August 3rd, 2007, 10:05 AM
|
|
Registered User
|
|
Join Date: Aug 2007
Posts: 2
Time spent in forums: 37 m 50 sec
Reputation Power: 0
|
|
|
I figured it out so I decided to share it.
The way to pass the password from the application to the PAM module to check its strength is via the "conversation" function.
The conversation function is a call-back that is typically used to prompt the user to enter the password, but it can be overwritten with a new one that would feed the password without interaction.
Codewise:
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
static char password[128];
static char buffer[128];
static struct pam_response myresp;
// My conversation function
int myconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
{
// The PAM module wipes out the memory, so the password to be copied every time.
strcpy( buffer, password );
myresp.resp = buffer;
*resp = &myresp;
return (PAM_SUCCESS);
}
int main( int argc, char *argv[] )
{
pam_conv conv;
pam_handle_t *pamh;
int rv;
if( argc == 1 )
{
printf("Please enter a password in the command line\n");
return(-1);
}
strcpy( password, argv[1] );
// Setup My conversation function
conv.conv = myconv;
// myservice is configured in /etc/pam.d/myservice
if( (rv = pam_start( "myservice", "user", &conv, &pamh )) != PAM_SUCCESS )
{
printf("Error: %s\n", pam_strerror( pamh, rv) );
pam_end( pamh, rv );
return(-1);
}
// Check password strength
if((rv = pam_chauthtok( pamh, PAM_DISALLOW_NULL_AUTHTOK )) != PAM_SUCCESS)
{
printf("Error: %s\n", pam_strerror( pamh, rv) );
}
pam_end( pamh, rv );
return(0);
}
Bern.
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
