分类: LINUX
2011-07-15 10:59:43
#include#include #include #include /* 文件pamtest.c 此程序从命令行接收一个用户名作为参数,然后对这个用户名进行auth和account验证. */ // 定义一个pam_conv结构,用于与pam通信 static struct pam_conv conv = { misc_conv, NULL }; // 主函数 int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user="nobody"; const char *s1=NULL; if(argc == 2) user = argv[1]; else exit(1); if(argc > 2) { fprintf(stderr, "Usage: pamtest0 [username]\n"); exit(1); } printf("user: %s\n",user); retval = 0; //调用pamtest配置文件 retval = pam_start("pamtest", user, &conv, &pamh); if (retval == PAM_SUCCESS) //进行auth类型认证 retval = pam_authenticate(pamh, 0); /* is user really user? */ else { //如果认证出错,pam_strerror将输出错误信息. printf("pam_authenticate(): %d\n",retval); s1=pam_strerror( pamh, retval); printf("%s\n",s1); } if (retval == PAM_SUCCESS) //进行account类型认证 retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ else { printf("pam_acct_mgmt() : %d\n",retval); s1=pam_strerror( pamh, retval); printf("%s\n",s1); } /* This is where we have been authorized or not. */ if (retval == PAM_SUCCESS) { fprintf(stdout, "Authenticated\n"); } else { fprintf(stdout, "Not Authenticated\n"); } if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ pamh = NULL; fprintf(stderr, "pamtest0: failed to release authenticator\n"); exit(1); } return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ } //END
$ cc -o pamtest pamtest.c -lpam -lpam_misc -ldl
以root身份执行: vi /etc/pam.d/pamtest
auth required /lib/security/pam_unix.so account required /lib/security/pam_unix.so
由于pam_unix.so需要访问/etc/shadow和/etc/passwd文件,所以要给pamtest文件附上SUID权限.
# chown root.root pamtest # chmod 111 pamtest # ls pamtest # ls pamtest -hl ---s--x--x 1 root root 12K 2007-07-16 01:52 pamtest
pamtest程序通过pam_unix.so,先对用户的密码进行验证,然后对用户的账号信息进行验证.
以普通用户身份执行,输入错误的maj密码时.
maj@m2-u:01:52:09/var/tmp$ ./pamtest maj user: maj Password: pam_acct_mgmt() : 7 Authentication failure Not Authenticated
输入正确的密码时
maj@m2-u:01:54:44/var/tmp$ ./pamtest maj user: maj Password: Authenticated
输入错误的root密码时
maj@m2-u:01:58:37/var/tmp$ ./pamtest root user: root Password: pam_acct_mgmt() : 7 Authentication failure Not Authenticated maj@m2-u:01:59:15/var/tmp$
输入正确的root密码时
maj@m2-u:01:54:50/var/tmp$ ./pamtest root user: root Password: Authenticated maj@m2-u:01:58:37/var/tmp$