How does your conversation function return PAM_SUCCESS? Cheers Andrew Dimitri Priimak wrote: > > Only one message in /var/log/messages, here it is > Sep 10 21:57:36 kez PAM_pwdb[914]: auth could not identify password for [dummy] > > I do have this user and a passwd is 'dummypass', and I can became user > 'dummy' through '% su - dummy' using above mentioned password. > > On Sun, 10 Sep 2000, Andrew Morgan wrote: > > > Dimitri Priimak wrote: > > > > > > What do you mean by dlopen errors? > > > > I guess I was reading your subject line... > > > > Does /var/log/messages have anything to say about your problem? > > > > Cheers > > > > Andrew > > > > > I added line > > > printf("dlopen : %s\n", dlerror()); > > > right after calling pam_authenticate(pamh, 0); > > > output is 'dlopen : (null)' > > > Do you want to see output of strace, everything looks fine there. > > > > > > BTW, originally I used strdup() but removed it lately, may be > > > thoughtlessly, anyway this program never gave me segfault, while > > > I guess you are right that strdup() should be used, thus I put > > > strdup back in a form '(char *)strdup("dummmy")', of course I get > > > the same result, as I described below. > > > > > > On Sun, 10 Sep 2000, Andrew Morgan wrote: > > > > > > > What are the dlopen errors? > > > > > > > > BTW. I would expect this program to segfault. You need to strdup() your > > > > "dummy" and "dummypass" to avoid this. (The module will try to free() > > > > these conversation responses.) > > > > > > > > Cheers > > > > > > > > Andrew > > > > > > > > Dimitri Priimak wrote: > > > > > > > > > > Hi. > > > > > > > > > > I am trying to authenicate my user using pam (,pam-0.72-20) on RedHat > > > > > 6.2 and I did many things but nothing works and get error message which > > > > > correspond to dlopen failure. So, below I wrote simple program which is > > > > > trying to authenicate user 'dummy' with pussword 'dummypass'. > > > > > Can somebody tell me what I am doing wrong? > > > > > > > > > > /**** > > > > > * file pam_test.c > > > > > ****/ > > > > > #include <unistd.h> > > > > > #include <stdlib.h> > > > > > #include <stdio.h> > > > > > #include <security/pam_appl.h> > > > > > > > > > > #define PAM_CHECK_ERROR if( pam_result != PAM_SUCCESS ){ \ > > > > > pam_end(pamh, 0); \ > > > > > exit(-1); \ > > > > > } > > > > > > > > > > static int pam_convf(int num_msg, const struct pam_message **msg, > > > > > struct pam_response **resp, void *appdata_ptr); > > > > > > > > > > static struct pam_conv pam_conversation = > > > > > { > > > > > &pam_convf, > > > > > NULL > > > > > }; > > > > > > > > > > int pam_result; > > > > > pam_handle_t *pamh; > > > > > > > > > > int main(int argc, char *argv){ > > > > > /* init pam, using xlock service */ > > > > > pam_result = pam_start("xlock", "priimak", &pam_conversation, &pamh); > > > > > printf("pam_start : %s\n", pam_strerror(pamh, pam_result)); > > > > > PAM_CHECK_ERROR; > > > > > pam_result = pam_set_item(pamh, PAM_USER, "dummy"); > > > > > printf("pam_set_item : %s\n", pam_strerror(pamh, pam_result)); > > > > > PAM_CHECK_ERROR; > > > > > /* try to authenticate */ > > > > > pam_result = pam_authenticate(pamh, 0); > > > > > printf("pam_authenticate : %s\n", pam_strerror(pamh, pam_result)); > > > > > PAM_CHECK_ERROR; > > > > > > > > > > pam_end(pamh, 0); > > > > > exit(0); > > > > > } > > > > > > > > > > static int pam_convf(int num_msg, const struct pam_message **msg, > > > > > struct pam_response **resp, void > > > > > > > > > > *appdata_ptr){ > > > > > struct pam_response *reply = NULL; > > > > > int replies; > > > > > > > > > > reply = (struct pam_response *) malloc(sizeof (struct pam_response) * > > > > > num_msg); > > > > > > > > > > for( replies = 0; replies < num_msg; replies++ ){ > > > > > switch (msg[replies]->msg_style) { > > > > > case PAM_PROMPT_ECHO_ON : > > > > > printf("PAM_PROMPT_ECHO_ON\n"); > > > > > reply[replies].resp_retcode = PAM_SUCCESS; > > > > > reply[replies].resp = "dummy"; > > > > > break; > > > > > > > > > > case PAM_PROMPT_ECHO_OFF : > > > > > printf("PAM_PROMPT_ECHO_OFF\n"); > > > > > reply[replies].resp_retcode = PAM_SUCCESS; > > > > > reply[replies].resp = "dummypass"; > > > > > break; > > > > > > > > > > case PAM_TEXT_INFO : > > > > > printf("PAM_TEXT_INFO\n"); > > > > > reply[replies].resp_retcode = PAM_SUCCESS; > > > > > reply[replies].resp = NULL; > > > > > break; > > > > > > > > > > case PAM_ERROR_MSG : > > > > > printf("PAM_ERROR_MSG\n"); > > > > > reply[replies].resp_retcode = PAM_SUCCESS; > > > > > reply[replies].resp = NULL; > > > > > break; > > > > > > > > > > default: > > > > > (void) free((void *) reply); > > > > > return PAM_CONV_ERR; > > > > > > > > > > } > > > > > } > > > > > } > > > > > > > > > > ********* > > > > > I compile it like this > > > > > % gcc -lc -lpam -ldl pam_test.c -o pam_tes > > > > > > > > > > Fianally when I run it I get following output: > > > > > % ./pam_test > > > > > pam_start : Success > > > > > PAM_PROMPT_ECHO_OFF > > > > > pam_authenticate : dlopen() failure > > > > > % > > > > > > > > > > When I look into /var/log/message I see > > > > > % cat /var/log/messages | grep -i pam > > > > > ... > > > > > Sep 9 23:07:48 kez PAM_pwdb[5843]: auth could not identify password for > > > > > [dummy] > > > > > > > > > > Note that I am using 'xlock' service and here it is > > > > > % cat /etc/pam.d/xlock > > > > > #%PAM-1.0 > > > > > auth required /lib/security/pam_pwdb.so shadow nullok > > > > > % > > > > > > > > > > I do have this file /lib/security/pam_pwdb.so and I checkd with strace > > > > > it actally opens it > > > > > as well as other libs. I also run xlock with strace and so that xlock > > > > > using service 'xlock' > > > > > Any ideas what is wrong? > > > > > > > > > > Thanks in advance. > > > > > Dmitri Priimak. > > > > > > > > > > _______________________________________________ > > > > > > > > > > Pam-list@redhat.com > > > > > https://listman.redhat.com/mailman/listinfo/pam-list > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > Pam-list@redhat.com > > > > https://listman.redhat.com/mailman/listinfo/pam-list > > > > > > > > > > _______________________________________________ > > > > > > Pam-list@redhat.com > > > https://listman.redhat.com/mailman/listinfo/pam-list > > > > > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list