rpam2 2.0.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/ext/rpam2/rpam2.c +150 -6
  3. data/rpam2.gemspec +2 -2
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3993568d5198bd46c28c85e10476a0b6be74a563
4
- data.tar.gz: cd5b593c7e20a494cfea945ac710474453f6552c
3
+ metadata.gz: 7c0c6f60c2bd715ef7bf6d130474eb08363b2693
4
+ data.tar.gz: 1a98fea02d357d3400526b196787bc0c6ffacd1e
5
5
  SHA512:
6
- metadata.gz: 8de8bb0aededc24702641b3c7f2274104a6289f4156511afd3bf86d52ac68847d8a89822cf9d3b8f479ca4644b498725c2a3520e12eeea3ab6483ad6b3f3229e
7
- data.tar.gz: 86fa80bb39258d1a9c64e777af165cd921b5766c9456f34452baefc536bfa46e8c5f142ce55abdd2b5281198b8b98a0a490a8fbf83aabe5a957e811eac974fed
6
+ metadata.gz: 0dd74748497f1279ac7ed03ff2069c25fbdfd86c5660ff9dde16ac28c5422d2210447d89976d5a62ee80e61ffcefea292624f1230f49a56221cde1a155672b18
7
+ data.tar.gz: e98d08d443dc01c67464d892ba1a9f270b10b668b1e8b2d7468430e1a51d7c5f4cadb7a3761d5e16334256e9fedd9a63209fb5849adece542039ba6080704d53
data/ext/rpam2/rpam2.c CHANGED
@@ -1,4 +1,5 @@
1
1
  #include "ruby.h"
2
+ #include <string.h>
2
3
  #include <security/pam_appl.h>
3
4
 
4
5
  static const char *const
@@ -14,11 +15,20 @@ method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE password);
14
15
  static VALUE
15
16
  method_accountpam(VALUE self, VALUE servicename, VALUE username);
16
17
 
18
+ static VALUE
19
+ method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession);
20
+
21
+ static VALUE
22
+ method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession);
23
+
24
+
17
25
  VALUE rpam2;
18
26
  void Init_rpam2(){
19
27
  rpam2 = rb_define_module("Rpam2");
20
- rb_define_singleton_method(rpam2, "authpam", method_authpam, 3);
21
- rb_define_singleton_method(rpam2, "accountpam", method_accountpam, 2);
28
+ rb_define_singleton_method(rpam2, "auth", method_authpam, 3);
29
+ rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
30
+ rb_define_singleton_method(rpam2, "getenv", method_getenvpam, 5);
31
+ rb_define_singleton_method(rpam2, "listenv", method_listenvpam, 4);
22
32
  }
23
33
 
24
34
  int rpam_auth_conversation(int num_msg, const struct pam_message **msgm,
@@ -64,7 +74,7 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
64
74
  Check_Type(username, T_STRING);
65
75
  Check_Type(password, T_STRING);
66
76
 
67
- char *service = rpam_default_servicename;
77
+ char *service = (char*)rpam_default_servicename;
68
78
  if(!NIL_P(servicename)){
69
79
  service = StringValueCStr(servicename);
70
80
  }
@@ -82,13 +92,13 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
82
92
  return Qfalse;
83
93
  }
84
94
 
85
- result = pam_authenticate(pamh, 0);
95
+ result = pam_acct_mgmt(pamh, 0);
86
96
  if (result != PAM_SUCCESS) {
87
97
  pam_end(pamh, result);
88
98
  return Qfalse;
89
99
  }
90
100
 
91
- result = pam_acct_mgmt(pamh, 0);
101
+ result = pam_authenticate(pamh, 0);
92
102
  if (result != PAM_SUCCESS) {
93
103
  pam_end(pamh, result);
94
104
  return Qfalse;
@@ -107,7 +117,7 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
107
117
  unsigned int result=0;
108
118
  Check_Type(username, T_STRING);
109
119
 
110
- char *service = rpam_default_servicename;
120
+ char *service = (char*)rpam_default_servicename;
111
121
  if(!NIL_P(servicename)){
112
122
  service = StringValueCStr(servicename);
113
123
  }
@@ -132,3 +142,137 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
132
142
  return Qfalse;
133
143
  }
134
144
  }
145
+
146
+
147
+ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession) {
148
+ pam_handle_t* pamh = NULL;
149
+ unsigned int result=0;
150
+ VALUE ret2;
151
+ Check_Type(username, T_STRING);
152
+ Check_Type(password, T_STRING);
153
+ Check_Type(envname, T_STRING);
154
+
155
+ char *service = (char*)rpam_default_servicename;
156
+ if(!NIL_P(servicename)){
157
+ service = StringValueCStr(servicename);
158
+ }
159
+
160
+ struct pam_conv auth_c;
161
+ auth_c.conv = rpam_auth_conversation;
162
+
163
+ struct auth_wrapper authw;
164
+ authw.pw = StringValueCStr(password);
165
+ auth_c.appdata_ptr = &authw;
166
+
167
+ pam_start(service, StringValueCStr(username), &auth_c, &pamh);
168
+ if (result != PAM_SUCCESS) {
169
+ rb_warn("INIT: %s", pam_strerror(pamh, result));
170
+ return Qnil;
171
+ }
172
+
173
+ result = pam_authenticate(pamh, 0);
174
+ if (result != PAM_SUCCESS) {
175
+ pam_end(pamh, result);
176
+ return Qnil;
177
+ }
178
+
179
+ if (RTEST(opensession)){
180
+ result = pam_open_session(pamh, 0);
181
+ if (result != PAM_SUCCESS) {
182
+ rb_warn("SESSION OPEN: %s", pam_strerror(pamh, result));
183
+ pam_end(pamh, result);
184
+ return Qnil;
185
+ }
186
+ }
187
+ char *ret = pam_getenv(pamh, StringValueCStr(envname));
188
+ if(ret){
189
+ ret2 = rb_str_new_cstr(ret);
190
+ } else {
191
+ ret2 = Qnil;
192
+ }
193
+
194
+ if (RTEST(opensession)){
195
+ result = pam_close_session(pamh, 0);
196
+ if (result != PAM_SUCCESS) {
197
+ rb_warn("SESSION END: %s", pam_strerror(pamh, result));
198
+ }
199
+ }
200
+
201
+ result = pam_end(pamh, result);
202
+ if (result != PAM_SUCCESS) {
203
+ rb_warn("END: %s", pam_strerror(pamh, result));
204
+ }
205
+ return ret2;
206
+ }
207
+
208
+ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession) {
209
+ pam_handle_t* pamh = NULL;
210
+ unsigned int result=0;
211
+ Check_Type(username, T_STRING);
212
+ Check_Type(password, T_STRING);
213
+
214
+ char *service = (char*)rpam_default_servicename;
215
+ if(!NIL_P(servicename)){
216
+ service = StringValueCStr(servicename);
217
+ }
218
+
219
+ struct pam_conv auth_c;
220
+ auth_c.conv = rpam_auth_conversation;
221
+
222
+ struct auth_wrapper authw;
223
+ authw.pw = StringValueCStr(password);
224
+ auth_c.appdata_ptr = &authw;
225
+
226
+ pam_start(service, StringValueCStr(username), &auth_c, &pamh);
227
+ if (result != PAM_SUCCESS) {
228
+ rb_warn("INIT: %s", pam_strerror(pamh, result));
229
+ return Qnil;
230
+ }
231
+
232
+ result = pam_authenticate(pamh, 0);
233
+ if (result != PAM_SUCCESS) {
234
+ pam_end(pamh, result);
235
+ return Qnil;
236
+ }
237
+
238
+ if (RTEST(opensession)){
239
+ result = pam_open_session(pamh, 0);
240
+ if (result != PAM_SUCCESS) {
241
+ rb_warn("SESSION OPEN: %s", pam_strerror(pamh, result));
242
+ pam_end(pamh, result);
243
+ return Qnil;
244
+ }
245
+ }
246
+
247
+ char **envlist = pam_getenvlist(pamh);
248
+ VALUE ret = rb_hash_new();
249
+ char **tmpenvlist=envlist;
250
+ while(*tmpenvlist!=NULL){
251
+ char *last = strchr(*tmpenvlist, '=');
252
+ // should not be needed but better be safe in a security relevant application
253
+ if (last!=NULL){
254
+ rb_hash_aset(ret, rb_str_new(*tmpenvlist, last-*tmpenvlist), rb_str_new_cstr(last+1));
255
+ }
256
+ // strings have to be freed (specification)
257
+ // overwrite them with zero to prevent leakage
258
+ memset(*tmpenvlist, 0, strlen(*tmpenvlist));
259
+ free(*tmpenvlist);
260
+ tmpenvlist++;
261
+ }
262
+ // stringlist have to be freed (specification)
263
+ free(envlist);
264
+
265
+ if (RTEST(opensession)){
266
+ result = pam_close_session(pamh, 0);
267
+ if (result != PAM_SUCCESS) {
268
+ rb_warn("SESSION END: %s", pam_strerror(pamh, result));
269
+ }
270
+ result = pam_end(pamh, result);
271
+ if (result != PAM_SUCCESS) {
272
+ rb_warn("END: %s", pam_strerror(pamh, result));
273
+ }
274
+ }
275
+
276
+ return ret;
277
+ }
278
+
data/rpam2.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = "rpam2"
3
- s.version = "2.0.0"
4
- s.date = "2017-09-27"
3
+ s.version = "3.0.0"
4
+ s.date = "2017-10-02"
5
5
  s.summary = "PAM integration with ruby."
6
6
  s.email = "devkral@web.de"
7
7
  s.description = "Ruby PAM (Pluggable Authentication
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rpam2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexander Kaftan
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-09-27 00:00:00.000000000 Z
11
+ date: 2017-10-02 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: |-
14
14
  Ruby PAM (Pluggable Authentication