linux密码登陆时加入自己登陆验证模块(pam)

摘自:http://blog.chinaunix.net/uid-31542012-id-5790273.html

操作系统环境:RHEL7.1

1、编译动态库pam_mylogin.so

2、将该动态库拷贝至/lib64/security/

3、如需修改本机的登陆方式,请按如下红框方式修改/etc/pma.d/login 文件:

linux密码登陆时加入自己登陆验证模块(pam)

 

 

 

 

 4、如需修改ssh的登陆方式,请按如下红框方式修改/etc/pma.d/sshd 文件:

linux密码登陆时加入自己登陆验证模块(pam)

 

 

4.修改/etc/pma.d/lightdm文件增加如下红色内容:

#%PAM-1.0
auth    requisite       pam_mylogin.so
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin

5、编写文件:pam_mylogin.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
int myloginVerify(pam_handle_t *pamh)
{
    int retval;
    char* pPw;
    char * p = "Password===========:";
    retval = pam_prompt(pamh,PAM_PROMPT_ECHO_OFF,&pPw,"%s",p);
    printf(">>>>>>>>>pPw=%s\n",pPw);
    if (retval != PAM_SUCCESS) {
        printf("pam_prompt failed!\n");
        return 0;
    }
    char pw[7]="asdfgh";
    printf(">>>>>>>>>pw=%s\n",pw);
    int i = 0;
    for(i=0;i<6;i++)
    {
        printf("%d>>>pw[%d]=%c pPw[%d]=%c\n",i,i,pw[i],i,pPw[i]);
        if(pw[i]!=pPw[i])
        {
            return 0;
        }
        return 1;
    }
}
int Verify(pam_handle_t *pamh)
{
    if(!myloginVerify(pamh))
        return PAM_CONV_ERR;
    return PAM_SUCCESS;
}
// Authentication API's
PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
    printf("pam_sm_setcred>>>>>>>\n");
    return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
    printf("pam_sm_authenticate>>>>>>>>\n");
    int retval;
    const char* pUsername;
    retval = pam_get_user(pamh, &pUsername, NULL);

    printf("begin call hotdoorpam %s\n", pUsername);
    if (retval != PAM_SUCCESS) {
        printf("pam_get_user failed\n");
        return retval;
    }
    if(!strcasecmp("root",pUsername))
    {
        printf("root user!\n");
    }
    else
    {
        printf("normal user!\n");
    }

    return Verify(pamh);
}
/* Account Management API's */
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
    printf("pam_sm_acct_mgmt>>>>>>>>\n");
    return PAM_SUCCESS;
}

/* Session Management API's */
PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,int argc, const char **argv){
    printf("pam_sm_open_session>>>>>>>>\n");
    return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags,int argc, const char **argv){
    printf("pam_sm_close_session>>>>>>>>\n");
    return PAM_SUCCESS;
}
/* Password Management API's */
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,int argc, const char **argv){
    printf("pam_sm_chauthtok>>>>>>>>\n");
    return PAM_SUCCESS;
}

6、编写Makefile

SOURCE = pam_mylogin.c
all:
    gcc $(SOURCE) -fPIC -shared -o pam_mylogin.so
clean:
    rm -f pam_mylogin.so pam_mylogin.o
copy:
    cp -f pam_mylogin.so  /lib64/security/

 

上一篇:linux加固脚本


下一篇:Linux 进程级开启最大文件描述符 调优