此程序從命令行接收一個用戶名作為參數(shù),然后對這個用戶名進行auth和account驗證
*/
// 定義一個pam_conv結構,用于與pam通信
static struct pam_conv conv = {
misc_conv,
NULL
};
// 主函數(shù)
int main(int argc, char *argv[])
{
pam_handle_t *pamh=NULL;
int retval;
const char *user="nobody";
const char *s1=NULL;
if(argc == 2)
user = argv[1];
else
exit(1);
if(argc > 2) {
fprintf(stderr, "Usage: pamtest0 [username]
");
exit(1);
}
printf("user: %s
",user);
retval = 0;
//調用pamtest配置文件
retval = pam_start("pamtest", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
//進行auth類型認證
retval = pam_authenticate(pamh, 0); /* is user really user? */
else {
//如果認證出錯,pam_strerror將輸出錯誤信息.
printf("pam_authenticate(): %d
",retval);
s1=pam_strerror( pamh, retval);
printf("%s
",s1);
}
if (retval == PAM_SUCCESS)
//進行account類型認證
retval = pam_acct_mgmt(pamh, 0); /* permitted access? */
else {
printf("pam_acct_mgmt() : %d
",retval);
s1=pam_strerror( pamh, retval);
printf("%s
",s1);
}
/* This is where we have been authorized or not. */
if (retval == PAM_SUCCESS) {
fprintf(stdout, "Authenticated
");
} else {
fprintf(stdout, "Not Authenticated
");
}
if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */
pamh = NULL;
fprintf(stderr, "pamtest0: failed to release authenticator
");
exit(1);
}
return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
//END
2.編譯
$ cc -o pamtest pamtest.c -lpam -lpam_misc -ldl
3.編寫PAM配置文件
以root身份編輯/etc/pam.d/pamtest,并添加下面內容:
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
4. 修改可執(zhí)行程序權限
