rpam2 3.0.1 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/rpam2/extconf.rb +1 -0
- data/ext/rpam2/rpam2.c +55 -35
- data/rpam2.gemspec +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 671a7b38ff512a687a10b9d4e407fc85e97ece0d
|
|
4
|
+
data.tar.gz: 1ccf99986d33defbcc247cc445e1c86ec9c04cab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a05e7ef83d101d6784bdf6dc1a68fdb402ce7cddd9134cb74f090ff0078b4e7654bd56039d4d30a02c19acd99a9aafc9823e44e97a60bd351241bc23cc72168a
|
|
7
|
+
data.tar.gz: 3cc90580f55dfffb99a8df76dfaa8175f0f5eee3beaba5f434d44a3706cf1f1fc72edeed5092eb36aaa70a8ebd7b6a2e0c576bf650b70d49734b58ad5a60c3b9
|
data/ext/rpam2/extconf.rb
CHANGED
data/ext/rpam2/rpam2.c
CHANGED
|
@@ -33,24 +33,24 @@ void Init_rpam2(){
|
|
|
33
33
|
|
|
34
34
|
int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
|
|
35
35
|
struct pam_response **resp, void *appdata_ptr){
|
|
36
|
+
struct auth_wrapper *authw = (struct auth_wrapper *)appdata_ptr;
|
|
36
37
|
struct pam_response *responses = calloc(num_msg, sizeof(struct pam_response));
|
|
37
|
-
|
|
38
|
+
/* no space for responses*/
|
|
38
39
|
if (!responses)
|
|
39
40
|
return PAM_BUF_ERR;
|
|
40
|
-
struct auth_wrapper *authw = (struct auth_wrapper *)appdata_ptr;
|
|
41
41
|
for (int msgc=0; msgc<num_msg; msgc++){
|
|
42
42
|
switch (msgm[msgc]->msg_style) {
|
|
43
43
|
case PAM_PROMPT_ECHO_OFF:
|
|
44
|
-
|
|
44
|
+
/* Assume ECHO_OFF is password/secret input */
|
|
45
45
|
responses[msgc].resp = strdup(authw->pw);
|
|
46
46
|
break;
|
|
47
47
|
case PAM_PROMPT_ECHO_ON:
|
|
48
48
|
case PAM_TEXT_INFO:
|
|
49
|
-
|
|
49
|
+
/* ignore, they should not occur but some verbose applications exist always */
|
|
50
50
|
responses[msgc].resp = strdup("");
|
|
51
51
|
break;
|
|
52
52
|
case PAM_ERROR_MSG:
|
|
53
|
-
|
|
53
|
+
/* print error message */
|
|
54
54
|
rb_warn("%s", msgm[msgc]->msg);
|
|
55
55
|
responses[msgc].resp = strdup("");
|
|
56
56
|
break;
|
|
@@ -58,7 +58,7 @@ int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
|
|
|
58
58
|
free(responses);
|
|
59
59
|
return PAM_CONV_ERR;
|
|
60
60
|
}
|
|
61
|
-
|
|
61
|
+
/* response could not be allocated (no space) */
|
|
62
62
|
if(responses[msgc].resp==0){
|
|
63
63
|
free(responses);
|
|
64
64
|
return PAM_BUF_ERR;
|
|
@@ -70,19 +70,23 @@ int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
|
|
|
70
70
|
|
|
71
71
|
static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password) {
|
|
72
72
|
pam_handle_t* pamh = NULL;
|
|
73
|
-
unsigned int result=0;
|
|
73
|
+
unsigned int result = 0;
|
|
74
|
+
struct pam_conv auth_c;
|
|
75
|
+
struct auth_wrapper authw;
|
|
76
|
+
const char *service;
|
|
77
|
+
|
|
74
78
|
Check_Type(username, T_STRING);
|
|
75
79
|
Check_Type(password, T_STRING);
|
|
76
80
|
|
|
77
|
-
|
|
81
|
+
|
|
78
82
|
if(!NIL_P(servicename)){
|
|
79
83
|
service = StringValueCStr(servicename);
|
|
84
|
+
} else {
|
|
85
|
+
service = rpam_default_servicename;
|
|
80
86
|
}
|
|
81
87
|
|
|
82
|
-
struct pam_conv auth_c;
|
|
83
88
|
auth_c.conv = rpam_auth_conversation;
|
|
84
89
|
|
|
85
|
-
struct auth_wrapper authw;
|
|
86
90
|
authw.pw = StringValueCStr(password);
|
|
87
91
|
auth_c.appdata_ptr = &authw;
|
|
88
92
|
|
|
@@ -115,14 +119,18 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
|
|
|
115
119
|
static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
|
|
116
120
|
pam_handle_t* pamh = NULL;
|
|
117
121
|
unsigned int result=0;
|
|
122
|
+
struct pam_conv auth_c = {0,0};
|
|
123
|
+
const char *service;
|
|
124
|
+
|
|
118
125
|
Check_Type(username, T_STRING);
|
|
119
126
|
|
|
120
|
-
|
|
127
|
+
|
|
121
128
|
if(!NIL_P(servicename)){
|
|
122
129
|
service = StringValueCStr(servicename);
|
|
130
|
+
} else {
|
|
131
|
+
service = rpam_default_servicename;
|
|
123
132
|
}
|
|
124
133
|
|
|
125
|
-
struct pam_conv auth_c = {0,0};
|
|
126
134
|
pam_start(service, StringValueCStr(username), &auth_c, &pamh);
|
|
127
135
|
if (result != PAM_SUCCESS) {
|
|
128
136
|
rb_warn("INIT: %s", pam_strerror(pamh, result));
|
|
@@ -147,20 +155,25 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
|
|
|
147
155
|
static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession) {
|
|
148
156
|
pam_handle_t* pamh = NULL;
|
|
149
157
|
unsigned int result=0;
|
|
150
|
-
|
|
158
|
+
struct pam_conv auth_c;
|
|
159
|
+
struct auth_wrapper authw;
|
|
160
|
+
const char *service;
|
|
161
|
+
const char *c_ret;
|
|
162
|
+
VALUE ruby_ret;
|
|
163
|
+
|
|
151
164
|
Check_Type(username, T_STRING);
|
|
152
165
|
Check_Type(password, T_STRING);
|
|
153
166
|
Check_Type(envname, T_STRING);
|
|
154
167
|
|
|
155
|
-
|
|
168
|
+
|
|
156
169
|
if(!NIL_P(servicename)){
|
|
157
170
|
service = StringValueCStr(servicename);
|
|
171
|
+
} else {
|
|
172
|
+
service = rpam_default_servicename;
|
|
158
173
|
}
|
|
159
174
|
|
|
160
|
-
struct pam_conv auth_c;
|
|
161
175
|
auth_c.conv = rpam_auth_conversation;
|
|
162
176
|
|
|
163
|
-
struct auth_wrapper authw;
|
|
164
177
|
authw.pw = StringValueCStr(password);
|
|
165
178
|
auth_c.appdata_ptr = &authw;
|
|
166
179
|
|
|
@@ -184,11 +197,11 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
|
|
|
184
197
|
return Qnil;
|
|
185
198
|
}
|
|
186
199
|
}
|
|
187
|
-
|
|
188
|
-
if(
|
|
189
|
-
|
|
200
|
+
c_ret = pam_getenv(pamh, StringValueCStr(envname));
|
|
201
|
+
if(c_ret){
|
|
202
|
+
ruby_ret = rb_str_new_cstr(c_ret);
|
|
190
203
|
} else {
|
|
191
|
-
|
|
204
|
+
ruby_ret = Qnil;
|
|
192
205
|
}
|
|
193
206
|
|
|
194
207
|
if (RTEST(opensession)){
|
|
@@ -202,24 +215,31 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
|
|
|
202
215
|
if (result != PAM_SUCCESS) {
|
|
203
216
|
rb_warn("END: %s", pam_strerror(pamh, result));
|
|
204
217
|
}
|
|
205
|
-
return
|
|
218
|
+
return ruby_ret;
|
|
206
219
|
}
|
|
207
220
|
|
|
208
221
|
static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession) {
|
|
209
222
|
pam_handle_t* pamh = NULL;
|
|
210
223
|
unsigned int result=0;
|
|
224
|
+
struct pam_conv auth_c;
|
|
225
|
+
struct auth_wrapper authw;
|
|
226
|
+
char *last;
|
|
227
|
+
const char *service;
|
|
228
|
+
char **envlist;
|
|
229
|
+
char **tmpenvlist;
|
|
230
|
+
VALUE ruby_ret;
|
|
231
|
+
|
|
211
232
|
Check_Type(username, T_STRING);
|
|
212
233
|
Check_Type(password, T_STRING);
|
|
213
234
|
|
|
214
|
-
|
|
235
|
+
|
|
215
236
|
if(!NIL_P(servicename)){
|
|
216
237
|
service = StringValueCStr(servicename);
|
|
238
|
+
} else {
|
|
239
|
+
service = rpam_default_servicename;
|
|
217
240
|
}
|
|
218
241
|
|
|
219
|
-
struct pam_conv auth_c;
|
|
220
242
|
auth_c.conv = rpam_auth_conversation;
|
|
221
|
-
|
|
222
|
-
struct auth_wrapper authw;
|
|
223
243
|
authw.pw = StringValueCStr(password);
|
|
224
244
|
auth_c.appdata_ptr = &authw;
|
|
225
245
|
|
|
@@ -244,22 +264,22 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
|
|
|
244
264
|
}
|
|
245
265
|
}
|
|
246
266
|
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
267
|
+
envlist = pam_getenvlist(pamh);
|
|
268
|
+
ruby_ret = rb_hash_new();
|
|
269
|
+
tmpenvlist = envlist;
|
|
250
270
|
while(*tmpenvlist!=NULL){
|
|
251
|
-
|
|
252
|
-
|
|
271
|
+
last = strchr(*tmpenvlist, '=');
|
|
272
|
+
/* should not be needed but better be safe in a security relevant application */
|
|
253
273
|
if (last!=NULL){
|
|
254
|
-
rb_hash_aset(
|
|
274
|
+
rb_hash_aset(ruby_ret, rb_str_new(*tmpenvlist, last-*tmpenvlist), rb_str_new_cstr(last+1));
|
|
255
275
|
}
|
|
256
|
-
|
|
257
|
-
|
|
276
|
+
/* strings have to be freed (specification)
|
|
277
|
+
overwrite them with zero to prevent leakage */
|
|
258
278
|
memset(*tmpenvlist, 0, strlen(*tmpenvlist));
|
|
259
279
|
free(*tmpenvlist);
|
|
260
280
|
tmpenvlist++;
|
|
261
281
|
}
|
|
262
|
-
|
|
282
|
+
/* stringlist have to be freed (specification) */
|
|
263
283
|
free(envlist);
|
|
264
284
|
|
|
265
285
|
if (RTEST(opensession)){
|
|
@@ -273,6 +293,6 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
|
|
|
273
293
|
}
|
|
274
294
|
}
|
|
275
295
|
|
|
276
|
-
return
|
|
296
|
+
return ruby_ret;
|
|
277
297
|
}
|
|
278
298
|
|
data/rpam2.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "rpam2"
|
|
3
|
-
s.version = "3.0.
|
|
4
|
-
s.date = "2017-10-
|
|
3
|
+
s.version = "3.0.2"
|
|
4
|
+
s.date = "2017-10-10"
|
|
5
5
|
s.summary = "PAM integration with ruby."
|
|
6
6
|
s.email = "devkral@web.de"
|
|
7
7
|
s.description = "Ruby PAM (Pluggable Authentication
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rpam2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexander Kaftan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-10-
|
|
11
|
+
date: 2017-10-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: |-
|
|
14
14
|
Ruby PAM (Pluggable Authentication
|