Hi.
I am trying to authenicate my user using pam (,pam-0.72-20) on RedHat
6.2 and I did many things but nothing works and get error message which
correspond to dlopen failure. So, below I wrote simple program which is
trying to authenicate user 'dummy' with pussword 'dummypass'.
Can somebody tell me what I am doing wrong?
/****
* file pam_test.c
****/
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <security/pam_appl.h>
#define PAM_CHECK_ERROR if( pam_result != PAM_SUCCESS ){ \
pam_end(pamh, 0); \
exit(-1); \
}
static int pam_convf(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
static struct pam_conv pam_conversation =
{
&pam_convf,
NULL
};
int pam_result;
pam_handle_t *pamh;
int main(int argc, char *argv){
/* init pam, using xlock service */
pam_result = pam_start("xlock", "priimak", &pam_conversation, &pamh);
printf("pam_start : %s\n", pam_strerror(pamh, pam_result));
PAM_CHECK_ERROR;
pam_result = pam_set_item(pamh, PAM_USER, "dummy");
printf("pam_set_item : %s\n", pam_strerror(pamh, pam_result));
PAM_CHECK_ERROR;
/* try to authenticate */
pam_result = pam_authenticate(pamh, 0);
printf("pam_authenticate : %s\n", pam_strerror(pamh, pam_result));
PAM_CHECK_ERROR;
pam_end(pamh, 0);
exit(0);
}
static int pam_convf(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void
*appdata_ptr){
struct pam_response *reply = NULL;
int replies;
reply = (struct pam_response *) malloc(sizeof (struct pam_response) *
num_msg);
for( replies = 0; replies < num_msg; replies++ ){
switch (msg[replies]->msg_style) {
case PAM_PROMPT_ECHO_ON :
printf("PAM_PROMPT_ECHO_ON\n");
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = "dummy";
break;
case PAM_PROMPT_ECHO_OFF :
printf("PAM_PROMPT_ECHO_OFF\n");
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = "dummypass";
break;
case PAM_TEXT_INFO :
printf("PAM_TEXT_INFO\n");
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
case PAM_ERROR_MSG :
printf("PAM_ERROR_MSG\n");
reply[replies].resp_retcode = PAM_SUCCESS;
reply[replies].resp = NULL;
break;
default:
(void) free((void *) reply);
return PAM_CONV_ERR;
}
}
}
*********
I compile it like this
% gcc -lc -lpam -ldl pam_test.c -o pam_tes
Fianally when I run it I get following output:
% ./pam_test
pam_start : Success
PAM_PROMPT_ECHO_OFF
pam_authenticate : dlopen() failure
%
When I look into /var/log/message I see
% cat /var/log/messages | grep -i pam
...
Sep 9 23:07:48 kez PAM_pwdb[5843]: auth could not identify password for
[dummy]
Note that I am using 'xlock' service and here it is
% cat /etc/pam.d/xlock
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nullok
%
I do have this file /lib/security/pam_pwdb.so and I checkd with strace
it actally opens it
as well as other libs. I also run xlock with strace and so that xlock
using service 'xlock'
Any ideas what is wrong?
Thanks in advance.
Dmitri Priimak.
