From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <daniel.rocher@adella.org>
X-ME-UUID: 20071109195902121.1DBAC700008E@mwinf2e17.orange.fr
From: Daniel Rocher <daniel.rocher@adella.org>
To: "Dmitry V. Levin" <ldv@altlinux.org>,
"ALT Linux users (in English only)" <community-en@lists.altlinux.org>
Date: Fri, 9 Nov 2007 20:58:57 +0100
User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405)
References: <200711091456.03162.daniel.rocher@adella.org>
<20071109172301.GA31932@basalt.office.altlinux.org>
In-Reply-To: <20071109172301.GA31932@basalt.office.altlinux.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1696408.uHbmyntVKf";
protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200711092059.05147.daniel.rocher@adella.org>
Cc: Motsyo Gennadi aka Drool <motsyo@gmail.com>
Subject: Re: [Comm-en] PAM with ALT Linux
X-BeenThere: community-en@lists.altlinux.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: daniel.rocher@adella.org, "ALT Linux users \(in English only\)"
<community-en@lists.altlinux.org>
List-Id: "ALT Linux users \(in English only\)"
<community-en.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community-en>,
<mailto:community-en-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community-en>
List-Post: <mailto:community-en@lists.altlinux.org>
List-Help: <mailto:community-en-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community-en>,
<mailto:community-en-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2007 19:59:03 -0000
Archived-At: <http://lore.altlinux.org/community-en/200711092059.05147.daniel.rocher@adella.org/>
List-Archive: <http://lore.altlinux.org/community-en/>
--nextPart1696408.uHbmyntVKf
Content-Type: multipart/mixed;
boundary="Boundary-01=_CwLNHl+GgzrQuFT"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Le vendredi 9 novembre 2007, Dmitry V. Levin a =E9crit :
>
> Could you provide more details how it doesn't work, please?
> Where it fails, how it fails, credentials of process which fails,
> log message (in /var/log/auth/all) if any, etc.
QtSmbstatus was designed as a client/server. I use PAM to check=20
login/password.
I Use this code since 2004: pam.cpp and pam.h (attached).
When I want to check a login/password, my prog return (only in Alt linux):
User could not be authenticated: Authentication service cannot retrieve=20
authentication info
Yet the login and password are correct.
attached:
/etc/pam.d/qtsmbstatusd
/etc/qtsmbstatusd/qtsmbstatusd.users
/var/log/auth/all
greetings
=2D-=20
____________________________________________
Daniel Rocher
@ mail : daniel.rocher@adella.org
Jabber : daniel.rocher@jabber.org
web : http://rocher.daniel.free.fr
GPG ID : 0x19E0980E
____________________________________________
--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/x-c++src;
charset="iso-8859-6";
name="pam.cpp"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="pam.cpp"
#include "pam.h"
// most of this code I got from Rene Mayrhofer (rmayr@debian.org)
=20
/* Global variables for PAM authentication. */
static char *pamUsername, *pamPassword;
/* This is the PAM conversation function, it uses the global variables
pamUsername and pamPassword, they have to be initialized before using this
function.
It simply feeds the password to the PAM library in response to a
PAM_PROMPT_ECHO_OFF message */
static int pamConversationFunction(int num_msg, const struct pam_message **=
msg,
struct pam_response **resp, void *appdata_ptr) {
struct pam_response *r;
int count;
// alloc the response
r =3D (struct pam_response*) malloc(sizeof(struct pam_response) * num_m=
sg);
if (r =3D=3D NULL)
return PAM_CONV_ERR;
for (count=3D0; count<num_msg; count++) {
switch ((*msg)[count].msg_style) {
case PAM_PROMPT_ECHO_ON:
r[count].resp =3D (char*) malloc(PAM_MAX_RESP_SIZE);
strncpy(r->resp, pamUsername, PAM_MAX_RESP_SIZE);
break;
case PAM_PROMPT_ECHO_OFF:
r[count].resp =3D (char*) malloc(PAM_MAX_RESP_SIZE);
strncpy(r[count].resp, pamPassword, PAM_MAX_RESP_SIZE);
r[count].resp_retcode =3D PAM_SUCCESS;
break;
default:
free(r);
return PAM_CONV_ERR;
}
}
*resp =3D r;
return PAM_SUCCESS;
}
/* pamUsername and pamPassword must be set before calling this method.
Returns 0 when not successful, 1 when successful; */
int checkUserPass_real() {
struct pam_conv pam_conversation;
pam_handle_t *pam_h;
int pamretval, ret=3D0;
pam_conversation.conv =3D pamConversationFunction;
pam_conversation.appdata_ptr =3D NULL;
pamretval =3D pam_start(PAM_SERVICE_NAME, pamUsername, &pam_conversatio=
n, &pam_h);
if (pamretval !=3D PAM_SUCCESS) {
printf("Error initializing PAM library: %s\n", pam_strerror(pam_h, pamretv=
al));
return 0;
}
pamretval =3D pam_authenticate(pam_h, PAM_SILENT);
if (pamretval !=3D PAM_SUCCESS) {
printf("User could not be authenticated: %s\n", pam_strerror(pam_h, pamret=
val));
ret =3D 0;
}
else {
pamretval =3D pam_acct_mgmt(pam_h, 0);
if (pamretval !=3D PAM_SUCCESS) {
printf("User not healthy: %s\n", pam_strerror(pam_h, pamretval));
ret =3D 0;
}
else
ret =3D 1;
}
if (pam_end(pam_h, pamretval) !=3D PAM_SUCCESS) {
printf("Error releasing PAM library: %s\n", pam_strerror(pam_h, pamretval)=
);
return 0;
}
return ret;
}
/* authenticate vs pam. Notice: PAM_SERVICE_NAME: pam service has to exist =
and be set up correctly*/
int auth(char *username, char *passwd) {
if (!username)
return 0;
if (!passwd)
return 0;
pamUsername =3D strdup(username);
pamPassword =3D strdup(passwd);
if (checkUserPass_real())
return 1;
else
return 0;
}
--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/x-chdr;
charset="iso-8859-6";
name="pam.h"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="pam.h"
#include <pwd.h>
#include <grp.h>
#include <sys/types.h>
#include <string.h>
#include <stdio.h>
extern "C" {
#include <security/pam_appl.h>
#include <security/pam_misc.h>
}
#define PAM_SERVICE_NAME "qtsmbstatusd"
int auth(char *username,char* passwd);
--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
charset="iso-8859-1";
name="qtsmbstatusd"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="qtsmbstatusd"
#
# The PAM configuration file for the qtsmbstatusd daemon
#
auth required pam_unix.so nullok
auth required pam_listfile.so file=/etc/qtsmbstatusd/qtsmbstatusd.users onerr=fail sense=allow item=user
account required pam_unix.so
session required pam_unix.so
password required pam_unix.so
--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
charset="iso-8859-1";
name="qtsmbstatusd.users"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="qtsmbstatusd.users"
root
--Boundary-01=_CwLNHl+GgzrQuFT
Content-Type: text/plain;
charset="iso-8859-1";
name="all"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="all"
Nov 9 20:32:12 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Credentials for user root unknown
Nov 9 20:32:13 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Authentication failed for UNKNOWN USER from (uid=0)
Nov 9 20:35:49 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Authentication failed for UNKNOWN USER from (uid=0)
--Boundary-01=_CwLNHl+GgzrQuFT--
--nextPart1696408.uHbmyntVKf
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBHNLwJRbaN0BngmA4RAiWfAJ0fUBX9kVnacd4YPfqsFpCAebfA8wCePf03
ENDPGSAjiNMxpdtN3qzgG4U=
=VY6L
-----END PGP SIGNATURE-----
--nextPart1696408.uHbmyntVKf--