public static bool Authenticate(string serviceName, string user, string password)
{
//Initialize
PamStatus lastReturnedValue = PamStatus.PAM_SUCCESS;
IntPtr pamHandle = IntPtr.Zero;
PamConv conversation = new PamConv();
ConversationHandler conversationHandler = new ConversationHandler(password);
conversation.ConversationCallback = conversationHandler.HandlePamConversation;
try {
//Start
lastReturnedValue = Pam.pam_start(serviceName, user, conversation, ref pamHandle);
if (lastReturnedValue != PamStatus.PAM_SUCCESS)
{
return(false);
}
//Authenticate - Verifies username and password
lastReturnedValue = Pam.pam_authenticate(pamHandle, AuthenticateFlags);
if (lastReturnedValue != PamStatus.PAM_SUCCESS)
{
return(false);
}
//Account Management - Checks that account is valid, checks account expiration, access restrictions.
lastReturnedValue = Pam.pam_acct_mgmt(pamHandle, AccountManagementFlags);
if (lastReturnedValue != PamStatus.PAM_SUCCESS)
{
return(false);
}
} finally {
lastReturnedValue = Pam.pam_end(pamHandle, lastReturnedValue);
}
return(true);
}
/// <inheritdoc/>
public IPamTransaction Start(
IPamMessageHandler messageHandler,
string?user = null)
{
var conversationHandler = _configuration.CreateMessaging?.Invoke(messageHandler)
?? new PamConversationHandler(messageHandler);
PamStatus ConversationCallback(int messageCount, IntPtr messages, out IntPtr responseArrayPtr, IntPtr appDataPtr)
{
try
{
return(conversationHandler.Handle(messageCount, messages, out responseArrayPtr, appDataPtr));
}
catch (Exception ex)
{
_logger?.LogError(ex, "Conversation failed with error message {0}", ex.Message);
responseArrayPtr = IntPtr.Zero;
return(PamStatus.PAM_CONV_ERR);
}
}
var conversation = new PamConv(ConversationCallback);
CheckStatus(_interop.pam_start(_configuration.ServiceName, user, conversation, out var pamHandle));
return(new PamTransaction(_interop, pamHandle, conversation, _logger));
}
public void CanStartPamTransaction()
{
var conv = new PamConv(NoOpConvCallback);
var interop = PamInteropFactory.Create();
interop.pam_start("passwd", null, conv, out var handle);
interop.pam_end(handle, PamStatus.PAM_SUCCESS);
}
/// <summary>
/// Initializes a new instance of the <see cref="PamTransaction"/> class.
/// </summary>
/// <param name="interop">The object implementing the PAM functions.</param>
/// <param name="handle">The handle of the PAM transaction.</param>
/// <param name="conversation">The conversation handler information.</param>
/// <param name="logger">The logger.</param>
public PamTransaction(
IPamInterop interop,
IntPtr handle,
PamConv conversation,
ILogger <PamService>?logger = null)
{
_conversation = _defaultConversation = conversation;
_delayCallback = DelayCallback;
_interop = interop;
_logger = logger;
_handle = handle;
}
///<summary>
/// Initializes the session. Must be called first.
/// http://linux.die.net/man/3/pam_start
///</summary>
public PamStatus Start()
{
PamConv conversation = new PamConv();
conversation.ConversationCallback = HandlePamConversation;
conversation.AppData = appData;
lock (this.PamCallLock) {
if (this.pamHandle != IntPtr.Zero)
{
throw new InvalidOperationException("Start may not be called multiple times for the same PamSession!");
}
this.lastReturnedValue = Pam.pam_start(this.serviceName, user, conversation, ref pamHandle);
return(this.lastReturnedValue);
}
}
