LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 05-16-2005, 09:37 AM   #1
quill18
LQ Newbie
 
Registered: Feb 2004
Posts: 7

Rep: Reputation: 0
Checking a password with PAM/Winbind?


(This is on Gentoo Linux, though I don't think it's relevant.)

I've written a program that is a web-based tool to help my users manage some of their settings. This is internal to the company only and isn't visible to the public.

It's +s and works by checking the entered username/password, then doing a setuid to the desired user and running the various setup apps.

This works perfectly fine with local users in the shadow database, using the following code:

Code:
int check_pass_uid(uid_t pw_uid, const char *plainpw) {
  spwd* pwd = getspuid(pw_uid);
  return check_pass(plainpw, pwd->sp_pwdp);
}

struct spwd *getspuid(uid_t pw_uid) {
  struct spwd *shadow;
  struct passwd *ppasswd;

  if( ((ppasswd = getpwuid(pw_uid)) == NULL)
      || ((shadow = getspnam(ppasswd->pw_name)) == NULL))
    return NULL;

  return shadow;
}

int check_pass_uid(uid_t pw_uid, const char *plainpw) {
  spwd* pwd = getspuid(pw_uid);
  if(pwd==NULL) {
    /* This code only gets called when not SUID or there's no shadow password.
       This is my weak attempt to figure out this PAM/Winbind issue...
    */
    struct passwd *ppasswd = getpuid(pw_uid);

    if (ppasswd) {
      cout << "Got passwd string: " << ppasswd->pw_passwd <<endl; /* Always returns 'x' */
      return check_pass(plainpw, ppasswd->pw_passwd);
    }

    return 0;
  }
  else {
    return check_pass(plainpw, pwd->sp_pwdp);
  }

  return 0;
}
The application just calls something like:

Code:
if(check_pass(uid, plain_text_pw)) { do some stuff }
*****

The problem is with users on my WinNT-PDC-based samba network without a local system account. Everything is setup "correctly" for users to log in with their Windows credentials in most cases (pop3 and ssh, for example), but I don't know how to get my program to use PAM-Winbind to verify the password.

I believe "getspnam" is the call that's failing, because there's not actually a shadow entry. Is there another function I should be using to auth the username/password using PAM properly?
 
Old 05-25-2005, 03:12 PM   #2
quill18
LQ Newbie
 
Registered: Feb 2004
Posts: 7

Original Poster
Rep: Reputation: 0
I know bumping your own post is bad form, but come on.

It's a simple question really:

- What the proper way to programatically check password validity through PAM?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
winbind + ADS + PAM paul_mat Linux - Networking 2 08-26-2005 12:02 AM
PAM - Winbind/LDAP Problems. tacoking Linux - Security 0 09-16-2004 07:36 AM
Samba, Pam, winbind and ADS loaf Linux - Software 5 08-17-2004 07:46 PM
Problem with Winbind+PAM zcorpio Linux - Networking 1 06-25-2004 07:53 PM
Cyrus/Winbind/Pam taggedd Linux - Software 0 10-27-2003 07:28 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 12:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration