[英]PAM authenticate a user in C
Ok, so I'm a pretty awful coder, and I'm wondering (as the title says) how I can authenticate a Linux user with PAM using C. The only thing I really understand is including the pam_appl.h
and pam_misc.h
header files, that I need to place pam_start
and pam_end
somewhere in my code, and not much else.好的,所以我是一个非常糟糕的编码器,我想知道(正如标题所说)如何使用 C 使用 PAM 对 Linux 用户进行身份验证。我唯一真正理解的是包含pam_appl.h
和pam_misc.h
头文件,我需要将pam_start
和pam_end
放在我的代码中的某个位置,而不是其他太多。 So how would I achieve what I'm looking for?那么我将如何实现我正在寻找的东西?
You need to use the pam_authenticate
function.您需要使用pam_authenticate
函数。
Working with PAM requires answers that are a bit longer than the average StackOverflow answer;使用 PAM 需要的答案比 StackOverflow 的平均答案要长一些; but, fortunately there is an entire online book on the subject http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html但是,幸运的是有一本关于这个主题的完整在线书籍http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html
If you want to just get a code snippet, you can start with this one如果你只想得到一个代码片段,你可以从这个开始
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
static struct pam_conv conv = {
misc_conv,
NULL
};
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
if(argc == 2) {
user = argv[1];
}
if(argc > 2) {
fprintf(stderr, "Usage: check_user [username]\n");
exit(1);
}
retval = pam_start("check_user", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0); /* is user really user? */
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
/* This is where we have been authorized or not. */
if (retval == PAM_SUCCESS) {
fprintf(stdout, "Authenticated\n");
} else {
fprintf(stdout, "Not Authenticated\n");
}
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "check_user: failed to release authenticator\n");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
Which will work with a correct PAM setup including这将适用于正确的 PAM 设置,包括
You need to add the following (or equivalent) to the
/etc/pam.d/check_user file:
# check authorization
auth required pam_unix.so
account required pam_unix.so
*/
as detailed within the mentioned book.如上述书中所详述。 The original source of this code snippet can be found at http://www.linux-pam.org/Linux-PAM-html/adg-example.html此代码片段的原始来源可以在http://www.linux-pam.org/Linux-PAM-html/adg-example.html找到
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.