#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>
#include <errno.h>

int main () 
{
  struct pam_conv pamc;
  pam_handle_t* pamh;

  uid_t uid;
  uid_t euid;

  pamc.conv = &misc_conv;
  pamc.appdata_ptr = NULL;

  pam_start ("login", getenv ("USER"), &pamc, &pamh);

  if (pam_authenticate (pamh, 0) != PAM_SUCCESS) {
    fprintf (stderr, "Authentication failed.\n");
    return -1;
  } else {
    fprintf (stderr, "Authentication OK.\n");
  }

  pam_end (pamh, 0);

  uid = getuid();
  euid = geteuid();

  printf("starting with UIDs:\n");
  printf("uid: %d, euid: %d\n", (int) getuid(), (int) geteuid());

  if ( (int) geteuid() == 0 ) {
     printf("Effectively root!\n");
  }

  printf("\nTring to be real root:\n");
  setuid(0);
  printf("uid: %d, euid: %d\n", (int) getuid(), (int) geteuid());

  printf("\nBacking off:\n");
  setreuid(-1, uid);
  printf("uid: %d, euid: %d\n", (int) getuid(), (int) geteuid());

  printf("\nGiving up root altogether:\n");
  if ( setreuid(geteuid(), -1) != 0 ) {
     printf("permission denied\n");
  }
  printf("uid: %d, euid: %d\n", (int) getuid(), (int) geteuid());

  printf("\nTrying to become root again:\n");
  if ( setreuid(-1, 0) != 0 ) {
     printf("permission denied\n");
  }
  printf("uid: %d, euid: %d\n", (int) getuid(), (int) geteuid());

  return 0;
}