diff --git a/misc/pam_authentication/pam_authentication.c b/misc/pam_authentication/pam_authentication.c index 906af84295829d1956175518f9fbfa9ef422f851..4abef5bddb2a6c11ecefdcc8a1bf9179835bca84 100644 --- a/misc/pam_authentication/pam_authentication.c +++ b/misc/pam_authentication/pam_authentication.c @@ -25,6 +25,16 @@ // Pam Authentication // A. Schlemmer, 07/2018 +/* +Note: This program needs sufficient right to authenticate against anyone but +oneself. This can be done for example by changing the effective group id: + +``` +$ ls -l bin +-rwxrwsrwx 1 root shadow 16992 Apr 28 07:45 pam_authentication +``` +*/ + #include <stdbool.h> #include <stdlib.h> #include <stdio.h> @@ -68,16 +78,18 @@ bool get_password(char *filename) { // With code from https://stackoverflow.com/a/1196696/232888 // by user https://stackoverflow.com/users/89266/dfa struct termios backup, secret_setting; - + bool is_tty = isatty(fileno(stdin)); /* disable echo */ - tcgetattr(fileno(stdin), &backup); - secret_setting = backup; - secret_setting.c_lflag &= ~ECHO; - secret_setting.c_lflag |= ECHONL; - - if (tcsetattr(fileno(stdin), TCSANOW, &secret_setting) != 0) { - perror("Setting echo-less output flags failed."); - return EXIT_FAILURE; + if (is_tty) { + tcgetattr(fileno(stdin), &backup); + secret_setting = backup; + secret_setting.c_lflag &= ~ECHO; + secret_setting.c_lflag |= ECHONL; + + if (tcsetattr(fileno(stdin), TCSANOW, &secret_setting) != 0) { + perror("Setting echo-less output flags failed."); + return EXIT_FAILURE; + } } FILE *pwfile; @@ -85,7 +97,9 @@ bool get_password(char *filename) { pwfile = fopen(filename, "r"); if (pwfile == NULL) { perror(filename); - tcsetattr(fileno(stdin), TCSANOW, &backup); + if (is_tty) { + tcsetattr(fileno(stdin), TCSANOW, &backup); + } return false; } } else { @@ -101,9 +115,10 @@ bool get_password(char *filename) { password[pwlen - 1] = 0; /* restore terminal settings */ - if (tcsetattr(fileno(stdin), TCSANOW, &backup) != 0) { - perror("Resetting output flags failed."); - return EXIT_FAILURE; + if (is_tty) { + if (tcsetattr(fileno(stdin), TCSANOW, &backup) != 0) { + perror("Resetting output flags failed."); + } } return true; @@ -133,9 +148,13 @@ int main(int argc, char **argv) { fprintf(stderr, "Error in starting pam authentication.\n"); return 2; } - + /* printf("\n>%s<\n", password); // Warning: this prints the password! */ res = pam_authenticate(pamh, 0); - // printf("Return code %i: %s\n", res, pam_strerror(pamh, res)); + +/* printf("PAM_AUTH_ERR: %i\n\ */ +/* PAM_CRED_INSUFFICIENT: %i\n\ */ +/* PAM_AUTHINFO_UNAVAIL: %i\n", PAM_AUTH_ERR, PAM_CRED_INSUFFICIENT, PAM_AUTHINFO_UNAVAIL); */ +/* printf("Return code (success=%i) %i: %s\n", PAM_SUCCESS, res, pam_strerror(pamh, res)); */ free(password); return res;