#include <stdio.h> #include <security/pam_appl.h> #include <unistd.h> #inc

1. #include <stdio.h>
2. #include <security/pam_appl.h>
3. #include <unistd.h>
4. #include <stdlib.h>
5. #include <string.h>
6.  
7. struct pam_response *reply;
8.  
9. // //function used to get user input
10. int function_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
11. {
12. *resp = reply;
13. //resp_retcode must always be 0
14. reply[0].resp_retcode = 0;
15. return PAM_SUCCESS;
16. }
17.  
18. int authenticate_sftp(const char *username, const char *password)
19. {
20. const struct pam_conv local_conversation = { function_conversation, NULL };
21. pam_handle_t *local_auth_handle = NULL; // this gets set by pam_start
22.  
23. int retval;
24. int pam_result;
25.  
26. retval = pam_start("sftp", username, &local_conversation, &local_auth_handle);
27.  
28. if (retval != PAM_SUCCESS)
29. {
30. printf("pam_start returned: %d\n ", retval);
31. return 1;
32. }
33.  
34. // for some reason, we have to allocate the pam_response ourselves
35. // but pam_end frees it ???
36. reply = (struct pam_response *)malloc(sizeof(struct pam_response));
37.  
38. //fake password entry by pre-setting the field in the response struct
39. //this might be a bit fragile - it assumes num_msg will always be 1
40. reply[0].resp = strdup(password);
41.  
42. retval = pam_authenticate(local_auth_handle, PAM_DISALLOW_NULL_AUTHTOK);
43.  
44. if (retval == PAM_SUCCESS)
45. {
46. printf("Authenticated.\n");
47. pam_result = 0;
48. }
49. else
50. {
51. if (retval == PAM_AUTH_ERR)
52. {
53. printf("Authentication failure.\n");
54. pam_result = -1;
55. }
56. else
57. {
58. printf("pam_authenticate returned %d\n", retval);
59. pam_result = 1;
60. }
61. }
62.  
63. retval = pam_end(local_auth_handle, retval);
64.  
65. if (retval != PAM_SUCCESS)
66. {
67. printf("pam_end returned %d\n", retval);
68. pam_result = 1;
69. }
70.  
71. return pam_result;
72.  
73. }
74.  
75. int main(int argc, char** argv)
76. {
77. char* password;
78. char* username;
79. char readword[100];
80.  
81. switch (argc) {
82. case 2:
83. // arbitrarily limit the size read from stdin
84. password = fgets(readword, sizeof(readword), stdin);
85.  
86. if (!password)
87. {
88. printf("No password provided\n");
89. return 2;
90. }
91.  
92. // trim trailing newline
93. size_t c = strlen(password) - 1;
94. if (0<c && password[c] == 10) password[c] = 0;
95.  
96. username = argv[1];
97. break;
98. case 3:
99. username = argv[1];
100. password = argv[2];
101. break;
102.  
103. default:
104. {
105. printf("Usage:\n\t%s <username> [<password>]\n",argv[0]);
106. printf("\t\tPassword will be read from stdin if not provided on the command line\n");
107. printf("\n\tExit codes:\n");
108. printf("\t\t0 - success\n");
109. printf("\t\t255(-1) - authentication failed\n");
110. printf("\t\t1 - PAM error\n");
111. printf("\t\t2 - argument error\n");
112. printf("\n");
113. return 2;
114. }
115. };
116.  
117. return authenticate_sftp(username, password);
118.  
119. }