From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <daniel.rocher@adella.org>
X-ME-UUID: 20071109195902121.1DBAC700008E@mwinf2e17.orange.fr
From: Daniel Rocher <daniel.rocher@adella.org>
To: "Dmitry V. Levin" <ldv@altlinux.org>,
	"ALT Linux users (in English only)" <community-en@lists.altlinux.org>
Date: Fri, 9 Nov 2007 20:58:57 +0100
User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405)
References: <200711091456.03162.daniel.rocher@adella.org>
	<20071109172301.GA31932@basalt.office.altlinux.org>
In-Reply-To: <20071109172301.GA31932@basalt.office.altlinux.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1696408.uHbmyntVKf";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200711092059.05147.daniel.rocher@adella.org>
Cc: Motsyo Gennadi aka Drool <motsyo@gmail.com>
Subject: Re: [Comm-en] PAM with ALT Linux
X-BeenThere: community-en@lists.altlinux.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: daniel.rocher@adella.org, "ALT Linux users \(in English only\)"
	<community-en@lists.altlinux.org>
List-Id: "ALT Linux users \(in English only\)"
	<community-en.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community-en>, 
	<mailto:community-en-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community-en>
List-Post: <mailto:community-en@lists.altlinux.org>
List-Help: <mailto:community-en-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community-en>,
	<mailto:community-en-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2007 19:59:03 -0000
Archived-At: <http://lore.altlinux.org/community-en/200711092059.05147.daniel.rocher@adella.org/>
List-Archive: <http://lore.altlinux.org/community-en/>

--nextPart1696408.uHbmyntVKf
Content-Type: multipart/mixed;
  boundary="Boundary-01=_CwLNHl+GgzrQuFT"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Le vendredi 9 novembre 2007, Dmitry V. Levin a =E9crit :

>
> Could you provide more details how it doesn't work, please?
> Where it fails, how it fails, credentials of process which fails,
> log message (in /var/log/auth/all) if any, etc.

QtSmbstatus was designed as a client/server. I use PAM to check=20
login/password.

I Use this code since 2004: pam.cpp and pam.h (attached).
When I want to check a login/password, my prog return (only in Alt linux):

User could not be authenticated: Authentication service cannot retrieve=20
authentication info

Yet the login and password are correct.

attached:
/etc/pam.d/qtsmbstatusd
/etc/qtsmbstatusd/qtsmbstatusd.users
/var/log/auth/all

greetings

=2D-=20

____________________________________________

   Daniel Rocher
   @ mail :  daniel.rocher@adella.org
   Jabber :  daniel.rocher@jabber.org
   web :     http://rocher.daniel.free.fr
   GPG ID :  0x19E0980E
____________________________________________

--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/x-c++src;
  charset="iso-8859-6";
  name="pam.cpp"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="pam.cpp"

#include "pam.h"

// most of this code I got from Rene Mayrhofer (rmayr@debian.org)
 =20
/* Global variables for PAM authentication. */
static char *pamUsername, *pamPassword;

/* This is the PAM conversation function, it uses the global variables
 pamUsername and pamPassword, they have to be initialized before using this
 function.
 It simply feeds the password to the PAM library in response to a
 PAM_PROMPT_ECHO_OFF message */
static int pamConversationFunction(int num_msg, const struct pam_message **=
msg,
				   struct pam_response **resp, void *appdata_ptr) {
    struct pam_response *r;
    int count;

    // alloc the response
    r =3D (struct pam_response*) malloc(sizeof(struct pam_response) * num_m=
sg);
    if (r =3D=3D NULL)
	return PAM_CONV_ERR;

    for (count=3D0; count<num_msg; count++) {
	switch ((*msg)[count].msg_style) {
	case PAM_PROMPT_ECHO_ON:
	    r[count].resp =3D (char*) malloc(PAM_MAX_RESP_SIZE);
	    strncpy(r->resp, pamUsername, PAM_MAX_RESP_SIZE);
	    break;

	case PAM_PROMPT_ECHO_OFF:
	    r[count].resp =3D (char*) malloc(PAM_MAX_RESP_SIZE);
	    strncpy(r[count].resp, pamPassword, PAM_MAX_RESP_SIZE);
	    r[count].resp_retcode =3D PAM_SUCCESS;
	    break;
	default:
	    free(r);
	    return PAM_CONV_ERR;
	}
    }
    *resp =3D r;

    return PAM_SUCCESS;
}

/* pamUsername and pamPassword must be set before calling this method.
 Returns 0 when not successful, 1 when successful; */
int checkUserPass_real() {
    struct pam_conv pam_conversation;
    pam_handle_t *pam_h;
    int pamretval, ret=3D0;

    pam_conversation.conv =3D pamConversationFunction;
    pam_conversation.appdata_ptr =3D NULL;
    pamretval =3D pam_start(PAM_SERVICE_NAME, pamUsername, &pam_conversatio=
n, &pam_h);
    if (pamretval !=3D PAM_SUCCESS) {
	printf("Error initializing PAM library: %s\n", pam_strerror(pam_h, pamretv=
al));
	return 0;
    }

    pamretval =3D pam_authenticate(pam_h, PAM_SILENT);
    if (pamretval !=3D PAM_SUCCESS) {
	printf("User could not be authenticated: %s\n", pam_strerror(pam_h, pamret=
val));
	ret =3D 0;
    }
    else {
	pamretval =3D pam_acct_mgmt(pam_h, 0);
	if (pamretval !=3D PAM_SUCCESS) {
	    printf("User not healthy: %s\n", pam_strerror(pam_h, pamretval));
	    ret =3D 0;
	}
	else
	    ret =3D 1;
    }

    if (pam_end(pam_h, pamretval) !=3D PAM_SUCCESS) {
	printf("Error releasing PAM library: %s\n", pam_strerror(pam_h, pamretval)=
);
	return 0;
    }
    return ret;
}

/* authenticate vs pam. Notice: PAM_SERVICE_NAME: pam service has to exist =
and be set up correctly*/
int auth(char *username, char *passwd) {
    if (!username)
        return 0;
    if (!passwd)
        return 0;

    pamUsername =3D strdup(username);
    pamPassword =3D strdup(passwd);
    if (checkUserPass_real())
        return 1;
    else
        return 0;
}


--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/x-chdr;
  charset="iso-8859-6";
  name="pam.h"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="pam.h"

#include <pwd.h>
#include <grp.h>
#include <sys/types.h>
#include <string.h>
#include <stdio.h>
extern "C" {
  #include <security/pam_appl.h>
  #include <security/pam_misc.h>
}
#define PAM_SERVICE_NAME "qtsmbstatusd"

int auth(char *username,char* passwd);


--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
  charset="iso-8859-1";
  name="qtsmbstatusd"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="qtsmbstatusd"

#
# The PAM configuration file for the qtsmbstatusd daemon
#

auth 		required	pam_unix.so nullok
auth		required	pam_listfile.so file=/etc/qtsmbstatusd/qtsmbstatusd.users onerr=fail sense=allow item=user
account		required	pam_unix.so
session		required	pam_unix.so
password	required	pam_unix.so

--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
  charset="iso-8859-1";
  name="qtsmbstatusd.users"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="qtsmbstatusd.users"

root

--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
  charset="iso-8859-1";
  name="all"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="all"


Nov 9 20:32:12 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Credentials for user root unknown
Nov 9 20:32:13 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Authentication failed for UNKNOWN USER from (uid=0)
Nov 9 20:35:49 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Authentication failed for UNKNOWN USER from (uid=0)
--Boundary-01=_CwLNHl+GgzrQuFT--

--nextPart1696408.uHbmyntVKf
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBHNLwJRbaN0BngmA4RAiWfAJ0fUBX9kVnacd4YPfqsFpCAebfA8wCePf03
ENDPGSAjiNMxpdtN3qzgG4U=
=VY6L
-----END PGP SIGNATURE-----

--nextPart1696408.uHbmyntVKf--