From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-ME-UUID: 20071109195902121.1DBAC700008E@mwinf2e17.orange.fr From: Daniel Rocher To: "Dmitry V. Levin" , "ALT Linux users (in English only)" Date: Fri, 9 Nov 2007 20:58:57 +0100 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) References: <200711091456.03162.daniel.rocher@adella.org> <20071109172301.GA31932@basalt.office.altlinux.org> In-Reply-To: <20071109172301.GA31932@basalt.office.altlinux.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1696408.uHbmyntVKf"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200711092059.05147.daniel.rocher@adella.org> Cc: Motsyo Gennadi aka Drool Subject: Re: [Comm-en] PAM with ALT Linux X-BeenThere: community-en@lists.altlinux.org X-Mailman-Version: 2.1.9 Precedence: list Reply-To: daniel.rocher@adella.org, "ALT Linux users \(in English only\)" List-Id: "ALT Linux users \(in English only\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 19:59:03 -0000 Archived-At: List-Archive: --nextPart1696408.uHbmyntVKf Content-Type: multipart/mixed; boundary="Boundary-01=_CwLNHl+GgzrQuFT" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_CwLNHl+GgzrQuFT Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Le vendredi 9 novembre 2007, Dmitry V. Levin a =E9crit : > > Could you provide more details how it doesn't work, please? > Where it fails, how it fails, credentials of process which fails, > log message (in /var/log/auth/all) if any, etc. QtSmbstatus was designed as a client/server. I use PAM to check=20 login/password. I Use this code since 2004: pam.cpp and pam.h (attached). When I want to check a login/password, my prog return (only in Alt linux): User could not be authenticated: Authentication service cannot retrieve=20 authentication info Yet the login and password are correct. attached: /etc/pam.d/qtsmbstatusd /etc/qtsmbstatusd/qtsmbstatusd.users /var/log/auth/all greetings =2D-=20 ____________________________________________ Daniel Rocher @ mail : daniel.rocher@adella.org Jabber : daniel.rocher@jabber.org web : http://rocher.daniel.free.fr GPG ID : 0x19E0980E ____________________________________________ --Boundary-01=_CwLNHl+GgzrQuFT Content-Type: text/x-c++src; charset="iso-8859-6"; name="pam.cpp" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="pam.cpp" #include "pam.h" // most of this code I got from Rene Mayrhofer (rmayr@debian.org) =20 /* Global variables for PAM authentication. */ static char *pamUsername, *pamPassword; /* This is the PAM conversation function, it uses the global variables pamUsername and pamPassword, they have to be initialized before using this function. It simply feeds the password to the PAM library in response to a PAM_PROMPT_ECHO_OFF message */ static int pamConversationFunction(int num_msg, const struct pam_message **= msg, struct pam_response **resp, void *appdata_ptr) { struct pam_response *r; int count; // alloc the response r =3D (struct pam_response*) malloc(sizeof(struct pam_response) * num_m= sg); if (r =3D=3D NULL) return PAM_CONV_ERR; for (count=3D0; countresp, pamUsername, PAM_MAX_RESP_SIZE); break; case PAM_PROMPT_ECHO_OFF: r[count].resp =3D (char*) malloc(PAM_MAX_RESP_SIZE); strncpy(r[count].resp, pamPassword, PAM_MAX_RESP_SIZE); r[count].resp_retcode =3D PAM_SUCCESS; break; default: free(r); return PAM_CONV_ERR; } } *resp =3D r; return PAM_SUCCESS; } /* pamUsername and pamPassword must be set before calling this method. Returns 0 when not successful, 1 when successful; */ int checkUserPass_real() { struct pam_conv pam_conversation; pam_handle_t *pam_h; int pamretval, ret=3D0; pam_conversation.conv =3D pamConversationFunction; pam_conversation.appdata_ptr =3D NULL; pamretval =3D pam_start(PAM_SERVICE_NAME, pamUsername, &pam_conversatio= n, &pam_h); if (pamretval !=3D PAM_SUCCESS) { printf("Error initializing PAM library: %s\n", pam_strerror(pam_h, pamretv= al)); return 0; } pamretval =3D pam_authenticate(pam_h, PAM_SILENT); if (pamretval !=3D PAM_SUCCESS) { printf("User could not be authenticated: %s\n", pam_strerror(pam_h, pamret= val)); ret =3D 0; } else { pamretval =3D pam_acct_mgmt(pam_h, 0); if (pamretval !=3D PAM_SUCCESS) { printf("User not healthy: %s\n", pam_strerror(pam_h, pamretval)); ret =3D 0; } else ret =3D 1; } if (pam_end(pam_h, pamretval) !=3D PAM_SUCCESS) { printf("Error releasing PAM library: %s\n", pam_strerror(pam_h, pamretval)= ); return 0; } return ret; } /* authenticate vs pam. Notice: PAM_SERVICE_NAME: pam service has to exist = and be set up correctly*/ int auth(char *username, char *passwd) { if (!username) return 0; if (!passwd) return 0; pamUsername =3D strdup(username); pamPassword =3D strdup(passwd); if (checkUserPass_real()) return 1; else return 0; } --Boundary-01=_CwLNHl+GgzrQuFT Content-Type: text/x-chdr; charset="iso-8859-6"; name="pam.h" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="pam.h" #include #include #include #include #include extern "C" { #include #include } #define PAM_SERVICE_NAME "qtsmbstatusd" int auth(char *username,char* passwd); --Boundary-01=_CwLNHl+GgzrQuFT Content-Type: text/plain; charset="iso-8859-1"; name="qtsmbstatusd" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="qtsmbstatusd" # # The PAM configuration file for the qtsmbstatusd daemon # auth required pam_unix.so nullok auth required pam_listfile.so file=/etc/qtsmbstatusd/qtsmbstatusd.users onerr=fail sense=allow item=user account required pam_unix.so session required pam_unix.so password required pam_unix.so --Boundary-01=_CwLNHl+GgzrQuFT Content-Type: text/plain; charset="iso-8859-1"; name="qtsmbstatusd.users" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="qtsmbstatusd.users" root --Boundary-01=_CwLNHl+GgzrQuFT Content-Type: text/plain; charset="iso-8859-1"; name="all" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="all" Nov 9 20:32:12 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Credentials for user root unknown Nov 9 20:32:13 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Authentication failed for UNKNOWN USER from (uid=0) Nov 9 20:35:49 localhost qtsmbstatusd: pam_unix(qtsmbstatusd:auth): Authentication failed for UNKNOWN USER from (uid=0) --Boundary-01=_CwLNHl+GgzrQuFT-- --nextPart1696408.uHbmyntVKf Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBHNLwJRbaN0BngmA4RAiWfAJ0fUBX9kVnacd4YPfqsFpCAebfA8wCePf03 ENDPGSAjiNMxpdtN3qzgG4U= =VY6L -----END PGP SIGNATURE----- --nextPart1696408.uHbmyntVKf--