473,574 Members | 2,668 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help with PAM and ctypes

Sorry for the repeat post...I'm not sure if my first post (on May
30th) went through or
not.

I've been trying to write a PAM module using ctypes. In the
conversation
function (my_conv in the script below), you're passed in a
pam_response**
pointer. You're supposed to allocate an array of pam_response's and
set
the pointer's value to the new array. Then you fill in the array with
appropriate data.

I can't seem to get it working in python...The authenticate function
always
returns PAM_AUTHTOK_REC OVER_ERR (21), which I think means the response
doesn't make any sense.

I've tried saving the response array outside of my_conv to make sure
it
doesn't get garbage collected, but that doesn't seem to help.

Any pointers would be appreciated!

Cheers,
Chris

from ctypes import *

libpam = CDLL("libpam.so ")

class pam_handle(Stru cture):
_fields_ = [
("handle", c_void_p)
]

def __init__(self):
self.handle = 0

class pam_message(Str ucture):
_fields_ = [
("msg_style" , c_int),
("msg", c_char_p),
]

def __repr__(self):
return "<pam_messa ge %i '%s'>" % (self.msg_style , self.msg)

class pam_response(St ructure):
_fields_ = [
("resp", c_char_p),
("resp_retcode" , c_int),
]

def __repr__(self):
return "<pam_respo nse %i '%s'>" % (self.resp_retc ode,
self.resp)

conv_func = CFUNCTYPE(c_int ,
c_int, POINTER(POINTER (pam_message)),
POINTER(POINTER (pam_response)) , c_void_p)

class pam_conv(Struct ure):
_fields_ = [
("conv", conv_func),
("appdata_pt r", c_void_p)
]

pam_start = libpam.pam_star t
pam_start.resty pe = c_int
pam_start.argty pes = [c_char_p, c_char_p, POINTER(pam_con v),
POINTER(pam_han dle)]

pam_authenticat e = libpam.pam_auth enticate
pam_authenticat e.restype = c_int
pam_authenticat e.argtypes = [pam_handle, c_int]

if __name__ == "__main__":
import getpass, os, sys
@conv_func
def my_conv(nMessag es, messages, pResponse, appData):
# Create an array of nMessages response objects
# Does r get GC'ed after we're all done?
r = (pam_response * nMessages)()
pResponse.conte nts = cast(r, POINTER(pam_res ponse))
for i in range(nMessages ):
if messages[i].contents.msg == "Password: ":
p = getpass.getpass ()
pResponse.conte nts[0].resp_retcode = 0
pResponse.conte nts[0].resp = p
return 0

handle = pam_handle()
c = pam_conv(my_con v, 0)
retval = pam_start("logi n", os.getlogin(), pointer(c),
pointer(handle) )

if retval != 0:
print "Couldn't start pam session"
sys.exit(-1)

retval = pam_authenticat e(handle, 0)
if retval == 21:
print "Authentica tion information cannot be recovered"
sys.exit(-1)

print retval

Jun 7 '07 #1
3 2667
Chris AtLee wrote:
Sorry for the repeat post...I'm not sure if my first post (on May
30th) went through or
not.

I've been trying to write a PAM module using ctypes. In the
conversation
function (my_conv in the script below), you're passed in a
pam_response**
pointer. You're supposed to allocate an array of pam_response's and
set
the pointer's value to the new array. Then you fill in the array with
appropriate data.

I can't seem to get it working in python...The authenticate function
always
returns PAM_AUTHTOK_REC OVER_ERR (21), which I think means the response
doesn't make any sense.

I've tried saving the response array outside of my_conv to make sure
it
doesn't get garbage collected, but that doesn't seem to help.

Any pointers would be appreciated!

Cheers,
Chris
[snip some code]
>
conv_func = CFUNCTYPE(c_int ,
c_int, POINTER(POINTER (pam_message)),
POINTER(POINTER (pam_response)) , c_void_p)

class pam_conv(Struct ure):
_fields_ = [
("conv", conv_func),
("appdata_pt r", c_void_p)
]

pam_start = libpam.pam_star t
pam_start.resty pe = c_int
pam_start.argty pes = [c_char_p, c_char_p, POINTER(pam_con v),
POINTER(pam_han dle)]

pam_authenticat e = libpam.pam_auth enticate
pam_authenticat e.restype = c_int
pam_authenticat e.argtypes = [pam_handle, c_int]

if __name__ == "__main__":
import getpass, os, sys
@conv_func
def my_conv(nMessag es, messages, pResponse, appData):
# Create an array of nMessages response objects
# Does r get GC'ed after we're all done?
r = (pam_response * nMessages)()
The memory allocated to r is garbage collected immediately after my_conv
returns. You need to allocate it explicitly using C's calloc or such.
This assumes pam_start will free the memory for you.

addr = calloc(sizeof(p am_response), nMessages)
addr is the memory address as a Python integer.
pResponse.conte nts = cast(r, POINTER(pam_res ponse))
pResponse.conte nts changes the actual value of pResponse, a value on the
stack. You want to change the value of the pointer pResponse points to:

pResponse[0] = cast(addr, POINTER(pam_res ponse))

The cast creates a POINTER(pam_rep onse) instance with value addr.
for i in range(nMessages ):
if messages[i].contents.msg == "Password: ":
p = getpass.getpass ()
pResponse.conte nts[0].resp_retcode = 0
pResponse.conte nts[0].resp = p
return 0

handle = pam_handle()
c = pam_conv(my_con v, 0)
retval = pam_start("logi n", os.getlogin(), pointer(c),
pointer(handle) )

if retval != 0:
print "Couldn't start pam session"
sys.exit(-1)

retval = pam_authenticat e(handle, 0)
if retval == 21:
print "Authentica tion information cannot be recovered"
sys.exit(-1)

print retval
If you are going to do any serious ctypes coding consider joining the
ctypes mailing list at sourceforge.net .
--
Lenard Lindstrom
<le***@telus.ne t>
Jun 11 '07 #2
On Jun 11, 6:01 pm, Lenard Lindstrom <l...@telus.net wrote:
[snip snip snip]
if __name__ == "__main__":
import getpass, os, sys
@conv_func
def my_conv(nMessag es, messages, pResponse, appData):
# Create an array of nMessages response objects
# Does r get GC'ed after we're all done?
r = (pam_response * nMessages)()

The memory allocated to r is garbage collected immediately after my_conv
returns. You need to allocate it explicitly using C's calloc or such.
This assumes pam_start will free the memory for you.

addr = calloc(sizeof(p am_response), nMessages)

addr is the memory address as a Python integer.
pResponse.conte nts = cast(r, POINTER(pam_res ponse))

pResponse.conte nts changes the actual value of pResponse, a value on the
stack. You want to change the value of the pointer pResponse points to:

pResponse[0] = cast(addr, POINTER(pam_res ponse))

The cast creates a POINTER(pam_rep onse) instance with value addr.
Ahhh, thank you! I never understood how ctypes' pointer.content s
related
to C pointers. So, the following are equivalent?

int v = 42; v = 42
int *p = 0; p = cast(0, POINTER(c_int))
p = &v; p.contents = v
*p = 123; p[0] = 123

Using "pResponse[0] = cast(...)" got me part of the way to fixing my
problem. PAM started either crashing or saying authentication had
failed.
The crash was in free(), and some digging around revealed that PAM
tries to
free the response sent by the application, which makes sense.

My initial attempt to fix this involved wrapping strdup to allocate a
new
copy of a string to send back to PAM. Here's how I wrapped it:

strdup = libc.strdup
strdup.argstype s = [c_char_p]
strdup.restype = c_char_p

This still crashed in free(). I took a look at some of the ctypes
regression tests and something made me try this:

strdup = libc.strdup
strdup.argstype s = [c_char_p]
strdup.restype = POINTER(c_char) # NOT c_char_p !!!!

This works like a charm. Not sure why though...Does ctypes do
something
special with c_char_p return types? It seems as if Python was freeing
the
result of strdup() when the string was GC'ed, and then PAM would fail
when
trying to free the same memory.

My working code is pasted below.

Thanks,
Chris

from ctypes import *

libpam = CDLL("libpam.so ")
libc = CDLL("libc.so.6 ")

calloc = libc.calloc
calloc.restype = c_void_p
calloc.argtypes = [c_uint, c_uint]

strdup = libc.strdup
strdup.argstype s = [c_char_p]
strdup.restype = POINTER(c_char) # NOT c_char_p !!!!

# Various constants
PAM_PROMPT_ECHO _OFF = 1
PAM_PROMPT_ECHO _ON = 2
PAM_ERROR_MSG = 3
PAM_TEXT_INFO = 4

class pam_handle(Stru cture):
_fields_ = [
("handle", c_void_p)
]

def __init__(self):
self.handle = 0

class pam_message(Str ucture):
_fields_ = [
("msg_style" , c_int),
("msg", c_char_p),
]

def __repr__(self):
return "<pam_messa ge %i '%s'>" % (self.msg_style , self.msg)

class pam_response(St ructure):
_fields_ = [
("resp", c_char_p),
("resp_retcode" , c_int),
]

def __repr__(self):
return "<pam_respo nse %i '%s'>" % (self.resp_retc ode,
self.resp)

conv_func = CFUNCTYPE(c_int ,
c_int, POINTER(POINTER (pam_message)),
POINTER(POINTER (pam_response)) , c_void_p)

class pam_conv(Struct ure):
_fields_ = [
("conv", conv_func),
("appdata_pt r", c_void_p)
]

pam_start = libpam.pam_star t
pam_start.resty pe = c_int
pam_start.argty pes = [c_char_p, c_char_p, POINTER(pam_con v),
POINTER(pam_han dle)]

pam_authenticat e = libpam.pam_auth enticate
pam_authenticat e.restype = c_int
pam_authenticat e.argtypes = [pam_handle, c_int]

if __name__ == "__main__":
import getpass, os, sys
@conv_func
def my_conv(nMessag es, messages, pResponse, appData):
# Create an array of nMessages response objects
addr = calloc(nMessage s, sizeof(pam_resp onse))
pResponse[0] = cast(addr, POINTER(pam_res ponse))
for i in range(nMessages ):
if messages[i].contents.msg_s tyle == PAM_PROMPT_ECHO _OFF:
p = strdup(getpass. getpass(message s[i].contents.msg))
pResponse.conte nts[i].resp = cast(p, c_char_p)
pResponse.conte nts[i].resp_retcode = 0
else:
print "Unknown message type"
return 0

handle = pam_handle()
c = pam_conv(my_con v, 0)
retval = pam_start("logi n", getpass.getuser (), pointer(c),
pointer(handle) )

if retval != 0:
print "Couldn't start pam session"
sys.exit(-1)

retval = pam_authenticat e(handle, 0)
if retval == 21:
print "Authentica tion information cannot be recovered"
sys.exit(-1)
elif retval == 7:
print "Authentica tion failure"
elif retval == 0:
print "Ok!"
else:
print retval

Jun 14 '07 #3
Chris AtLee wrote:
On Jun 11, 6:01 pm, Lenard Lindstrom <l...@telus.net wrote:
[snip snip snip]
>>if __name__ == "__main__":
import getpass, os, sys
@conv_func
def my_conv(nMessag es, messages, pResponse, appData):
# Create an array of nMessages response objects
# Does r get GC'ed after we're all done?
r = (pam_response * nMessages)()
The memory allocated to r is garbage collected immediately after my_conv
returns. You need to allocate it explicitly using C's calloc or such.
This assumes pam_start will free the memory for you.

addr = calloc(sizeof(p am_response), nMessages)

addr is the memory address as a Python integer.
>> pResponse.conte nts = cast(r, POINTER(pam_res ponse))
pResponse.cont ents changes the actual value of pResponse, a value on the
stack. You want to change the value of the pointer pResponse points to:

pResponse[0] = cast(addr, POINTER(pam_res ponse))

The cast creates a POINTER(pam_rep onse) instance with value addr.

Ahhh, thank you! I never understood how ctypes' pointer.content s
related
to C pointers. So, the following are equivalent?

int v = 42; v = 42
int *p = 0; p = cast(0, POINTER(c_int))
p = &v; p.contents = v
*p = 123; p[0] = 123
Actually

int v = 42; v = c_int(42)

for p.contents = v to work. 42 is a Python integer. c_int(42) refers to
a mutable C integer in memory initialized to 42. Also, the preferred way
to create a NULL pointer in ctypes is to call the pointer type without
an argument:

int *p = 0; p = POINTER(c_int)( )

>
Using "pResponse[0] = cast(...)" got me part of the way to fixing my
problem. PAM started either crashing or saying authentication had
failed.
The crash was in free(), and some digging around revealed that PAM
tries to
free the response sent by the application, which makes sense.

My initial attempt to fix this involved wrapping strdup to allocate a
new
copy of a string to send back to PAM. Here's how I wrapped it:

strdup = libc.strdup
strdup.argstype s = [c_char_p]
strdup.restype = c_char_p

This still crashed in free(). I took a look at some of the ctypes
regression tests and something made me try this:

strdup = libc.strdup
strdup.argstype s = [c_char_p]
strdup.restype = POINTER(c_char) # NOT c_char_p !!!!

This works like a charm. Not sure why though...Does ctypes do
something
special with c_char_p return types? It seems as if Python was freeing
the
result of strdup() when the string was GC'ed, and then PAM would fail
when
trying to free the same memory.
c_char_p implicitly converts to/from a Python string. So strdup with a
c_char_p restype returns a copy of the returned C string as a Python
string instead of a pointer to the memory allocated by strdup. And I
don't know how a Python string is cast to a c_char_p.

--
Lenard Lindstrom
<le***@telus.ne t>
Jun 15 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
2570
by: Thomas Heller | last post by:
ctypes 0.9.1 released - Sept 14, 2004 ===================================== Overview ctypes is a ffi (Foreign Function Interface) package for Python 2.3 and higher. ctypes allows to call functions exposed from dlls/shared libraries and has extensive facilities to create, access and manipulate
19
2481
by: Thomas Heller | last post by:
ctypes 0.9.2 released - Oct 28, 2004 ==================================== Overview ctypes is a ffi (Foreign Function Interface) package for Python 2.3 and higher. ctypes allows to call functions exposed from dlls/shared libraries and has extensive facilities to create, access and manipulate
2
2666
by: gap | last post by:
I'm no c programmer, and I'm a ctypes newbie. I'll frame my problem as simply as I can. Sorry if it's too much or not enough info. I don't expect an explicit answer (but maybe), just help figuring out how to debug. WinXP, python 2.4.2 I'm using ctypes to access functions in a commercial dll. A certain function takes five arguments,...
1
4717
by: sjdevnull | last post by:
Hey, I'm trying to wrap GNU readline with ctypes (the Python readline library doesn't support the callback interface), but I can't figure out how to set values to a variable inside the library. This is Python 2.5 on Linux. Here's what I have so far--if you comment out the memmove call (3 lines) it works as expected: # START...
7
7012
by: p.lavarre | last post by:
How do I vary the byte offset of a field of a ctypes.Structure? How do I "use the dynamic nature of Python, and (re-)define the data type after the required size is already known, on a case by case basis"? \\\ For example, suppose sometimes I receive the value '\x03hi' + \x04bye' for the struct:
6
12762
by: Jack | last post by:
I'm not able to build IP2Location's Python interface so I'm trying to use ctypes to call its C interface. The functions return a pointer to the struct below. I haven't been able to figure out how I should declare the return type of the functions and read the fields. Any hint is appreciated. typedef struct { char *country_short; char...
8
4779
by: gianluca | last post by:
Hy, I need help about use dll with ctypes. I've compiled my dll C library and I copied it in c:\windows\system32. When I load it with "myDLL=cdll.LoadLibrary(find_library("myDLL.dll"))" It seem all OK but python don't see the dll function. with dir(myDLL) I've only this: Could anybody help me Thanks
0
2546
by: Egor Zindy | last post by:
Egor Zindy wrote: #!/usr/bin/env python """ A generic chipid library based on ctypes This module handles most of the functions in FTChipID.dll
3
11640
by: Andrew Lentvorski | last post by:
Basically, I'd like to use the ctypes module as a much more descriptive "struct" module. Is there a way to take a ctypes.Structure-based class and convert it to/from a binary string? Thanks, -a
2
1331
by: Sells, Fred | last post by:
Diez wrote... You're right the ctypes does seem more pythonesque; however I'm still stuck trying return all these parameters that the c api uses. my ctypes code is below. It just quits running when I try to print one of the args I did a pass byref on, no error out, nothing. admittedly I'm a newbie to ctypes and not much of a c programmer...
0
7736
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
1
7826
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8106
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6461
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
0
5305
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3755
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2251
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1350
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1066
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.