1  /*
       2    $Id$
       3  
       4    This program was contributed by Shane Watts <shane@icarus.bofh.asn.au>
       5    slight modifications by AGM.
       6  
       7    You need to add the following (or equivalent) to the /etc/pam.conf file.
       8    # check authorization
       9    check   auth       required     pam_unix_auth.so
      10    check   account    required     pam_unix_acct.so
      11  */
      12  
      13  #include <security/pam_appl.h>
      14  #include <security/pam_misc.h>
      15  #include <stdio.h>
      16  
      17  static struct pam_conv conv = {
      18      misc_conv,
      19      NULL
      20  };
      21  
      22  int main(int argc, char *argv[])
      23  {
      24      pam_handle_t *pamh=NULL;
      25      int retval;
      26      const char *user="nobody";
      27  
      28      if(argc == 2) {
      29  	user = argv[1];
      30      }
      31  
      32      if(argc > 2) {
      33  	fprintf(stderr, "Usage: check_user [username]\n");
      34  	exit(1);
      35      }
      36  
      37      retval = pam_start("check", user, &conv, &pamh);
      38  
      39      if (retval == PAM_SUCCESS)
      40          retval = pam_authenticate(pamh, 0);    /* is user really user? */
      41  
      42      if (retval == PAM_SUCCESS)
      43          retval = pam_acct_mgmt(pamh, 0);       /* permitted access? */
      44  
      45      /* This is where we have been authorized or not. */
      46  
      47      if (retval == PAM_SUCCESS) {
      48  	fprintf(stdout, "Authenticated\n");
      49      } else {
      50  	fprintf(stdout, "Not Authenticated\n");
      51      }
      52  
      53      if (pam_end(pamh,retval) != PAM_SUCCESS) {     /* close Linux-PAM */
      54  	pamh = NULL;
      55  	fprintf(stderr, "check_user: failed to release authenticator\n");
      56  	exit(1);
      57      }
      58  
      59      return ( retval == PAM_SUCCESS ? 0:1 );       /* indicate success */
      60  }