The vault program is an example of a PAM-aware application. It provides access to a small database where users can store key/value pairs. The database behind vault is the GNU dbm, and it is not a sophisticated usage of it. The program is somewhat dependent on Linux-PAM due to the fact that the program uses the conversation function provided by Linux-PAM.
/*
* vault.c - access to a secure data vault
*
* Kenneth Geisshirt <http://kenneth.geisshirt.dk/>
*
*/
#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
#include <unistd.h>
#include <gdbm.h>
#include <sys/types.h>
#include <sys/stat.h>
static struct pam_conv conv = {
misc_conv,
NULL
};
int main(int argc, char *argv[]) {
pam_handle_t *pamh = NULL; /** PAM data structure **/
int retval;
GDBM_FILE dbh;
datum key, data;
int flags;
char *user = getlogin();
/** Creating and initializing a PAM session **/
retval = pam_start("vault", user, &conv, &pamh);
if (retval == PAM_SUCCESS)
/** Authenticate user **/
retval = pam_authenticate(pamh, 0);
if (retval == PAM_SUCCESS) {
dbh = gdbm_open("vault.db", 512, GDBM_WRCREAT, S_IREAD|S_IWRITE, NULL);
if (argc == 3) {
key.dptr = strdup(argv[1]);
key.dsize = strlen(argv[1])+1;
data.dptr = strdup(argv[2]);
data.dsize = strlen(argv[2])+1;
gdbm_store(dbh, key, data, GDBM_REPLACE);
} else {
key.dptr = strdup(argv[1]);
key.dsize = strlen(argv[1])+1;
data = gdbm_fetch(dbh, key);
printf("%s:%s\n", key.dptr, data.dptr);
}
gdbm_close(dbh);
}
fprintf(stderr, "%s\n", pam_strerror(pamh, retval));
/** Destroy the PAM session **/
pam_end(pamh, retval);
}