pam 1.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/COPYING +15 -0
- data/ChangeLog +68 -0
- data/LICENSE +510 -0
- data/MANIFEST +12 -0
- data/README +102 -0
- data/Rakefile +100 -0
- data/ext/extconf.rb +29 -0
- data/ext/pam.c +164 -0
- data/ext/pam.h +47 -0
- data/ext/pam_handle.c +685 -0
- data/test/check_conv.rb +54 -0
- data/test/check_get_item.rb +47 -0
- data/test/check_user.rb +114 -0
- metadata +58 -0
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# -*- ruby -*-
|
|
2
|
+
# $Id: check_get_item.rb,v 1.1.1.1 2002/11/06 08:04:49 ttate Exp $
|
|
3
|
+
|
|
4
|
+
require "pam"
|
|
5
|
+
|
|
6
|
+
def pam_conv(msgs, data)
|
|
7
|
+
ret = []
|
|
8
|
+
|
|
9
|
+
msgs.each{|msg|
|
|
10
|
+
case msg.msg_style
|
|
11
|
+
when PAM::PAM_PROMPT_ECHO_ON
|
|
12
|
+
printf("User: ")
|
|
13
|
+
if( user = $stdin.gets )
|
|
14
|
+
user.chomp!
|
|
15
|
+
end
|
|
16
|
+
ret.push(PAM::Response.new(user,0))
|
|
17
|
+
when PAM::PAM_PROMPT_ECHO_OFF
|
|
18
|
+
printf("Password: ")
|
|
19
|
+
`stty -echo`
|
|
20
|
+
begin
|
|
21
|
+
if( pass = $stdin.gets )
|
|
22
|
+
pass.chomp!
|
|
23
|
+
end
|
|
24
|
+
ensure
|
|
25
|
+
`stty echo`
|
|
26
|
+
end
|
|
27
|
+
ret.push(PAM::Response.new(pass, 0))
|
|
28
|
+
else
|
|
29
|
+
ret.push(PAM::Response.new(nil, 0))
|
|
30
|
+
end
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
ret
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
conv = proc{|msg| pam_conv(msg)}
|
|
37
|
+
user = ENV['LOGNAME']
|
|
38
|
+
data = user
|
|
39
|
+
|
|
40
|
+
PAM.start("check_user",user,conv,data){|pam|
|
|
41
|
+
conv2,data2 = pam.get_item(PAM::PAM_CONV)
|
|
42
|
+
if( conv == conv2 && data == data2 )
|
|
43
|
+
print("ok\n")
|
|
44
|
+
else
|
|
45
|
+
print("error\n")
|
|
46
|
+
end
|
|
47
|
+
}
|
data/test/check_user.rb
ADDED
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
# -*- ruby -*-
|
|
2
|
+
# $Id: check_user.rb,v 1.1.1.1 2002/11/06 08:04:49 ttate Exp $
|
|
3
|
+
|
|
4
|
+
=begin
|
|
5
|
+
You need to create the /etc/pam.d/check_user file which
|
|
6
|
+
contains the following in the /etc/pam.d directory.
|
|
7
|
+
|
|
8
|
+
--
|
|
9
|
+
auth required /lib/security/pam_pwdb.so shadow nullok
|
|
10
|
+
account required /lib/security/pam_pwdb.so
|
|
11
|
+
password required /lib/security/pam_cracklib.so
|
|
12
|
+
password required /lib/security/pam_pwdb.so shadow use_authtok nullok
|
|
13
|
+
session required /lib/security/pam_pwdb.so
|
|
14
|
+
session optional /lib/security/pam_xauth.so
|
|
15
|
+
--
|
|
16
|
+
|
|
17
|
+
Or you need to add the following to the /etc/pam.conf file.
|
|
18
|
+
|
|
19
|
+
--
|
|
20
|
+
check_user auth required /lib/security/pam_pwdb.so shadow nullok
|
|
21
|
+
check_user account required /lib/security/pam_pwdb.so
|
|
22
|
+
check_user password required /lib/security/pam_cracklib.so
|
|
23
|
+
check_user password required /lib/security/pam_pwdb.so shadow use_authtok nullok
|
|
24
|
+
check_user session required /lib/security/pam_pwdb.so
|
|
25
|
+
check_user session optional /lib/security/pam_xauth.so
|
|
26
|
+
--
|
|
27
|
+
|
|
28
|
+
See also the PAM administration guide depended on your OS.
|
|
29
|
+
=end
|
|
30
|
+
|
|
31
|
+
|
|
32
|
+
require "pam"
|
|
33
|
+
|
|
34
|
+
def pam_conv(msgs, data)
|
|
35
|
+
ret = []
|
|
36
|
+
|
|
37
|
+
print("pam_conv: data = #{data.inspect}\n")
|
|
38
|
+
print("pam_conv: msgs = #{msgs.inspect}\n")
|
|
39
|
+
msgs.each{|msg|
|
|
40
|
+
case msg.msg_style
|
|
41
|
+
when PAM::PAM_PROMPT_ECHO_ON
|
|
42
|
+
printf(msg.msg)
|
|
43
|
+
if( str = $stdin.gets )
|
|
44
|
+
user.chomp!
|
|
45
|
+
end
|
|
46
|
+
ret.push(PAM::Response.new(str,0))
|
|
47
|
+
when PAM::PAM_PROMPT_ECHO_OFF
|
|
48
|
+
printf(msg.msg)
|
|
49
|
+
`stty -echo`
|
|
50
|
+
begin
|
|
51
|
+
if( str = $stdin.gets )
|
|
52
|
+
str.chomp!
|
|
53
|
+
end
|
|
54
|
+
ensure
|
|
55
|
+
`stty echo`
|
|
56
|
+
end
|
|
57
|
+
ret.push(PAM::Response.new(str, 0))
|
|
58
|
+
else
|
|
59
|
+
# unexpected, bug?
|
|
60
|
+
ret.push(PAM::Response.new(nil, 0))
|
|
61
|
+
end
|
|
62
|
+
}
|
|
63
|
+
ret
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
if( ARGV[0] && ARGV[1] )
|
|
67
|
+
service = ARGV[0]
|
|
68
|
+
user = ARGV[1]
|
|
69
|
+
else
|
|
70
|
+
print("usage:\n #{$0} <service> <user>\n")
|
|
71
|
+
exit(1)
|
|
72
|
+
end
|
|
73
|
+
conv = proc{|msg, data| pam_conv(msg, data)}
|
|
74
|
+
conv_data = ""
|
|
75
|
+
|
|
76
|
+
PAM.start("check_user", user, conv, conv_data){|pam|
|
|
77
|
+
#PAM.start(service, user, :pam_conv, conv_data){|pam|
|
|
78
|
+
#pam.set_fail_delay(0)
|
|
79
|
+
#pam.set_item(PAM::PAM_RUSER, "bkearney")
|
|
80
|
+
#pam.set_item(PAM::PAM_RHOST, rhost)
|
|
81
|
+
#pam.set_item(PAM::PAM_CONV, [conv, conv_data])
|
|
82
|
+
#pam.set_item(PAM::PAM_TTY, "1")
|
|
83
|
+
print("PAM_RUSER = ", pam.get_item(PAM::PAM_RUSER), "\n")
|
|
84
|
+
print("PAM_RHOST = ", pam.get_item(PAM::PAM_RHOST), "\n")
|
|
85
|
+
print("PAM_USER = ", pam.get_item(PAM::PAM_USER), "\n")
|
|
86
|
+
print("PAM_SERVICE = ", pam.get_item(PAM::PAM_SERVICE), "\n")
|
|
87
|
+
print("PAM_CONV = ", pam.get_item(PAM::PAM_CONV).inspect, "\n")
|
|
88
|
+
begin
|
|
89
|
+
pam.authenticate(0)
|
|
90
|
+
rescue PAM::PAM_USER_UNKNOWN
|
|
91
|
+
print("unknown user: #{pam.get_item(PAM::PAM_USER)}")
|
|
92
|
+
exit(1)
|
|
93
|
+
rescue PAM::PAM_AUTH_ERR
|
|
94
|
+
print("authentication error: #{pam.get_item(PAM::PAM_USER)}\n")
|
|
95
|
+
print("error code = #{pam.status}\n")
|
|
96
|
+
exit(1)
|
|
97
|
+
rescue PAM::PAMError
|
|
98
|
+
print("error code = #{pam.status}\n")
|
|
99
|
+
exit(1)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
begin
|
|
103
|
+
#pam.acct_mgmt(0)
|
|
104
|
+
#pam.open_session{
|
|
105
|
+
# # do something
|
|
106
|
+
#}
|
|
107
|
+
rescue PAM::PAMError
|
|
108
|
+
printf("you can't access.\n")
|
|
109
|
+
exit(1)
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
print("\n",
|
|
113
|
+
"authenticated!\n")
|
|
114
|
+
}
|
metadata
ADDED
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
rubygems_version: 0.9.4
|
|
3
|
+
specification_version: 1
|
|
4
|
+
name: pam
|
|
5
|
+
version: !ruby/object:Gem::Version
|
|
6
|
+
version: 1.5.2
|
|
7
|
+
date: 2008-09-12 00:00:00 -04:00
|
|
8
|
+
summary: Ruby bindings for pam
|
|
9
|
+
require_paths:
|
|
10
|
+
- lib
|
|
11
|
+
email: bkearney@redhat.com
|
|
12
|
+
homepage: http://sourceforge.net/projects/ruby-pam
|
|
13
|
+
rubyforge_project:
|
|
14
|
+
description: Ruby bindings pam.
|
|
15
|
+
autorequire: pam-devel
|
|
16
|
+
default_executable:
|
|
17
|
+
bindir: bin
|
|
18
|
+
has_rdoc: false
|
|
19
|
+
required_ruby_version: !ruby/object:Gem::Version::Requirement
|
|
20
|
+
requirements:
|
|
21
|
+
- - ">="
|
|
22
|
+
- !ruby/object:Gem::Version
|
|
23
|
+
version: 1.8.1
|
|
24
|
+
version:
|
|
25
|
+
platform: ruby
|
|
26
|
+
signing_key:
|
|
27
|
+
cert_chain:
|
|
28
|
+
post_install_message:
|
|
29
|
+
authors: []
|
|
30
|
+
|
|
31
|
+
files:
|
|
32
|
+
- Rakefile
|
|
33
|
+
- COPYING
|
|
34
|
+
- LICENSE
|
|
35
|
+
- README
|
|
36
|
+
- ChangeLog
|
|
37
|
+
- ext/pam_handle.c
|
|
38
|
+
- ext/pam.c
|
|
39
|
+
- ext/pam.h
|
|
40
|
+
- ext/extconf.rb
|
|
41
|
+
- test/check_get_item.rb
|
|
42
|
+
- test/check_conv.rb
|
|
43
|
+
- test/check_user.rb
|
|
44
|
+
- MANIFEST
|
|
45
|
+
test_files: []
|
|
46
|
+
|
|
47
|
+
rdoc_options: []
|
|
48
|
+
|
|
49
|
+
extra_rdoc_files: []
|
|
50
|
+
|
|
51
|
+
executables: []
|
|
52
|
+
|
|
53
|
+
extensions:
|
|
54
|
+
- ext/extconf.rb
|
|
55
|
+
requirements: []
|
|
56
|
+
|
|
57
|
+
dependencies: []
|
|
58
|
+
|