saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #22925 from rallytime/bp-22895

Browse source 
Backport #22895 to 2014.7
This commit is contained in:
Justin Findlay 2015-04-21 20:30:26 -06:00
commit 6890752dd3
1 changed files with 50 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
salt/auth/pam.py
View file

@ -18,16 +18,17 @@ Implemented using ctypes, so no compilation is necessary.
'''
# Import python libs
# Import Python Lobs
from __future__ import absolute_import
from ctypes import CDLL, POINTER, Structure, CFUNCTYPE, cast, pointer, sizeof
from ctypes import c_void_p, c_uint, c_char_p, c_char, c_int
from ctypes.util import find_library
# Import Salt libs
# Import Salt Libs
from salt.utils import get_group_list
LIBPAM = CDLL(find_library('pam'))
LIBC = CDLL(find_library('c'))
LIBPAM = CDLL(find_library("pam"))
LIBC = CDLL(find_library("c"))
CALLOC = LIBC.calloc
CALLOC.restype = c_void_p
@ -49,7 +50,7 @@ class PamHandle(Structure):
Wrapper class for pam_handle_t
'''
_fields_ = [
('handle', c_void_p)
("handle", c_void_p)
]
def __init__(self):
@ -63,11 +64,11 @@ class PamMessage(Structure):
'''
_fields_ = [
("msg_style", c_int),
("msg", c_char_p),
("msg", POINTER(c_char)),
]
def __repr__(self):
return '<PamMessage {0} {1!r}>'.format(self.msg_style, self.msg)
return "<PamMessage {0:d} '{1}'>".format(self.msg_style, self.msg)
class PamResponse(Structure):
@ -75,13 +76,12 @@ class PamResponse(Structure):
Wrapper class for pam_response structure
'''
_fields_ = [
('resp', c_char_p),
('resp_retcode', c_int),
("resp", POINTER(c_char)),
("resp_retcode", c_int),
]
def __repr__(self):
return '<PamResponse {0} {1!r}>'.format(self.resp_retcode, self.resp)
return "<PamResponse {0:d} '{1}'>".format(self.resp_retcode, self.resp)
CONV_FUNC = CFUNCTYPE(c_int,
c_int, POINTER(POINTER(PamMessage)),
@ -93,24 +93,35 @@ class PamConv(Structure):
Wrapper class for pam_conv structure
'''
_fields_ = [
('conv', CONV_FUNC),
('appdata_ptr', c_void_p)
("conv", CONV_FUNC),
("appdata_ptr", c_void_p)
]
try:
PAM_START = LIBPAM.pam_start
PAM_START.restype = c_int
PAM_START.argtypes = [c_char_p, c_char_p, POINTER(PamConv),
POINTER(PamHandle)]
POINTER(PamHandle)]
PAM_END = LIBPAM.pam_end
PAM_END.restpe = c_int
PAM_END.argtypes = [PamHandle, c_int]
PAM_AUTHENTICATE = LIBPAM.pam_authenticate
PAM_AUTHENTICATE.restype = c_int
PAM_AUTHENTICATE.argtypes = [PamHandle, c_int]
PAM_END = LIBPAM.pam_end
PAM_END.restype = c_int
PAM_END.argtypes = [PamHandle, c_int]
PAM_SETCRED = LIBPAM.pam_setcred
PAM_SETCRED.restype = c_int
PAM_SETCRED.argtypes = [PamHandle, c_int]
PAM_OPEN_SESSION = LIBPAM.pam_open_session
PAM_OPEN_SESSION.restype = c_int
PAM_OPEN_SESSION.argtypes = [PamHandle, c_int]
PAM_CLOSE_SESSION = LIBPAM.pam_close_session
PAM_CLOSE_SESSION.restype = c_int
PAM_CLOSE_SESSION.argtypes = [PamHandle, c_int]
except Exception:
HAS_PAM = False
else:
@ -148,7 +159,7 @@ def authenticate(username, password, service='login'):
for i in range(n_messages):
if messages[i].contents.msg_style == PAM_PROMPT_ECHO_OFF:
pw_copy = STRDUP(str(password))
p_response.contents[i].resp = cast(pw_copy, c_char_p)
p_response.contents[i].resp = pw_copy
p_response.contents[i].resp_retcode = 0
return 0
@ -163,7 +174,26 @@ def authenticate(username, password, service='login'):
return False
retval = PAM_AUTHENTICATE(handle, 0)
PAM_END(handle, 0)
if retval != 0:
PAM_END(handle, retval)
return False
retval = PAM_SETCRED(handle, 0)
if retval != 0:
PAM_END(handle, retval)
return False
retval = PAM_OPEN_SESSION(handle, 0)
if retval != 0:
PAM_END(handle, retval)
return False
retval = PAM_CLOSE_SESSION(handle, 0)
if retval != 0:
PAM_END(handle, retval)
return False
retval = PAM_END(handle, retval)
return retval == 0