RubyGems - rpam2 - Versions diffs - 3.0.2 → 3.1.0 - Mend

rpam2 3.0.2 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 671a7b38ff512a687a10b9d4e407fc85e97ece0d
-  data.tar.gz: 1ccf99986d33defbcc247cc445e1c86ec9c04cab
+  metadata.gz: 8180810fbc2a5e9a9ac2eeac16e0a62bff594e6c
+  data.tar.gz: d43a52c9d4e266a1a91bebceb057f29d955da4f3
 SHA512:
-  metadata.gz: a05e7ef83d101d6784bdf6dc1a68fdb402ce7cddd9134cb74f090ff0078b4e7654bd56039d4d30a02c19acd99a9aafc9823e44e97a60bd351241bc23cc72168a
-  data.tar.gz: 3cc90580f55dfffb99a8df76dfaa8175f0f5eee3beaba5f434d44a3706cf1f1fc72edeed5092eb36aaa70a8ebd7b6a2e0c576bf650b70d49734b58ad5a60c3b9
+  metadata.gz: f7172cb9bc9cb1a78c052d75f3663d430b222c5bd70c33bcb762e5a171899fb250eff5e0bb8a4404bb2647cb0dbfb0da24cc8d9d6739f7c8985e1511d3260588
+  data.tar.gz: d14f701064970ddea61f52ab036fbfc86a7a030aa3a614d2b8a27c4e3c7e66d822b8a3985f11fe5dedd1a066f20c09dea81f71a5bb730f858d541d733551dcae

data/README.rdoc CHANGED Viewed

@@ -5,8 +5,8 @@
 == DESCRIPTION:
   This extension provides a PAM (Pluggable Authentication Modules)
-  integration to ruby. It is inspired by rpam but provides a configurable
-  servicename and is licensed under MIT.
+  integration to ruby. It is inspired by rpam but provides much functionality
+  and is licensed under MIT.
 == EXAMPLE:
@@ -17,6 +17,12 @@
   else
     puts "Authentication failed"
   end
+  puts Rpam2.listenv(nil, "user", "password") # uses default (rpam)
+  puts Rpam2.listenv("servicename", "user", "password")
+  puts Rpam2.listenv("servicename", "user", "password", true)
+  puts Rpam2.listenv("servicename", "user", "password", true, "RUSER", "RHOST")
+  puts Rpam2.listenv("servicename") # error
 == REQUIREMENTS:
@@ -36,10 +42,10 @@ Or manually:
 require 'rpam2'
-Rpam2.auth("servicename", "username", "password") => (true/false)
+Rpam2.auth("servicename", "username", "password", ["RUSER", "RHOST"]) => (true/false)
 Rpam2.account("servicename", "username") => (true/false)
-Rpam2.getenv("servicename", "username", "password", "envvar", "opensession(true/false)") => (string/nil)
+Rpam2.getenv("servicename", "username", "password", "envvar", [opensession(true/false), ["RUSER", "RHOST"]]) => (string/nil)
-Rpam2.listenv("servicename", "username", "password", "opensession(true/false)") => (hash/nil)
+Rpam2.listenv("servicename", "username", "password", [opensession(true/false), ["RUSER", "RHOST"]]) => (hash/nil)

data/ext/rpam2/rpam2.c CHANGED Viewed

@@ -9,27 +9,7 @@ struct auth_wrapper{
   char* pw;
 };
-static VALUE
-method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password);
-static VALUE
-method_accountpam(VALUE self, VALUE servicename, VALUE username);
-static VALUE
-method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession);
-static VALUE
-method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession);
 VALUE rpam2;
-void Init_rpam2(){
-    rpam2 = rb_define_module("Rpam2");
-    rb_define_singleton_method(rpam2, "auth", method_authpam, 3);
-    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
-    rb_define_singleton_method(rpam2, "getenv", method_getenvpam, 5);
-    rb_define_singleton_method(rpam2, "listenv", method_listenvpam, 4);
-}
 int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
                            struct pam_response **resp, void *appdata_ptr){
@@ -68,45 +48,82 @@ int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
     return PAM_SUCCESS;
 }
-static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password) {
-    pam_handle_t* pamh = NULL;
-    unsigned int result = 0;
+// password as char* ensures that no Qnil can be used
+static unsigned int _start(pam_handle_t* pamh, VALUE* service, char* password, VALUE *RUSER, VALUE* RHOST){
     struct pam_conv auth_c;
     struct auth_wrapper authw;
-    const char *service;
+    unsigned int result = 0;
-    Check_Type(username, T_STRING);
-    Check_Type(password, T_STRING);
+    if(service && !NIL_P(*service)){
+        result = pam_set_item(pamh, PAM_SERVICE, StringValueCStr(*service));
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET SERVICE: %s", pam_strerror(pamh, result));
+            return result;
+        }
     }
-    auth_c.conv = rpam_auth_conversation;
-    authw.pw = StringValueCStr(password);
-    auth_c.appdata_ptr = &authw;
+    if(RUSER && !NIL_P(*RUSER)){
+        result = pam_set_item(pamh, PAM_RUSER, StringValueCStr(*RUSER));
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET RUSER: %s", pam_strerror(pamh, result));
+            return result;
+        }
+    }
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
-    if (result != PAM_SUCCESS) {
-        rb_warn("INIT: %s", pam_strerror(pamh, result));
-        return Qfalse;
+    if(RHOST && !NIL_P(*RHOST)){
+        result = pam_set_item(pamh, PAM_RHOST, StringValueCStr(*RHOST));
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET RHOST: %s", pam_strerror(pamh, result));
+            return result;
+        }
     }
     result = pam_acct_mgmt(pamh, 0);
     if (result != PAM_SUCCESS) {
         pam_end(pamh, result);
-        return Qfalse;
+        return result;
+    }
+    if(password){
+        // cannot set token as item (except implementing some special methods) so use a conversation
+        auth_c.conv = rpam_auth_conversation;
+        authw.pw = password;
+        auth_c.appdata_ptr = &authw;
+        result = pam_set_item(pamh, PAM_CONV, &auth_c);
+        if (result != PAM_SUCCESS) {
+            rb_warn("SET CONV: %s", pam_strerror(pamh, result));
+            return result;
+        }
+        result = pam_authenticate(pamh, 0);
+        if (result != PAM_SUCCESS) {
+            pam_end(pamh, result);
+            return result;
+        }
     }
+    return result;
+}
-    result = pam_authenticate(pamh, 0);
+static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE ruser, VALUE rhost) {
+     pam_handle_t* pamh = NULL;
+    unsigned int result = 0;
+    struct pam_conv auth_c = {0,0};
+    Check_Type(username, T_STRING);
+    Check_Type(password, T_STRING);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+        rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qfalse;
     }
+    result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
+    if(result!=PAM_SUCCESS)
+        return Qfalse;
     if (pam_end(pamh, result) == PAM_SUCCESS)
         return Qtrue;
@@ -116,32 +133,23 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
     }
 }
 static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
     struct pam_conv auth_c = {0,0};
-    const char *service;
-    Check_Type(username, T_STRING);
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
-    }
+    Check_Type(username, T_STRING);
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qfalse;
     }
-    result = pam_acct_mgmt(pamh, 0);
-    if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+    result = _start(pamh, &servicename, NULL, NULL, NULL);
+    if(result!=PAM_SUCCESS)
         return Qfalse;
-    }
     if (pam_end(pamh, result) == PAM_SUCCESS)
         return Qtrue;
@@ -152,42 +160,26 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
 }
-static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession) {
+static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession, VALUE ruser, VALUE rhost) {
     pam_handle_t* pamh = NULL;
-    unsigned int result=0;
-    struct pam_conv auth_c;
-    struct auth_wrapper authw;
-    const char *service;
     const char *c_ret;
     VALUE ruby_ret;
+    unsigned int result = 0;
+    struct pam_conv auth_c = {0,0};
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
     Check_Type(envname, T_STRING);
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
-    }
-    auth_c.conv = rpam_auth_conversation;
-    authw.pw = StringValueCStr(password);
-    auth_c.appdata_ptr = &authw;
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
-    result = pam_authenticate(pamh, 0);
-    if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+    result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
+    if(result != PAM_SUCCESS)
         return Qnil;
-    }
     if (RTEST(opensession)){
         result = pam_open_session(pamh, 0);
@@ -218,42 +210,29 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
     return ruby_ret;
 }
-static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession) {
+static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession, VALUE ruser, VALUE rhost){
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
-    struct pam_conv auth_c;
-    struct auth_wrapper authw;
     char *last;
-    const char *service;
     char **envlist;
     char **tmpenvlist;
     VALUE ruby_ret;
+    struct pam_conv auth_c = {0,0};
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
-    if(!NIL_P(servicename)){
-        service = StringValueCStr(servicename);
-    } else {
-        service = rpam_default_servicename;
-    }
-    auth_c.conv = rpam_auth_conversation;
-    authw.pw = StringValueCStr(password);
-    auth_c.appdata_ptr = &authw;
-    pam_start(service, StringValueCStr(username), &auth_c, &pamh);
+    result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
-    result = pam_authenticate(pamh, 0);
-    if (result != PAM_SUCCESS) {
-        pam_end(pamh, result);
+    result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
+    if(result != PAM_SUCCESS)
         return Qnil;
-    }
     if (RTEST(opensession)){
         result = pam_open_session(pamh, 0);
@@ -296,3 +275,12 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
     return ruby_ret;
 }
+void Init_rpam2(){
+    rpam2 = rb_define_module("Rpam2");
+    rb_define_singleton_method(rpam2, "_auth", method_authpam, 5);
+    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
+    rb_define_singleton_method(rpam2, "_getenv", method_getenvpam, 7);
+    rb_define_singleton_method(rpam2, "_listenv", method_listenvpam, 6);
+}

data/lib/rpam2.rb CHANGED Viewed

@@ -1,5 +1,42 @@
 module Rpam2
   VERSION = 2.0
+  class << self
+    def auth(*args)
+      case args.size
+        when 3
+          self._auth(*args, nil, nil)
+        when 5
+          self._auth(*args)
+        else
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3 or 5)"
+      end
+    end
+    def getenv(*args)
+      case args.size
+        when 4
+          self._getenv(*args, nil, nil, nil)
+        when 5
+          self._getenv(*args, nil, nil)
+        when 7
+          self._getenv(*args)
+        else
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 4, 5 or 7)"
+      end
+    end
+    def listenv(*args)
+      case args.size
+        when 3
+          self._listenv(*args, nil, nil, nil)
+        when 4
+          self._listenv(*args, nil, nil)
+        when 6
+          self._listenv(*args)
+        else
+          raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3, 4 or 6)"
+      end
+    end
+  end
 end
 require "rpam2/rpam2"

data/rpam2.gemspec CHANGED Viewed

@@ -1,11 +1,10 @@
 Gem::Specification.new do |s|
   s.name = "rpam2"
-  s.version = "3.0.2"
+  s.version = "3.1.0"
   s.date = "2017-10-10"
   s.summary = "PAM integration with ruby."
   s.email = "devkral@web.de"
-  s.description = "Ruby PAM (Pluggable Authentication
-  Modules) integration"
+  s.description = "Ruby PAM (Pluggable Authentication Modules) integration"
   s.extra_rdoc_files = ["README.rdoc"]
   s.authors = ["Alexander Kaftan"]
   s.files = ["lib/rpam2.rb", "ext/rpam2/rpam2.c", "ext/rpam2/extconf.rb", "rpam2.gemspec", "README.rdoc", "LICENSE.txt"]

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rpam2
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.1.0
 platform: ruby
 authors:
 - Alexander Kaftan
@@ -10,9 +10,7 @@ bindir: bin
 cert_chain: []
 date: 2017-10-10 00:00:00.000000000 Z
 dependencies: []
-description: |-
-  Ruby PAM (Pluggable Authentication
-    Modules) integration
+description: Ruby PAM (Pluggable Authentication Modules) integration
 email: devkral@web.de
 executables: []
 extensions: