Re: Pam-list Digest, Vol 37, Issue 8

[Andreas Schindler <schindler az1 de>]

pam-list-request redhat com wrote:

Hello,
I'm writing a new module for Python to support PAM authorization, it
is written in C.

What I currently do is what the misc_conv function does; I provide a
password when it prompts for a message with pam_message.msg_style set
to PAM_PROMPT_ECHO_OFF and a username when it prompts for
PAM_PROMPT_ECHO_ON (which it doesn't ask for; I initialize the pam
handle with a username already.)

This is my conversation function: http://rafb.net/p/sOjqmC47.html
I have tripple verified that userinfo is available and contains proper
data. The function does reach the end.

When I do pam_authenticate(), I receive the error "Authentication
error" and the syslog just says the regular thing when a password is
incorrect.

To Ludvic Ericson:

Looking at your conversion function i found you set the global return code for the conversation
function itself but forget to set the return code for each message. Here is a snippet of a working
conversation function:

switch (msgv[i]->msg_style) {
            case PAM_PROMPT_ECHO_ON: // Echo on; Username
                rsp[i].resp = strdup(userinfo->username);
		rsp[i].resp_retcode = PAM_SUCCESS;
                break;
            case PAM_PROMPT_ECHO_OFF: // Echo off; Password
                rsp[i].resp = strdup(userinfo->password);
		rsp[i].resp_retcode = PAM_SUCCESS;
                break;

I guess, if you had used 'calloc' instead of 'malloc' to create the
response structure, this missing link would have never shown up, because
PAM_SUCCESS == 0 ! So, be happy you found it.

Good Luck!
Andreas

-- 
Dr.-Ing. Andreas Schindler
 
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
 
Telefon 06103-57187-21
Telefax 06103-373245
 
schindler az1 de
www.az1.de

Alpha Zero One Computersysteme GmbH, Brandeniusstr. 3, 44265 Dortmund
HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle