Linux PAM Program/µ¯³ö»ñµÃrootȨÏÞ¶Ô»°¿ò

 Ê²Ã´Ò²²»ÒªËµ£¬ÏÈÀ´Ò»¸ö³ÌÐò°É¡£
/*
×¢ÒâÒªºÍÄãµÄϵͳһÖÂredhatÊÇÕâÑù/etc/pam.d/check_user
auth required /lib/security/pam_unix_auth.so
account required /lib/security/pam_unix_acct.so
1.Èç¹ûÐèÒª³öÏÖÃÜÂ뵯³ö¿ò»¹ÐèÒªÔÚÌí¼Ó
/etc/security/console.apps/check_user
USER=root
PROGRAM=~/check_user #Õâ¸ö·¾¶¾ÍÊÇÏÂÃæ±àÒëºÃºóµÄ·¾¶£¬²»ÄܺÍ3ÖÐ×÷Á´½ÓµÄ·¾¶Ò»Ñù
SESSION=true
2.ÔÙ¶Ô/usr/bin/consolehelper×÷ln
sudo ln -s consolehelper check_user
3.ÕâÑùÔËÐÐ/usr/bin/check_user¾Íʵ¼ÊÔÚµ÷ÓÃconsolehelper£¬ÔÙÈ¥¶ÁÈ¡
/etc/security/console.apps/check_userÀïPROGRAMÉ趨µÄ·¾¶
4.±àÒëʱҪÕâÑù:
gcc check.c -ldl -lpam -lpam_misc -o ~/check_user
*/
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
static struct pam_conv conv = {
 misc_conv, //¶¨ÒåÔÚpam_misc.hÖÐ, ·½±ãÄã±à³Ì
 NULL
};
int main(int argc, char *argv[])
{
 pam_handle_t *pamh=NULL;
 int retval;
 const char *user="root"; //Óû§ÃûÉèÖÃΪϵͳÉϵÄÒ»¸öºÏ·¨Óû§
 if(argc == 2) {
  user = argv[1];
 }
 if(argc > 2) {
  fprintf(stderr, "Usage: check_user [username]\n");
  exit(1);
 }
 retval = pam_start("check_user", user, &conv, &pamh);
 /* ¿ªÊ¼ */
 if (retval == PAM_SUCCESS)
  retval = pam_authenticate(pamh, 0);
 
 /* ÈÏÖ¤ÊDz»ÊǸÃÓû§? ÌáʾÄãÊäÈëÒ»¸öÃÜÂë */
 if (retval == PAM_SUCCESS)
  retval = pam_acct_mgmt(pamh, 0);
 /* Õ˺ÅÊÇ·ñÓÐЧ? */
 if (retval == PAM_SUCCESS) {
  fprintf(stdout, "Authenticated\n");
 } else {
  fprintf(stdout, "Not Authenticated\n");
 }
 if (pam_end(pamh,retval) != PAM_SUCCESS) {
  /* ½áÊø */
  pamh = NULL;
  fprintf(stderr, "check_user: failed to release authenticator\n");
  exit(1);
 }
 return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */
}
#gcc check.c -ldl -lpam -lpam