#include #include #include #include #include #include #include #include #include #include #include #define PAMPY "python3 /usr/bin/openmfa/pam/pam.py" int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** argv) { int retval; const char *user = NULL; const char *service; FILE *fp; // Get user and service pam_get_item(pamh, PAM_SERVICE, (const void **) &service); pam_get_user(pamh, &user, NULL); // Build command line int cmdsize = 256; char cmd[cmdsize]; cmd[0] = '\0'; strcat(cmd, PAMPY); strcat(cmd," --user "); strcat(cmd,user); strcat(cmd," --service "); strcat(cmd,service); pam_syslog(pamh,LOG_INFO,cmd); // Execute pam.py if ((fp = popen(cmd,"r")) == NULL) { pam_syslog(pamh,LOG_ERR,"Error opening pipe"); return PAM_AUTH_ERR; } // Get output and return authentication status int size = 32; char result[size]; fgets(result,size,fp); pam_syslog(pamh,LOG_INFO,result); pclose(fp); if (atoi(result) == 0) { pam_syslog(pamh,LOG_INFO,"auth success"); return PAM_SUCCESS; } else { pam_syslog(pamh,LOG_ERR,"auth error"); return PAM_AUTH_ERR; } } int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char** argv) { return PAM_IGNORE; }