pam-list-request redhat com wrote:
Send Pam-list mailing list submissions to
pam-list redhat com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/pam-list
or, via email, send a message with subject or body 'help' to
pam-list-request redhat com
You can reach the person managing the list at
pam-list-owner redhat com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pam-list digest..."
Today's Topics:
1. Why my module can not be added? (qin)
2. Re: How to compile the PAM module (qin)
Hi,
I have built a test pam module to run with sshd. The codes are as
following:
#define PAM_SM_AUTH
#define _PAM_EXTERN_FUNCTIONS
#include <security/_pam_macros.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
,int argc, const char **argv)
{
unsigned int ctrl;
int retval;
const char *name;
const void *p;
ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
/* get the user'name' */
retval = pam_get_user(pamh, &name, NULL);
if (retval == PAM_SUCCESS)
{
pam_syslog(pamh, LOG_DEBUG,
"XOS:checking logins for '%s'", name);
}
return retval;
}
#ifdef PAM_STATIC
struct pam_module _pam_xos_auth_modstruct = {
"pam_xos_auth",
pam_sm_authenticate,
NULL,
NULL,
NULL,
NULL,
NULL,
};
I compiled as pam_xos_auth.so, and inserted in pam.d/sshd
# cat sshd
auth required /path/to/pam_xos_auth.so
...
When I used the ssh to login, I was told I had no permission. And
also, I checked the
/var/log/secure and found:
# cat /var/log/secure
...
Mar 8 10:12:19 FedoraC4 sshd[4814]: PAM unable to
dlopen(/path/to/pam_xos_auth.so)
Mar 8 10:12:19 FedoraC4 sshd[4814]: PAM [dlerror:
/path/to/pam_xos_auth.so: undefined symbol: pam_syslog]
Mar 8 10:12:19 FedoraC4 sshd[4814]: PAM adding faulty module:
/path/to/pam_xos_auth.so
Mar 8 10:12:24 FedoraC4 sshd[4814]: Failed password for anqin from
::ffff:10.61.0.7 port 4228 ssh2
what is the matter with this? Could somebody give me some advices?
Thank you very much!
I compiled with -lc:
$ gcc -fPIC -lc pam_module.c -lpam -lpam_misc -lpamc
$ ld -x --shared -o pam_module.so pam_module.o
and found some functions are not found.
...
....:pam_module.c:undefined reference to '_set_ctrl'
...: pam_module.c:undefined reference to 'pam_syslog'
I have linked the libpam.so, libpamc.so and lpam_misc.so, why it can
not found the missing functions?
2007/3/7, Kenneth Geisshirt <kenneth geisshirt dk>:
qin wrote:
> I have no idea. Could sombody give me some advice?
Try:
$ gcc -fPIC -c pam_module.c
$ ld -x --shared -o pam_module.so pam_module.o
/kneth
_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list
Are you sure pam_syslog is in one of those libraries ?
Most distribs don't use PAM from the kernel repositiries but something
from red hat & friends. E.g. the current version of pam in Debian
'Etch'
(still testing, but reasonable up to date) is 0.79 !!!
And there ist definitely NO pam_syslog in libpam_misc.
If you really need pam_syslog try this:
-------------------------- snip snip ----------------------------------
#ifndef LOG_IDENT
#define LOG_IDENT "pam"
#endif
#include <syslog.h>
#include <stdarg.h>
static void pam_syslog(pam_handle_t *pamh, int err, const char *format,
...)
{
va_list args;
char *service;
if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) !=
PAM_SUCCESS)
service = "unknown";
va_start(args, format);
openlog(service, LOG_PID, LOG_AUTHPRIV);
vsyslog(err, format, args);
closelog();
va_end(args);
}
-------------------------- snip snip ----------------------------------
Call this using: pam_syslog(pamh, format, arg, arg,....)
The argument pamh is required to aotomatically extract the pam service
name from
the pam environment. If you don't need it, just remove it and all the
corresponding statements.
All logging goes to the 'authpriv' channel.
Good luck!
Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler az1 de
www.az1.de
|