On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote:
> Hello,
>
> Perhaps somebody can help me a bit... Here is very simple
> login_-test.c, just to check if everything works:
> #include <stdio.h>
>
> int main (int argc, char **argv)
> {
> char buf[1024];
> int i;
>
> for (i=0;i<argc;i++) puts(argv[i]);
>
> read (3,&buf,sizeof(buf));
>
> puts(buf);
> }
>
> And a very simple calling program, that calls auth_userok, using exactly
> the way it is called from opensmtpd:
> #include <sys/types.h>
> #include <login_cap.h>
> #include <bsd_auth.h>
> #include <stdio.h>
>
> int main( )
> { printf("%d\n",auth_userokay ("greg", NULL ,
> "auth-smtp","password"));
> }
>
>
> As the last accord there are lines in /etc/login.conf:
>
> auth-smtp:auth=-test:
>
> everything other is the file left untouched.
>
> As it doesn't seem to be calling login_-test, I think that is because
> I failed to properly describe what I need in login.conf....
> what should be done?
For one thing (apart from login.conf issues), you do not return an
exit code in your program and you do not write anything to fd 3, while
login.conf says:
"In order for authentication to be successful, the authentication program
must exit with a value of 0 as well as provide an authorize or authorize
root statement on file descriptor 3."
First of all, start READING and UNERSTANDING login.conf and study the
existing authentication programs source code. Probably login_reject is
a goof place to start.
And a word of advice: before you attempt writing a bsd_auth login
script, you better understand what you are doing. Otherwise you almost
certainly will create a hole. This is no place for trial and error.
-Otto
