本文整理汇总了C++中pam_start函数的典型用法代码示例。如果您正苦于以下问题:C++ pam_start函数的具体用法?C++ pam_start怎么用?C++ pam_start使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了pam_start函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: pam_setup
int
pam_setup (char *user, char *host)
{
/*
* Any application using PAM must provide a conversion function, which
* is used for direct communication between a loaded module and the
* application. In this case, SLURM does need a communication mechanism,
* so the default (or null) conversation function may be used.
*/
struct pam_conv conv = {misc_conv, NULL};
int rc = 0;
if (!conf->use_pam)
return SLURM_SUCCESS;
/*
* SLURM uses PAM to obtain resource limits established by the system
* administrator. PAM's session management library is responsible for
* handling resource limits. When a PAM session is opened on behalf of
* a user, the limits imposed by the sys admin are picked up. Opening
* a PAM session requires a PAM handle, which is obtained when the PAM
* interface is intialized. (PAM handles are required with essentially
* all PAM calls.) It's also necessary to have the users PAM credentials
* to open a user session.
*/
if ((rc = pam_start (SLURM_SERVICE_PAM, user, &conv, &pam_h))
!= PAM_SUCCESS) {
error ("pam_start: %s", pam_strerror(pam_h, rc));
return SLURM_ERROR;
} else if ((rc = pam_set_item (pam_h, PAM_USER, user))
!= PAM_SUCCESS) {
error ("pam_set_item USER: %s", pam_strerror(pam_h, rc));
return SLURM_ERROR;
} else if ((rc = pam_set_item (pam_h, PAM_RUSER, user))
!= PAM_SUCCESS) {
error ("pam_set_item RUSER: %s", pam_strerror(pam_h, rc));
return SLURM_ERROR;
} else if ((rc = pam_set_item (pam_h, PAM_RHOST, host))
!= PAM_SUCCESS) {
error ("pam_set_item HOST: %s", pam_strerror(pam_h, rc));
return SLURM_ERROR;
} else if ((rc = pam_setcred (pam_h, PAM_ESTABLISH_CRED))
!= PAM_SUCCESS) {
error ("pam_setcred: %s", pam_strerror(pam_h, rc));
return SLURM_ERROR;
} else if ((rc = pam_open_session (pam_h, 0)) != PAM_SUCCESS) {
error("pam_open_session: %s", pam_strerror(pam_h, rc));
return SLURM_ERROR;
}
return SLURM_SUCCESS;
}示例2: x11_shadow_pam_authenticate
int x11_shadow_pam_authenticate(x11ShadowSubsystem* subsystem, const char* user, const char* domain, const char* password)
{
int pam_status;
SHADOW_PAM_AUTH_INFO* info;
info = calloc(1, sizeof(SHADOW_PAM_AUTH_INFO));
if (!info)
return PAM_CONV_ERR;
if (x11_shadow_pam_get_service_name(info) < 0)
return -1;
info->appdata.user = user;
info->appdata.domain = domain;
info->appdata.password = password;
info->pamc.conv = &x11_shadow_pam_conv;
info->pamc.appdata_ptr = &(info->appdata);
pam_status = pam_start(info->service_name, 0, &(info->pamc), &(info->handle));
if (pam_status != PAM_SUCCESS)
{
WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info->handle, pam_status));
free(info);
return -1;
}
pam_status = pam_authenticate(info->handle, 0);
if (pam_status != PAM_SUCCESS)
{
WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info->handle, pam_status));
free(info);
return -1;
}
pam_status = pam_acct_mgmt(info->handle, 0);
if (pam_status != PAM_SUCCESS)
{
WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info->handle, pam_status));
free(info);
return -1;
}
free(info);
return 1;
}示例3: httpPamVerifyUser
bool httpPamVerifyUser(HttpConn *conn)
{
MprBuf *abilities;
pam_handle_t *pamh;
UserInfo info;
struct pam_conv conv = { pamChat, &info };
struct group *gp;
int res, i;
mprAssert(conn->username);
mprAssert(conn->password);
mprAssert(!conn->encoded);
info.name = (char*) conn->username;
info.password = (char*) conn->password;
pamh = NULL;
if ((res = pam_start("login", info.name, &conv, &pamh)) != PAM_SUCCESS) {
return 0;
}
if ((res = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
pam_end(pamh, PAM_SUCCESS);
mprLog(5, "httpPamVerifyUser failed to verify %s", conn->username);
return 0;
}
pam_end(pamh, PAM_SUCCESS);
mprLog(5, "httpPamVerifyUser verified %s", conn->username);
if (!conn->user) {
conn->user = mprLookupKey(conn->rx->route->auth->users, conn->username);
}
if (!conn->user) {
Gid groups[32];
int ngroups;
/*
Create a temporary user with a abilities set to the groups
*/
ngroups = sizeof(groups) / sizeof(Gid);
if ((i = getgrouplist(conn->username, 99999, groups, &ngroups)) >= 0) {
abilities = mprCreateBuf(0, 0);
for (i = 0; i < ngroups; i++) {
if ((gp = getgrgid(groups[i])) != 0) {
mprPutFmtToBuf(abilities, "%s ", gp->gr_name);
}
}
mprAddNullToBuf(abilities);
mprLog(5, "Create temp user \"%s\" with abilities: %s", conn->username, mprGetBufStart(abilities));
conn->user = httpCreateUser(conn->rx->route->auth, conn->username, 0, mprGetBufStart(abilities));
}
}
return 1;
}示例4: freerds_authenticate
long freerds_authenticate(char* username, char* password, int* errorcode)
{
int error;
char service_name[256];
struct t_auth_info* auth_info;
get_service_name(service_name);
auth_info = malloc(sizeof(struct t_auth_info));
ZeroMemory(auth_info, sizeof(struct t_auth_info));
strcpy(auth_info->user_pass.user, username);
strcpy(auth_info->user_pass.pass, password);
auth_info->pamc.conv = &verify_pam_conv;
auth_info->pamc.appdata_ptr = &(auth_info->user_pass);
error = pam_start(service_name, 0, &(auth_info->pamc), &(auth_info->ph));
if (error != PAM_SUCCESS)
{
if (errorcode != NULL)
*errorcode = error;
printf("pam_start failed: %s\n", pam_strerror(auth_info->ph, error));
free(auth_info);
return 0;
}
error = pam_authenticate(auth_info->ph, 0);
if (error != PAM_SUCCESS)
{
if (errorcode != NULL)
*errorcode = error;
printf("pam_authenticate failed: %s\n", pam_strerror(auth_info->ph, error));
free(auth_info);
return 0;
}
error = pam_acct_mgmt(auth_info->ph, 0);
if (error != PAM_SUCCESS)
{
if (errorcode != NULL)
*errorcode = error;
printf("pam_acct_mgmt failed: %s\n", pam_strerror(auth_info->ph, error));
free(auth_info);
return 0;
}
return (long) auth_info;
}示例5: sshpam_init
static int
sshpam_init(Authctxt *authctxt)
{
extern char *__progname;
const char *pam_rhost, *pam_user, *user = authctxt->user;
const char **ptr_pam_user = &pam_user;
struct ssh *ssh = active_state; /* XXX */
if (sshpam_handle != NULL) {
/* We already have a PAM context; check if the user matches */
sshpam_err = pam_get_item(sshpam_handle,
PAM_USER, (sshpam_const void **)ptr_pam_user);
if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
return (0);
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
}
debug("PAM: initializing for \"%s\"", user);
sshpam_err =
pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
sshpam_authctxt = authctxt;
if (sshpam_err != PAM_SUCCESS) {
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
return (-1);
}
pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
if (sshpam_err != PAM_SUCCESS) {
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
return (-1);
}
#ifdef PAM_TTY_KLUDGE
/*
* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
* sshd doesn't set the tty until too late in the auth process and
* may not even set one (for tty-less connections)
*/
debug("PAM: setting PAM_TTY to \"ssh\"");
sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
if (sshpam_err != PAM_SUCCESS) {
pam_end(sshpam_handle, sshpam_err);
sshpam_handle = NULL;
return (-1);
}
#endif
return (0);
}示例6: dialog
bool MainWindow::doAuthenticate() {
Authenticated = false;
LoginDialog dialog(this);
if (dialog.exec()) {
pcode = dialog.getPass();
static pam_handle_t *pamh;
struct pam_conv pamc = { converse, this };
char hostname[MAXHOSTNAMELEN];
char *ruser;
int retcode = 0;
char user[] = "root";
pam_start("su", user, &pamc, &pamh);
gethostname(hostname, sizeof(hostname));
if ((retcode = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) {
pcode = "";
dialog.clearPass();
qDebug() << "pam_set_item hostname failed. " << pam_strerror(pamh, retcode);
return false;
}
ruser = getlogin();
if ((retcode = pam_set_item(pamh, PAM_RUSER, ruser)) != PAM_SUCCESS) {
pcode = "";
dialog.clearPass();
qDebug() << "pam_set_item remote user failed. " << pam_strerror(pamh, retcode);
return false;
}
if ((retcode = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
pcode = "";
dialog.clearPass();
qDebug() << "pam_authenticate failed. " << pam_strerror(pamh, retcode);
return false;
}
Authenticated = true;
qDebug() << "Authenticated as root. ";
pcode = "";
dialog.clearPass();
return true;
}
qDebug() << "Not Authenticated as root.";
Authenticated = false;
return false;
}示例7: do_auth
static void do_auth(char *service, char*user, char*pwd, char* mode, int sid)
{
pam_handle_t *pamh=NULL;
int retval;
struct session *sessp;
conv.appdata_ptr = (void*)strdup(pwd);
retval = pam_start(service, user, &conv, &pamh);
if (retval != PAM_SUCCESS) {
werr(pamh, sid, retval, "start");
return;
}
pam_set_item(pamh, PAM_RUSER, user);
retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS) {
werr(pamh, sid, retval, "auth");
return;
}
if (mode[0] == 'A') {
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS) {
werr(pamh, sid, retval, "accounting");
return;
}
/*fprintf(stderr, "did ok acct \n\r");*/
}
if (mode[1] == 'S') {
retval = pam_open_session(pamh, 0);
if (retval != PAM_SUCCESS) {
werr(pamh, sid, retval, "session");
return;
}
/*fprintf(stderr, "did ok open sess \n\r"); */
}
if ((sessp = malloc(sizeof(struct session))) == NULL) {
werr(pamh, sid, -1, "malloc");
return;
}
if (mode[1] == 'S')
sessp->session_mode = 1;
else
sessp->session_mode = 0;
sessp->sid = sid;
sessp->pamh = pamh;
sessp->next = sessions;
sessions = sessp;
wok(sid);
}示例8: lxdm_auth_user_authenticate
int lxdm_auth_user_authenticate(LXDM_AUTH *a,const char *user,const char *pass,int type)
{
struct passwd *pw;
if(!user || !user[0])
{
g_debug("user==NULL\n");
return AUTH_ERROR;
}
pw = getpwnam(user);
endpwent();
if(!pw)
{
g_debug("user %s not found\n",user);
return AUTH_BAD_USER;
}
if(strstr(pw->pw_shell, "nologin"))
{
g_debug("user %s have nologin shell\n",user);
return AUTH_PRIV;
}
if(a->handle) pam_end(a->handle,0);
if(PAM_SUCCESS != pam_start("lxdm", pw->pw_name, &conv, (pam_handle_t**)&a->handle))
{
a->handle=NULL;
g_debug("user %s start pam fail\n",user);
return AUTH_FAIL;
}
else
{
int ret;
if(type==AUTH_TYPE_AUTO_LOGIN && !pass)
goto out;
user_pass[0]=(char*)user;user_pass[1]=(char*)pass;
ret=pam_authenticate(a->handle,PAM_SILENT);
user_pass[0]=0;user_pass[1]=0;
if(ret!=PAM_SUCCESS)
{
g_debug("user %s auth fail with %d\n",user,ret);
return AUTH_FAIL;
}
ret=pam_acct_mgmt(a->handle,PAM_SILENT);
if(ret!=PAM_SUCCESS)
{
g_debug("user %s acct mgmt fail with %d\n",user,ret);
return AUTH_FAIL;
}
}
out:
passwd_copy(&a->pw,pw);
return AUTH_SUCCESS;
}示例9: pam_authenticate_with_login_password
static authn_status pam_authenticate_with_login_password(request_rec * r, const char * pam_service,
const char * login, const char * password, int steps) {
pam_handle_t * pamh = NULL;
struct pam_conv pam_conversation = { &pam_authenticate_conv, (void *) password };
const char * stage = "PAM transaction failed for service";
const char * param = pam_service;
int ret;
ret = pam_start(pam_service, login, &pam_conversation, &pamh);
if (ret == PAM_SUCCESS) {
const char * remote_host_or_ip = ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME, NULL);
if (remote_host_or_ip) {
stage = "PAM pam_set_item PAM_RHOST failed for service";
ret = pam_set_item(pamh, PAM_RHOST, remote_host_or_ip);
}
}
if (ret == PAM_SUCCESS) {
if (steps & _PAM_STEP_AUTH) {
param = login;
stage = "PAM authentication failed for user";
ret = pam_authenticate(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK);
}
if ((ret == PAM_SUCCESS) && (steps & _PAM_STEP_ACCOUNT)) {
param = login;
stage = "PAM account validation failed for user";
ret = pam_acct_mgmt(pamh, PAM_SILENT | PAM_DISALLOW_NULL_AUTHTOK);
if (ret == PAM_NEW_AUTHTOK_REQD) {
authnz_pam_config_rec * conf = ap_get_module_config(r->per_dir_config, &authnz_pam_module);
if (conf && conf->expired_redirect_url) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"mod_authnz_pam: PAM_NEW_AUTHTOK_REQD: redirect to [%s]",
conf->expired_redirect_url);
apr_table_addn(r->headers_out, "Location", format_location(r, conf->expired_redirect_url, login));
return HTTP_TEMPORARY_REDIRECT;
}
}
}
}
if (ret != PAM_SUCCESS) {
const char * strerr = pam_strerror(pamh, ret);
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "mod_authnz_pam: %s %s: %s", stage, param, strerr);
apr_table_setn(r->subprocess_env, _EXTERNAL_AUTH_ERROR_ENV_NAME, apr_pstrdup(r->pool, strerr));
pam_end(pamh, ret);
return AUTH_DENIED;
}
apr_table_setn(r->subprocess_env, _REMOTE_USER_ENV_NAME, login);
r->user = apr_pstrdup(r->pool, login);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, r->server, "mod_authnz_pam: PAM authentication passed for user %s", login);
pam_end(pamh, ret);
return AUTH_GRANTED;
}示例10: pam_pass
/* cjd 19980706
*
* for most flexibility, passing a pamauth type to this function
* allows you to have multiple authentication types (i.e. multiple
* files associated with radius in /etc/pam.d)
*/
static int pam_pass(char const *name, char const *passwd, char const *pamauth)
{
pam_handle_t *pamh=NULL;
int retval;
my_PAM pam_config;
struct pam_conv conv;
/*
* Initialize the structures.
*/
conv.conv = PAM_conv;
conv.appdata_ptr = &pam_config;
pam_config.username = name;
pam_config.password = passwd;
pam_config.error = 0;
DEBUG("pam_pass: using pamauth string <%s> for pam.conf lookup", pamauth);
retval = pam_start(pamauth, name, &conv, &pamh);
if (retval != PAM_SUCCESS) {
DEBUG("pam_pass: function pam_start FAILED for <%s>. Reason: %s",
name, pam_strerror(pamh, retval));
return -1;
}
retval = pam_authenticate(pamh, 0);
if (retval != PAM_SUCCESS) {
DEBUG("pam_pass: function pam_authenticate FAILED for <%s>. Reason: %s",
name, pam_strerror(pamh, retval));
pam_end(pamh, retval);
return -1;
}
/*
* FreeBSD 3.x doesn't have account and session management
* functions in PAM, while 4.0 does.
*/
#if !defined(__FreeBSD_version) || (__FreeBSD_version >= 400000)
retval = pam_acct_mgmt(pamh, 0);
if (retval != PAM_SUCCESS) {
DEBUG("pam_pass: function pam_acct_mgmt FAILED for <%s>. Reason: %s",
name, pam_strerror(pamh, retval));
pam_end(pamh, retval);
return -1;
}
#endif
DEBUG("pam_pass: authentication succeeded for <%s>", name);
pam_end(pamh, retval);
return 0;
}示例11: pam_start
bool XProcess::pam_checkPW(){
//Requires internal "xuser" and "xpwd" variables to be set
//Convert the inputs to C character arrays for use in PAM
QByteArray tmp = xuser.toUtf8();
char* cUser = tmp.data();
QByteArray tmp2 = xpwd.toUtf8();
char* cPassword = tmp2.data();
//initialize variables
bool result = false;
int ret;
//Initialize PAM
//qDebug() << "Starting PAM:" << xuser << tmp << xpwd << tmp2;
if(xuser=="root"){ ret = pam_start("system", cUser, &pamc, &pamh); }
else{ ret = pam_start("login", cUser, &pamc, &pamh); }
if( ret == PAM_SUCCESS ){
pam_started = true; //flag that pam is started
//Place the user-supplied password into the structure
ret = pam_set_item(pamh, PAM_AUTHTOK, cPassword);
if(ret != PAM_SUCCESS){ pam_logFailure(ret); return false; }
//Set the TTY
//ret = pam_set_item(pamh, PAM_TTY, "pcdm-terminal");
//Authenticate with PAM
ret = pam_authenticate(pamh,0);
if( ret == PAM_SUCCESS ){
//Check for valid, unexpired account and verify access restrictions
ret = pam_acct_mgmt(pamh,0);
if( ret == PAM_SUCCESS ){ result = true; }
else{ pam_logFailure(ret); }
}else{
pam_logFailure(ret);
}
}else{ qCritical() << "Could not start PAM"; }
//return verification result
return result;
}示例12: cockpit_auth_pam_verify_password
static gboolean
cockpit_auth_pam_verify_password (CockpitAuth *auth,
const gchar *user,
const gchar *password,
GError **error)
{
pam_handle_t *pamh = NULL;
int pam_status = 0;
const char *pam_user;
gboolean ret = FALSE;
struct pam_conv_data data;
struct pam_conv conv;
data.inputs[0] = (char *)password;
data.inputs[1] = NULL;
data.current_input = 0;
conv.conv = pam_conv_func;
conv.appdata_ptr = (void *)&data;
pam_status = pam_start ("cockpit", user, &conv, &pamh);
if (pam_status == PAM_SUCCESS)
pam_status = pam_authenticate (pamh, 0);
if (pam_status == PAM_SUCCESS)
pam_status = pam_get_item (pamh, PAM_USER, (const void **)&pam_user);
if (pam_status == PAM_AUTH_ERR || pam_status == PAM_USER_UNKNOWN)
{
g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_AUTHENTICATION_FAILED,
"Authentication failed");
ret = FALSE;
goto out;
}
if (pam_status != PAM_SUCCESS)
{
g_set_error (error, COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"%s", pam_strerror (pamh, pam_status));
ret = FALSE;
goto out;
}
ret = TRUE;
out:
if (pamh)
pam_end (pamh, pam_status);
return ret;
}示例13: pm_do_auth
static void
pm_do_auth(adt_session_data_t *ah)
{
pam_handle_t *pm_pamh;
int err;
int pam_flag = 0;
int chpasswd_tries;
struct pam_conv pam_conv = {pam_tty_conv, NULL};
if (user[0] == '\0')
return;
if ((err = pam_start("sys-suspend", user, &pam_conv,
&pm_pamh)) != PAM_SUCCESS)
return;
pam_flag = PAM_DISALLOW_NULL_AUTHTOK;
do {
err = pam_authenticate(pm_pamh, pam_flag);
if (err == PAM_SUCCESS) {
err = pam_acct_mgmt(pm_pamh, pam_flag);
if (err == PAM_NEW_AUTHTOK_REQD) {
chpasswd_tries = 0;
do {
err = pam_chauthtok(pm_pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
chpasswd_tries++;
} while ((err == PAM_AUTHTOK_ERR ||
err == PAM_TRY_AGAIN) &&
chpasswd_tries < DEF_ATTEMPTS);
pm_audit_event(ah, ADT_passwd, err);
}
err = pam_setcred(pm_pamh, PAM_REFRESH_CRED);
}
if (err != PAM_SUCCESS) {
(void) fprintf(stdout, "%s\n",
pam_strerror(pm_pamh, err));
pm_audit_event(ah, ADT_screenunlock, err);
}
} while (err != PAM_SUCCESS);
pm_audit_event(ah, ADT_passwd, 0);
(void) pam_end(pm_pamh, err);
}示例14: pam_check_passwd
static bool pam_check_passwd(struct pam_auth_request *request)
{
pam_handle_t *hpam;
char raddr[PGADDR_BUF];
int rc;
struct pam_conv pam_conv = {
.conv = pam_conversation,
.appdata_ptr = request
};
rc = pam_start(PGBOUNCER_PAM_SERVICE, request->username, &pam_conv, &hpam);
if (rc != PAM_SUCCESS) {
log_warning("pam_start() failed: %s", pam_strerror(NULL, rc));
return false;
}
/* Set rhost too in case if some PAM modules want to take it into account (and for logging too) */
pga_ntop(&request->remote_addr, raddr, sizeof(raddr));
rc = pam_set_item(hpam, PAM_RHOST, raddr);
if (rc != PAM_SUCCESS) {
log_warning("pam_set_item(): can't set PAM_RHOST to '%s'", raddr);
pam_end(hpam, rc);
return false;
}
/* Here the authentication is performed */
rc = pam_authenticate(hpam, PAM_SILENT);
if (rc != PAM_SUCCESS) {
log_warning("pam_authenticate() failed: %s", pam_strerror(hpam, rc));
pam_end(hpam, rc);
return false;
}
/* And here we check that the account is not expired, verifies access hours, etc */
rc = pam_acct_mgmt(hpam, PAM_SILENT);
if (rc != PAM_SUCCESS) {
log_warning("pam_acct_mgmt() failed: %s", pam_strerror(hpam, rc));
pam_end(hpam, rc);
return false;
}
rc = pam_end(hpam, rc);
if (rc != PAM_SUCCESS) {
log_warning("pam_end() failed: %s", pam_strerror(hpam, rc));
}
return true;
}示例15: pam_begin_session
int pam_begin_session(const char* username, int fd)
{
int rv, i;
if (!pam_h &&
(rv = pam_start(PAM_APPL_NAME, username, &conv, &pam_h)) != PAM_SUCCESS)
fatal("pam_start() failure: %d", rv);
#ifdef SUN_PAM_TTY_BUG
if ((rv = pam_set_item(pam_h, PAM_TTY, "/dev/nld")) != PAM_SUCCESS)
fatal("pam_set_item(PAM_TTY,/dev/nld");
#endif
conv_reject_prompts = 1;
pam_conv_fd = fd;
/* On Solaris and HP-UX, the docs say we can't call setcred first, and the
* modules actually enforce that. LinuxPAM says we must call setcred first,
* and that's preferable, so we do it in all other cases. */
#ifdef SUN_PAM
int setcred_first = 0;
#else
int setcred_first = 1;
#endif
for (i = 0; i < 2; ++i) {
if (i != setcred_first) {
if ((rv = pam_setcred(pam_h, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) {
debug("pam_setcred(PAM_ESTABLISH_CRED): %s", pam_strerror(pam_h, rv));
if (authenticated) {
pam_conv_fd = -1;
return -1;
}
} else {
setcred = 1;
}
} else {
if ((rv = pam_open_session(pam_h, 0)) != PAM_SUCCESS) {
debug("pam_open_session(): %s", pam_strerror(pam_h, rv));
if (authenticated) {
pam_conv_fd = -1;
return -1;
}
} else {
opened_session = 1;
}
}
}
pam_conv_fd = -1;
return 0;
}