#!/usr/bin/perl
                                                                                                                                      
# auth_pam.pl
# uses Authen::PAM to validate a user - password pair
# usage: auth_pam.pl [user] [password]
# exit 0 on success, otherwise 1
# script has to be SUID and use sperl if run as an unprivileged use
# handle with care ...
# Michael Redinger
                                                                                                                                      
use Authen::PAM;
                                                                                                                                      
exit 1 unless ( $ARGV[0] && $ARGV[1] && $ARGV[2] );
my $service = $ARGV[2];
my $username = $ARGV[0];
my $password = $ARGV[1];
 
sub my_conv_func {
        my @res;
        while ( @_ ) {
                my $code = shift;
                my $msg = shift;
                my $ans = "";
 
                $ans = $username if ($code == PAM_PROMPT_ECHO_ON() );
                $ans = $password if ($code == PAM_PROMPT_ECHO_OFF() );
 
                push @res, (PAM_SUCCESS(),$ans);
        }
        push @res, PAM_SUCCESS();
        return @res;
}
 
ref(my $pamh = new Authen::PAM($service, $username, \&my_conv_func)) ||
        die "Error code $pamh during PAM init!";
 
my $ret=$pamh->pam_authenticate;
 
exit 1 if ( $ret != 0 );