4 * A simple pam authentication routine written by
5 * Max Liccardo <ravel@tiscalinet.it>
6 * PAM_RUSER=username/rem_addr.
10 This program was contributed by Shane Watts
11 [modifications by AGM]
13 You need to add the following (or equivalent) to the /etc/pam.conf file.
15 check_user auth required /usr/lib/security/pam_unix_auth.so
16 check_user account required /usr/lib/security/pam_unix_acct.so
22 #include <security/pam_appl.h>
32 static int fconv(int num_msg, const struct pam_message **msg,
33 struct pam_response **resp,void *appdata_ptr)
39 lUserCred = appdata_ptr;
43 report(LOG_ERR,"argh....maybe a SunOs 5.6 ???");
48 *resp = (struct pam_response *) calloc(num_msg,sizeof(struct pam_response));
50 for(i=0;i<num_msg;i++)
52 switch(msg[i]->msg_style)
54 case PAM_PROMPT_ECHO_OFF:
55 resp[i]->resp = strdup(lUserCred->Passwd);
58 case PAM_PROMPT_ECHO_ON:
59 resp[i]->resp = strdup(lUserCred->UserName);
63 report(LOG_DEBUG,"conv default");
66 resp[i]->resp_retcode = 0;
76 tac_pam_auth(char *aszUserName,char *aszPassword,struct authen_data *data,char *aszService)
78 pam_handle_t *pamh=NULL;
80 char *lpszRemoteUser; /* Username/NAC address */
81 struct pam_conv s_conv;
85 s_UserCred.UserName = aszUserName;
86 s_UserCred.Passwd = aszPassword;
89 s_conv.appdata_ptr = (void *) &s_UserCred;
92 if((lpszRemoteUser = calloc(strlen(aszUserName)+strlen(data->NAS_id->NAC_address)+2,sizeof(char))) == NULL)
94 report(LOG_ERR,"cannot malloc");
98 retval = pam_start(aszService,aszUserName , &s_conv, &pamh);
100 if (retval != PAM_SUCCESS)
102 report(LOG_ERR, "cannot start pam-authentication");
107 sprintf(lpszRemoteUser,"%s:%s",aszUserName,data->NAS_id->NAC_address);
109 pam_set_item(pamh,PAM_RUSER,lpszRemoteUser);
110 pam_set_item(pamh,PAM_RHOST,data->NAS_id->NAS_name);
111 pam_set_item(pamh,PAM_TTY,data->NAS_id->NAS_port);
113 free(lpszRemoteUser);
115 retval = pam_authenticate(pamh,0); /* is user really user? */
117 if(retval != PAM_SUCCESS)
118 report(LOG_ERR, "%s",pam_strerror(pamh,retval));
120 if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
125 return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
129 /* PAM authorization rotine written by
130 * Devrim SERAL <devrim@tef.gazi.edu.tr>
134 tac_pam_authorization (char *aszUserName,struct author_data *data,char *aszService)
136 pam_handle_t *pamh=NULL;
138 char *lpszRemoteUser; /* Username/NAC address */
139 struct pam_conv s_conv;
143 s_UserCred.UserName = aszUserName;
146 s_conv.appdata_ptr = (void *) &s_UserCred;
148 if (aszService== NULL)
150 report(LOG_ERR,"Service Name doesn't available So authorize him");
155 if((lpszRemoteUser = calloc(strlen(aszUserName)+strlen(data->id->NAC_address)+2,sizeof(char))) == NULL)
157 report(LOG_ERR,"cannot malloc");
161 retval = pam_start(aszService,aszUserName , &s_conv, &pamh);
163 if (retval != PAM_SUCCESS)
165 report(LOG_ERR, "cannot start pam-authentication");
170 sprintf(lpszRemoteUser,"%s:%s",aszUserName,data->id->NAC_address);
172 pam_set_item(pamh,PAM_RUSER,lpszRemoteUser);
173 pam_set_item(pamh,PAM_RHOST,data->id->NAS_name);
174 pam_set_item(pamh,PAM_TTY,data->id->NAS_port);
176 free(lpszRemoteUser);
178 retval = pam_acct_mgmt(pamh, 0); /* Is user permit to gain access system */
180 if(retval != PAM_SUCCESS)
181 report(LOG_ERR, "Pam Account Managment:%s",pam_strerror(pamh,retval));
183 if (debug & DEBUG_AUTHOR_FLAG)
184 report(LOG_DEBUG, "PAM authorization allow user");
186 if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
191 return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */