rpam2 3.0.2 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 671a7b38ff512a687a10b9d4e407fc85e97ece0d
-  data.tar.gz: 1ccf99986d33defbcc247cc445e1c86ec9c04cab
+  metadata.gz: 8180810fbc2a5e9a9ac2eeac16e0a62bff594e6c
+  data.tar.gz: d43a52c9d4e266a1a91bebceb057f29d955da4f3
 SHA512:
-  metadata.gz: a05e7ef83d101d6784bdf6dc1a68fdb402ce7cddd9134cb74f090ff0078b4e7654bd56039d4d30a02c19acd99a9aafc9823e44e97a60bd351241bc23cc72168a
-  data.tar.gz: 3cc90580f55dfffb99a8df76dfaa8175f0f5eee3beaba5f434d44a3706cf1f1fc72edeed5092eb36aaa70a8ebd7b6a2e0c576bf650b70d49734b58ad5a60c3b9
+  metadata.gz: f7172cb9bc9cb1a78c052d75f3663d430b222c5bd70c33bcb762e5a171899fb250eff5e0bb8a4404bb2647cb0dbfb0da24cc8d9d6739f7c8985e1511d3260588
+  data.tar.gz: d14f701064970ddea61f52ab036fbfc86a7a030aa3a614d2b8a27c4e3c7e66d822b8a3985f11fe5dedd1a066f20c09dea81f71a5bb730f858d541d733551dcae

data/README.rdoc

@@ -5,8 +5,8 @@
 == DESCRIPTION:
 
   This extension provides a PAM (Pluggable Authentication Modules)
-  integration to ruby. It is inspired by rpam but provides a configurable
-  servicename and is licensed under MIT.
+  integration to ruby. It is inspired by rpam but provides much functionality
+  and is licensed under MIT.
 
 == EXAMPLE:
 
@@ -17,6 +17,12 @@
   else
     puts "Authentication failed"
   end
+  
+  puts Rpam2.listenv(nil, "user", "password") # uses default (rpam)
+  puts Rpam2.listenv("servicename", "user", "password")
+  puts Rpam2.listenv("servicename", "user", "password", true)
+  puts Rpam2.listenv("servicename", "user", "password", true, "RUSER", "RHOST")
+  puts Rpam2.listenv("servicename") # error
 
 == REQUIREMENTS:
 
@@ -36,10 +42,10 @@ Or manually:
 
 require 'rpam2'
 
-Rpam2.auth("servicename", "username", "password") => (true/false)
+Rpam2.auth("servicename", "username", "password", ["RUSER", "RHOST"]) => (true/false)
 
 Rpam2.account("servicename", "username") => (true/false)
 
-Rpam2.getenv("servicename", "username", "password", "envvar", "opensession(true/false)") => (string/nil)
+Rpam2.getenv("servicename", "username", "password", "envvar", [opensession(true/false), ["RUSER", "RHOST"]]) => (string/nil)
 
-Rpam2.listenv("servicename", "username", "password", "opensession(true/false)") => (hash/nil)
+Rpam2.listenv("servicename", "username", "password", [opensession(true/false), ["RUSER", "RHOST"]]) => (hash/nil)

data/ext/rpam2/rpam2.c

@@ -9,27 +9,7 @@ struct auth_wrapper{
   char* pw;
 };
 
-static VALUE
-method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password);
-
-static VALUE
-method_accountpam(VALUE self, VALUE servicename, VALUE username);
-
-static VALUE
-method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession);
-
-static VALUE
-method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession);
-
-
 VALUE rpam2;
-void Init_rpam2(){
-    rpam2 = rb_define_module("Rpam2");
-    rb_define_singleton_method(rpam2, "auth", method_authpam, 3);
-    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
-    rb_define_singleton_method(rpam2, "getenv", method_getenvpam, 5);
-    rb_define_singleton_method(rpam2, "listenv", method_listenvpam, 4);
-}
 
 int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
                            struct pam_response **resp, void *appdata_ptr){
@@ -68,45 +48,82 @@ int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
     return PAM_SUCCESS;
 }
 
-static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password) {
-    pam_handle_t* pamh = NULL;
-    unsigned int result = 0;
+// password as char* ensures that no Qnil can be used
+static unsigned int _start(pam_handle_t* pamh, VALUE* service, char* password, VALUE *RUSER, VALUE* RHOST){
     struct pam_conv auth_c;
     struct auth_wrapper authw;
-    const char *service;
+    unsigned int result = 0;
 
-    Check_Type(username, T_STRING);
-    Check_Type(password, T_STRING);
+    if(service && !NIL_P(*service)){
+        result = pam_set_item(pamh, PAM_SERVICE, StringValueCStr(*service));
 
-    
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET SERVICE: %s", pam_strerror(pamh, result));
+            return result;
+        }
     }
 
-    auth_c.conv = rpam_auth_conversation;
-
-    authw.pw = StringValueCStr(password);
-    auth_c.appdata_ptr = &authw;
+    if(RUSER && !NIL_P(*RUSER)){
+        result = pam_set_item(pamh, PAM_RUSER, StringValueCStr(*RUSER));
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET RUSER: %s", pam_strerror(pamh, result));
+            return result;
+        }
+    }
 
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
-    if (result != PAM_SUCCESS) {
-        rb_warn("INIT: %s", pam_strerror(pamh, result));
-        return Qfalse;
+    if(RHOST && !NIL_P(*RHOST)){
+        result = pam_set_item(pamh, PAM_RHOST, StringValueCStr(*RHOST));
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET RHOST: %s", pam_strerror(pamh, result));
+            return result;
+        }
     }
 
     result = pam_acct_mgmt(pamh, 0);
     if (result != PAM_SUCCESS) {
         pam_end(pamh, result);
-        return Qfalse;
+        return result;
+    }
+
+    if(password){
+        // cannot set token as item (except implementing some special methods) so use a conversation
+        auth_c.conv = rpam_auth_conversation;
+        authw.pw = password;
+        auth_c.appdata_ptr = &authw;
+    
+        result = pam_set_item(pamh, PAM_CONV, &auth_c);
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET CONV: %s", pam_strerror(pamh, result));
+            return result;
+        }
+        result = pam_authenticate(pamh, 0);
+        if (result != PAM_SUCCESS) {
+            pam_end(pamh, result);
+            return result;
+        }
     }
+    return result;
+}
 
-    result = pam_authenticate(pamh, 0);
+
+static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE ruser, VALUE rhost) {
+     pam_handle_t* pamh = NULL;
+    unsigned int result = 0;
+    struct pam_conv auth_c = {0,0};
+
+    Check_Type(username, T_STRING);
+    Check_Type(password, T_STRING);
+
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+        rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qfalse;
     }
+    
+    result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
+    if(result!=PAM_SUCCESS)
+        return Qfalse;
+
 
     if (pam_end(pamh, result) == PAM_SUCCESS)
         return Qtrue;
@@ -116,32 +133,23 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
     }
 }
 
+
 static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
     struct pam_conv auth_c = {0,0};
-    const char *service;
-
-    Check_Type(username, T_STRING);
-
     
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
-    }
+    Check_Type(username, T_STRING);
 
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qfalse;
     }
 
-    result = pam_acct_mgmt(pamh, 0);
-    if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+    result = _start(pamh, &servicename, NULL, NULL, NULL);
+    if(result!=PAM_SUCCESS)
         return Qfalse;
-    }
 
     if (pam_end(pamh, result) == PAM_SUCCESS)
         return Qtrue;
@@ -152,42 +160,26 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
 }
 
 
-static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession) {
+static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession, VALUE ruser, VALUE rhost) {
     pam_handle_t* pamh = NULL;
-    unsigned int result=0;
-    struct pam_conv auth_c;
-    struct auth_wrapper authw;
-    const char *service;
     const char *c_ret;
     VALUE ruby_ret;
-    
+    unsigned int result = 0;
+    struct pam_conv auth_c = {0,0};
+
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
     Check_Type(envname, T_STRING);
 
-    
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
-    }
-
-    auth_c.conv = rpam_auth_conversation;
-
-    authw.pw = StringValueCStr(password);
-    auth_c.appdata_ptr = &authw;
-
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
-
-    result = pam_authenticate(pamh, 0);
-    if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+    
+    result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
+    if(result != PAM_SUCCESS)
         return Qnil;
-    }
 
     if (RTEST(opensession)){
         result = pam_open_session(pamh, 0);
@@ -218,42 +210,29 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
     return ruby_ret;
 }
 
-static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession) {
+
+static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession, VALUE ruser, VALUE rhost){
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
-    struct pam_conv auth_c;
-    struct auth_wrapper authw;
     char *last;
-    const char *service;
     char **envlist;
     char **tmpenvlist;
     VALUE ruby_ret;
+    struct pam_conv auth_c = {0,0};
 
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
 
     
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
-    }
-
-    auth_c.conv = rpam_auth_conversation;
-    authw.pw = StringValueCStr(password);
-    auth_c.appdata_ptr = &authw;
-
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
-
-    result = pam_authenticate(pamh, 0);
-    if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+    
+    result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
+    if(result != PAM_SUCCESS)
         return Qnil;
-    }
 
     if (RTEST(opensession)){
         result = pam_open_session(pamh, 0);
@@ -296,3 +275,12 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
     return ruby_ret;
 }
 
+
+void Init_rpam2(){
+    rpam2 = rb_define_module("Rpam2");
+    rb_define_singleton_method(rpam2, "_auth", method_authpam, 5);
+    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
+    rb_define_singleton_method(rpam2, "_getenv", method_getenvpam, 7);
+    rb_define_singleton_method(rpam2, "_listenv", method_listenvpam, 6);
+}
+

data/lib/rpam2.rb

@@ -1,5 +1,42 @@
 module Rpam2
   VERSION = 2.0
+  class << self
+    def auth(*args)
+      case args.size
+        when 3
+          self._auth(*args, nil, nil)
+        when 5
+          self._auth(*args)
+        else
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3 or 5)"
+      end
+    end
+    def getenv(*args)
+      case args.size
+        when 4
+          self._getenv(*args, nil, nil, nil)
+        when 5
+          self._getenv(*args, nil, nil)
+        when 7
+          self._getenv(*args)
+        else
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 4, 5 or 7)"
+      end
+    end
+    
+    def listenv(*args)
+      case args.size
+        when 3
+          self._listenv(*args, nil, nil, nil)
+        when 4
+          self._listenv(*args, nil, nil)
+        when 6
+          self._listenv(*args)
+        else
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3, 4 or 6)"
+      end
+    end
+  end
 end
 
 require "rpam2/rpam2"

data/rpam2.gemspec

@@ -1,11 +1,10 @@
 Gem::Specification.new do |s|
   s.name = "rpam2"
-  s.version = "3.0.2"
+  s.version = "3.1.0"
   s.date = "2017-10-10"
   s.summary = "PAM integration with ruby."
   s.email = "devkral@web.de"
-  s.description = "Ruby PAM (Pluggable Authentication
-  Modules) integration"
+  s.description = "Ruby PAM (Pluggable Authentication Modules) integration"
   s.extra_rdoc_files = ["README.rdoc"]
   s.authors = ["Alexander Kaftan"]
   s.files = ["lib/rpam2.rb", "ext/rpam2/rpam2.c", "ext/rpam2/extconf.rb", "rpam2.gemspec", "README.rdoc", "LICENSE.txt"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rpam2
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.1.0
 platform: ruby
 authors:
 - Alexander Kaftan
@@ -10,9 +10,7 @@ bindir: bin
 cert_chain: []
 date: 2017-10-10 00:00:00.000000000 Z
 dependencies: []
-description: |-
-  Ruby PAM (Pluggable Authentication
-    Modules) integration
+description: Ruby PAM (Pluggable Authentication Modules) integration
 email: devkral@web.de
 executables: []
 extensions: