rpam2 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3993568d5198bd46c28c85e10476a0b6be74a563
-  data.tar.gz: cd5b593c7e20a494cfea945ac710474453f6552c
+  metadata.gz: 7c0c6f60c2bd715ef7bf6d130474eb08363b2693
+  data.tar.gz: 1a98fea02d357d3400526b196787bc0c6ffacd1e
 SHA512:
-  metadata.gz: 8de8bb0aededc24702641b3c7f2274104a6289f4156511afd3bf86d52ac68847d8a89822cf9d3b8f479ca4644b498725c2a3520e12eeea3ab6483ad6b3f3229e
-  data.tar.gz: 86fa80bb39258d1a9c64e777af165cd921b5766c9456f34452baefc536bfa46e8c5f142ce55abdd2b5281198b8b98a0a490a8fbf83aabe5a957e811eac974fed
+  metadata.gz: 0dd74748497f1279ac7ed03ff2069c25fbdfd86c5660ff9dde16ac28c5422d2210447d89976d5a62ee80e61ffcefea292624f1230f49a56221cde1a155672b18
+  data.tar.gz: e98d08d443dc01c67464d892ba1a9f270b10b668b1e8b2d7468430e1a51d7c5f4cadb7a3761d5e16334256e9fedd9a63209fb5849adece542039ba6080704d53

data/ext/rpam2/rpam2.c

@@ -1,4 +1,5 @@
 #include "ruby.h"
+#include <string.h>
 #include <security/pam_appl.h>
 
 static const char *const
@@ -14,11 +15,20 @@ method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password);
 static VALUE
 method_accountpam(VALUE self, VALUE servicename, VALUE username);
 
+static VALUE
+method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession);
+
+static VALUE
+method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession);
+
+
 VALUE rpam2;
 void Init_rpam2(){
     rpam2 = rb_define_module("Rpam2");
-    rb_define_singleton_method(rpam2, "authpam", method_authpam, 3);
-    rb_define_singleton_method(rpam2, "accountpam", method_accountpam, 2);
+    rb_define_singleton_method(rpam2, "auth", method_authpam, 3);
+    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
+    rb_define_singleton_method(rpam2, "getenv", method_getenvpam, 5);
+    rb_define_singleton_method(rpam2, "listenv", method_listenvpam, 4);
 }
 
 int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
@@ -64,7 +74,7 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
 
-    char *service = rpam_default_servicename;
+    char *service = (char*)rpam_default_servicename;
     if(!NIL_P(servicename)){
         service = StringValueCStr(servicename);
     }
@@ -82,13 +92,13 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
         return Qfalse;
     }
 
-    result = pam_authenticate(pamh, 0);
+    result = pam_acct_mgmt(pamh, 0);
     if (result != PAM_SUCCESS) {
         pam_end(pamh, result);
         return Qfalse;
     }
 
-    result = pam_acct_mgmt(pamh, 0);
+    result = pam_authenticate(pamh, 0);
     if (result != PAM_SUCCESS) {
         pam_end(pamh, result);
         return Qfalse;
@@ -107,7 +117,7 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
     unsigned int result=0;
     Check_Type(username, T_STRING);
 
-    char *service = rpam_default_servicename;
+    char *service = (char*)rpam_default_servicename;
     if(!NIL_P(servicename)){
         service = StringValueCStr(servicename);
     }
@@ -132,3 +142,137 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
         return Qfalse;
     }
 }
+
+
+static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession) {
+    pam_handle_t* pamh = NULL;
+    unsigned int result=0;
+    VALUE ret2;
+    Check_Type(username, T_STRING);
+    Check_Type(password, T_STRING);
+    Check_Type(envname, T_STRING);
+
+    char *service = (char*)rpam_default_servicename;
+    if(!NIL_P(servicename)){
+        service = StringValueCStr(servicename);
+    }
+
+    struct pam_conv auth_c;
+    auth_c.conv = rpam_auth_conversation;
+
+    struct auth_wrapper authw;
+    authw.pw = StringValueCStr(password);
+    auth_c.appdata_ptr = &authw;
+
+    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    if (result != PAM_SUCCESS) {
+        rb_warn("INIT: %s", pam_strerror(pamh, result));
+        return Qnil;
+    }
+
+    result = pam_authenticate(pamh, 0);
+    if (result != PAM_SUCCESS) {
+        pam_end(pamh, result);
+        return Qnil;
+    }
+
+    if (RTEST(opensession)){
+        result = pam_open_session(pamh, 0);
+        if (result != PAM_SUCCESS) {
+            rb_warn("SESSION OPEN: %s", pam_strerror(pamh, result));
+            pam_end(pamh, result);
+            return Qnil;
+        }
+    }
+    char *ret = pam_getenv(pamh, StringValueCStr(envname));
+    if(ret){
+        ret2 = rb_str_new_cstr(ret);
+    } else {
+        ret2 = Qnil;
+    }
+
+    if (RTEST(opensession)){
+        result = pam_close_session(pamh, 0);
+        if (result != PAM_SUCCESS) {
+            rb_warn("SESSION END: %s", pam_strerror(pamh, result));
+        }
+    }
+
+    result = pam_end(pamh, result);
+    if (result != PAM_SUCCESS) {
+        rb_warn("END: %s", pam_strerror(pamh, result));
+    }
+    return ret2;
+}
+
+static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession) {
+    pam_handle_t* pamh = NULL;
+    unsigned int result=0;
+    Check_Type(username, T_STRING);
+    Check_Type(password, T_STRING);
+
+    char *service = (char*)rpam_default_servicename;
+    if(!NIL_P(servicename)){
+        service = StringValueCStr(servicename);
+    }
+
+    struct pam_conv auth_c;
+    auth_c.conv = rpam_auth_conversation;
+
+    struct auth_wrapper authw;
+    authw.pw = StringValueCStr(password);
+    auth_c.appdata_ptr = &authw;
+
+    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    if (result != PAM_SUCCESS) {
+        rb_warn("INIT: %s", pam_strerror(pamh, result));
+        return Qnil;
+    }
+
+    result = pam_authenticate(pamh, 0);
+    if (result != PAM_SUCCESS) {
+        pam_end(pamh, result);
+        return Qnil;
+    }
+
+    if (RTEST(opensession)){
+        result = pam_open_session(pamh, 0);
+        if (result != PAM_SUCCESS) {
+            rb_warn("SESSION OPEN: %s", pam_strerror(pamh, result));
+            pam_end(pamh, result);
+            return Qnil;
+        }
+    }
+
+    char **envlist = pam_getenvlist(pamh);
+    VALUE ret = rb_hash_new();
+    char **tmpenvlist=envlist;
+    while(*tmpenvlist!=NULL){
+        char *last = strchr(*tmpenvlist, '=');
+        // should not be needed but better be safe in a security relevant application
+        if (last!=NULL){
+            rb_hash_aset(ret, rb_str_new(*tmpenvlist, last-*tmpenvlist), rb_str_new_cstr(last+1));
+        }
+        // strings have to be freed (specification)
+        // overwrite them with zero to prevent leakage
+        memset(*tmpenvlist, 0, strlen(*tmpenvlist));
+        free(*tmpenvlist);
+        tmpenvlist++;
+    }
+    // stringlist have to be freed (specification)
+    free(envlist);
+
+    if (RTEST(opensession)){
+        result = pam_close_session(pamh, 0);
+        if (result != PAM_SUCCESS) {
+            rb_warn("SESSION END: %s", pam_strerror(pamh, result));
+        }
+        result = pam_end(pamh, result);
+        if (result != PAM_SUCCESS) {
+            rb_warn("END: %s", pam_strerror(pamh, result));
+        }
+    }
+
+    return ret;
+}
+

data/rpam2.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name = "rpam2"
-  s.version = "2.0.0"
-  s.date = "2017-09-27"
+  s.version = "3.0.0"
+  s.date = "2017-10-02"
   s.summary = "PAM integration with ruby."
   s.email = "devkral@web.de"
   s.description = "Ruby PAM (Pluggable Authentication

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rpam2
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Alexander Kaftan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-27 00:00:00.000000000 Z
+date: 2017-10-02 00:00:00.000000000 Z
 dependencies: []
 description: |-
   Ruby PAM (Pluggable Authentication