PAM & Samba [was Re: TODO list....]

[David Collier-Brown]

A possible code snippet for pass_check.c:  note that I'm not
using pam myself and haven't checked this for typos.


static BOOL pam_auth(char *user,char *password)
{
  pam_handle_t *pamh;
  int pam_error;

  /* Now use PAM to do authentication.  For now, we won't worry about
   * session logging, only authentication.  Bail out if there are any
   * errors.  Since this is a limited protocol, and an even more
limited
   * function within a server speaking this protocol, we can't be as
   * verbose as would otherwise make sense.
   * Query: should we be using PAM_SILENT to shut PAM up?
   */
#define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
     DEBUG(0,("pam_start returned %s\n", \
          pam_strerror(NULL,pam_error))); \
     pam_end(pamh, 0); \
     return False; \
}

  PAM_password = password;
  PAM_username = user;

  switch(pam_error = pam_start("samba", user, &PAM_conversation,
&pamh)) {
  case PAM_SUCCESS: 
	break;
  case PAM_OPEN_ERR:
	DEBUG(0,("could not open the PAM shared library, this machine "
                "may not support Pluggable Authentication Modules."));
  default:
	DEBUG(0,("pam_start returned %s\n", pam_strerror(NULL,pam_error)));
	(void) pam_end(pamh, 0);
	return False;
  }
	




-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com