Linux Security Cookbook [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Linux Security Cookbook [Electronic resources] - نسخه متنی

Daniel J. Barrett, Robert G. Byrnes, Richard Silverman

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید










Recipe 4.1 Creating a PAM-Aware Application



4.1.1 Problem


You want to write a program that
uses PAM for authentication.


4.1.2 Solution


Select (or create) a PAM configuration in
/etc/pam.d. Then use the PAM API to perform
authentication with respect to that configuration. For example, the
following application uses the
su configuration, which means every user but
root must supply his login password:

#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <pwd.h>
#include <sys/types.h>
#include <stdio.h>
#define MY_CONFIG "su"
static struct pam_conv conv = { misc_conv, NULL };
main( )
{
pam_handle_t *pamh;
int result;
struct passwd *pw;
if ((pw = getpwuid(getuid( ))) == NULL)
perror("getpwuid");
else if ((result = pam_start(MY_CONFIG, pw->pw_name, &conv, &pamh)) != PAM_SUCCESS)
fprintf(stderr, "start failed: %d\n", result);
else if ((result = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
fprintf(stderr, "authenticate failed: %d\n", result);
else if ((result = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS)
fprintf(stderr, "acct_mgmt failed: %d\n", result);
else if ((result = pam_end(pamh, result)) != PAM_SUCCESS)
fprintf(stderr, "end failed: %d\n", result);
else
Run_My_Big_Application( ); /* Run your application code */
}

Compile the program, linking with libraries
libpam and libpam_misc:

$ gcc myprogram.c -lpam -lpam_misc


4.1.3 Discussion


The PAM libraries include functions to start PAM and check
authentication credentials. Notice how the details of authentication
are completely hidden from the application: simply reference your
desired PAM module (in this case, su) and
examine the function return values. Even after your application is
compiled, you can change the authentication behavior by editing
configurations in /etc/pam.d. Such is the beauty
of PAM.


4.1.4 See Also


pam_start(3), pam_end(3), pam_authenticate(3), pam_acct_mgmt(3). The
Linux PAM Developer's
Guide is at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appll.

/ 247