = passwd;
    pam_config.error = 0;

    DEBUG("pam_pass: using pamauth string <%s> for pam.conf lookup", pamauth);
    retval = pam_start(pamauth, name, &conv, &pamh);
    if (retval != PAM_SUCCESS) {
      DEBUG("pam_pass: function pam_start FAILED for <%s>. Reason: %s",
	    name, pam_strerror(pamh, retval));
      return -1;
    }

    retval = pam_authenticate(pamh, 0);
    if (retval != PAM_SUCCESS) {
      DEBUG("pam_pass: function pam_authenticate FAILED for <%s>. Reason: %s",
	    name, pam_strerror(pamh, retval));
      pam_end(pamh, retval);
      return -1;
    }

    /*
     * FreeBSD 3.x doesn't have account and session management
     * functions in PAM, while 4.0 does.
     */
#if !defined(__FreeBSD_version) || (__FreeBSD_version >= 400000)
    retval = pam_acct_mgmt(pamh, 0);
    if (retval != PAM_SUCCESS) {
      DEBUG("pam_pass: function pam_acct_mgmt FAILED for <%s>. Reason: %s",
	    name, pam_strerror(pamh, retval));
      pam_end(pamh, retval);
      return -1;
    }
#endif

    DEBUG("pam_pass: authentication succeeded for <%s>", name);
    pam_end(pamh, retval);
    return 0;
}
开发者ID:jons-rt-dev,项目名称:freeradius-server,代码行数:56,代码来源:rlm_pam.c

示例11: pam_start

bool XProcess::pam_checkPW(){
 //Requires internal "xuser" and "xpwd" variables to be set
	
//Convert the inputs to C character arrays for use in PAM
  QByteArray tmp = xuser.toUtf8();
  char* cUser = tmp.data();
  QByteArray tmp2 = xpwd.toUtf8();
  char* cPassword = tmp2.data();
  //initialize variables
  bool result = false;
  int ret;
  //Initialize PAM
  //qDebug() << "Starting PAM:" << xuser << tmp << xpwd << tmp2;
  if(xuser=="root"){ ret = pam_start("system", cUser, &pamc, &pamh); }
  else{ ret = pam_start("login", cUser, &pamc, &pamh); }
  if( ret == PAM_SUCCESS ){
    pam_started = true; //flag that pam is started
    //Place the user-supplied password into the structure 
    ret = pam_set_item(pamh, PAM_AUTHTOK, cPassword);
    if(ret != PAM_SUCCESS){ pam_logFailure(ret); return false; }
    //Set the TTY 
    //ret = pam_set_item(pamh, PAM_TTY, "pcdm-terminal");
    //Authenticate with PAM
    ret = pam_authenticate(pamh,0);
    if( ret == PAM_SUCCESS ){
      //Check for valid, unexpired account and verify access restrictions
      ret = pam_acct_mgmt(pamh,0);
      if( ret == PAM_SUCCESS ){ result = true; }
      else{ pam_logFailure(ret); }
    
    }else{
      pam_logFailure(ret);
    }
  }else{ qCritical() << "Could not start PAM"; }
  //return verification result
  return result;	
}
开发者ID:trueos,项目名称:pcdm,代码行数:37,代码来源:pcdm-xprocess.cpp

示例12: cockpit_auth_pam_verify_password

static gboolean
cockpit_auth_pam_verify_password (CockpitAuth *auth,
                                  const gchar *user,
                                  const gchar *password,
                                  GError **error)
{
  pam_handle_t *pamh = NULL;
  int pam_status = 0;
  const char *pam_user;
  gboolean ret = FALSE;
  struct pam_conv_data data;
  struct pam_conv conv;

  data.inputs[0] = (char *)password;
  data.inputs[1] = NULL;
  data.current_input = 0;
  conv.conv = pam_conv_func;
  conv.appdata_ptr = (void *)&data;

  pam_status = pam_start ("cockpit", user, &conv, &pamh);
  if (pam_status == PAM_SUCCESS)
    pam_status = pam_authenticate (pamh, 0);

  if (pam_status == PAM_SUCCESS)
    pam_status = pam_get_item (pamh, PAM_USER, (const void **)&pam_user);

  if (pam_status == PAM_AUTH_ERR || pam_status == PAM_USER_UNKNOWN)
    {
      g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED,
                   "Authentication failed");
      ret = FALSE;
      goto out;
    }

  if (pam_status != PAM_SUCCESS)
    {
      g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
                   "%s", pam_strerror (pamh, pam_status));
      ret = FALSE;
      goto out;
    }

  ret = TRUE;

out:
  if (pamh)
    pam_end (pamh, pam_status);
  return ret;
}
开发者ID:magcius,项目名称:cockpit,代码行数:49,代码来源:cockpitauth.c

示例13: pm_do_auth

static void
pm_do_auth(adt_session_data_t *ah)
{
	pam_handle_t	*pm_pamh;
	int		err;
	int		pam_flag = 0;
	int		chpasswd_tries;
	struct pam_conv pam_conv = {pam_tty_conv, NULL};

	if (user[0] == '\0')
		return;

	if ((err = pam_start("sys-suspend", user, &pam_conv,
	    &pm_pamh)) != PAM_SUCCESS)
		return;

	pam_flag = PAM_DISALLOW_NULL_AUTHTOK;

	do {
		err = pam_authenticate(pm_pamh, pam_flag);

		if (err == PAM_SUCCESS) {
			err = pam_acct_mgmt(pm_pamh, pam_flag);

			if (err == PAM_NEW_AUTHTOK_REQD) {
				chpasswd_tries = 0;

				do {
					err = pam_chauthtok(pm_pamh,
					    PAM_CHANGE_EXPIRED_AUTHTOK);
					chpasswd_tries++;

				} while ((err == PAM_AUTHTOK_ERR ||
				    err == PAM_TRY_AGAIN) &&
				    chpasswd_tries < DEF_ATTEMPTS);
				pm_audit_event(ah, ADT_passwd, err);
			}
			err = pam_setcred(pm_pamh, PAM_REFRESH_CRED);
		}
		if (err != PAM_SUCCESS) {
			(void) fprintf(stdout, "%s\n",
			    pam_strerror(pm_pamh, err));
			pm_audit_event(ah, ADT_screenunlock, err);
		}
	} while (err != PAM_SUCCESS);
	pm_audit_event(ah, ADT_passwd, 0);

	(void) pam_end(pm_pamh, err);
}
开发者ID:FilipinOTech,项目名称:illumos-gate,代码行数:49,代码来源:sys-suspend.c

示例14: pam_check_passwd

static bool pam_check_passwd(struct pam_auth_request *request)
{
	pam_handle_t *hpam;
	char raddr[PGADDR_BUF];
	int rc;

	struct pam_conv pam_conv = {
		.conv = pam_conversation,
		.appdata_ptr = request
	};

	rc = pam_start(PGBOUNCER_PAM_SERVICE, request->username, &pam_conv, &hpam);
	if (rc != PAM_SUCCESS) {
		log_warning("pam_start() failed: %s", pam_strerror(NULL, rc));
		return false;
	}

	/* Set rhost too in case if some PAM modules want to take it into account (and for logging too) */
	pga_ntop(&request->remote_addr, raddr, sizeof(raddr));
	rc = pam_set_item(hpam, PAM_RHOST, raddr);
	if (rc != PAM_SUCCESS) {
		log_warning("pam_set_item(): can't set PAM_RHOST to '%s'", raddr);
		pam_end(hpam, rc);
		return false;
	}

	/* Here the authentication is performed */
	rc = pam_authenticate(hpam, PAM_SILENT);
	if (rc != PAM_SUCCESS) {
		log_warning("pam_authenticate() failed: %s", pam_strerror(hpam, rc));
		pam_end(hpam, rc);
		return false;
	}

	/* And here we check that the account is not expired, verifies access hours, etc */
	rc = pam_acct_mgmt(hpam, PAM_SILENT);
	if (rc != PAM_SUCCESS) {
		log_warning("pam_acct_mgmt() failed: %s", pam_strerror(hpam, rc));
		pam_end(hpam, rc);
		return false;
	}

	rc = pam_end(hpam, rc);
	if (rc != PAM_SUCCESS) {
		log_warning("pam_end() failed: %s", pam_strerror(hpam, rc));
	}

	return true;
}
开发者ID:davidfetter,项目名称:pgbouncer,代码行数:49,代码来源:pam.c

示例15: pam_begin_session

int pam_begin_session(const char* username, int fd)
{
  int rv, i;
  if (!pam_h &&
      (rv = pam_start(PAM_APPL_NAME, username, &conv, &pam_h)) != PAM_SUCCESS)
    fatal("pam_start() failure: %d", rv);
#ifdef SUN_PAM_TTY_BUG
  if ((rv = pam_set_item(pam_h, PAM_TTY, "/dev/nld")) != PAM_SUCCESS)
    fatal("pam_set_item(PAM_TTY,/dev/nld");
#endif

  conv_reject_prompts = 1;
  pam_conv_fd = fd;

  /* On Solaris and HP-UX, the docs say we can't call setcred first, and the
   * modules actually enforce that. LinuxPAM says we must call setcred first,
   * and that's preferable, so we do it in all other cases. */
#ifdef SUN_PAM
  int setcred_first = 0;
#else
  int setcred_first = 1;
#endif

  for (i = 0; i < 2; ++i) {
    if (i != setcred_first) {
      if ((rv = pam_setcred(pam_h, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
        debug("pam_setcred(PAM_ESTABLISH_CRED): %s", pam_strerror(pam_h, rv));
        if (authenticated) {
          pam_conv_fd = -1;
          return -1;
        }
      } else {
        setcred = 1;
      }
    } else {
      if ((rv = pam_open_session(pam_h, 0)) != PAM_SUCCESS) {
        debug("pam_open_session(): %s", pam_strerror(pam_h, rv));
        if (authenticated) {
          pam_conv_fd = -1;
          return -1;
        }
      } else {
        opened_session = 1;
      }
    }
  }
  pam_conv_fd = -1;
  return 0;
}
开发者ID:NWilson,项目名称:netlogind,代码行数:49,代码来源:pam.c


注:本文中的pam_start函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。