Re: Pam-list Digest, Vol 37, Issue 8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

pam-list-request@xxxxxxxxxx wrote:

Hello,
I'm writing a new module for Python to support PAM authorization, it
is written in C.

What I currently do is what the misc_conv function does; I provide a
password when it prompts for a message with pam_message.msg_style set
to PAM_PROMPT_ECHO_OFF and a username when it prompts for
PAM_PROMPT_ECHO_ON (which it doesn't ask for; I initialize the pam
handle with a username already.)

This is my conversation function: http://rafb.net/p/sOjqmC47.html
I have tripple verified that userinfo is available and contains proper
data. The function does reach the end.

When I do pam_authenticate(), I receive the error "Authentication
error" and the syslog just says the regular thing when a password is
incorrect.


To Ludvic Ericson:

Looking at your conversion function i found you set the global return code for the conversation
function itself but forget to set the return code for each message. Here is a snippet of a working
conversation function:

switch (msgv[i]->msg_style) {
            case PAM_PROMPT_ECHO_ON: // Echo on; Username
                rsp[i].resp = strdup(userinfo->username);
		rsp[i].resp_retcode = PAM_SUCCESS;
                break;
            case PAM_PROMPT_ECHO_OFF: // Echo off; Password
                rsp[i].resp = strdup(userinfo->password);
		rsp[i].resp_retcode = PAM_SUCCESS;
                break;
I guess, if you had used 'calloc' instead of 'malloc' to create the
response structure, this missing link would have never shown up, because
PAM_SUCCESS == 0 ! So, be happy you found it.

Good Luck!
Andreas
-- 
Dr.-Ing. Andreas Schindler
 
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
 
Telefon 06103-57187-21
Telefax 06103-373245
 
schindler@xxxxxx
www.az1.de

Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund
HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle 

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux