Reputation: 31
I am trying to use PAM for authentication:
// gcc [file] -lstdc++ -lpam -lpam_misc
#include <iostream>
#include <security/pam_appl.h>
#include <security/pam_misc.h>
int main()
{
const char * username = "********";
const char * password = "********";
const char * data[] = {username, password};
struct pam_conv pconv = {misc_conv, data};
struct pam_handle *phandle = NULL;
int result;
result = pam_start("display_manager", username, &pconv, &phandle);
std::cout << "pam_start: " << pam_strerror(phandle, result) << "\n";
result = pam_authenticate(phandle, 0);
std::cout << "pam_authenticate: " << pam_strerror(phandle, result) << "\n";
}
However it fails with no helpful error message (it just says "Authentication failed") despite me providing the right password.
Here is my journalctl (i replaced username and host name with ********):
Oct 08 19:50:26 ******** main[42928]: pam_warn(display_manager:auth): function=[pam_sm_authenticate] flags=0 service=[display_manager] terminal=[<unknown>] user=[********] ruser=[<unknown>] rhost=[<unknown>]
Oct 08 19:50:26 ******** main[42928]: PAM pam_close_session: NULL pam handle passed
Oct 08 19:50:26 ******** main[42928]: PAM pam_setcred: NULL pam handle passed
Oct 08 19:50:26 ******** main[42928]: PAM pam_end: NULL pam handle passed
Upvotes: 0
Views: 584
Reputation: 61
You are not writing the authorization module correctly! The password is checked in the pam_sm_authenticate function and in it you must implement the verification of your password. If it is correct, then return " PAM_SUCCESS" or "PAM_AUTH_ERR".
There cannot be a "main" function in your program. This is not an executable file, but a module. I suggest you look at my written module and how it is compiled. https://github.com/oditynet/2fact-telegram
For example logical from my project:
pin= converse(pamh, PAM_PROMPT_ECHO_OFF, "Please enter the PIN: ");
if (atoi(pin) == 12345)
{
return PAM_SUCCESS;
}
return PAM_AUTH_ERR ;
Upvotes: 0