From 56a7bd183c92c4f1b519376ccd6155a24bae970c Mon Sep 17 00:00:00 2001
From: Jakob Kaivo <jkk@ung.org>
Date: Mon, 1 Feb 2021 13:09:18 -0500
Subject: implement basic PAM authentication

---
 check/pam.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 check/pam.c

(limited to 'check/pam.c')

diff --git a/check/pam.c b/check/pam.c
new file mode 100644
index 0000000..00e9998
--- /dev/null
+++ b/check/pam.c
@@ -0,0 +1,41 @@
+#include <stdio.h>
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+#include "check.h"
+
+/*
+static int pam_conv_f(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
+{
+	(void)num_msg;
+	(void)msg;
+	printf("msg: %s\n", (*msg)->msg);
+	(void)resp;
+	printf("resp: %s\n", (*resp)->resp);
+	(void)appdata_ptr;
+	return 0;
+}
+*/
+
+int authenticate(const char *user)
+{
+	int ret = 1;
+	pam_handle_t *pamh = NULL;
+	struct pam_conv conv = {
+		.conv = misc_conv,
+	};
+
+	if (pam_start(PAM_SERVICE_NAME, user, &conv, &pamh) != PAM_SUCCESS) {
+		fatal(0, "PAM error");
+		return 1;
+	}
+
+	if (pam_authenticate(pamh, 0) == PAM_SUCCESS) {
+		ret = 0;
+	}
+
+	pam_end(pamh, 0);
+
+	return ret;
+}
-- 
cgit v1.2.1