June 2003
Intermediate to advanced
336 pages
8h 54m
English
Content preview from Linux Security CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
4.1. Creating a PAM-Aware Application
Problem
You want to write a program that uses PAM for authentication.
Solution
Select (or create) a PAM configuration in
/etc/pam.d. Then use the PAM API to perform
authentication with respect to that configuration. For example, the
following application uses the
su
configuration, which means every user but
root must supply his login password:
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <pwd.h>
#include <sys/types.h>
#include <stdio.h>
#define MY_CONFIG "su"
static struct pam_conv conv = { misc_conv, NULL };
main( )
{
pam_handle_t *pamh;
int result;
struct passwd *pw;
if ((pw = getpwuid(getuid( ))) == NULL)
perror("getpwuid");
else if ((result = pam_start(MY_CONFIG, pw->pw_name, &conv, &pamh)) != PAM_SUCCESS)
fprintf(stderr, "start failed: %d\n", result);
else if ((result = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
fprintf(stderr, "authenticate failed: %d\n", result);
else if ((result = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS)
fprintf(stderr, "acct_mgmt failed: %d\n", result);
else if ((result = pam_end(pamh, result)) != PAM_SUCCESS)
fprintf(stderr, "end failed: %d\n", result);
else
Run_My_Big_Application( ); /* Run your application code */
}Compile the program, linking with libraries libpam and libpam_misc:
$ gcc myprogram.c -lpam -lpam_misc
Discussion
The PAM libraries include functions to start PAM and check authentication credentials. Notice how the details of authentication are completely hidden from the application: ...