1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
// This is a fake login implementation. It uses whatever default
// PAM service configuration is available on the system, and tries
// to authenticate any user. This should cause PAM to ask its
// conversation handler for a username and password, in sequence.
//
// This application will handle those requests by displaying the
// PAM-provided prompt and sending back the first line of stdin input
// it can read for each.
//
// Keep in mind that unless run as root (or setuid root), the only
// user's authentication that can succeed is that of the process owner.
//
// It's not a real login for several reasons:
//
// It doesn't switch users.
// It's not a real login.
//
// It does however demonstrate a simple but powerful use of PAM.
package main
import (
"bufio"
"errors"
"fmt"
"log"
"os"
"github.com/bgentry/speakeasy"
"github.com/msteinert/pam"
)
func main() {
t, err := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
switch s {
case pam.PromptEchoOff:
return speakeasy.Ask(msg)
case pam.PromptEchoOn:
fmt.Print(msg + " ")
input, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
return "", err
}
return input[:len(input)-1], nil
case pam.ErrorMsg:
log.Print(msg)
return "", nil
case pam.TextInfo:
fmt.Println(msg)
return "", nil
}
return "", errors.New("Unrecognized message style")
})
if err != nil {
log.Fatalf("Start: %s", err.Error())
}
err = t.Authenticate(0)
if err != nil {
log.Fatalf("Authenticate: %s", err.Error())
}
log.Print("Authentication succeeded!")
}
|
