diff options
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/.cvsignore | 3 | ||||
| -rw-r--r-- | examples/Makefile | 54 | ||||
| -rw-r--r-- | examples/blank.c | 158 | ||||
| -rw-r--r-- | examples/check_user.c | 60 | ||||
| -rw-r--r-- | examples/vpass.c | 47 | ||||
| -rwxr-xr-x | examples/wrap_xsh.sh | 5 | ||||
| -rw-r--r-- | examples/xsh.c | 177 |
7 files changed, 0 insertions, 504 deletions
diff --git a/examples/.cvsignore b/examples/.cvsignore deleted file mode 100644 index 2769a41e..00000000 --- a/examples/.cvsignore +++ /dev/null @@ -1,3 +0,0 @@ -blank -xsh -check_user diff --git a/examples/Makefile b/examples/Makefile deleted file mode 100644 index 7cabccaa..00000000 --- a/examples/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -# -# $Id$ -# - -include ../Make.Rules - -PROGS = blank xsh check_user -SRCS = blank.c xsh.c check_user.c -PROGSUID = - -ifeq ($(WITH_LIBDEBUG),yes) - LIBSUFFIX=d -else - LIBSUFFIX= -endif - -CFLAGS += -I$(absolute_srcdir)/libpam_misc/include - -LOADLIBES = -L$(absolute_objdir)/libpam -L$(absolute_objdir)/libpamc \ - -L$(absolute_objdir)/libpam_misc -lpam -lpam_misc - -ifeq ($(STATIC_LIBPAM),yes) - ifneq ($(DYNAMIC),) - CFLAGS += $(CC_STATIC) - LOADLIBES += $(LIBDL) - endif -endif - -all: $(PROGS) - -check_user: check_user.o - $(CC) $(CFLAGS) -o $@ $< $(LOADLIBES) - -blank: blank.o - $(CC) $(CFLAGS) -o $@ $< $(LOADLIBES) - -xsh: xsh.o - $(CC) $(CFLAGS) -o $@ $< $(LOADLIBES) - -clean: - rm -f *.a *.so *.o *~ $(PROGS) $(PROGSUID) - rm -f *.a *.out *.o *.so - -# note, the programs are test programs, they should not be -# installed on your system! - -install: all - if [ -n "$(PROGS)" ]; then cp $(PROGS) ../bin ; fi - if [ -n "$(PROGSUID)" ]; then \ - $(INSTALL) -m 4555 $(PROGSUID) ../bin ; fi - -remove: - cd ../bin ; rm -f $(PROGS) $(PROGSUID) - for x in $(PROGS) $(PROGSUID) ; do rm -f ../bin/$$x ; done diff --git a/examples/blank.c b/examples/blank.c deleted file mode 100644 index 9d51756e..00000000 --- a/examples/blank.c +++ /dev/null @@ -1,158 +0,0 @@ -/* - * $Id$ - */ - -/* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank' - * application - * - * I am not very proud of this code. It makes use of a possibly ill- - * defined pamh pointer to call pam_strerror() with. The reason that - * I was sloppy with this is historical (pam_strerror, prior to 0.59, - * did not require a pamh argument) and if this program is used as a - * model for anything, I should wish that you will take this error into - * account. - */ - -#include <stdio.h> -#include <stdlib.h> - -#include <security/pam_appl.h> -#include <security/pam_misc.h> - -/* ------ some local (static) functions ------- */ - -static void bail_out(pam_handle_t *pamh, int really, int code, const char *fn) -{ - fprintf(stderr,"==> called %s()\n got: `%s'\n", fn, - pam_strerror(pamh, code)); - if (really && code) - exit (1); -} - -/* ------ some static data objects ------- */ - -static struct pam_conv conv = { - misc_conv, - NULL -}; - -/* ------- the application itself -------- */ - -int main(int argc, char **argv) -{ - pam_handle_t *pamh=NULL; - char *username=NULL; - int retcode; - - /* did the user call with a username as an argument ? */ - - if (argc > 2) { - fprintf(stderr,"usage: %s [username]\n",argv[0]); - } else if (argc == 2) { - username = argv[1]; - } - - /* initialize the Linux-PAM library */ - retcode = pam_start("blank", username, &conv, &pamh); - bail_out(pamh,1,retcode,"pam_start"); - - /* test the environment stuff */ - { -#define MAXENV 15 - const char *greek[MAXENV] = { - "a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon", - "f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu", - "l=zeta", "h=", "d", "k=xi" - }; - char **env; - int i; - - for (i=0; i<MAXENV; ++i) { - retcode = pam_putenv(pamh,greek[i]); - bail_out(pamh,0,retcode,"pam_putenv"); - } - env = pam_getenvlist(pamh); - if (env) - env = pam_misc_drop_env(env); - else - fprintf(stderr,"???\n"); - fprintf(stderr,"a test: c=[%s], j=[%s]\n" - , pam_getenv(pamh, "c"), pam_getenv(pamh, "j")); - } - - /* to avoid using goto we abuse a loop here */ - for (;;) { - /* authenticate the user --- `0' here, could have been PAM_SILENT - * | PAM_DISALLOW_NULL_AUTHTOK */ - - retcode = pam_authenticate(pamh, 0); - bail_out(pamh,0,retcode,"pam_authenticate"); - - /* has the user proved themself valid? */ - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: invalid request\n",argv[0]); - break; - } - - /* the user is valid, but should they have access at this - time? */ - - retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */ - bail_out(pamh,0,retcode,"pam_acct_mgmt"); - - if (retcode == PAM_NEW_AUTHTOK_REQD) { - fprintf(stderr,"Application must request new password...\n"); - retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK); - bail_out(pamh,0,retcode,"pam_chauthtok"); - } - - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: invalid request\n",argv[0]); - break; - } - - /* `0' could be as above */ - retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); - bail_out(pamh,0,retcode,"pam_setcred1"); - - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem setting user credentials\n" - ,argv[0]); - break; - } - - /* open a session for the user --- `0' could be PAM_SILENT */ - retcode = pam_open_session(pamh,0); - bail_out(pamh,0,retcode,"pam_open_session"); - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem opening a session\n",argv[0]); - break; - } - - fprintf(stderr,"The user has been authenticated and `logged in'\n"); - - /* close a session for the user --- `0' could be PAM_SILENT - * it is possible that this pam_close_call is in another program.. - */ - - retcode = pam_close_session(pamh,0); - bail_out(pamh,0,retcode,"pam_close_session"); - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem closing a session\n",argv[0]); - break; - } - - retcode = pam_setcred(pamh, PAM_DELETE_CRED); - bail_out(pamh,0,retcode,"pam_setcred2"); - - break; /* don't go on for ever! */ - } - - /* close the Linux-PAM library */ - retcode = pam_end(pamh, PAM_SUCCESS); - pamh = NULL; - - bail_out(pamh,1,retcode,"pam_end"); - - exit(0); -} diff --git a/examples/check_user.c b/examples/check_user.c deleted file mode 100644 index 4a33f2a8..00000000 --- a/examples/check_user.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - $Id$ - - This program was contributed by Shane Watts <shane@icarus.bofh.asn.au> - slight modifications by AGM. - - You need to add the following (or equivalent) to the /etc/pam.conf file. - # check authorization - check auth required pam_unix_auth.so - check account required pam_unix_acct.so -*/ - -#include <security/pam_appl.h> -#include <security/pam_misc.h> -#include <stdio.h> - -static struct pam_conv conv = { - misc_conv, - NULL -}; - -int main(int argc, char *argv[]) -{ - pam_handle_t *pamh=NULL; - int retval; - const char *user="nobody"; - - if(argc == 2) { - user = argv[1]; - } - - if(argc > 2) { - fprintf(stderr, "Usage: check_user [username]\n"); - exit(1); - } - - retval = pam_start("check", user, &conv, &pamh); - - if (retval == PAM_SUCCESS) - retval = pam_authenticate(pamh, 0); /* is user really user? */ - - if (retval == PAM_SUCCESS) - retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ - - /* This is where we have been authorized or not. */ - - if (retval == PAM_SUCCESS) { - fprintf(stdout, "Authenticated\n"); - } else { - fprintf(stdout, "Not Authenticated\n"); - } - - if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ - pamh = NULL; - fprintf(stderr, "check_user: failed to release authenticator\n"); - exit(1); - } - - return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ -} diff --git a/examples/vpass.c b/examples/vpass.c deleted file mode 100644 index 9a07ee38..00000000 --- a/examples/vpass.c +++ /dev/null @@ -1,47 +0,0 @@ -#include <stdlib.h> -#include <stdio.h> -#include <unistd.h> -#include <pwd.h> -#include <sys/types.h> -#include <security/pam_appl.h> - -static int test_conv(int num_msg, const struct pam_message **msgm, - struct pam_response **response, void *appdata_ptr) -{ - return 0; -} - -static struct pam_conv conv = { - test_conv, - NULL -}; - -int main(void) -{ - char *user; - pam_handle_t *pamh; - struct passwd *pw; - uid_t uid; - int res; - - uid = geteuid(); - pw = getpwuid(uid); - if (pw) { - user = pw->pw_name; - } else { - fprintf(stderr, "Invalid userid: %d\n", uid); - exit(1); - } - - pam_start("vpass", user, &conv, &pamh); - pam_set_item(pamh, PAM_TTY, "/dev/tty"); - if ((res = pam_authenticate(pamh, 0)) != PAM_SUCCESS) { - fprintf(stderr, "Oops: %s\n", pam_strerror(pamh, res)); - exit(1); - } - - pam_end(pamh, res); - exit(0); -} - - diff --git a/examples/wrap_xsh.sh b/examples/wrap_xsh.sh deleted file mode 100755 index af01697e..00000000 --- a/examples/wrap_xsh.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -export LD_PRELOAD=../libpam/libpam.so:../libpam_misc/libpam_misc.so -ldd ./xsh -./xsh "$@" - diff --git a/examples/xsh.c b/examples/xsh.c deleted file mode 100644 index fdbbbfd0..00000000 --- a/examples/xsh.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * $Id$ - */ - -/* Andrew Morgan (morgan@kernel.org) -- an example application - * that invokes a shell, based on blank.c */ - -#include <stdio.h> -#include <stdlib.h> - -#include <security/pam_appl.h> -#include <security/pam_misc.h> - -#include <security/_pam_aconf.h> - -#include <pwd.h> -#include <sys/types.h> -#include <unistd.h> - -/* ------ some local (static) functions ------- */ - -static void bail_out(pam_handle_t *pamh,int really, int code, const char *fn) -{ - fprintf(stderr,"==> called %s()\n got: `%s'\n", fn, - pam_strerror(pamh,code)); - if (really && code) - exit (1); -} - -/* ------ some static data objects ------- */ - -static struct pam_conv conv = { - misc_conv, - NULL -}; - -/* ------- the application itself -------- */ - -int main(int argc, char **argv) -{ - pam_handle_t *pamh=NULL; - const char *username=NULL; - const char *service="xsh"; - int retcode; - - /* did the user call with a username as an argument ? - * did they also */ - - if (argc > 3) { - fprintf(stderr,"usage: %s [username [service-name]]\n",argv[0]); - } - if ((argc >= 2) && (argv[1][0] != '-')) { - username = argv[1]; - } - if (argc == 3) { - service = argv[2]; - } - - /* initialize the Linux-PAM library */ - retcode = pam_start(service, username, &conv, &pamh); - bail_out(pamh,1,retcode,"pam_start"); - - /* fill in the RUSER and RHOST etc. fields */ - { - char buffer[100]; - struct passwd *pw; - const char *tty; - - pw = getpwuid(getuid()); - if (pw != NULL) { - retcode = pam_set_item(pamh, PAM_RUSER, pw->pw_name); - bail_out(pamh,1,retcode,"pam_set_item(PAM_RUSER)"); - } - - retcode = gethostname(buffer, sizeof(buffer)-1); - if (retcode) { - perror("failed to look up hostname"); - retcode = pam_end(pamh, PAM_ABORT); - bail_out(pamh,1,retcode,"pam_end"); - } - retcode = pam_set_item(pamh, PAM_RHOST, buffer); - bail_out(pamh,1,retcode,"pam_set_item(PAM_RHOST)"); - - tty = ttyname(fileno(stdin)); - if (tty) { - retcode = pam_set_item(pamh, PAM_TTY, tty); - bail_out(pamh,1,retcode,"pam_set_item(PAM_RHOST)"); - } - } - - /* to avoid using goto we abuse a loop here */ - for (;;) { - /* authenticate the user --- `0' here, could have been PAM_SILENT - * | PAM_DISALLOW_NULL_AUTHTOK */ - - retcode = pam_authenticate(pamh, 0); - bail_out(pamh,0,retcode,"pam_authenticate"); - - /* has the user proved themself valid? */ - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: invalid request\n",argv[0]); - break; - } - - /* the user is valid, but should they have access at this - time? */ - - retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */ - bail_out(pamh,0,retcode,"pam_acct_mgmt"); - - if (retcode == PAM_NEW_AUTHTOK_REQD) { - fprintf(stderr,"Application must request new password...\n"); - retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK); - bail_out(pamh,0,retcode,"pam_chauthtok"); - } - - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: invalid request\n",argv[0]); - break; - } - - /* `0' could be as above */ - retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); - bail_out(pamh,0,retcode,"pam_setcred"); - - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem setting user credentials\n" - ,argv[0]); - break; - } - - /* open a session for the user --- `0' could be PAM_SILENT */ - retcode = pam_open_session(pamh,0); - bail_out(pamh,0,retcode,"pam_open_session"); - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem opening a session\n",argv[0]); - break; - } - - pam_get_item(pamh, PAM_USER, (const void **) &username); - fprintf(stderr, - "The user [%s] has been authenticated and `logged in'\n", - username); - - /* this is always a really bad thing for security! */ - system("/bin/sh"); - - /* close a session for the user --- `0' could be PAM_SILENT - * it is possible that this pam_close_call is in another program.. - */ - - retcode = pam_close_session(pamh,0); - bail_out(pamh,0,retcode,"pam_close_session"); - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem closing a session\n",argv[0]); - break; - } - - /* `0' could be as above */ - retcode = pam_setcred(pamh, PAM_DELETE_CRED); - bail_out(pamh,0,retcode,"pam_setcred"); - if (retcode != PAM_SUCCESS) { - fprintf(stderr,"%s: problem deleting user credentials\n" - ,argv[0]); - break; - } - - break; /* don't go on for ever! */ - } - - /* close the Linux-PAM library */ - retcode = pam_end(pamh, PAM_SUCCESS); - pamh = NULL; - bail_out(pamh,1,retcode,"pam_end"); - - exit(0); -} |