FreeBSD Doc/articles_pam — Portuguese (Brazil) @ Weblate: <link xlink:href="https://pubs.opengroup.org/onlinepubs/8329799/toc.htm">X/Open Single Sign-on Preliminary Specification</link>

Translation

Content

Source string comment (itstool) path: biblioentry/citetitle

English

Portuguese (Brazil) 129/1270

Needs editing

Context	English	Portuguese (Brazil)	State
	The following is a minimal implementation of <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> using PAM. Note that it uses the OpenPAM-specific <citerefentry><refentrytitle>openpam_ttyconv</refentrytitle><manvolnum>3</manvolnum></citerefentry> conversation function, which is prototyped in <filename>security/openpam.h</filename>. If you wish build this application on a system with a different PAM library, you will have to provide your own conversation function. A robust conversation function is surprisingly difficult to implement; the one presented in <xref linkend="pam-sample-conv"/> is a good starting point, but should not be used in real-world applications.	O que vem a seguir é uma implementação mínima de <citerefentry><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> utilizando o PAM. Observe que ele usa a função de conversa <citerefentry><refentrytitle>openpam_ttyconv</refentrytitle><manvolnum>3</manvolnum></citerefentry> específica do OpenPAM, que é prototipada em <filename>security/openpam.h</filename> . Se você deseja construir este aplicativo em um sistema com uma biblioteca PAM diferente, você terá que fornecer sua própria função de conversação. Uma função de conversa robusta é surpreendentemente difícil de implementar; o apresentado em <xref linkend="pam-sample-conv"/> é um bom ponto de partida, mas não deve ser usado em aplicações do mundo real.
	/- Copyright (c) 2002,2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $P4: //depot/projects/openpam/bin/su/su.c#10 $ * $FreeBSD: head/en_US.ISO8859-1/articles/pam/su.c 38826 2012-05-17 19:12:14Z hrs $ / #include <sys/param.h> #include <sys/wait.h> #include <err.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <syslog.h> #include <unistd.h> #include <security/pam_appl.h> #include <security/openpam.h> / for openpam_ttyconv() / extern char environ; static pam_handle_t pamh; static struct pam_conv pamc; static void usage(void) { fprintf(stderr, "Usage: su [login [args]]\n"); exit(1); } int main(int argc, char argv[]) { char hostname[MAXHOSTNAMELEN]; const char user, tty; char args, pam_envlist, pam_env; struct passwd pwd; int o, pam_err, status; pid_t pid; while ((o = getopt(argc, argv, "h")) != -1) switch (o) { case 'h': default: usage(); } argc -= optind; argv += optind; if (argc > 0) { user = argv; --argc; ++argv; } else { user = "root"; } / initialize PAM / pamc.conv = &openpam_ttyconv; pam_start("su", user, &pamc, &pamh); / set some items / gethostname(hostname, sizeof(hostname)); if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) goto pamerr; user = getlogin(); if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS) goto pamerr; tty = ttyname(STDERR_FILENO); if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) goto pamerr; / authenticate the applicant / if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) goto pamerr; if ((pam_err = pam_acct_mgmt(pamh, 0)) == PAM_NEW_AUTHTOK_REQD) pam_err = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) goto pamerr; / establish the requested credentials / if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) goto pamerr; / authentication succeeded; open a session / if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) goto pamerr; / get mapped user name; PAM may have changed it / pam_err = pam_get_item(pamh, PAM_USER, (const void )&user); if (pam_err != PAM_SUCCESS \|\| (pwd = getpwnam(user)) == NULL) goto pamerr; / export PAM environment / if ((pam_envlist = pam_getenvlist(pamh)) != NULL) { for (pam_env = pam_envlist; pam_env != NULL; ++pam_env) { putenv(pam_env); free(pam_env); } free(pam_envlist); } /* build argument list / if ((args = calloc(argc + 2, sizeof args)) == NULL) { warn("calloc()"); goto err; } args = pwd->pw_shell; memcpy(args + 1, argv, argc sizeof args); / fork and exec / switch ((pid = fork())) { case -1: warn("fork()"); goto err; case 0: / child: give up privs and start a shell / / set uid and groups / if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { warn("initgroups()"); _exit(1); } if (setgid(pwd->pw_gid) == -1) { warn("setgid()"); _exit(1); } if (setuid(pwd->pw_uid) == -1) { warn("setuid()"); _exit(1); } execve(args, args, environ); warn("execve()"); _exit(1); default: /* parent: wait for child to exit / waitpid(pid, &status, 0); / close the session and release PAM resources */ pam_err = pam_close_session(pamh, 0); pam_end(pamh, pam_err); exit(WEXITSTATUS(status)); } pamerr: fprintf(stderr, "Sorry\n"); err: pam_end(pamh, pam_err); exit(1); }	/- Copyright (c) 2002,2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $P4: //depot/projects/openpam/bin/su/su.c#10 $ * $FreeBSD: head/en_US.ISO8859-1/articles/pam/su.c 38826 2012-05-17 19:12:14Z hrs $ / #include <sys/param.h> #include <sys/wait.h> #include <err.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <syslog.h> #include <unistd.h> #include <security/pam_appl.h> #include <security/openpam.h> / for openpam_ttyconv() / extern char environ; static pam_handle_t pamh; static struct pam_conv pamc; static void usage(void) { fprintf(stderr, "Usage: su [login [args]]\n"); exit(1); } int main(int argc, char argv[]) { char hostname[MAXHOSTNAMELEN]; const char user, tty; char args, pam_envlist, pam_env; struct passwd pwd; int o, pam_err, status; pid_t pid; while ((o = getopt(argc, argv, "h")) != -1) switch (o) { case 'h': default: usage(); } argc -= optind; argv += optind; if (argc > 0) { user = argv; --argc; ++argv; } else { user = "root"; } / initialize PAM / pamc.conv = &openpam_ttyconv; pam_start("su", user, &pamc, &pamh); / set some items / gethostname(hostname, sizeof(hostname)); if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS) goto pamerr; user = getlogin(); if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS) goto pamerr; tty = ttyname(STDERR_FILENO); if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS) goto pamerr; / authenticate the applicant / if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) goto pamerr; if ((pam_err = pam_acct_mgmt(pamh, 0)) == PAM_NEW_AUTHTOK_REQD) pam_err = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (pam_err != PAM_SUCCESS) goto pamerr; / establish the requested credentials / if ((pam_err = pam_setcred(pamh, PAM_ESTABLISH_CRED)) != PAM_SUCCESS) goto pamerr; / authentication succeeded; open a session / if ((pam_err = pam_open_session(pamh, 0)) != PAM_SUCCESS) goto pamerr; / get mapped user name; PAM may have changed it / pam_err = pam_get_item(pamh, PAM_USER, (const void )&user); if (pam_err != PAM_SUCCESS \|\| (pwd = getpwnam(user)) == NULL) goto pamerr; / export PAM environment / if ((pam_envlist = pam_getenvlist(pamh)) != NULL) { for (pam_env = pam_envlist; pam_env != NULL; ++pam_env) { putenv(pam_env); free(pam_env); } free(pam_envlist); } /* build argument list / if ((args = calloc(argc + 2, sizeof args)) == NULL) { warn("calloc()"); goto err; } args = pwd->pw_shell; memcpy(args + 1, argv, argc sizeof args); / fork and exec / switch ((pid = fork())) { case -1: warn("fork()"); goto err; case 0: / child: give up privs and start a shell / / set uid and groups / if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { warn("initgroups()"); _exit(1); } if (setgid(pwd->pw_gid) == -1) { warn("setgid()"); _exit(1); } if (setuid(pwd->pw_uid) == -1) { warn("setuid()"); _exit(1); } execve(args, args, environ); warn("execve()"); _exit(1); default: /* parent: wait for child to exit / waitpid(pid, &status, 0); / close the session and release PAM resources */ pam_err = pam_close_session(pamh, 0); pam_end(pamh, pam_err); exit(WEXITSTATUS(status)); } pamerr: fprintf(stderr, "Sorry\n"); err: pam_end(pamh, pam_err); exit(1); }
	Sample PAM Module	Exemplo do módulo PAM
	The following is a minimal implementation of <citerefentry><refentrytitle>pam_unix</refentrytitle><manvolnum>8</manvolnum></citerefentry>, offering only authentication services. It should build and run with most PAM implementations, but takes advantage of OpenPAM extensions if available: note the use of <citerefentry><refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum></citerefentry>, which enormously simplifies prompting the user for a password.	Segue-se uma implementação mínima de <citerefentry><refentrytitle>pam_unix</refentrytitle><manvolnum>8</manvolnum></citerefentry>, oferecendo apenas serviços de autenticação. Ele deve ser compilado e executado com a maioria das implementações do PAM, mas aproveita as extensões do OpenPAM, se disponível: observe o uso de <citerefentry><refentrytitle>pam_get_authtok</refentrytitle><manvolnum>3</manvolnum></citerefentry>, que simplifica enormemente solicitando ao usuário uma senha.
	/- Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $ * $FreeBSD: head/en_US.ISO8859-1/articles/pam/pam_unix.c 38826 2012-05-17 19:12:14Z hrs $ / #include <sys/param.h> #include <pwd.h> #include <stdlib.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <security/pam_modules.h> #include <security/pam_appl.h> #ifndef _OPENPAM static char password_prompt[] = "Password:"; #endif #ifndef PAM_EXTERN #define PAM_EXTERN #endif PAM_EXTERN int pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char argv[]) { #ifndef _OPENPAM struct pam_conv conv; struct pam_message msg; const struct pam_message msgp; struct pam_response resp; #endif struct passwd pwd; const char user; char crypt_password, password; int pam_err, retry; /* identify user / if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return (pam_err); if ((pwd = getpwnam(user)) == NULL) return (PAM_USER_UNKNOWN); / get password / #ifndef _OPENPAM pam_err = pam_get_item(pamh, PAM_CONV, (const void )&conv); if (pam_err != PAM_SUCCESS) return (PAM_SYSTEM_ERR); msg.msg_style = PAM_PROMPT_ECHO_OFF; msg.msg = password_prompt; msgp = &msg; #endif for (retry = 0; retry < 3; ++retry) { #ifdef _OPENPAM pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char )&password, NULL); #else resp = NULL; pam_err = (conv->conv)(1, &msgp, &resp, conv->appdata_ptr); if (resp != NULL) { if (pam_err == PAM_SUCCESS) password = resp->resp; else free(resp->resp); free(resp); } #endif if (pam_err == PAM_SUCCESS) break; } if (pam_err == PAM_CONV_ERR) return (pam_err); if (pam_err != PAM_SUCCESS) return (PAM_AUTH_ERR); /* compare passwords / if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) \|\| (crypt_password = crypt(password, pwd->pw_passwd)) == NULL \|\| strcmp(crypt_password, pwd->pw_passwd) != 0) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; #ifndef _OPENPAM free(password); #endif return (pam_err); } PAM_EXTERN int pam_sm_setcred(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_open_session(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_close_session(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t pamh, int flags, int argc, const char *argv[]) { return (PAM_SERVICE_ERR); } #ifdef PAM_MODULE_ENTRY PAM_MODULE_ENTRY("pam_unix"); #endif	/- Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $P4: //depot/projects/openpam/modules/pam_unix/pam_unix.c#3 $ * $FreeBSD: head/pt_BR.ISO8859-1/articles/pam/pt_BR.po 52677 2018-12-12 13:08:17Z ebrandi $ / #include <sys/param.h> #include <pwd.h> #include <stdlib.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <security/pam_modules.h> #include <security/pam_appl.h> #ifndef _OPENPAM static char password_prompt[] = "Password:"; #endif #ifndef PAM_EXTERN #define PAM_EXTERN #endif PAM_EXTERN int pam_sm_authenticate(pam_handle_t pamh, int flags, int argc, const char argv[]) { #ifndef _OPENPAM struct pam_conv conv; struct pam_message msg; const struct pam_message msgp; struct pam_response resp; #endif struct passwd pwd; const char user; char crypt_password, password; int pam_err, retry; /* identify user / if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return (pam_err); if ((pwd = getpwnam(user)) == NULL) return (PAM_USER_UNKNOWN); / get password / #ifndef _OPENPAM pam_err = pam_get_item(pamh, PAM_CONV, (const void )&conv); if (pam_err != PAM_SUCCESS) return (PAM_SYSTEM_ERR); msg.msg_style = PAM_PROMPT_ECHO_OFF; msg.msg = password_prompt; msgp = &msg; #endif for (retry = 0; retry < 3; ++retry) { #ifdef _OPENPAM pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, (const char )&password, NULL); #else resp = NULL; pam_err = (conv->conv)(1, &msgp, &resp, conv->appdata_ptr); if (resp != NULL) { if (pam_err == PAM_SUCCESS) password = resp->resp; else free(resp->resp); free(resp); } #endif if (pam_err == PAM_SUCCESS) break; } if (pam_err == PAM_CONV_ERR) return (pam_err); if (pam_err != PAM_SUCCESS) return (PAM_AUTH_ERR); /* compare passwords / if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) \|\| (crypt_password = crypt(password, pwd->pw_passwd)) == NULL \|\| strcmp(crypt_password, pwd->pw_passwd) != 0) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; #ifndef _OPENPAM free(password); #endif return (pam_err); } PAM_EXTERN int pam_sm_setcred(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_open_session(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_close_session(pam_handle_t pamh, int flags, int argc, const char argv[]) { return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t pamh, int flags, int argc, const char *argv[]) { return (PAM_SERVICE_ERR); } #ifdef PAM_MODULE_ENTRY PAM_MODULE_ENTRY("pam_unix"); #endif
	Sample PAM Conversation Function	Exemplo de função de conversação PAM
	The conversation function presented below is a greatly simplified version of OpenPAM's <citerefentry><refentrytitle>openpam_ttyconv</refentrytitle><manvolnum>3</manvolnum></citerefentry>. It is fully functional, and should give the reader a good idea of how a conversation function should behave, but it is far too simple for real-world use. Even if you are not using OpenPAM, feel free to download the source code and adapt <citerefentry><refentrytitle>openpam_ttyconv</refentrytitle><manvolnum>3</manvolnum></citerefentry> to your uses; we believe it to be as robust as a tty-oriented conversation function can reasonably get.	A função de conversação apresentada abaixo é uma versão bastante simplificada do <citerefentry><refentrytitle>openpam_ttyconv</refentrytitle><manvolnum></manvolnum></citerefentry> do OpenPAM. Ele é totalmente funcional e deve dar ao leitor uma boa ideia de como uma função de conversa deve se comportar, mas é simples demais para uso no mundo real. Mesmo se você não estiver usando o OpenPAM, sinta-se à vontade para baixar o código-fonte e adaptar <citerefentry><refentrytitle>openpam_ttyconv</refentrytitle><manvolnum>3</manvolnum></citerefentry> aos seus usos; acreditamos que seja tão robusto quanto uma função de conversa orientada para tty pode razoavelmente ser.
	/- Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: head/en_US.ISO8859-1/articles/pam/converse.c 38826 2012-05-17 19:12:14Z hrs $ / #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <security/pam_appl.h> int converse(int n, const struct pam_message msg, struct pam_response resp, void data) { struct pam_response aresp; char buf[PAM_MAX_RESP_SIZE]; int i; data = data; if (n <= 0 \|\| n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); if ((aresp = calloc(n, sizeof aresp)) == NULL) return (PAM_BUF_ERR); for (i = 0; i < n; ++i) { aresp[i].resp_retcode = 0; aresp[i].resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: aresp[i].resp = strdup(getpass(msg[i]->msg)); if (aresp[i].resp == NULL) goto fail; break; case PAM_PROMPT_ECHO_ON: fputs(msg[i]->msg, stderr); if (fgets(buf, sizeof buf, stdin) == NULL) goto fail; aresp[i].resp = strdup(buf); if (aresp[i].resp == NULL) goto fail; break; case PAM_ERROR_MSG: fputs(msg[i]->msg, stderr); if (strlen(msg[i]->msg) > 0 && msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') fputc('\n', stderr); break; case PAM_TEXT_INFO: fputs(msg[i]->msg, stdout); if (strlen(msg[i]->msg) > 0 && msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') fputc('\n', stdout); break; default: goto fail; } } resp = aresp; return (PAM_SUCCESS); fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { memset(aresp[i].resp, 0, strlen(aresp[i].resp)); free(aresp[i].resp); } } memset(aresp, 0, n sizeof aresp); resp = NULL; return (PAM_CONV_ERR); }	/- Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD: head/en_US.ISO8859-1/articles/pam/converse.c 38826 2012-05-17 19:12:14Z hrs $ / #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <security/pam_appl.h> int converse(int n, const struct pam_message msg, struct pam_response resp, void data) { struct pam_response aresp; char buf[PAM_MAX_RESP_SIZE]; int i; data = data; if (n <= 0 \|\| n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); if ((aresp = calloc(n, sizeof aresp)) == NULL) return (PAM_BUF_ERR); for (i = 0; i < n; ++i) { aresp[i].resp_retcode = 0; aresp[i].resp = NULL; switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: aresp[i].resp = strdup(getpass(msg[i]->msg)); if (aresp[i].resp == NULL) goto fail; break; case PAM_PROMPT_ECHO_ON: fputs(msg[i]->msg, stderr); if (fgets(buf, sizeof buf, stdin) == NULL) goto fail; aresp[i].resp = strdup(buf); if (aresp[i].resp == NULL) goto fail; break; case PAM_ERROR_MSG: fputs(msg[i]->msg, stderr); if (strlen(msg[i]->msg) > 0 && msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') fputc('\n', stderr); break; case PAM_TEXT_INFO: fputs(msg[i]->msg, stdout); if (strlen(msg[i]->msg) > 0 && msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n') fputc('\n', stdout); break; default: goto fail; } } resp = aresp; return (PAM_SUCCESS); fail: for (i = 0; i < n; ++i) { if (aresp[i].resp != NULL) { memset(aresp[i].resp, 0, strlen(aresp[i].resp)); free(aresp[i].resp); } } memset(aresp, 0, n sizeof aresp); resp = NULL; return (PAM_CONV_ERR); }
	Further Reading	Leitura Adicional
	This is a list of documents relevant to PAM and related issues. It is by no means complete.	Esta é uma lista de documentos relevantes para o PAM e questões relacionadas. Não está de modo algum completo.
	Papers	Papers
	Making Login Services Independent of Authentication Technologies	Tornando os Serviços de Login Independentes das Tecnologias de Autenticação
	<personname> <surname>Samar</surname> <firstname>Vipin</firstname> </personname>	<personname> <surname>Samar</surname> <firstname>Vipin</firstname> </personname>
	<personname> <surname>Lai</surname> <firstname>Charlie</firstname> </personname>	<personname> <surname>Lai</surname> <firstname>Charlie</firstname> </personname>
	Sun Microsystems	Sun Microsystems
	<link xlink:href="https://pubs.opengroup.org/onlinepubs/8329799/toc.htm">X/Open Single Sign-on Preliminary Specification</link>	<link xlink:href="https://pubs.opengroup.org/onlinepubs/8329799/toc.htm">Especificação Preliminar do X/Open Single Sign-on</link>
	The Open Group	O grupo aberto
	1-85912-144-6	1-85912-144-6
	June 1997	Junho de 1997
	<link xlink:href="https://mirrors.kernel.org/pub/linux/libs/pam/pre/doc/draft-morgan-pam-07.txt"> Pluggable Authentication Modules</link>	<link xlink:href="https://mirrors.kernel.org/pub/linux/libs/pam/pre/doc/draft-morgan-pam-07.txt">Módulos de Autenticação Plugáveis</link>
	<personname> <surname>Morgan</surname> <firstname>Andrew</firstname> <othername role="mi">G.</othername> </personname>	<personname> <surname>Morgan</surname> <firstname>Andrew</firstname> <othername role="mi">G.</othername> </personname>
	1999-10-06	06-10-1999
	User Manuals	Manuais do usuário
	<link xlink:href="https://docs.oracle.com/cd/E26505_01/html/E27224/pam-1.html"> PAM Administration</link>	<link xlink:href="https://docs.oracle.com/cd/E26505_01/html/E27224/pam-1.html">Administração do PAM</link>
	Related Web Pages	Páginas Web Relacionadas
	<link xlink:href="https://www.openpam.org/">OpenPAM homepage</link>	<link xlink:href="https://www.openpam.org/">Homepage do OpenPAM</link>
	<personname> <surname>Smørgrav</surname> <firstname>Dag-Erling</firstname> </personname>	<personname> <surname>Smørgrav</surname> <firstname>Dag-Erling</firstname> </personname>
	ThinkSec AS	ThinkSec AS
	<link xlink:href="http://www.kernel.org/pub/linux/libs/pam/">Linux-PAM homepage</link>	<link xlink:href="http://www.kernel.org/pub/linux/libs/pam/">Página inicial do Linux-PAM</link>
	Solaris PAM homepage	Homepage do Solaris PAM