Golang : Verify Linux user password again before executing a program example
One of my previous tutorial shows you how to restrict a program execution to root
only and this can be restrictive for some as the root password needs to be shared around. Mr. Jake of the Philipines would like to know how to force a user to enter his or her username and password before allowing a program to execute. Instead of hard coding the password/username into the code, he needs know how his program can authenticate the username and password against the Linux's user/password database.
In Linux, we can use the PAM(Pluggable Authentication Module) to check if a username/password is valid before allowing further execution of the program.
The code example below uses the Linux PAM(Pluggable Authentication Module) to verify if a username and password are registered in the Linux's database. If yes, allow the user to proceed and if not, simply abort the program.
NOTE: In case the code did not compile due to a missing library. Install libpam0g-dev
on your Linux machine. sudo yum install libpam0g-dev
or sudo apt-get install libpam0g-dev
should fix the issue.
NOTE: Do not use this program on none Linux OS.
Here you go!
package main
import (
"bufio"
"errors"
"fmt"
"github.com/bgentry/speakeasy"
"github.com/msteinert/pam"
"os"
"runtime"
)
func authService() error {
t, err := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
switch s {
case pam.PromptEchoOff:
return speakeasy.Ask(msg)
case pam.PromptEchoOn:
fmt.Print(msg + " ")
input, err := bufio.NewReader(os.Stdin).ReadString('\n')
if err != nil {
return "", err
}
return input[:len(input)-1], nil
case pam.ErrorMsg:
fmt.Print(msg)
return "", nil
case pam.TextInfo:
fmt.Println(msg)
return "", nil
}
return "", errors.New("Unrecognized message style")
})
if err != nil {
return err
}
err = t.Authenticate(0)
if err != nil {
return err
}
//fmt.Println("Authentication succeeded!")
return nil
}
func main() {
if runtime.GOOS != "linux" { // also can be specified to FreeBSD
fmt.Println("PAM(Pluggable Authentication Modules) only works with Linux!!")
os.Exit(0)
}
err := authService()
if err != nil {
fmt.Println("Unable to authenticate your password or username! Abort!")
} else {
fmt.Println("Credential accepted! Proceeding to .....")
// this is where you want to execute your main function for authenticated users.
}
}
Execute the code and feed it with valid and none valid username/password combinations to see the differences.
Happy coding!
References:
https://godoc.org/github.com/msteinert/pam#example-package--Authenticate
See also : Golang : Get login name from environment and prompt for password
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+8.4k Golang : Set or add headers for many or different handlers
+6.6k Golang : Decode XML data from RSS feed
+8.2k PHP : How to parse ElasticSearch JSON ?
+10.8k Golang : Web routing/multiplex example
+7.5k Golang : Generate human readable password
+5.6k Cash Flow : 50 days to pay your credit card debt
+20.7k Golang : For loop continue,break and range
+6.4k Golang : Join lines with certain suffix symbol example
+5.6k Linux : Disable and enable IPv4 forwarding
+7.3k Golang : Shuffle strings array
+9.6k Golang : Get current, epoch time and display by year, month and day
+8.2k Golang : Add text to image and get OpenCV's X, Y co-ordinates example