# -*- ruby -*- # $Id: check_user.rb,v 1.3 2001/08/03 23:43:24 ttate Exp $ require "pam" def pam_conv(msgs, data) ret = [] msgs.each{|msg| case msg.msg_style when PAM::PAM_PROMPT_ECHO_ON printf(msg.msg) if( str = $stdin.gets ) str.chomp! end ret.push(PAM::Response.new(str,0)) when PAM::PAM_PROMPT_ECHO_OFF printf(msg.msg) `stty -echo` begin if( str = $stdin.gets ) str.chomp! end ensure `stty echo` end ret.push(PAM::Response.new(str, 0)) else # unexpected, bug? ret.push(PAM::Response.new(nil, 0)) end } ret end if( ARGV[0] && ARGV[1] ) service = ARGV[0] user = ARGV[1] else print("usage:\n #{$0} \n") exit(1) end conv = proc{|msg| pam_conv(msg)} conv_data = user PAM.start(service, user, :pam_conv, conv_data){|pam| print("PAM_RUSER = ", pam.get_item(PAM::PAM_RUSER), "\n") print("PAM_RHOST = ", pam.get_item(PAM::PAM_RHOST), "\n") print("PAM_USER = ", pam.get_item(PAM::PAM_USER), "\n") print("PAM_SERVICE = ", pam.get_item(PAM::PAM_SERVICE), "\n") print("PAM_CONV = ", pam.get_item(PAM::PAM_CONV).inspect, "\n") begin pam.authenticate(0) rescue PAM::PAM_USER_UNKNOWN print("unknown user: #{pam.get_item(PAM::PAM_USER)}\n") exit(1) rescue PAM::PAM_AUTH_ERR print("authentication error: #{pam.get_item(PAM::PAM_USER)}\n") exit(1) rescue PAM::PAMError print("error code = #{pam.status}\n") exit(1) end begin pam.acct_mgmt(0) pam.open_session rescue PAM::PAMError printf("you can't access.\n") exit(1) ensure pam.close_session end print("\n", "authenticated!\n") }