c - Different access levels with PAM -

-

Currently I have a graphical application that has two levels of access, operator and administrator. Login and authentication are all homemade and I want to switch applications using PAM instead. I'm not sure what is the right way to do this.

Correct me if I am wrong, but it looks like PAM boils down to "yes" or "no" to check - yes you can use this service, or you do not There is no provision based on the various levels of admission in which the user is logging on. I should be able to tell who is the operator and who is the administrator, though, and it is possible that I probably want to be able to do this through PAM. / P>

So my idea is that I have two services with two different configurations , /etc/pam.d/pamdemo and < Code> Administrator /etc/pam.d/pamdemo-admin My application will then try to authenticate before pamdemo-admin , and if it is unsuccessful then pamdemo . If both fail, then admission is denied. Am I on the right track or am I completely off the rail?

Here are some sample C code that I have written as proof of concept. When I login I do not want to ask the user twice for his identification. I've got it, so it remembers the username on two pam_start () calls, but I do not have to do the same caching from the application level to pam_get_item (PAM_AUTHTOK) Could have access to the password and was trying to do that I realized that there could be a completely different way to do this. Regardless of this application, the authentication method for any purpose, username / password or Kerberos ticket or fingerprint, whatever you want. 

  pam_handle_t * try_login (const char * service, int * pass) {static four * user name = faucet; Struct pam_conv pam_conversation = {conversion, NULL}; Pam_handle_t * Palm; * Retval = pam_start (service, user name, and pam_conversation, and pamh); If (* retval == PAM_SUCCESS) * retval = pam_authenticate (pamh, 0); If (* revolve == PAM_SUCCESS) * retal = pam_acct_mgmt (pm, 0); If (* retval == PAM_SUCCESS) * retval = pam_open_session (pam, 0); If (username == NULL) {if (pam_get_item (pamh, PAM_USER, (const zero) and user name) == PAM_SUCCESS) {username = strdup (username); }} If (* retval! = PAM_SUCCESS) {fprintf (stderr, "% s:% s \ n", service, pam_strerror (pamh, * retval)); Pam_end (Pum, * Retal); Palm = null; } Return Pum; } Int main (zero) {pam_handle_t * pamh = NULL; Intraverted; Const char * service, * Username; If (! Pamh) pamh = try_login ("pamedo-admin", and retal); If (! Pamh) pamh = try_login ("Pamdomo", and retal); If (! Pamh) {fprintf (stderr, "Access denied. \ N"); Return 1; } Pam_get_item (pamh, PAM_SERVICE, (denote zero **) and service); Pam_get_item (Palm, PAM_USER, (Cost Worth **) and Username); Printf ("% s is logged as% s. \ N", service, user name); Pam_close_session (POM, 0); Pam_end (Pum, Retal); Return 0; }

This password repeats "password:" prompt written in this demo program. I do not want to ask this twice!

I believe this may be the right way to do this:

  • Set up the "PadMom" service for account, authentication and session functions.

  • The "pamdemo-admin" service only accounts (and possibly session) functions no authentication.

  • When entering, first make them "PamDOMO" (to make sure they are who they are) - if it fails, then remove them. Once certified, put them on the "pendemo-admin" checks to see if they are allowed to be administrators - if they are, this test is successful, if they If not, then it is not so. Since this check does not have certification modules, they are not prompted for a password again.

Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more