本文整理汇总了C++中pam_chauthtok函数的典型用法代码示例。如果您正苦于以下问题:C++ pam_chauthtok函数的具体用法?C++ pam_chauthtok怎么用?C++ pam_chauthtok使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了pam_chauthtok函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: ChangePlaintextPasswordUsingLibPam
static bool ChangePlaintextPasswordUsingLibPam(const char *puser, const char *password)
{
int status;
pam_handle_t *handle;
struct pam_conv conv;
conv.conv = PasswordSupplier;
conv.appdata_ptr = (void*)password;
status = pam_start("passwd", puser, &conv, &handle);
if (status != PAM_SUCCESS)
{
Log(LOG_LEVEL_ERR, "Could not initialize pam session. (pam_start: '%s')", pam_strerror(NULL, status));
return false;
}
Log(LOG_LEVEL_VERBOSE, "Changing password for user '%s'.", puser);
status = pam_chauthtok(handle, PAM_SILENT);
pam_end(handle, status);
if (status == PAM_SUCCESS)
{
return true;
}
else
{
Log(LOG_LEVEL_ERR, "Could not change password for user '%s'. (pam_chauthtok: '%s')",
puser, pam_strerror(handle, status));
return false;
}
}
开发者ID:basvandervlies,项目名称:core,代码行数:28,代码来源:verify_users_pam.c
示例2: run_test_case
static enum pamtest_err run_test_case(pam_handle_t *ph,
struct pam_testcase *tc)
{
switch (tc->pam_operation) {
case PAMTEST_AUTHENTICATE:
tc->op_rv = pam_authenticate(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_SETCRED:
tc->op_rv = pam_setcred(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_ACCOUNT:
tc->op_rv = pam_acct_mgmt(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_OPEN_SESSION:
tc->op_rv = pam_open_session(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_CLOSE_SESSION:
tc->op_rv = pam_close_session(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_CHAUTHTOK:
tc->op_rv = pam_chauthtok(ph, tc->flags);
return PAMTEST_ERR_OK;
case PAMTEST_GETENVLIST:
tc->case_out.envlist = pam_getenvlist(ph);
return PAMTEST_ERR_OK;
case PAMTEST_KEEPHANDLE:
tc->case_out.ph = ph;
return PAMTEST_ERR_KEEPHANDLE;
default:
return PAMTEST_ERR_OP;
}
return PAMTEST_ERR_OP;
}
开发者ID:encukou,项目名称:samba,代码行数:34,代码来源:libpamtest.c
示例3: pam_chauthtok
bool PamHandle::chAuthTok(int flags) {
m_result = pam_chauthtok(m_handle, flags | m_silent);
if (m_result != PAM_SUCCESS) {
qWarning() << "[PAM] chAuthTok:" << pam_strerror(m_handle, m_result);
}
return m_result == PAM_SUCCESS;
}
开发者ID:Acidburn0zzz,项目名称:sddm-1,代码行数:7,代码来源:PamHandle.cpp
示例4: main
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
retval = pam_start("sqlite3", user, &conv, &pamh);
if(retval == PAM_SUCCESS)
printf("PAM started.\n");
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0); /* is user really user? */
if(retval == PAM_SUCCESS)
printf("Authentication succeeded, checking access.\n");
else
printf("Authentication failed: %s\n", pam_strerror(pamh, retval));
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
if(retval == PAM_SUCCESS)
printf("Access permitted.\n");
else
printf("Access denied: %s\n", pam_strerror(pamh, retval));
/* lets try print password */
printf("Changing authentication token...\n");
retval = pam_chauthtok(pamh, 0);
if(retval != PAM_SUCCESS) {
printf("Failed: %s\n", pam_strerror(pamh, retval));
} else {
printf("Token changed.\n");
}
/* This is where we have been authorized or not. */
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
开发者ID:JKingweb,项目名称:pam_sqlite3,代码行数:54,代码来源:test.c
示例5: loginpam_acct
static void loginpam_acct(struct login_context *cxt)
{
int rc;
pam_handle_t *pamh = cxt->pamh;
rc = pam_acct_mgmt(pamh, 0);
if (rc == PAM_NEW_AUTHTOK_REQD)
rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (is_pam_failure(rc))
loginpam_err(pamh, rc);
/*
* Grab the user information out of the password file for future use.
* First get the username that we are actually using, though.
*/
rc = loginpam_get_username(pamh, &cxt->username);
if (is_pam_failure(rc))
loginpam_err(pamh, rc);
if (!cxt->username || !*cxt->username) {
warnx(_("\nSession setup problem, abort."));
syslog(LOG_ERR, _("NULL user name in %s:%d. Abort."),
__FUNCTION__, __LINE__);
pam_end(pamh, PAM_SYSTEM_ERR);
sleepexit(EXIT_FAILURE);
}
}
开发者ID:abrodkin,项目名称:util-linux,代码行数:29,代码来源:login.c
示例6: do_pam_passwd
void
do_pam_passwd(const char *user, int silent, int change_expired)
{
pam_handle_t *pamh = NULL;
int flags = 0, ret;
if (silent)
flags |= PAM_SILENT;
if (change_expired)
flags |= PAM_CHANGE_EXPIRED_AUTHTOK;
ret = pam_start("passwd", user, &conv, &pamh);
if (ret != PAM_SUCCESS) {
fprintf(stderr, _("passwd: pam_start() failed, error %d\n"),
ret);
exit(10); /* XXX */
}
ret = pam_chauthtok(pamh, flags);
if (ret != PAM_SUCCESS) {
fprintf(stderr, _("passwd: %s\n"), PAM_STRERROR(pamh, ret));
pam_end(pamh, ret);
exit(10); /* XXX */
}
pam_end(pamh, PAM_SUCCESS);
}
开发者ID:TomDataworks,项目名称:smaller-than-busybox,代码行数:27,代码来源:pam_pass.c
示例7: sudo_pam_verify
int
sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
const char *s;
int *pam_status = (int *) auth->data;
debug_decl(sudo_pam_verify, SUDO_DEBUG_AUTH)
def_prompt = prompt; /* for converse */
/* PAM_SILENT prevents the authentication service from generating output. */
*pam_status = pam_authenticate(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
*pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
debug_return_int(AUTH_SUCCESS);
case PAM_AUTH_ERR:
log_warning(NO_MAIL, N_("account validation failure, "
"is your account locked?"));
debug_return_int(AUTH_FATAL);
case PAM_NEW_AUTHTOK_REQD:
log_warning(NO_MAIL, N_("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
debug_return_int(AUTH_SUCCESS);
if ((s = pam_strerror(pamh, *pam_status)) != NULL) {
log_warning(NO_MAIL,
N_("unable to change expired password: %s"), s);
}
debug_return_int(AUTH_FAILURE);
case PAM_AUTHTOK_EXPIRED:
log_warning(NO_MAIL,
N_("Password expired, contact your system administrator"));
debug_return_int(AUTH_FATAL);
case PAM_ACCT_EXPIRED:
log_warning(NO_MAIL,
N_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
debug_return_int(AUTH_FATAL);
}
/* FALLTHROUGH */
case PAM_AUTH_ERR:
case PAM_AUTHINFO_UNAVAIL:
if (getpass_error) {
/* error or ^C from tgetpass() */
debug_return_int(AUTH_INTR);
}
/* FALLTHROUGH */
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
debug_return_int(AUTH_FAILURE);
default:
if ((s = pam_strerror(pamh, *pam_status)) != NULL)
log_warning(NO_MAIL, N_("PAM authentication error: %s"), s);
debug_return_int(AUTH_FATAL);
}
}
开发者ID:JamesHagerman,项目名称:sudo-1.8.10p3-pword-debugging,代码行数:60,代码来源:pam.c
示例8: pam_start
bool PAMAuthenticator::authenticate(void)
{
pam_conv c;
c.conv = PAMAuthenticator::conv;
c.appdata_ptr = this;
int res = pam_start("repwatchproxy", 0, &c, &this->m_ph);
if (res == PAM_SUCCESS) {
res = pam_set_item(this->m_ph, PAM_RUSER, this->m_user.constData());
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_set_item(this->m_ph, PAM_RHOST, this->m_host.constData());
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_authenticate(this->m_ph, 0);
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_acct_mgmt(this->m_ph, 0);
if (PAM_NEW_AUTHTOK_REQD == res) {
res = pam_chauthtok(this->m_ph, PAM_CHANGE_EXPIRED_AUTHTOK);
}
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_setcred(this->m_ph, PAM_ESTABLISH_CRED);
if (res != PAM_SUCCESS) {
goto getout;
}
res = pam_open_session(this->m_ph, 0);
if (res != PAM_SUCCESS) {
goto getout;
}
return true;
getout:
qWarning("%s: %s", Q_FUNC_INFO, pam_strerror(this->m_ph, res));
pam_end(this->m_ph, res);
}
else {
qCritical("PAM initialization failed");
}
this->m_ph = 0;
return false;
}
开发者ID:sjinks,项目名称:repwatch_proxy,代码行数:55,代码来源:pamauthenticator.cpp
示例9: pam_verify
int
pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth)
{
const char *s;
int *pam_status = (int *) auth->data;
def_prompt = prompt; /* for converse */
/* PAM_SILENT prevents the authentication service from generating output. */
*pam_status = pam_authenticate(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
*pam_status = pam_acct_mgmt(pamh, PAM_SILENT);
switch (*pam_status) {
case PAM_SUCCESS:
return AUTH_SUCCESS;
case PAM_AUTH_ERR:
log_error(NO_EXIT|NO_MAIL, _("account validation failure, "
"is your account locked?"));
return AUTH_FATAL;
case PAM_NEW_AUTHTOK_REQD:
log_error(NO_EXIT|NO_MAIL, _("Account or password is "
"expired, reset your password and try again"));
*pam_status = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (*pam_status == PAM_SUCCESS)
return AUTH_SUCCESS;
if ((s = pam_strerror(pamh, *pam_status)))
log_error(NO_EXIT|NO_MAIL, _("pam_chauthtok: %s"), s);
return AUTH_FAILURE;
case PAM_AUTHTOK_EXPIRED:
log_error(NO_EXIT|NO_MAIL,
_("Password expired, contact your system administrator"));
return AUTH_FATAL;
case PAM_ACCT_EXPIRED:
log_error(NO_EXIT|NO_MAIL,
_("Account expired or PAM config lacks an \"account\" "
"section for sudo, contact your system administrator"));
return AUTH_FATAL;
}
/* FALLTHROUGH */
case PAM_AUTH_ERR:
if (gotintr) {
/* error or ^C from tgetpass() */
return AUTH_INTR;
}
case PAM_MAXTRIES:
case PAM_PERM_DENIED:
return AUTH_FAILURE;
default:
if ((s = pam_strerror(pamh, *pam_status)))
log_error(NO_EXIT|NO_MAIL, _("pam_authenticate: %s"), s);
return AUTH_FATAL;
}
}
开发者ID:CVi,项目名称:sudo,代码行数:55,代码来源:pam.c
示例10: sshpam_chauthtok_ruid
static int
sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
{
int result;
if (sshpam_authctxt == NULL)
fatal("PAM: sshpam_authctxt not initialized");
if (setreuid(sshpam_authctxt->pw->pw_uid, -1) == -1)
fatal("%s: setreuid failed: %s", __func__, strerror(errno));
result = pam_chauthtok(pamh, flags);
if (setreuid(0, -1) == -1)
fatal("%s: setreuid failed: %s", __func__, strerror(errno));
return result;
}
开发者ID:Alkzndr,项目名称:freebsd,代码行数:14,代码来源:auth-pam.c
示例11: pm_do_auth
static void
pm_do_auth(adt_session_data_t *ah)
{
pam_handle_t *pm_pamh;
int err;
int pam_flag = 0;
int chpasswd_tries;
struct pam_conv pam_conv = {pam_tty_conv, NULL};
if (user[0] == '\0')
return;
if ((err = pam_start("sys-suspend", user, &pam_conv,
&pm_pamh)) != PAM_SUCCESS)
return;
pam_flag = PAM_DISALLOW_NULL_AUTHTOK;
do {
err = pam_authenticate(pm_pamh, pam_flag);
if (err == PAM_SUCCESS) {
err = pam_acct_mgmt(pm_pamh, pam_flag);
if (err == PAM_NEW_AUTHTOK_REQD) {
chpasswd_tries = 0;
do {
err = pam_chauthtok(pm_pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
chpasswd_tries++;
} while ((err == PAM_AUTHTOK_ERR ||
err == PAM_TRY_AGAIN) &&
chpasswd_tries < DEF_ATTEMPTS);
pm_audit_event(ah, ADT_passwd, err);
}
err = pam_setcred(pm_pamh, PAM_REFRESH_CRED);
}
if (err != PAM_SUCCESS) {
(void) fprintf(stdout, "%s\n",
pam_strerror(pm_pamh, err));
pm_audit_event(ah, ADT_screenunlock, err);
}
} while (err != PAM_SUCCESS);
pm_audit_event(ah, ADT_passwd, 0);
(void) pam_end(pm_pamh, err);
}
开发者ID:FilipinOTech,项目名称:illumos-gate,代码行数:49,代码来源:sys-suspend.c
示例12: main
int main(int argc, char **argv) {
pam_handle_t *pamh=NULL;
static struct pam_conv pamc = {
misc_conv,
NULL
};
if( PAM_SUCCESS != pam_start("test", "testa", &pamc, &pamh) )
{
fprintf(stderr, "ERR: pam_start failed!\n");
return 1;
}
/*
if( PAM_SUCCESS != pam_set_item(pamh, PAM_USER, "tester") )
{
fprintf(stderr, "ERR: pam_set_item user failed!\n");
return 1;
}
if( PAM_SUCCESS != pam_chauthtok(pamh, 0) )
{
fprintf(stderr, "ERR: pam_chauthtok failed!\n");
return 1;
}
if( PAM_SUCCESS != pam_set_item(pamh, PAM_AUTHTOK, "mypassword") )
{
fprintf(stderr, "ERR: pam_set_item password failed!\n");
return 1;
}
*/
if( PAM_SUCCESS != pam_chauthtok(pamh, 0) )
{
fprintf(stderr, "ERR: pam_chauthtok failed!\n");
return 1;
}
if( PAM_SUCCESS != pam_end(pamh, PAM_SUCCESS) )
{
fprintf(stderr, "ERR: pam_end failed!\n");
return 1;
}
return 0;
}
开发者ID:antriver,项目名称:pam_url,代码行数:48,代码来源:test_chauthtok.c
示例13: do_pam_chauthtok
/*
* XXX this should be done in the authentication phase, but ssh1 doesn't
* support that
*/
void
do_pam_chauthtok(void)
{
if (use_privsep)
fatal("Password expired (unable to change with privsep)");
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
(const void *)&tty_conv);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
debug("PAM: changing password");
sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: pam_chauthtok(): %s",
pam_strerror(sshpam_handle, sshpam_err));
}
开发者ID:Alkzndr,项目名称:freebsd,代码行数:20,代码来源:auth-pam.c
示例14: main
int main(int argc, char *argv[])
{
pam_handle_t *pamh = NULL;
int retval;
struct pam_conv conv = { gradm_pam_conv, NULL };
struct gr_arg_wrapper wrapper;
struct gr_arg arg;
int fd;
if (argc != 2)
exit(EXIT_FAILURE);
wrapper.version = GRADM_VERSION;
wrapper.size = sizeof(struct gr_arg);
wrapper.arg = &arg;
arg.mode = GRADM_STATUS;
if ((fd = open(GRDEV_PATH, O_WRONLY)) < 0) {
fprintf(stderr, "Could not open %s.\n", GRDEV_PATH);
failure("open");
}
retval = write(fd, &wrapper, sizeof(struct gr_arg_wrapper));
close(fd);
if (retval != 1)
exit(EXIT_FAILURE);
retval = pam_start(PAM_SERVICENAME, argv[1], &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);
if (retval == PAM_AUTHTOK_EXPIRED)
retval = pam_chauthtok(pamh, 0);
if (pamh)
pam_end(pamh, retval);
if (retval != PAM_SUCCESS)
exit(EXIT_FAILURE);
return EXIT_SUCCESS;
}
开发者ID:nhlfr,项目名称:gradm,代码行数:47,代码来源:gradm_pam.c
示例15: do_account_password_management
static int
do_account_password_management(pam_handle_t *pamh)
{
int rc;
/* Whether the authenticated user is allowed to log in? */
rc = pam_acct_mgmt(pamh, 0);
/* Do we need to prompt the user for a new password? */
if (rc == PAM_NEW_AUTHTOK_REQD)
rc = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
/* Extend the lifetime of the existing credentials. */
if (rc == PAM_SUCCESS)
rc = pam_setcred(pamh, PAM_REFRESH_CRED);
return rc;
}
开发者ID:legionus,项目名称:kbd,代码行数:18,代码来源:auth.c
示例16: co_auth_user
static void co_auth_user(void* data)
{
struct pam_ctx_st * pctx = data;
int pret;
pctx->state = PAM_S_INIT;
pret = pam_authenticate(pctx->ph, 0);
if (pret != PAM_SUCCESS) {
syslog(LOG_INFO, "PAM authenticate error: %s", pam_strerror(pctx->ph, pret));
pctx->cr_ret = pret;
goto wait;
}
pret = pam_acct_mgmt(pctx->ph, 0);
if (pret == PAM_NEW_AUTHTOK_REQD) {
/* change password */
syslog(LOG_INFO, "Password for user '%s' is expired. Attempting to update...", pctx->username);
pctx->changing = 1;
pret = pam_chauthtok(pctx->ph, PAM_CHANGE_EXPIRED_AUTHTOK);
}
if (pret != PAM_SUCCESS) {
syslog(LOG_INFO, "PAM acct-mgmt error: %s", pam_strerror(pctx->ph, pret));
pctx->cr_ret = pret;
goto wait;
}
pctx->state = PAM_S_COMPLETE;
pctx->cr_ret = PAM_SUCCESS;
wait:
while(1) {
co_resume();
}
}
开发者ID:fqtools,项目名称:ocserv,代码行数:37,代码来源:pam.c
示例17: authenticate
static void
authenticate (const struct passwd* pw) {
const struct passwd* lpw = NULL;
const char* cp, *srvname = NULL;
int retval;
switch (su_mode) {
case SU_MODE:
srvname = simulate_login ? PAM_SRVNAME_SU_L : PAM_SRVNAME_SU;
break;
case RUNUSER_MODE:
srvname = simulate_login ? PAM_SRVNAME_RUNUSER_L : PAM_SRVNAME_RUNUSER;
break;
default:
abort();
break;
}
retval = pam_start (srvname, pw->pw_name, &conv, &pamh);
if (is_pam_failure(retval)) {
goto done;
}
if (isatty (0) && (cp = ttyname (0)) != NULL) {
const char* tty;
if (strncmp (cp, "/dev/", 5) == 0) {
tty = cp + 5;
} else {
tty = cp;
}
retval = pam_set_item (pamh, PAM_TTY, tty);
if (is_pam_failure(retval)) {
goto done;
}
}
lpw = current_getpwuid ();
if (lpw && lpw->pw_name) {
retval = pam_set_item (pamh, PAM_RUSER, (const void*) lpw->pw_name);
if (is_pam_failure(retval)) {
goto done;
}
}
if (su_mode == RUNUSER_MODE) {
/*
* This is the only difference between runuser(1) and su(1). The command
* runuser(1) does not required authentication, because user is root.
*/
if (restricted) {
errx(EXIT_FAILURE, _("may not be used by non-root users"));
}
return;
}
retval = pam_authenticate (pamh, 0);
if (is_pam_failure(retval)) {
goto done;
}
retval = pam_acct_mgmt (pamh, 0);
if (retval == PAM_NEW_AUTHTOK_REQD) {
/* Password has expired. Offer option to change it. */
retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
}
done:
log_syslog(pw, !is_pam_failure(retval));
if (is_pam_failure(retval)) {
const char* msg;
log_btmp(pw);
msg = pam_strerror(pamh, retval);
pam_end(pamh, retval);
sleep (getlogindefs_num ("FAIL_DELAY", 1));
errx (EXIT_FAILURE, "%s", msg ? msg : _("incorrect password"));
}
}
开发者ID:TheNeikos,项目名称:bughack,代码行数:82,代码来源:su-common.2.27.1-1.modified.c
示例18: main
//.........这里部分代码省略.........
syslog(LOG_ERR, "Could not open pty: %m");
return 1;
}
tty = ttyname(slave);
/* Start PAM */
if((err = pam_start("rlogin", luser, &conv, &handle)) != PAM_SUCCESS) {
safewrite(1, "Authentication failure\n", 23);
syslog(LOG_ERR, "PAM error: %s", pam_strerror(handle, err));
return 1;
}
pam_set_item(handle, PAM_USER, luser);
pam_set_item(handle, PAM_RUSER, user);
pam_set_item(handle, PAM_RHOST, host);
pam_set_item(handle, PAM_TTY, tty);
/* Write NULL byte to client so we can give a login prompt if necessary */
if(safewrite(1, "", 1) == -1) {
syslog(LOG_ERR, "Unable to write NULL byte: %m");
return 1;
}
/* Try to authenticate */
err = pam_authenticate(handle, 0);
/* PAM might ask for a new password */
if(err == PAM_NEW_AUTHTOK_REQD) {
err = pam_chauthtok(handle, PAM_CHANGE_EXPIRED_AUTHTOK);
if(err == PAM_SUCCESS)
err = pam_authenticate(handle, 0);
}
if(err != PAM_SUCCESS) {
safewrite(1, "Authentication failure\n", 23);
syslog(LOG_ERR, "PAM error: %s", pam_strerror(handle, err));
return 1;
}
/* Check account */
err = pam_acct_mgmt(handle, 0);
if(err != PAM_SUCCESS) {
safewrite(1, "Authentication failure\n", 23);
syslog(LOG_ERR, "PAM error: %s", pam_strerror(handle, err));
return 1;
}
/* PAM can map the user to a different user */
err = pam_get_item(handle, PAM_USER, &item);
if(err != PAM_SUCCESS) {
syslog(LOG_ERR, "PAM error: %s", pam_strerror(handle, err));
return 1;
}
pamuser = strdup((char *)item);
if(!pamuser || !*pamuser) {
开发者ID:Jactry,项目名称:shishi,代码行数:67,代码来源:rlogind.c
示例19: main
//.........这里部分代码省略.........
#ifdef USE_PAM
retval = PAM_SUCCESS;
pampw = getpwuid (getuid ());
if (pampw == NULL) {
retval = PAM_USER_UNKNOWN;
}
if (retval == PAM_SUCCESS) {
retval =
pam_start ("shadow", pampw->pw_name, &conv, &pamh);
}
if (retval == PAM_SUCCESS) {
retval = pam_authenticate (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval == PAM_SUCCESS) {
retval = pam_acct_mgmt (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval != PAM_SUCCESS) {
fprintf (stderr, _("%s: PAM authentication failed\n"),
Prog);
exit (1);
}
#endif /* USE_PAM */
OPENLOG (Prog);
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
/*
* The open routines for the DBM files don't use read-write as the
* mode, so we have to clue them in.
*/
#ifdef NDBM
gr_dbm_mode = O_RDWR;
#ifdef SHADOWGRP
sg_dbm_mode = O_RDWR;
#endif /* SHADOWGRP */
#endif /* NDBM */
process_flags (argc, argv);
/*
* Start with a quick check to see if the group exists.
*/
if (getgrnam (group_name)) {
if (fflg) {
exit (E_SUCCESS);
}
fprintf (stderr, _("%s: group %s exists\n"), Prog,
group_name);
exit (E_NAME_IN_USE);
}
/*
* Do the hard stuff - open the files, create the group entries,
* then close and update the files.
*/
open_files ();
if (!gflg || !oflg)
find_new_gid ();
grp_update ();
close_files ();
#ifdef USE_PAM
if (retval == PAM_SUCCESS) {
retval = pam_chauthtok (pamh, 0);
if (retval != PAM_SUCCESS) {
pam_end (pamh, retval);
}
}
if (retval != PAM_SUCCESS) {
fprintf (stderr, _("%s: PAM chauthtok failed\n"), Prog);
exit (1);
}
if (retval == PAM_SUCCESS)
pam_end (pamh, PAM_SUCCESS);
#endif /* USE_PAM */
exit (E_SUCCESS);
/*NOTREACHED*/
}
开发者ID:daxxog,项目名称:shadow-utils-slitaz,代码行数:101,代码来源:groupadd.c
示例20: main
int main(int argc, char **argv) {
hardened_shadow_openlog("su");
if (!hardened_shadow_get_current_username(¤t_username))
errx(EXIT_FAILURE, "Cannot determine your user name.");
parse_args(argc, argv);
uid_t my_uid = getuid();
bool is_root = (my_uid == 0);
if (!is_root && (!isatty(STDIN_FILENO) || !ttyname(STDIN_FILENO)))
errx(EXIT_FAILURE, "must be run from a terminal");
const struct pam_conv pam_conversation = {
misc_conv,
NULL
};
pam_handle_t *pam_handle = NULL;
int pam_rv = pam_start("su", target_username, &pam_conversation, &pam_handle);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_start: error %d", pam_rv);
su_fatal();
}
pam_rv = pam_set_item(pam_handle, PAM_TTY, ttyname(STDIN_FILENO));
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_set_item: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_set_item(pam_handle, PAM_RUSER, current_username);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_set_item: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_fail_delay(pam_handle, 1000000);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_fail_delay: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_authenticate(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_authenticate: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_acct_mgmt(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
if (is_root) {
warnx("%s (ignored)", pam_strerror(pam_handle, pam_rv));
} else if (pam_rv == PAM_NEW_AUTHTOK_REQD) {
pam_rv = pam_chauthtok(pam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_chauthtok: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
} else {
hardened_shadow_syslog(LOG_ERR, "pam_acct_mgmt: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
}
if (setgid(target_gid) != 0) {
hardened_shadow_syslog(LOG_ERR, "bad group ID `%d' for user `%s': %s",
target_gid, target_username, strerror(errno));
pam_rv = PAM_ABORT;
goto pam_cleanup;
}
if (initgroups(target_username, target_gid) != 0) {
hardened_shadow_syslog(LOG_ERR, "initgroups failed for user `%s': %s",
target_username, strerror(errno));
pam_rv = PAM_ABORT;
goto pam_cleanup;
}
pam_rv = pam_setcred(pam_handle, PAM_ESTABLISH_CRED);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_setcred: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cleanup;
}
pam_rv = pam_open_session(pam_handle, 0);
if (pam_rv != PAM_SUCCESS) {
hardened_shadow_syslog(LOG_ERR, "pam_open_session: %s",
pam_strerror(pam_handle, pam_rv));
goto pam_cred_cleanup;
}
char **pam_env = pam_getenvlist(pam_handle);
if (!pam_env)
//.........这里部分代码省略.........
开发者ID:mitzip,项目名称:hardened-shadow,代码行数:101,代码来源:su.c
注:本文中的pam_chauthtok函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论