5 /* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank'
8 * I am not very proud of this code. It makes use of a possibly ill-
9 * defined pamh pointer to call pam_strerror() with. The reason that
10 * I was sloppy with this is historical (pam_strerror, prior to 0.59,
11 * did not require a pamh argument) and if this program is used as a
12 * model for anything, I should wish that you will take this error into
19 #include <security/pam_appl.h>
20 #include <security/pam_misc.h>
22 /* ------ some local (static) functions ------- */
24 static void bail_out(pam_handle_t *pamh, int really, int code, const char *fn)
26 fprintf(stderr,"==> called %s()\n got: `%s'\n", fn,
27 pam_strerror(pamh, code));
32 /* ------ some static data objects ------- */
34 static struct pam_conv conv = {
39 /* ------- the application itself -------- */
41 int main(int argc, char **argv)
43 pam_handle_t *pamh=NULL;
47 /* did the user call with a username as an argument ? */
50 fprintf(stderr,"usage: %s [username]\n",argv[0]);
51 } else if (argc == 2) {
55 /* initialize the Linux-PAM library */
56 retcode = pam_start("blank", username, &conv, &pamh);
57 bail_out(pamh,1,retcode,"pam_start");
59 /* test the environment stuff */
62 const char *greek[MAXENV] = {
63 "a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon",
64 "f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu",
65 "l=zeta", "h=", "d", "k=xi"
70 for (i=0; i<MAXENV; ++i) {
71 retcode = pam_putenv(pamh,greek[i]);
72 bail_out(pamh,0,retcode,"pam_putenv");
74 env = pam_getenvlist(pamh);
76 env = pam_misc_drop_env(env);
78 fprintf(stderr,"???\n");
79 fprintf(stderr,"a test: c=[%s], j=[%s]\n"
80 , pam_getenv(pamh, "c"), pam_getenv(pamh, "j"));
83 /* to avoid using goto we abuse a loop here */
85 /* authenticate the user --- `0' here, could have been PAM_SILENT
86 * | PAM_DISALLOW_NULL_AUTHTOK */
88 retcode = pam_authenticate(pamh, 0);
89 bail_out(pamh,0,retcode,"pam_authenticate");
91 /* has the user proved themself valid? */
92 if (retcode != PAM_SUCCESS) {
93 fprintf(stderr,"%s: invalid request\n",argv[0]);
97 /* the user is valid, but should they have access at this
100 retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */
101 bail_out(pamh,0,retcode,"pam_acct_mgmt");
103 if (retcode == PAM_NEW_AUTHTOK_REQD) {
104 fprintf(stderr,"Application must request new password...\n");
105 retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK);
106 bail_out(pamh,0,retcode,"pam_chauthtok");
109 if (retcode != PAM_SUCCESS) {
110 fprintf(stderr,"%s: invalid request\n",argv[0]);
114 /* `0' could be as above */
115 retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED);
116 bail_out(pamh,0,retcode,"pam_setcred1");
118 if (retcode != PAM_SUCCESS) {
119 fprintf(stderr,"%s: problem setting user credentials\n"
124 /* open a session for the user --- `0' could be PAM_SILENT */
125 retcode = pam_open_session(pamh,0);
126 bail_out(pamh,0,retcode,"pam_open_session");
127 if (retcode != PAM_SUCCESS) {
128 fprintf(stderr,"%s: problem opening a session\n",argv[0]);
132 fprintf(stderr,"The user has been authenticated and `logged in'\n");
134 /* close a session for the user --- `0' could be PAM_SILENT
135 * it is possible that this pam_close_call is in another program..
138 retcode = pam_close_session(pamh,0);
139 bail_out(pamh,0,retcode,"pam_close_session");
140 if (retcode != PAM_SUCCESS) {
141 fprintf(stderr,"%s: problem closing a session\n",argv[0]);
145 retcode = pam_setcred(pamh, PAM_DELETE_CRED);
146 bail_out(pamh,0,retcode,"pam_setcred2");
148 break; /* don't go on for ever! */
151 /* close the Linux-PAM library */
152 retcode = pam_end(pamh, PAM_SUCCESS);
155 bail_out(pamh,1,retcode,"pam_end");