LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Checking a password with PAM/Winbind? (https://www.linuxquestions.org/questions/programming-9/checking-a-password-with-pam-winbind-324010/)

quill18 05-16-2005 09:37 AM
Checking a password with PAM/Winbind?
 
(This is on Gentoo Linux, though I don't think it's relevant.)

I've written a program that is a web-based tool to help my users manage some of their settings. This is internal to the company only and isn't visible to the public.

It's +s and works by checking the entered username/password, then doing a setuid to the desired user and running the various setup apps.

This works perfectly fine with local users in the shadow database, using the following code:

Code:
int check_pass_uid(uid_t pw_uid, const char *plainpw) {
  spwd* pwd = getspuid(pw_uid);
  return check_pass(plainpw, pwd->sp_pwdp);
}

struct spwd *getspuid(uid_t pw_uid) {
  struct spwd *shadow;
  struct passwd *ppasswd;

  if( ((ppasswd = getpwuid(pw_uid)) == NULL)
      || ((shadow = getspnam(ppasswd->pw_name)) == NULL))
    return NULL;

  return shadow;
}

int check_pass_uid(uid_t pw_uid, const char *plainpw) {
  spwd* pwd = getspuid(pw_uid);
  if(pwd==NULL) {
    /* This code only gets called when not SUID or there's no shadow password.
      This is my weak attempt to figure out this PAM/Winbind issue...
    */
    struct passwd *ppasswd = getpuid(pw_uid);

    if (ppasswd) {
      cout << "Got passwd string: " << ppasswd->pw_passwd <<endl; /* Always returns 'x' */
      return check_pass(plainpw, ppasswd->pw_passwd);
    }

    return 0;
  }
  else {
    return check_pass(plainpw, pwd->sp_pwdp);
  }

  return 0;
}
The application just calls something like:

Code:
if(check_pass(uid, plain_text_pw)) { do some stuff }
*****

The problem is with users on my WinNT-PDC-based samba network without a local system account. Everything is setup "correctly" for users to log in with their Windows credentials in most cases (pop3 and ssh, for example), but I don't know how to get my program to use PAM-Winbind to verify the password.

I believe "getspnam" is the call that's failing, because there's not actually a shadow entry. Is there another function I should be using to auth the username/password using PAM properly?

quill18 05-25-2005 03:12 PM
I know bumping your own post is bad form, but come on.

It's a simple question really:

- What the proper way to programatically check password validity through PAM?


All times are GMT -5. The time now is 03:00 PM.