summaryrefslogtreecommitdiff
path: root/examples
diff options
context:
space:
mode:
Diffstat (limited to 'examples')
-rw-r--r--examples/.cvsignore3
-rw-r--r--examples/Makefile42
-rw-r--r--examples/blank.c182
-rw-r--r--examples/check_user.c71
-rw-r--r--examples/test.c105
-rw-r--r--examples/vpass.c47
-rw-r--r--examples/xsh.c148
7 files changed, 598 insertions, 0 deletions
diff --git a/examples/.cvsignore b/examples/.cvsignore
new file mode 100644
index 00000000..2769a41e
--- /dev/null
+++ b/examples/.cvsignore
@@ -0,0 +1,3 @@
+blank
+xsh
+check_user
diff --git a/examples/Makefile b/examples/Makefile
new file mode 100644
index 00000000..c6882473
--- /dev/null
+++ b/examples/Makefile
@@ -0,0 +1,42 @@
+#
+# $Id$
+#
+
+dummy:
+
+ @echo "*** This is not a top level Makefile!"
+
+PROGS = blank xsh check_user
+SRCS = blank.c xsh.c check_user.c
+
+# have removed the following pair since they no longer conform to
+# any recognized conventions: vpass test
+# ditto: vpass.c test.c
+
+PROGSUID =
+
+all: $(PROGS)
+
+check_user: check_user.o
+ $(CC) $(CFLAGS) -o $@ $< $(LOADLIBES)
+
+blank: blank.o
+ $(CC) $(CFLAGS) -o $@ $< $(LOADLIBES)
+
+xsh: xsh.o
+ $(CC) $(CFLAGS) -o $@ $< $(LOADLIBES)
+
+install: all
+ if [ -n "$(PROGS)" ]; then cp $(PROGS) ../bin ; fi
+ if [ -n "$(PROGSUID)" ]; then \
+ $(INSTALL) -m 4555 -o root -g bin $(PROGSUID) ../bin ; fi
+
+clean:
+ rm -f *.a *.so *.o *~ $(PROGS) $(PROGSUID)
+
+remove:
+ cd ../bin ; rm -f $(PROGS) $(PROGSUID)
+
+extraclean: clean
+ rm -f *.a *.out *.o *.so
+ for x in $(PROGS) $(PROGSUID) ; do rm -f ../bin/$$x ; done
diff --git a/examples/blank.c b/examples/blank.c
new file mode 100644
index 00000000..33b5056e
--- /dev/null
+++ b/examples/blank.c
@@ -0,0 +1,182 @@
+/*
+ * $Id$
+ *
+ * $Log$
+ * Revision 1.1 2000/06/20 22:11:13 agmorgan
+ * Initial revision
+ *
+ * Revision 1.2 1999/11/08 05:39:53 morgan
+ * removed void main def which was making gcc complain
+ *
+ * Revision 1.1.1.1 1998/07/12 05:17:14 morgan
+ * Linux PAM sources pre-0.66
+ *
+ * Revision 1.7 1996/12/01 03:16:53 morgan
+ * added setcred closing function
+ *
+ * Revision 1.6 1996/11/10 19:51:40 morgan
+ * minor change to avoid gcc warning
+ *
+ * Revision 1.5 1996/07/07 23:53:05 morgan
+ * added optional fail delay (non-standard Linux-PAM)
+ *
+ * Revision 1.4 1996/05/02 04:44:18 morgan
+ * moved conversation to a libmisc library routine.
+ *
+ *
+ */
+
+/* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank'
+ * application
+ *
+ * I am not very proud of this code. It makes use of a possibly ill-
+ * defined pamh pointer to call pam_strerror() with. The reason that
+ * I was sloppy with this is historical (pam_strerror, prior to 0.59,
+ * did not require a pamh argument) and if this program is used as a
+ * model for anything, I should wish that you will take this error into
+ * account.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+/* ------ some local (static) functions ------- */
+
+static void bail_out(pam_handle_t *pamh, int really, int code, const char *fn)
+{
+ fprintf(stderr,"==> called %s()\n got: `%s'\n", fn,
+ pam_strerror(pamh, code));
+ if (really && code)
+ exit (1);
+}
+
+/* ------ some static data objects ------- */
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+/* ------- the application itself -------- */
+
+int main(int argc, char **argv)
+{
+ pam_handle_t *pamh=NULL;
+ char *username=NULL;
+ int retcode;
+
+ /* did the user call with a username as an argument ? */
+
+ if (argc > 2) {
+ fprintf(stderr,"usage: %s [username]\n",argv[0]);
+ } else if (argc == 2) {
+ username = argv[1];
+ }
+
+ /* initialize the Linux-PAM library */
+ retcode = pam_start("blank", username, &conv, &pamh);
+ bail_out(pamh,1,retcode,"pam_start");
+
+ /* test the environment stuff */
+ {
+#define MAXENV 15
+ const char *greek[MAXENV] = {
+ "a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon",
+ "f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu",
+ "l=zeta", "h=", "d", "k=xi"
+ };
+ char **env;
+ int i;
+
+ for (i=0; i<MAXENV; ++i) {
+ retcode = pam_putenv(pamh,greek[i]);
+ bail_out(pamh,0,retcode,"pam_putenv");
+ }
+ env = pam_getenvlist(pamh);
+ if (env)
+ env = pam_misc_drop_env(env);
+ else
+ fprintf(stderr,"???\n");
+ fprintf(stderr,"a test: c=[%s], j=[%s]\n"
+ , pam_getenv(pamh, "c"), pam_getenv(pamh, "j"));
+ }
+
+ /* to avoid using goto we abuse a loop here */
+ for (;;) {
+ /* authenticate the user --- `0' here, could have been PAM_SILENT
+ * | PAM_DISALLOW_NULL_AUTHTOK */
+
+ retcode = pam_authenticate(pamh, 0);
+ bail_out(pamh,0,retcode,"pam_authenticate");
+
+ /* has the user proved themself valid? */
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: invalid request\n",argv[0]);
+ break;
+ }
+
+ /* the user is valid, but should they have access at this
+ time? */
+
+ retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */
+ bail_out(pamh,0,retcode,"pam_acct_mgmt");
+
+ if (retcode == PAM_NEW_AUTHTOK_REQD) {
+ fprintf(stderr,"Application must request new password...\n");
+ retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
+ bail_out(pamh,0,retcode,"pam_chauthtok");
+ }
+
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: invalid request\n",argv[0]);
+ break;
+ }
+
+ /* `0' could be as above */
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ bail_out(pamh,0,retcode,"pam_setcred1");
+
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: problem setting user credentials\n"
+ ,argv[0]);
+ break;
+ }
+
+ /* open a session for the user --- `0' could be PAM_SILENT */
+ retcode = pam_open_session(pamh,0);
+ bail_out(pamh,0,retcode,"pam_open_session");
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: problem opening a session\n",argv[0]);
+ break;
+ }
+
+ fprintf(stderr,"The user has been authenticated and `logged in'\n");
+
+ /* close a session for the user --- `0' could be PAM_SILENT
+ * it is possible that this pam_close_call is in another program..
+ */
+
+ retcode = pam_close_session(pamh,0);
+ bail_out(pamh,0,retcode,"pam_close_session");
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: problem closing a session\n",argv[0]);
+ break;
+ }
+
+ retcode = pam_setcred(pamh, PAM_DELETE_CRED);
+ bail_out(pamh,0,retcode,"pam_setcred2");
+
+ break; /* don't go on for ever! */
+ }
+
+ /* close the Linux-PAM library */
+ retcode = pam_end(pamh, PAM_SUCCESS);
+ pamh = NULL;
+
+ bail_out(pamh,1,retcode,"pam_end");
+
+ exit(0);
+}
diff --git a/examples/check_user.c b/examples/check_user.c
new file mode 100644
index 00000000..6d52ccaa
--- /dev/null
+++ b/examples/check_user.c
@@ -0,0 +1,71 @@
+/*
+ $Id$
+
+ This program was contributed by Shane Watts <shane@icarus.bofh.asn.au>
+ slight modifications by AGM.
+
+ You need to add the following (or equivalent) to the /etc/pam.conf file.
+ # check authorization
+ check auth required pam_unix_auth.so
+ check account required pam_unix_acct.so
+
+ $Log$
+ Revision 1.1 2000/06/20 22:11:13 agmorgan
+ Initial revision
+
+ Revision 1.1.1.1 1998/07/12 05:17:14 morgan
+ Linux PAM sources pre-0.66
+
+ Revision 1.1 1996/11/10 21:19:30 morgan
+ Initial revision
+
+ */
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+#include <stdio.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+int main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ int retval;
+ const char *user="nobody";
+
+ if(argc == 2) {
+ user = argv[1];
+ }
+
+ if(argc > 2) {
+ fprintf(stderr, "Usage: check_user [username]\n");
+ exit(1);
+ }
+
+ retval = pam_start("check", user, &conv, &pamh);
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_authenticate(pamh, 0); /* is user really user? */
+
+ if (retval == PAM_SUCCESS)
+ retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
+
+ /* This is where we have been authorized or not. */
+
+ if (retval == PAM_SUCCESS) {
+ fprintf(stdout, "Authenticated\n");
+ } else {
+ fprintf(stdout, "Not Authenticated\n");
+ }
+
+ if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
+ pamh = NULL;
+ fprintf(stderr, "check_user: failed to release authenticator\n");
+ exit(1);
+ }
+
+ return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
+}
diff --git a/examples/test.c b/examples/test.c
new file mode 100644
index 00000000..8fc5e6cd
--- /dev/null
+++ b/examples/test.c
@@ -0,0 +1,105 @@
+/*
+ * $Log$
+ * Revision 1.1 2000/06/20 22:11:13 agmorgan
+ * Initial revision
+ *
+ * Revision 1.1.1.1 1998/07/12 05:17:14 morgan
+ * Linux PAM sources pre-0.66
+ *
+ * Revision 1.3 1996/03/10 00:14:20 morgan
+ * made lines less than 80 chars long.
+ *
+ * Revision 1.2 1996/03/09 09:16:26 morgan
+ * changed the header file that it includes.
+ *
+ * Revision 1.1 1996/03/09 09:13:34 morgan
+ * Initial revision
+ */
+
+/* Marc Ewing (marc@redhat.com) - original test code
+ * Alexander O. Yuriev (alex@bach.cis.temple.edu)
+ * Andrew Morgan (morgan@physics.ucla.edu)
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <pwd.h>
+
+#include <security/pam_appl.h>
+
+/* this program is not written to the PAM spec: it tests the
+ * pam_[sg]et_data() functions. Which is usually reserved for modules */
+
+#include <security/pam_modules.h>
+#include <security/pam_misc.h>
+
+#define USERNAMESIZE 1024
+
+static int test_conv( int num_msg,
+ const struct pam_message **msgm,
+ struct pam_response **response,
+ void *appdata_ptr )
+{
+ return 0;
+}
+
+static struct pam_conv conv = {
+ test_conv,
+ NULL
+};
+
+static int cleanup_func(pam_handle_t *pamh, void *data, int error_status)
+{
+ printf("Cleaning up!\n");
+ return PAM_SUCCESS;
+}
+
+void main( void )
+{
+ pam_handle_t *pamh;
+ char *name = ( char *) malloc( USERNAMESIZE + 1 );
+ char *p = NULL;
+ char *s = NULL;
+
+ if (! name )
+ {
+ perror( "Ouch, don't have enough memory");
+ exit( -1 );
+ }
+
+
+
+
+ fprintf( stdout, "Enter a name of a user to authenticate : ");
+ name = fgets( name , USERNAMESIZE, stdin );
+ if ( !name )
+ {
+ perror ( "Hey, how can authenticate "
+ "someone whos name I don't know?" );
+ exit ( -1 );
+ }
+
+ *( name + strlen ( name ) - 1 ) = 0;
+
+ pam_start( "login", name, &conv, &pamh );
+
+ p = x_strdup( getpass ("Password: ") );
+ if ( !p )
+ {
+ perror ( "You love NULL pointers, "
+ "don't you? I don't ");
+ exit ( -1 );
+ }
+ pam_set_item ( pamh, PAM_AUTHTOK, p );
+ pam_get_item ( pamh, PAM_USER, (void**) &s);
+ pam_set_data(pamh, "DATA", "Hi there! I'm data!", cleanup_func);
+ pam_get_data(pamh, "DATA", (void **) &s);
+ printf("%s\n", s);
+
+ fprintf( stdout, "*** Attempting to perform "
+ "PAM authentication...\n");
+ fprintf( stdout, "%s\n",
+ pam_strerror( pam_authenticate( pamh, 0 ) ) ) ;
+
+ pam_end(pamh, PAM_SUCCESS);
+}
diff --git a/examples/vpass.c b/examples/vpass.c
new file mode 100644
index 00000000..9a07ee38
--- /dev/null
+++ b/examples/vpass.c
@@ -0,0 +1,47 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <security/pam_appl.h>
+
+static int test_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr)
+{
+ return 0;
+}
+
+static struct pam_conv conv = {
+ test_conv,
+ NULL
+};
+
+int main(void)
+{
+ char *user;
+ pam_handle_t *pamh;
+ struct passwd *pw;
+ uid_t uid;
+ int res;
+
+ uid = geteuid();
+ pw = getpwuid(uid);
+ if (pw) {
+ user = pw->pw_name;
+ } else {
+ fprintf(stderr, "Invalid userid: %d\n", uid);
+ exit(1);
+ }
+
+ pam_start("vpass", user, &conv, &pamh);
+ pam_set_item(pamh, PAM_TTY, "/dev/tty");
+ if ((res = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
+ fprintf(stderr, "Oops: %s\n", pam_strerror(pamh, res));
+ exit(1);
+ }
+
+ pam_end(pamh, res);
+ exit(0);
+}
+
+
diff --git a/examples/xsh.c b/examples/xsh.c
new file mode 100644
index 00000000..d4b50b37
--- /dev/null
+++ b/examples/xsh.c
@@ -0,0 +1,148 @@
+/*
+ * $Id$
+ *
+ * $Log$
+ * Revision 1.1 2000/06/20 22:11:13 agmorgan
+ * Initial revision
+ *
+ * Revision 1.2 1999/11/08 05:39:53 morgan
+ * removed void main def which was making gcc complain
+ *
+ * Revision 1.1.1.1 1998/07/12 05:17:14 morgan
+ * Linux PAM sources pre-0.66
+ *
+ * Revision 1.4 1996/11/10 21:09:45 morgan
+ * no gcc warnings
+ *
+ * Revision 1.3 1996/07/07 23:53:36 morgan
+ * added support for non standard pam_fail_delay
+ *
+ * Revision 1.2 1996/05/02 04:44:48 morgan
+ * moved conversaation to a libmisc routine.
+ *
+ * Revision 1.1 1996/04/07 08:18:55 morgan
+ * Initial revision
+ *
+ */
+
+/* Andrew Morgan (morgan@parc.power.net) -- an example application
+ * that invokes a shell, based on blank.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+/* ------ some local (static) functions ------- */
+
+static void bail_out(pam_handle_t *pamh,int really, int code, const char *fn)
+{
+ fprintf(stderr,"==> called %s()\n got: `%s'\n", fn,
+ pam_strerror(pamh,code));
+ if (really && code)
+ exit (1);
+}
+
+/* ------ some static data objects ------- */
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+/* ------- the application itself -------- */
+
+int main(int argc, char **argv, char **envp)
+{
+ pam_handle_t *pamh=NULL;
+ char *username=NULL;
+ int retcode;
+
+ /* did the user call with a username as an argument ? */
+
+ if (argc > 2) {
+ fprintf(stderr,"usage: %s [username]\n",argv[0]);
+ } else if (argc == 2) {
+ username = argv[1];
+ }
+
+ /* initialize the Linux-PAM library */
+ retcode = pam_start("xsh", username, &conv, &pamh);
+ bail_out(pamh,1,retcode,"pam_start");
+
+ /* to avoid using goto we abuse a loop here */
+ for (;;) {
+ /* authenticate the user --- `0' here, could have been PAM_SILENT
+ * | PAM_DISALLOW_NULL_AUTHTOK */
+
+ retcode = pam_authenticate(pamh, 0);
+ bail_out(pamh,0,retcode,"pam_authenticate");
+
+ /* has the user proved themself valid? */
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: invalid request\n",argv[0]);
+ break;
+ }
+
+ /* the user is valid, but should they have access at this
+ time? */
+
+ retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */
+ bail_out(pamh,0,retcode,"pam_acct_mgmt");
+
+ if (retcode == PAM_NEW_AUTHTOK_REQD) {
+ fprintf(stderr,"Application must request new password...\n");
+ retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
+ bail_out(pamh,0,retcode,"pam_chauthtok");
+ }
+
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: invalid request\n",argv[0]);
+ break;
+ }
+
+ /* `0' could be as above */
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ bail_out(pamh,0,retcode,"pam_setcred");
+
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: problem setting user credentials\n"
+ ,argv[0]);
+ break;
+ }
+
+ /* open a session for the user --- `0' could be PAM_SILENT */
+ retcode = pam_open_session(pamh,0);
+ bail_out(pamh,0,retcode,"pam_open_session");
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: problem opening a session\n",argv[0]);
+ break;
+ }
+
+ fprintf(stderr,"The user has been authenticated and `logged in'\n");
+
+ /* this is always a really bad thing for security! */
+ system("/bin/sh");
+
+ /* close a session for the user --- `0' could be PAM_SILENT
+ * it is possible that this pam_close_call is in another program..
+ */
+
+ retcode = pam_close_session(pamh,0);
+ bail_out(pamh,0,retcode,"pam_close_session");
+ if (retcode != PAM_SUCCESS) {
+ fprintf(stderr,"%s: problem closing a session\n",argv[0]);
+ break;
+ }
+
+ break; /* don't go on for ever! */
+ }
+
+ /* close the Linux-PAM library */
+ retcode = pam_end(pamh, PAM_SUCCESS);
+ pamh = NULL;
+ bail_out(pamh,1,retcode,"pam_end");
+
+ exit(0);
+}