RubyGems - rpam2 - Versions diffs - 3.1.0 → 4.0.0 - Mend

rpam2 3.1.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8180810fbc2a5e9a9ac2eeac16e0a62bff594e6c
-  data.tar.gz: d43a52c9d4e266a1a91bebceb057f29d955da4f3
+SHA256:
+  metadata.gz: e5c4a544a01935abef0fcad198c54eac69eadf13f911ac9d232e12b0febe345a
+  data.tar.gz: 141df1f03c8fc332f68b8c7ef397a9040d2ba91c3ac4c4fd2639e41f3dc9f775
 SHA512:
-  metadata.gz: f7172cb9bc9cb1a78c052d75f3663d430b222c5bd70c33bcb762e5a171899fb250eff5e0bb8a4404bb2647cb0dbfb0da24cc8d9d6739f7c8985e1511d3260588
-  data.tar.gz: d14f701064970ddea61f52ab036fbfc86a7a030aa3a614d2b8a27c4e3c7e66d822b8a3985f11fe5dedd1a066f20c09dea81f71a5bb730f858d541d733551dcae
+  metadata.gz: 8d629dd561e80ad197493349953319477d7c7fd2d785dfdb2d30adf8b1c2ce4c6e6105b2ac73df18b3fb65dcdcb3087b3ba9464a5b1ae1a91e4aeba3cf402bda
+  data.tar.gz: 8bc5288e360b0e6778f10b719b5d11f12a05a649f08b7ac41225ff29431e60e57193b33c3aa7b0349d5e0ec6cd864d0265f270fc05a6c35e995c3f69d936810f

data/README.rdoc CHANGED Viewed

@@ -17,7 +17,7 @@
   else
     puts "Authentication failed"
   end
   puts Rpam2.listenv(nil, "user", "password") # uses default (rpam)
   puts Rpam2.listenv("servicename", "user", "password")
   puts Rpam2.listenv("servicename", "user", "password", true)
@@ -31,12 +31,19 @@
 == INSTALL:
-* gem install rpam2
+gem install rpam2
+or if it should not depend on pam:
+ALLOW_NOPAM=true gem install rpam2
+WARNING: Don't use rpam2 in this case except for test. It isn't safe
 Or manually:
 * gem build rpam2.gemspec
-* gem install ./rpam2-2.0.0.gem
+* gem install ./rpam2-4.0.0.gem
 == Usage:
@@ -49,3 +56,10 @@ Rpam2.account("servicename", "username") => (true/false)
 Rpam2.getenv("servicename", "username", "password", "envvar", [opensession(true/false), ["RUSER", "RHOST"]]) => (string/nil)
 Rpam2.listenv("servicename", "username", "password", [opensession(true/false), ["RUSER", "RHOST"]]) => (hash/nil)
+== Testing:
+For test purposes can Rpam2 be filled with fake data. For this mode pam is not neccessary but then you may should not access not specified services.
+Only services in fake_data are emulated the rest is redirected to real pam.
+Rpam2.fake_data = { usernames: Set['alex', 'hugo', 'thomas'], servicenames: Set['service1', 'service2'], password: '123456', env: { email: 'me@example.com'} }

data/ext/rpam2/extconf.rb CHANGED Viewed

@@ -1,18 +1,27 @@
 require 'mkmf'
-abort "missing pam library" unless have_library("pam","pam_start")
-abort "missing pam library headers" unless have_header("security/pam_appl.h")
-abort "missing pam library headers" unless have_header("security/pam_modules.h")
-have_func("pam_end")
-have_func("pam_open_session")
-have_func("pam_close_session")
-have_func("pam_authenticate")
-have_func("pam_acct_mgmt")
-have_func("pam_chauthtok")
-have_func("pam_set_item")
-have_func("pam_get_item")
+pam_installed = have_library("pam","pam_start") and  have_header("security/pam_appl.h")
+#pam_installed = false
+abort "missing pam library or header" unless pam_installed || ENV['ALLOW_NOPAM']=='true'
 $CFLAGS << " -std=c99 "
+if pam_installed
+  puts "Rpam2 build correctly (without stubs)" if ENV['ALLOW_NOPAM']=='true'
+  have_func("pam_end")
+  have_func("pam_open_session")
+  have_func("pam_close_session")
+  have_func("pam_authenticate")
+  have_func("pam_acct_mgmt")
+  have_func("pam_set_item")
+  have_func("pam_get_item")
+else
+  warn "Rpam2 build didn't find pam headers/library, use pam stubs.\nONLY FOR TESTS OR IF PAM IS NOT USED. THIS MODE IS NOT SAFE IF PAM IS USED."
+  $CFLAGS << "-DWITHOUT_PAM_HEADER=1 "
+end
 create_makefile("rpam2/rpam2")

data/ext/rpam2/rpam2.c CHANGED Viewed

@@ -1,6 +1,90 @@
 #include "ruby.h"
 #include <string.h>
+#ifndef WITHOUT_PAM_HEADER
 #include <security/pam_appl.h>
+#else
+/* linux pam */
+/* status */
+#define PAM_SUCCESS 0
+#define PAM_SYMBOL_ERR 2
+#define PAM_BUF_ERR 5
+#define PAM_CONV_ERR 19
+/* items */
+#define PAM_SERVICE 1
+#define PAM_CONV 5
+#define PAM_RHOST 4
+#define PAM_RUSER 8
+/* Messages */
+#define PAM_PROMPT_ECHO_OFF 1
+#define PAM_PROMPT_ECHO_ON 2
+#define PAM_ERROR_MSG 3
+#define PAM_TEXT_INFO 4
+typedef struct pam_handle pam_handle_t;
+struct pam_message {
+    int msg_style;
+    const char *msg;
+};
+struct pam_response {
+    char *resp;
+    int	resp_retcode;	/* currently un-used, zero expected */
+};
+/* The actual conversation structure itself */
+struct pam_conv {
+    int (*conv)(int num_msg, const struct pam_message **msg,
+		struct pam_response **resp, void *appdata_ptr);
+    void *appdata_ptr;
+};
+// fix implicit function warnings:
+int pam_start(const char *service_name, const char *user, const struct pam_conv *pam_conversation, pam_handle_t **pamh){
+    return PAM_SYMBOL_ERR;
+};
+int pam_end(pam_handle_t *pamh, int pam_status){
+    return PAM_SYMBOL_ERR;
+}
+int pam_authenticate(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+int pam_acct_mgmt(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+const char *pam_strerror(pam_handle_t *pamh, int errnum){
+    return "No PAM";
+}
+int pam_set_item(pam_handle_t *pamh, int item_type, const void *item){
+    return PAM_SYMBOL_ERR;
+}
+int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item){
+    return PAM_SYMBOL_ERR;
+}
+char **pam_getenvlist(pam_handle_t *pamh){
+    return PAM_SYMBOL_ERR;
+}
+const char *pam_getenv(pam_handle_t *pamh, const char *name){
+    return PAM_SYMBOL_ERR;
+}
+int pam_open_session(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+int pam_close_session(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+#endif
 static const char *const
 rpam_default_servicename = "rpam";
@@ -90,7 +174,7 @@ static unsigned int _start(pam_handle_t* pamh, VALUE* service, char* password, V
         auth_c.conv = rpam_auth_conversation;
         authw.pw = password;
         auth_c.appdata_ptr = &authw;
         result = pam_set_item(pamh, PAM_CONV, &auth_c);
         if (result != PAM_SUCCESS) {
             rb_warn("SET CONV: %s", pam_strerror(pamh, result));
@@ -119,7 +203,7 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qfalse;
     }
     result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
     if(result!=PAM_SUCCESS)
         return Qfalse;
@@ -138,7 +222,7 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
     struct pam_conv auth_c = {0,0};
     Check_Type(username, T_STRING);
     result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
@@ -162,7 +246,7 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
 static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession, VALUE ruser, VALUE rhost) {
     pam_handle_t* pamh = NULL;
-    const char *c_ret;
+    const char *c_ret=NULL;
     VALUE ruby_ret;
     unsigned int result = 0;
     struct pam_conv auth_c = {0,0};
@@ -176,7 +260,7 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
     result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
     if(result != PAM_SUCCESS)
         return Qnil;
@@ -214,22 +298,22 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
 static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession, VALUE ruser, VALUE rhost){
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
-    char *last;
-    char **envlist;
-    char **tmpenvlist;
+    char *last=NULL;
+    char **envlist=NULL;
+    char **tmpenvlist=NULL;
     VALUE ruby_ret;
     struct pam_conv auth_c = {0,0};
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
     result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
     result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
     if(result != PAM_SUCCESS)
         return Qnil;
@@ -278,9 +362,8 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
 void Init_rpam2(){
     rpam2 = rb_define_module("Rpam2");
-    rb_define_singleton_method(rpam2, "_auth", method_authpam, 5);
-    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
-    rb_define_singleton_method(rpam2, "_getenv", method_getenvpam, 7);
-    rb_define_singleton_method(rpam2, "_listenv", method_listenvpam, 6);
+    rb_define_singleton_method(rpam2, "_authc", method_authpam, 5);
+    rb_define_singleton_method(rpam2, "_accountc", method_accountpam, 2);
+    rb_define_singleton_method(rpam2, "_getenvc", method_getenvpam, 7);
+    rb_define_singleton_method(rpam2, "_listenvc", method_listenvpam, 6);
 }

data/lib/rpam2.rb CHANGED Viewed

@@ -1,42 +1,84 @@
+require 'set'
+require 'rpam2/rpam2'
 module Rpam2
-  VERSION = 2.0
+  VERSION = 4.0
   class << self
+    attr_accessor :fake_data
+    @@fake_data = nil
     def auth(*args)
       case args.size
         when 3
-          self._auth(*args, nil, nil)
+          _auth(*args, nil, nil)
         when 5
-          self._auth(*args)
+          _auth(*args)
         else
           raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3 or 5)"
       end
     end
+    def account(servicename, username)
+      _account(servicename, username)
+    end
     def getenv(*args)
       case args.size
         when 4
-          self._getenv(*args, nil, nil, nil)
+          _getenv(*args, nil, nil, nil)
         when 5
-          self._getenv(*args, nil, nil)
+          _getenv(*args, nil, nil)
         when 7
-          self._getenv(*args)
+          _getenv(*args)
         else
           raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 4, 5 or 7)"
       end
     end
     def listenv(*args)
       case args.size
         when 3
-          self._listenv(*args, nil, nil, nil)
+          _listenv(*args, nil, nil, nil)
         when 4
-          self._listenv(*args, nil, nil)
+          _listenv(*args, nil, nil)
         when 6
-          self._listenv(*args)
+          _listenv(*args)
         else
           raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3, 4 or 6)"
       end
     end
+    private
+    def fake_compare(servicename, username)
+      return false unless self.fake_data
+      self.fake_data.fetch(:servicenames, Set.new).include?(servicename)
+    end
+    def _auth(servicename, username, password, ruser, rhost)
+      return _authc(servicename, username, password, ruser, rhost) unless fake_compare(servicename, username)
+      self.fake_data[:password] == password && self.fake_data.fetch(:usernames, Set.new).include?(username)
+    end
+    def _account(servicename, username)
+      return _accountc(servicename, username) unless self.fake_data && self.fake_data.fetch(:servicenames, Set.new).include?(servicename)
+      self.fake_data.fetch(:usernames, Set.new).include?(username)
+    end
+    def _getenv(servicename, username, password, opensession, varname, ruser, rhost)
+      return _getenvc(servicename, username, password, opensession, varname, ruser, rhost) unless fake_compare(servicename, username)
+      return nil unless self.fake_data.fetch(:usernames, Set.new).include?(username)
+      return nil if self.fake_data[:env].blank? || self.fake_data[:password] != password
+      self.fake_data[:env].fetch(varname, nil)
+    end
+    def _listenv(servicename, username, password, opensession, ruser, rhost)
+      return _listenvc(servicename, username, password, opensession, ruser, rhost) unless fake_compare(servicename, username)
+      return nil unless self.fake_data[:password] == password &&  self.fake_data.fetch(:usernames, Set.new).include?(username)
+      self.fake_data.fetch(:env, {})
+    end
   end
+  private_class_method :_authc, :_accountc, :_getenvc, :_listenvc
 end
-require "rpam2/rpam2"

data/rpam2.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "rpam2"
-  s.version = "3.1.0"
+  s.version = "4.0.0"
   s.date = "2017-10-10"
   s.summary = "PAM integration with ruby."
   s.email = "devkral@web.de"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rpam2
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Alexander Kaftan
@@ -44,7 +44,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: PAM integration with ruby.