Business/BizApps-PAM-Module
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Probably make it work, no testing yet

Browse Source
This commit is contained in:
Skylar Ittner 2017-05-25 20:52:07 -06:00
parent abf0ef3f1c
commit 0ea83c85b5
1 changed files with 38 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
pam_custom.py
View File

@ -3,6 +3,7 @@
''' '''
pam-custom pam-custom
Copyright (C) 2013 Loris Tisisno <loris.tissino@gmail.com> Copyright (C) 2013 Loris Tisisno <loris.tissino@gmail.com>
Copyright (C) 2017 Netsyms Technologies <admin@netsyms.com>
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -19,9 +20,41 @@
''' '''
import os import os
import requests
import json
api_url = "http://localhost/portal/api.php"
api_key = "123"
def totp_verify(user, totp):
req = {"key": api_key, "action": "verifytotp", "username": user, "code": totp}
resp = requests.post(api_url, data=req)
if resp.json()['status'] == "OK":
if resp.json()['valid'] == True:
return True
return False
def totp_check(user, pamh):
req = {"key": api_key, "action": "hastotp", "username": user}
resp = requests.post(api_url, data=req)
if resp.json()['status'] == "OK":
if resp.json()['otp'] == True:
otpmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "[Portal] enter 2-factor auth code for " + user + ": ")
rsp = pamh.conversation(otpmsg)
otpcode = rsp.resp
return totp_verify(user, otpcode)
else:
return True
return False
def portal_auth(user, password, pamh):
req = {"key": api_key, "action": "auth", "username": user, "password": password}
resp = requests.post(api_url, data=req)
if resp.json()['status'] == "OK":
return totp_check(user, pamh)
else:
return False
def custom_auth(user, password, command):
return os.system(command + ' ' + user + ' ' + password) == 0
def pam_sm_authenticate(pamh, flags, argv): def pam_sm_authenticate(pamh, flags, argv):
@ -36,18 +69,18 @@ def pam_sm_authenticate(pamh, flags, argv):
password = pamh.authtok password = pamh.authtok
if password == None: if password == None:
## got no password in authtok - trying through conversation... ## got no password in authtok - trying through conversation...
passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Custom auth: ") passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "[Portal] enter password for " + user + ": ")
rsp = pamh.conversation(passmsg) rsp = pamh.conversation(passmsg)
password = rsp.resp password = rsp.resp
# so we should at this point have the password either through the # so we should at this point have the password either through the
# prompt or from previous module # prompt or from previous module
if custom_auth(user, password, argv[1]): if portal_auth(user, password, pamh):
return pamh.PAM_SUCCESS return pamh.PAM_SUCCESS
else: else:
return pamh.PAM_AUTH_ERR return pamh.PAM_AUTH_ERR
except pamh.exception, e: except pamh.exception as e:
return e.pam_result return e.pam_result
def pam_sm_setcred(pamh, flags, argv): def pam_sm_setcred(pamh, flags, argv):