Golang : Verify Linux user password again before executing a program example


11889 views 4th September 2017


One of my previous tutorial shows you how to restrict a program execution to root only and this can be restrictive for some as the root password needs to be shared around. Mr. Jake of the Philipines would like to know how to force a user to enter his or her username and password before allowing a program to execute. Instead of hard coding the password/username into the code, he needs know how his program can authenticate the username and password against the Linux's user/password database.

In Linux, we can use the PAM(Pluggable Authentication Module) to check if a username/password is valid before allowing further execution of the program.

The code example below uses the Linux PAM(Pluggable Authentication Module) to verify if a username and password are registered in the Linux's database. If yes, allow the user to proceed and if not, simply abort the program.

NOTE: In case the code did not compile due to a missing library. Install libpam0g-dev on your Linux machine. sudo yum install libpam0g-dev or sudo apt-get install libpam0g-dev should fix the issue.

NOTE: Do not use this program on none Linux OS.

Here you go!

 package main

 import (
  "bufio"
  "errors"
  "fmt"
  "github.com/bgentry/speakeasy"
  "github.com/msteinert/pam"
  "os"
  "runtime"
 )

 func authService() error {
  t, err := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
 switch s {
 case pam.PromptEchoOff:
 return speakeasy.Ask(msg)
 case pam.PromptEchoOn:
 fmt.Print(msg + " ")
 input, err := bufio.NewReader(os.Stdin).ReadString('\n')
 if err != nil {
 return "", err
 }
 return input[:len(input)-1], nil
 case pam.ErrorMsg:
 fmt.Print(msg)
 return "", nil
 case pam.TextInfo:
 fmt.Println(msg)
 return "", nil
 }
 return "", errors.New("Unrecognized message style")
  })
  if err != nil {
 return err
  }
  err = t.Authenticate(0)
  if err != nil {
 return err
  }
  //fmt.Println("Authentication succeeded!")
  return nil

 }

 func main() {
  if runtime.GOOS != "linux" { // also can be specified to FreeBSD
 fmt.Println("PAM(Pluggable Authentication Modules) only works with Linux!!")
 os.Exit(0)
  }

  err := authService()

  if err != nil {
 fmt.Println("Unable to authenticate your password or username! Abort!")
  } else {
 fmt.Println("Credential accepted! Proceeding to .....")
 // this is where you want to execute your main function for authenticated users.
  }
 }

Execute the code and feed it with valid and none valid username/password combinations to see the differences.

Happy coding!

References:

https://godoc.org/github.com/msteinert/pam#example-package--Authenticate

http://www.tuxradar.com/content/how-pam-works

  See also : Golang : Get login name from environment and prompt for password





By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement

Tutorials

+5.2k Golang : Experimental Jawi programming language


+30k Golang : Get and Set User-Agent examples


+7.3k Golang : Of hash table and hash map


+4.9k Golang : A program that contain another program and executes it during run-time


+31.7k Golang : Example for ECDSA(Elliptic Curve Digital Signature Algorithm) package functions


+22.2k Golang : Repeat a character by multiple of x factor


+34.8k Golang : How to stream file to client(browser) or write to http.ResponseWriter?


+9.3k Golang : Write multiple lines or divide string into multiple lines


+11.4k Golang : Post data with url.Values{}


+11.4k Golang : Byte format example


+8.4k Golang : Count leading or ending zeros(any item of interest) example


+5.3k PHP : See installed compiled-in-modules