(root)/
Linux-PAM-1.5.3/
examples/
blank.c
       1  /*
       2   * $Id$
       3   */
       4  
       5  /* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank'
       6   * application
       7   *
       8   * I am not very proud of this code.  It makes use of a possibly ill-
       9   * defined pamh pointer to call pam_strerror() with.  The reason that
      10   * I was sloppy with this is historical (pam_strerror, prior to 0.59,
      11   * did not require a pamh argument) and if this program is used as a
      12   * model for anything, I should wish that you will take this error into
      13   * account.
      14   */
      15  
      16  #include <stdio.h>
      17  #include <stdlib.h>
      18  
      19  #include <security/pam_appl.h>
      20  #include <security/pam_misc.h>
      21  
      22  /* ------ some local (static) functions ------- */
      23  
      24  static void bail_out(pam_handle_t *pamh, int really, int code, const char *fn)
      25  {
      26       fprintf(stderr,"==> called %s()\n  got: `%s'\n", fn,
      27  	     pam_strerror(pamh, code));
      28       if (really && code)
      29  	  exit (1);
      30  }
      31  
      32  /* ------ some static data objects ------- */
      33  
      34  static struct pam_conv conv = {
      35       misc_conv,
      36       NULL
      37  };
      38  
      39  /* ------- the application itself -------- */
      40  
      41  int main(int argc, char **argv)
      42  {
      43       pam_handle_t *pamh=NULL;
      44       char *username=NULL;
      45       int retcode;
      46  
      47       /* did the user call with a username as an argument ? */
      48  
      49       if (argc > 2) {
      50  	  fprintf(stderr,"usage: %s [username]\n",argv[0]);
      51       } else if (argc == 2) {
      52  	  username = argv[1];
      53       }
      54  
      55       /* initialize the Linux-PAM library */
      56       retcode = pam_start("blank", username, &conv, &pamh);
      57       bail_out(pamh,1,retcode,"pam_start");
      58  
      59       /* test the environment stuff */
      60       {
      61  #define MAXENV 15
      62  	 const char *greek[MAXENV] = {
      63  	     "a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon",
      64  	     "f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu",
      65  	     "l=zeta", "h=", "d", "k=xi"
      66  	 };
      67  	 char **env;
      68  	 int i;
      69  
      70  	 for (i=0; i<MAXENV; ++i) {
      71  	     retcode = pam_putenv(pamh,greek[i]);
      72  	     bail_out(pamh,0,retcode,"pam_putenv");
      73  	 }
      74  	 env = pam_getenvlist(pamh);
      75  	 if (env)
      76  	     env = pam_misc_drop_env(env);
      77  	 else
      78  	     fprintf(stderr,"???\n");
      79  	 fprintf(stderr,"a test: c=[%s], j=[%s]\n"
      80  		 , pam_getenv(pamh, "c"), pam_getenv(pamh, "j"));
      81       }
      82  
      83       /* to avoid using goto we abuse a loop here */
      84       for (;;) {
      85  	  /* authenticate the user --- `0' here, could have been PAM_SILENT
      86  	   *	| PAM_DISALLOW_NULL_AUTHTOK */
      87  
      88  	  retcode = pam_authenticate(pamh, 0);
      89  	  bail_out(pamh,0,retcode,"pam_authenticate");
      90  
      91  	  /* has the user proved themself valid? */
      92  	  if (retcode != PAM_SUCCESS) {
      93  	       fprintf(stderr,"%s: invalid request\n",argv[0]);
      94  	       break;
      95  	  }
      96  
      97  	  /* the user is valid, but should they have access at this
      98  	     time? */
      99  
     100  	  retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */
     101  	  bail_out(pamh,0,retcode,"pam_acct_mgmt");
     102  
     103  	  if (retcode == PAM_NEW_AUTHTOK_REQD) {
     104  	       fprintf(stderr,"Application must request new password...\n");
     105  	       retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
     106  	       bail_out(pamh,0,retcode,"pam_chauthtok");
     107  	  }
     108  
     109  	  if (retcode != PAM_SUCCESS) {
     110  	       fprintf(stderr,"%s: invalid request\n",argv[0]);
     111  	       break;
     112  	  }
     113  
     114  	  /* `0' could be as above */
     115  	  retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
     116  	  bail_out(pamh,0,retcode,"pam_setcred1");
     117  
     118  	  if (retcode != PAM_SUCCESS) {
     119  	       fprintf(stderr,"%s: problem setting user credentials\n"
     120  		       ,argv[0]);
     121  	       break;
     122  	  }
     123  
     124  	  /* open a session for the user --- `0' could be PAM_SILENT */
     125  	  retcode = pam_open_session(pamh,0);
     126  	  bail_out(pamh,0,retcode,"pam_open_session");
     127  	  if (retcode != PAM_SUCCESS) {
     128  	       fprintf(stderr,"%s: problem opening a session\n",argv[0]);
     129  	       break;
     130  	  }
     131  
     132  	  fprintf(stderr,"The user has been authenticated and `logged in'\n");
     133  
     134  	  /* close a session for the user --- `0' could be PAM_SILENT
     135  	   * it is possible that this pam_close_call is in another program..
     136  	   */
     137  
     138  	  retcode = pam_close_session(pamh,0);
     139  	  bail_out(pamh,0,retcode,"pam_close_session");
     140  	  if (retcode != PAM_SUCCESS) {
     141  	       fprintf(stderr,"%s: problem closing a session\n",argv[0]);
     142  	       break;
     143  	  }
     144  
     145  	  retcode = pam_setcred(pamh, PAM_DELETE_CRED);
     146  	  bail_out(pamh,0,retcode,"pam_setcred2");
     147  
     148  	  break;                      /* don't go on for ever! */
     149       }
     150  
     151       /* close the Linux-PAM library */
     152       retcode = pam_end(pamh, PAM_SUCCESS);
     153       pamh = NULL;
     154  
     155       bail_out(pamh,1,retcode,"pam_end");
     156  
     157       exit(0);
     158  }