rpam2 3.0.1 → 3.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/rpam2/extconf.rb +1 -0
- data/ext/rpam2/rpam2.c +55 -35
- data/rpam2.gemspec +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 671a7b38ff512a687a10b9d4e407fc85e97ece0d
|
|
4
|
+
data.tar.gz: 1ccf99986d33defbcc247cc445e1c86ec9c04cab
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a05e7ef83d101d6784bdf6dc1a68fdb402ce7cddd9134cb74f090ff0078b4e7654bd56039d4d30a02c19acd99a9aafc9823e44e97a60bd351241bc23cc72168a
|
|
7
|
+
data.tar.gz: 3cc90580f55dfffb99a8df76dfaa8175f0f5eee3beaba5f434d44a3706cf1f1fc72edeed5092eb36aaa70a8ebd7b6a2e0c576bf650b70d49734b58ad5a60c3b9
|
data/ext/rpam2/extconf.rb
CHANGED
data/ext/rpam2/rpam2.c
CHANGED
|
@@ -33,24 +33,24 @@ void Init_rpam2(){
|
|
|
33
33
|
|
|
34
34
|
int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
|
|
35
35
|
struct pam_response **resp, void *appdata_ptr){
|
|
36
|
+
struct auth_wrapper *authw = (struct auth_wrapper *)appdata_ptr;
|
|
36
37
|
struct pam_response *responses = calloc(num_msg, sizeof(struct pam_response));
|
|
37
|
-
|
|
38
|
+
/* no space for responses*/
|
|
38
39
|
if (!responses)
|
|
39
40
|
return PAM_BUF_ERR;
|
|
40
|
-
struct auth_wrapper *authw = (struct auth_wrapper *)appdata_ptr;
|
|
41
41
|
for (int msgc=0; msgc<num_msg; msgc++){
|
|
42
42
|
switch (msgm[msgc]->msg_style) {
|
|
43
43
|
case PAM_PROMPT_ECHO_OFF:
|
|
44
|
-
|
|
44
|
+
/* Assume ECHO_OFF is password/secret input */
|
|
45
45
|
responses[msgc].resp = strdup(authw->pw);
|
|
46
46
|
break;
|
|
47
47
|
case PAM_PROMPT_ECHO_ON:
|
|
48
48
|
case PAM_TEXT_INFO:
|
|
49
|
-
|
|
49
|
+
/* ignore, they should not occur but some verbose applications exist always */
|
|
50
50
|
responses[msgc].resp = strdup("");
|
|
51
51
|
break;
|
|
52
52
|
case PAM_ERROR_MSG:
|
|
53
|
-
|
|
53
|
+
/* print error message */
|
|
54
54
|
rb_warn("%s", msgm[msgc]->msg);
|
|
55
55
|
responses[msgc].resp = strdup("");
|
|
56
56
|
break;
|
|
@@ -58,7 +58,7 @@ int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
|
|
|
58
58
|
free(responses);
|
|
59
59
|
return PAM_CONV_ERR;
|
|
60
60
|
}
|
|
61
|
-
|
|
61
|
+
/* response could not be allocated (no space) */
|
|
62
62
|
if(responses[msgc].resp==0){
|
|
63
63
|
free(responses);
|
|
64
64
|
return PAM_BUF_ERR;
|
|
@@ -70,19 +70,23 @@ int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
|
|
|
70
70
|
|
|
71
71
|
static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password) {
|
|
72
72
|
pam_handle_t* pamh = NULL;
|
|
73
|
-
unsigned int result=0;
|
|
73
|
+
unsigned int result = 0;
|
|
74
|
+
struct pam_conv auth_c;
|
|
75
|
+
struct auth_wrapper authw;
|
|
76
|
+
const char *service;
|
|
77
|
+
|
|
74
78
|
Check_Type(username, T_STRING);
|
|
75
79
|
Check_Type(password, T_STRING);
|
|
76
80
|
|
|
77
|
-
|
|
81
|
+
|
|
78
82
|
if(!NIL_P(servicename)){
|
|
79
83
|
service = StringValueCStr(servicename);
|
|
84
|
+
} else {
|
|
85
|
+
service = rpam_default_servicename;
|
|
80
86
|
}
|
|
81
87
|
|
|
82
|
-
struct pam_conv auth_c;
|
|
83
88
|
auth_c.conv = rpam_auth_conversation;
|
|
84
89
|
|
|
85
|
-
struct auth_wrapper authw;
|
|
86
90
|
authw.pw = StringValueCStr(password);
|
|
87
91
|
auth_c.appdata_ptr = &authw;
|
|
88
92
|
|
|
@@ -115,14 +119,18 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
|
|
|
115
119
|
static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
|
|
116
120
|
pam_handle_t* pamh = NULL;
|
|
117
121
|
unsigned int result=0;
|
|
122
|
+
struct pam_conv auth_c = {0,0};
|
|
123
|
+
const char *service;
|
|
124
|
+
|
|
118
125
|
Check_Type(username, T_STRING);
|
|
119
126
|
|
|
120
|
-
|
|
127
|
+
|
|
121
128
|
if(!NIL_P(servicename)){
|
|
122
129
|
service = StringValueCStr(servicename);
|
|
130
|
+
} else {
|
|
131
|
+
service = rpam_default_servicename;
|
|
123
132
|
}
|
|
124
133
|
|
|
125
|
-
struct pam_conv auth_c = {0,0};
|
|
126
134
|
pam_start(service, StringValueCStr(username), &auth_c, &pamh);
|
|
127
135
|
if (result != PAM_SUCCESS) {
|
|
128
136
|
rb_warn("INIT: %s", pam_strerror(pamh, result));
|
|
@@ -147,20 +155,25 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
|
|
|
147
155
|
static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession) {
|
|
148
156
|
pam_handle_t* pamh = NULL;
|
|
149
157
|
unsigned int result=0;
|
|
150
|
-
|
|
158
|
+
struct pam_conv auth_c;
|
|
159
|
+
struct auth_wrapper authw;
|
|
160
|
+
const char *service;
|
|
161
|
+
const char *c_ret;
|
|
162
|
+
VALUE ruby_ret;
|
|
163
|
+
|
|
151
164
|
Check_Type(username, T_STRING);
|
|
152
165
|
Check_Type(password, T_STRING);
|
|
153
166
|
Check_Type(envname, T_STRING);
|
|
154
167
|
|
|
155
|
-
|
|
168
|
+
|
|
156
169
|
if(!NIL_P(servicename)){
|
|
157
170
|
service = StringValueCStr(servicename);
|
|
171
|
+
} else {
|
|
172
|
+
service = rpam_default_servicename;
|
|
158
173
|
}
|
|
159
174
|
|
|
160
|
-
struct pam_conv auth_c;
|
|
161
175
|
auth_c.conv = rpam_auth_conversation;
|
|
162
176
|
|
|
163
|
-
struct auth_wrapper authw;
|
|
164
177
|
authw.pw = StringValueCStr(password);
|
|
165
178
|
auth_c.appdata_ptr = &authw;
|
|
166
179
|
|
|
@@ -184,11 +197,11 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
|
|
|
184
197
|
return Qnil;
|
|
185
198
|
}
|
|
186
199
|
}
|
|
187
|
-
|
|
188
|
-
if(
|
|
189
|
-
|
|
200
|
+
c_ret = pam_getenv(pamh, StringValueCStr(envname));
|
|
201
|
+
if(c_ret){
|
|
202
|
+
ruby_ret = rb_str_new_cstr(c_ret);
|
|
190
203
|
} else {
|
|
191
|
-
|
|
204
|
+
ruby_ret = Qnil;
|
|
192
205
|
}
|
|
193
206
|
|
|
194
207
|
if (RTEST(opensession)){
|
|
@@ -202,24 +215,31 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
|
|
|
202
215
|
if (result != PAM_SUCCESS) {
|
|
203
216
|
rb_warn("END: %s", pam_strerror(pamh, result));
|
|
204
217
|
}
|
|
205
|
-
return
|
|
218
|
+
return ruby_ret;
|
|
206
219
|
}
|
|
207
220
|
|
|
208
221
|
static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession) {
|
|
209
222
|
pam_handle_t* pamh = NULL;
|
|
210
223
|
unsigned int result=0;
|
|
224
|
+
struct pam_conv auth_c;
|
|
225
|
+
struct auth_wrapper authw;
|
|
226
|
+
char *last;
|
|
227
|
+
const char *service;
|
|
228
|
+
char **envlist;
|
|
229
|
+
char **tmpenvlist;
|
|
230
|
+
VALUE ruby_ret;
|
|
231
|
+
|
|
211
232
|
Check_Type(username, T_STRING);
|
|
212
233
|
Check_Type(password, T_STRING);
|
|
213
234
|
|
|
214
|
-
|
|
235
|
+
|
|
215
236
|
if(!NIL_P(servicename)){
|
|
216
237
|
service = StringValueCStr(servicename);
|
|
238
|
+
} else {
|
|
239
|
+
service = rpam_default_servicename;
|
|
217
240
|
}
|
|
218
241
|
|
|
219
|
-
struct pam_conv auth_c;
|
|
220
242
|
auth_c.conv = rpam_auth_conversation;
|
|
221
|
-
|
|
222
|
-
struct auth_wrapper authw;
|
|
223
243
|
authw.pw = StringValueCStr(password);
|
|
224
244
|
auth_c.appdata_ptr = &authw;
|
|
225
245
|
|
|
@@ -244,22 +264,22 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
|
|
|
244
264
|
}
|
|
245
265
|
}
|
|
246
266
|
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
267
|
+
envlist = pam_getenvlist(pamh);
|
|
268
|
+
ruby_ret = rb_hash_new();
|
|
269
|
+
tmpenvlist = envlist;
|
|
250
270
|
while(*tmpenvlist!=NULL){
|
|
251
|
-
|
|
252
|
-
|
|
271
|
+
last = strchr(*tmpenvlist, '=');
|
|
272
|
+
/* should not be needed but better be safe in a security relevant application */
|
|
253
273
|
if (last!=NULL){
|
|
254
|
-
rb_hash_aset(
|
|
274
|
+
rb_hash_aset(ruby_ret, rb_str_new(*tmpenvlist, last-*tmpenvlist), rb_str_new_cstr(last+1));
|
|
255
275
|
}
|
|
256
|
-
|
|
257
|
-
|
|
276
|
+
/* strings have to be freed (specification)
|
|
277
|
+
overwrite them with zero to prevent leakage */
|
|
258
278
|
memset(*tmpenvlist, 0, strlen(*tmpenvlist));
|
|
259
279
|
free(*tmpenvlist);
|
|
260
280
|
tmpenvlist++;
|
|
261
281
|
}
|
|
262
|
-
|
|
282
|
+
/* stringlist have to be freed (specification) */
|
|
263
283
|
free(envlist);
|
|
264
284
|
|
|
265
285
|
if (RTEST(opensession)){
|
|
@@ -273,6 +293,6 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
|
|
|
273
293
|
}
|
|
274
294
|
}
|
|
275
295
|
|
|
276
|
-
return
|
|
296
|
+
return ruby_ret;
|
|
277
297
|
}
|
|
278
298
|
|
data/rpam2.gemspec
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "rpam2"
|
|
3
|
-
s.version = "3.0.
|
|
4
|
-
s.date = "2017-10-
|
|
3
|
+
s.version = "3.0.2"
|
|
4
|
+
s.date = "2017-10-10"
|
|
5
5
|
s.summary = "PAM integration with ruby."
|
|
6
6
|
s.email = "devkral@web.de"
|
|
7
7
|
s.description = "Ruby PAM (Pluggable Authentication
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rpam2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexander Kaftan
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-10-
|
|
11
|
+
date: 2017-10-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: |-
|
|
14
14
|
Ruby PAM (Pluggable Authentication
|