bsd_auth again
Hello,
Perhaps somebody can help me a bit... Here is very simple
login_-test.c, just to check if everything works:
#include stdio.h
int main (int argc, char **argv)
{
char buf[1024];
int i;
for (i=0;iargc;i++) puts(argv[i]);
read (3,buf,sizeof(buf));
puts(buf);
}
And a very simple calling program, that calls auth_userok, using exactly
the way it is called from opensmtpd:
#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h
int main( )
{
printf(%d\n,auth_userokay (greg, NULL ,
auth-smtp,password));
}
As the last accord there are lines in /etc/login.conf:
auth-smtp:auth=-test:
everything other is the file left untouched.
As it doesn't seem to be calling login_-test, I think that is because
I failed to properly describe what I need in login.conf
what should be done?
Thank you.
--
With best regards,
Gregory Edigarov
Re: bsd_auth again
Gregory Edigarov schrieb: As it doesn't seem to be calling login_-test, I think that is because I failed to properly describe what I need in login.conf what should be done? Tell your user to use that class in vipw?
Re: bsd_auth again
On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote:
Hello,
Perhaps somebody can help me a bit... Here is very simple
login_-test.c, just to check if everything works:
#include stdio.h
int main (int argc, char **argv)
{
char buf[1024];
int i;
for (i=0;iargc;i++) puts(argv[i]);
read (3,buf,sizeof(buf));
puts(buf);
}
And a very simple calling program, that calls auth_userok, using exactly
the way it is called from opensmtpd:
#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h
int main( )
{ printf(%d\n,auth_userokay (greg, NULL ,
auth-smtp,password));
}
As the last accord there are lines in /etc/login.conf:
auth-smtp:auth=-test:
everything other is the file left untouched.
As it doesn't seem to be calling login_-test, I think that is because
I failed to properly describe what I need in login.conf
what should be done?
For one thing (apart from login.conf issues), you do not return an
exit code in your program and you do not write anything to fd 3, while
login.conf says:
In order for authentication to be successful, the authentication program
must exit with a value of 0 as well as provide an authorize or authorize
root statement on file descriptor 3.
First of all, start READING and UNERSTANDING login.conf and study the
existing authentication programs source code. Probably login_reject is
a goof place to start.
And a word of advice: before you attempt writing a bsd_auth login
script, you better understand what you are doing. Otherwise you almost
certainly will create a hole. This is no place for trial and error.
-Otto
Re: bsd_auth again
Otto Moerbeek wrote:
On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote:
Hello,
Perhaps somebody can help me a bit... Here is very simple
login_-test.c, just to check if everything works:
#include stdio.h
int main (int argc, char **argv)
{
char buf[1024];
int i;
for (i=0;iargc;i++) puts(argv[i]);
read (3,buf,sizeof(buf));
puts(buf);
}
And a very simple calling program, that calls auth_userok, using exactly
the way it is called from opensmtpd:
#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h
int main( )
{ printf(%d\n,auth_userokay (greg, NULL ,
auth-smtp,password));
}
As the last accord there are lines in /etc/login.conf:
auth-smtp:auth=-test:
everything other is the file left untouched.
As it doesn't seem to be calling login_-test, I think that is because
I failed to properly describe what I need in login.conf
what should be done?
For one thing (apart from login.conf issues), you do not return an
exit code in your program and you do not write anything to fd 3, while
login.conf says:
In order for authentication to be successful, the authentication program
must exit with a value of 0 as well as provide an authorize or authorize
root statement on file descriptor 3.
First of all, start READING and UNERSTANDING login.conf and study the
existing authentication programs source code. Probably login_reject is
a goof place to start.
And a word of advice: before you attempt writing a bsd_auth login
script, you better understand what you are doing. Otherwise you almost
certainly will create a hole. This is no place for trial and error.
-Otto
Otto,
As I've written above it is just an experiment, in order to understand
and write bigger script, that will do _ALL_ the necessary things, and
will be as secure as possible.
--
With best regards,
Gregory Edigarov
Re: bsd_auth again
Otto Moerbeek wrote:
On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote:
Hello,
Perhaps somebody can help me a bit... Here is very simple
login_-test.c, just to check if everything works:
#include stdio.h
int main (int argc, char **argv)
{
char buf[1024];
int i;
for (i=0;iargc;i++) puts(argv[i]);
read (3,buf,sizeof(buf));
puts(buf);
}
And a very simple calling program, that calls auth_userok, using exactly
the way it is called from opensmtpd:
#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h
int main( )
{ printf(%d\n,auth_userokay (greg, NULL ,
auth-smtp,password));
}
As the last accord there are lines in /etc/login.conf:
auth-smtp:auth=-test:
everything other is the file left untouched.
As it doesn't seem to be calling login_-test, I think that is because
I failed to properly describe what I need in login.conf
what should be done?
For one thing (apart from login.conf issues), you do not return an
exit code in your program and you do not write anything to fd 3, while
login.conf says:
In order for authentication to be successful, the authentication program
must exit with a value of 0 as well as provide an authorize or authorize
root statement on file descriptor 3.
First of all, start READING and UNERSTANDING login.conf and study the
existing authentication programs source code. Probably login_reject is
a goof place to start.
And a word of advice: before you attempt writing a bsd_auth login
script, you better understand what you are doing. Otherwise you almost
certainly will create a hole. This is no place for trial and error.
Also Otto, the question I've asked was about how to correctly connect
the would be script to the authentication mechanism in the login.conf
file. It was not about quality of my code. The code is purely
experimental, and will not even go into the real script.
--
With best regards,
Gregory Edigarov
