rpam2 3.1.0 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8180810fbc2a5e9a9ac2eeac16e0a62bff594e6c
-  data.tar.gz: d43a52c9d4e266a1a91bebceb057f29d955da4f3
+SHA256:
+  metadata.gz: e5c4a544a01935abef0fcad198c54eac69eadf13f911ac9d232e12b0febe345a
+  data.tar.gz: 141df1f03c8fc332f68b8c7ef397a9040d2ba91c3ac4c4fd2639e41f3dc9f775
 SHA512:
-  metadata.gz: f7172cb9bc9cb1a78c052d75f3663d430b222c5bd70c33bcb762e5a171899fb250eff5e0bb8a4404bb2647cb0dbfb0da24cc8d9d6739f7c8985e1511d3260588
-  data.tar.gz: d14f701064970ddea61f52ab036fbfc86a7a030aa3a614d2b8a27c4e3c7e66d822b8a3985f11fe5dedd1a066f20c09dea81f71a5bb730f858d541d733551dcae
+  metadata.gz: 8d629dd561e80ad197493349953319477d7c7fd2d785dfdb2d30adf8b1c2ce4c6e6105b2ac73df18b3fb65dcdcb3087b3ba9464a5b1ae1a91e4aeba3cf402bda
+  data.tar.gz: 8bc5288e360b0e6778f10b719b5d11f12a05a649f08b7ac41225ff29431e60e57193b33c3aa7b0349d5e0ec6cd864d0265f270fc05a6c35e995c3f69d936810f

data/README.rdoc

@@ -17,7 +17,7 @@
   else
     puts "Authentication failed"
   end
-  
+
   puts Rpam2.listenv(nil, "user", "password") # uses default (rpam)
   puts Rpam2.listenv("servicename", "user", "password")
   puts Rpam2.listenv("servicename", "user", "password", true)
@@ -31,12 +31,19 @@
 
 == INSTALL:
 
-* gem install rpam2
+gem install rpam2
+
+or if it should not depend on pam:
+
+ALLOW_NOPAM=true gem install rpam2
+
+WARNING: Don't use rpam2 in this case except for test. It isn't safe
 
 Or manually:
 
 * gem build rpam2.gemspec
-* gem install ./rpam2-2.0.0.gem
+* gem install ./rpam2-4.0.0.gem
+
 
 == Usage:
 
@@ -49,3 +56,10 @@ Rpam2.account("servicename", "username") => (true/false)
 Rpam2.getenv("servicename", "username", "password", "envvar", [opensession(true/false), ["RUSER", "RHOST"]]) => (string/nil)
 
 Rpam2.listenv("servicename", "username", "password", [opensession(true/false), ["RUSER", "RHOST"]]) => (hash/nil)
+
+
+== Testing:
+For test purposes can Rpam2 be filled with fake data. For this mode pam is not neccessary but then you may should not access not specified services.
+Only services in fake_data are emulated the rest is redirected to real pam.
+
+Rpam2.fake_data = { usernames: Set['alex', 'hugo', 'thomas'], servicenames: Set['service1', 'service2'], password: '123456', env: { email: 'me@example.com'} }

data/ext/rpam2/extconf.rb

@@ -1,18 +1,27 @@
 require 'mkmf'
 
-abort "missing pam library" unless have_library("pam","pam_start")
-abort "missing pam library headers" unless have_header("security/pam_appl.h")
-abort "missing pam library headers" unless have_header("security/pam_modules.h")
-
-have_func("pam_end")
-have_func("pam_open_session")
-have_func("pam_close_session")
-have_func("pam_authenticate")
-have_func("pam_acct_mgmt")
-have_func("pam_chauthtok")
-have_func("pam_set_item")
-have_func("pam_get_item")
+pam_installed = have_library("pam","pam_start") and  have_header("security/pam_appl.h")
+#pam_installed = false
+
+
+abort "missing pam library or header" unless pam_installed || ENV['ALLOW_NOPAM']=='true'
+
+
 $CFLAGS << " -std=c99 "
 
+if pam_installed
+  puts "Rpam2 build correctly (without stubs)" if ENV['ALLOW_NOPAM']=='true'
+  have_func("pam_end")
+  have_func("pam_open_session")
+  have_func("pam_close_session")
+  have_func("pam_authenticate")
+  have_func("pam_acct_mgmt")
+  have_func("pam_set_item")
+  have_func("pam_get_item")
+else
+  warn "Rpam2 build didn't find pam headers/library, use pam stubs.\nONLY FOR TESTS OR IF PAM IS NOT USED. THIS MODE IS NOT SAFE IF PAM IS USED."
+  $CFLAGS << "-DWITHOUT_PAM_HEADER=1 "
+end
+
 
 create_makefile("rpam2/rpam2")

data/ext/rpam2/rpam2.c

@@ -1,6 +1,90 @@
 #include "ruby.h"
 #include <string.h>
+
+#ifndef WITHOUT_PAM_HEADER
 #include <security/pam_appl.h>
+#else
+/* linux pam */
+/* status */
+#define PAM_SUCCESS 0
+#define PAM_SYMBOL_ERR 2
+#define PAM_BUF_ERR 5
+#define PAM_CONV_ERR 19
+
+/* items */
+#define PAM_SERVICE 1
+#define PAM_CONV 5
+#define PAM_RHOST 4
+#define PAM_RUSER 8
+
+/* Messages */
+#define PAM_PROMPT_ECHO_OFF 1
+#define PAM_PROMPT_ECHO_ON 2
+#define PAM_ERROR_MSG 3
+#define PAM_TEXT_INFO 4
+
+typedef struct pam_handle pam_handle_t;
+
+
+struct pam_message {
+    int msg_style;
+    const char *msg;
+};
+
+struct pam_response {
+    char *resp;
+    int	resp_retcode;	/* currently un-used, zero expected */
+};
+
+/* The actual conversation structure itself */
+
+struct pam_conv {
+    int (*conv)(int num_msg, const struct pam_message **msg,
+		struct pam_response **resp, void *appdata_ptr);
+    void *appdata_ptr;
+};
+
+// fix implicit function warnings:
+
+int pam_start(const char *service_name, const char *user, const struct pam_conv *pam_conversation, pam_handle_t **pamh){
+    return PAM_SYMBOL_ERR;
+};
+int pam_end(pam_handle_t *pamh, int pam_status){
+    return PAM_SYMBOL_ERR;
+}
+
+int pam_authenticate(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+int pam_acct_mgmt(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+const char *pam_strerror(pam_handle_t *pamh, int errnum){
+    return "No PAM";
+}
+int pam_set_item(pam_handle_t *pamh, int item_type, const void *item){
+    return PAM_SYMBOL_ERR;
+}
+int pam_get_item(const pam_handle_t *pamh, int item_type, const void **item){
+    return PAM_SYMBOL_ERR;
+}
+char **pam_getenvlist(pam_handle_t *pamh){
+    return PAM_SYMBOL_ERR;
+}
+const char *pam_getenv(pam_handle_t *pamh, const char *name){
+    return PAM_SYMBOL_ERR;
+}
+
+int pam_open_session(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+int pam_close_session(pam_handle_t *pamh, int flags){
+    return PAM_SYMBOL_ERR;
+}
+
+#endif
+
+
 
 static const char *const
 rpam_default_servicename = "rpam";
@@ -90,7 +174,7 @@ static unsigned int _start(pam_handle_t* pamh, VALUE* service, char* password, V
         auth_c.conv = rpam_auth_conversation;
         authw.pw = password;
         auth_c.appdata_ptr = &authw;
-    
+
         result = pam_set_item(pamh, PAM_CONV, &auth_c);
         if (result != PAM_SUCCESS) {
             rb_warn("SET CONV: %s", pam_strerror(pamh, result));
@@ -119,7 +203,7 @@ static VALUE method_authpam(VALUE self, VALUE servicename, VALUE username, VALUE
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qfalse;
     }
-    
+
     result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
     if(result!=PAM_SUCCESS)
         return Qfalse;
@@ -138,7 +222,7 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
     struct pam_conv auth_c = {0,0};
-    
+
     Check_Type(username, T_STRING);
 
     result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
@@ -162,7 +246,7 @@ static VALUE method_accountpam(VALUE self, VALUE servicename, VALUE username) {
 
 static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE envname, VALUE opensession, VALUE ruser, VALUE rhost) {
     pam_handle_t* pamh = NULL;
-    const char *c_ret;
+    const char *c_ret=NULL;
     VALUE ruby_ret;
     unsigned int result = 0;
     struct pam_conv auth_c = {0,0};
@@ -176,7 +260,7 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
-    
+
     result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
     if(result != PAM_SUCCESS)
         return Qnil;
@@ -214,22 +298,22 @@ static VALUE method_getenvpam(VALUE self, VALUE servicename, VALUE username, VAL
 static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VALUE password, VALUE opensession, VALUE ruser, VALUE rhost){
     pam_handle_t* pamh = NULL;
     unsigned int result=0;
-    char *last;
-    char **envlist;
-    char **tmpenvlist;
+    char *last=NULL;
+    char **envlist=NULL;
+    char **tmpenvlist=NULL;
     VALUE ruby_ret;
     struct pam_conv auth_c = {0,0};
 
     Check_Type(username, T_STRING);
     Check_Type(password, T_STRING);
 
-    
+
     result = pam_start(rpam_default_servicename, StringValueCStr(username), &auth_c, &pamh);
     if (result != PAM_SUCCESS) {
         rb_warn("INIT: %s", pam_strerror(pamh, result));
         return Qnil;
     }
-    
+
     result = _start(pamh, &servicename, StringValueCStr(password), &ruser, &rhost);
     if(result != PAM_SUCCESS)
         return Qnil;
@@ -278,9 +362,8 @@ static VALUE method_listenvpam(VALUE self, VALUE servicename, VALUE username, VA
 
 void Init_rpam2(){
     rpam2 = rb_define_module("Rpam2");
-    rb_define_singleton_method(rpam2, "_auth", method_authpam, 5);
-    rb_define_singleton_method(rpam2, "account", method_accountpam, 2);
-    rb_define_singleton_method(rpam2, "_getenv", method_getenvpam, 7);
-    rb_define_singleton_method(rpam2, "_listenv", method_listenvpam, 6);
+    rb_define_singleton_method(rpam2, "_authc", method_authpam, 5);
+    rb_define_singleton_method(rpam2, "_accountc", method_accountpam, 2);
+    rb_define_singleton_method(rpam2, "_getenvc", method_getenvpam, 7);
+    rb_define_singleton_method(rpam2, "_listenvc", method_listenvpam, 6);
 }
-

data/lib/rpam2.rb

@@ -1,42 +1,84 @@
+
+require 'set'
+
+require 'rpam2/rpam2'
+
 module Rpam2
-  VERSION = 2.0
+  VERSION = 4.0
   class << self
+    attr_accessor :fake_data
+    @@fake_data = nil
+
     def auth(*args)
       case args.size
         when 3
-          self._auth(*args, nil, nil)
+          _auth(*args, nil, nil)
         when 5
-          self._auth(*args)
+          _auth(*args)
         else
           raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3 or 5)"
       end
     end
+
+    def account(servicename, username)
+      _account(servicename, username)
+    end
+
     def getenv(*args)
       case args.size
         when 4
-          self._getenv(*args, nil, nil, nil)
+          _getenv(*args, nil, nil, nil)
         when 5
-          self._getenv(*args, nil, nil)
+          _getenv(*args, nil, nil)
         when 7
-          self._getenv(*args)
+          _getenv(*args)
         else
           raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 4, 5 or 7)"
       end
     end
-    
+
     def listenv(*args)
       case args.size
         when 3
-          self._listenv(*args, nil, nil, nil)
+          _listenv(*args, nil, nil, nil)
         when 4
-          self._listenv(*args, nil, nil)
+          _listenv(*args, nil, nil)
         when 6
-          self._listenv(*args)
+          _listenv(*args)
         else
           raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 3, 4 or 6)"
       end
     end
+
+    private
+
+    def fake_compare(servicename, username)
+      return false unless self.fake_data
+      self.fake_data.fetch(:servicenames, Set.new).include?(servicename)
+    end
+
+    def _auth(servicename, username, password, ruser, rhost)
+      return _authc(servicename, username, password, ruser, rhost) unless fake_compare(servicename, username)
+      self.fake_data[:password] == password && self.fake_data.fetch(:usernames, Set.new).include?(username)
+    end
+
+    def _account(servicename, username)
+      return _accountc(servicename, username) unless self.fake_data && self.fake_data.fetch(:servicenames, Set.new).include?(servicename)
+      self.fake_data.fetch(:usernames, Set.new).include?(username)
+    end
+
+    def _getenv(servicename, username, password, opensession, varname, ruser, rhost)
+      return _getenvc(servicename, username, password, opensession, varname, ruser, rhost) unless fake_compare(servicename, username)
+      return nil unless self.fake_data.fetch(:usernames, Set.new).include?(username)
+      return nil if self.fake_data[:env].blank? || self.fake_data[:password] != password
+      self.fake_data[:env].fetch(varname, nil)
+    end
+
+    def _listenv(servicename, username, password, opensession, ruser, rhost)
+      return _listenvc(servicename, username, password, opensession, ruser, rhost) unless fake_compare(servicename, username)
+      return nil unless self.fake_data[:password] == password &&  self.fake_data.fetch(:usernames, Set.new).include?(username)
+      self.fake_data.fetch(:env, {})
+    end
   end
+  private_class_method :_authc, :_accountc, :_getenvc, :_listenvc
 end
-
-require "rpam2/rpam2"

data/rpam2.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "rpam2"
-  s.version = "3.1.0"
+  s.version = "4.0.0"
   s.date = "2017-10-10"
   s.summary = "PAM integration with ruby."
   s.email = "devkral@web.de"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rpam2
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Alexander Kaftan
@@ -44,7 +44,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: PAM integration with ruby.