#include #include #include #include #include #include #include #include #include #include #include #include #define PAMPY "python3 /usr/bin/openmfa/pam/pam.py" int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char** argv) { int retval; const char *user; const char *service; FILE *fp; // Get user and service if (pam_get_item(pamh, PAM_USER, (const void **) &user) != PAM_SUCCESS || user == NULL) { pam_syslog(pamh,LOG_ERR,"unable to get ruser"); return PAM_AUTHINFO_UNAVAIL; } if (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) != PAM_SUCCESS || service == NULL) { pam_syslog(pamh,LOG_ERR,"unable to get service"); return PAM_AUTHINFO_UNAVAIL; } // Build command line int cmdsize = 256; char cmd[cmdsize]; cmd[0] = '\0'; strcat(cmd, PAMPY); strcat(cmd," --user "); strcat(cmd,user); strcat(cmd," --service "); strcat(cmd,service); pam_syslog(pamh,LOG_INFO,cmd); // Execute pam.py if ((fp = popen(cmd,"r")) == NULL) { pam_syslog(pamh,LOG_ERR,"Error opening pipe"); return PAM_AUTH_ERR; } // Get output and return authentication status int size = 32; char result[size]; fgets(result,size,fp); pam_syslog(pamh,LOG_INFO,result); pclose(fp); if (atoi(result) == 0) { pam_syslog(pamh,LOG_INFO,"auth success"); return PAM_SUCCESS; } else { pam_syslog(pamh,LOG_ERR,"auth error"); return PAM_AUTH_ERR; } } int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char** argv) { return PAM_SUCCESS; }