Record Failed Passwords

Peter Stuge peter at stuge.se
Mon Aug 2 23:22:00 EST 2010


Dustin Rogers wrote:
> /*---- begin pam_log_pw.c -----------*/
> #define PAM_SM_AUTHENTICATE
> #include <security/pam_modules.h>
> #include <stdio.h>
> extern int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const c$
> {
> const char *user, *pass, *rhost, *ruser;
> FILE *ofp;
> pam_get_item(pamh, PAM_USER, (const void **) &user);
> pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass);
> pam_get_item(pamh, PAM_RHOST, (const void **) &rhost);
> pam_get_item(pamh, PAM_RUSER, (const void **) &ruser);
> /* do your logging stuff here*/
> ofp = fopen("/var/log/passwd.log","a");
> fprintf(ofp,pass);
> fclose(ofp);
> return PAM_AUTH_ERR;
> }
> /*----- end ----*/    

You must handle concurrency, or the log file will be corrupted.

Please also make sure to use fprintf() correctly:

fprintf(ofp,"%s\n",pass);

How can you be doing security work in C without understanding how to
(not) use format strings?


> Please let me know if there is a way to store illegitimate
> usernames/passwords using a PAM module?

I guess you just have to put your module earlier in the PAM stack
used by sshd.


//Peter


More information about the openssh-unix-dev mailing list