Probably make it work, no testing yet

2017-05-25 20:52:07 -06:00 · 2017-05-25 20:52:07 -06:00 · 0ea83c85b5
commit 0ea83c85b5
parent abf0ef3f1c
1 changed files with 38 additions and 5 deletions
--- a/pam_custom.py
+++ b/pam_custom.py
@ -3,6 +3,7 @@
 '''
    pam-custom
    Copyright (C) 2013 Loris Tisisno <loris.tissino@gmail.com>
+    Copyright (C) 2017 Netsyms Technologies <admin@netsyms.com>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -19,9 +20,41 @@
 '''

 import os
+import requests
+import json
+
+api_url = "http://localhost/portal/api.php"
+api_key = "123"
+
+def totp_verify(user, totp):
+  req = {"key": api_key, "action": "verifytotp", "username": user, "code": totp}
+  resp = requests.post(api_url, data=req)
+  if resp.json()['status'] == "OK":
+    if resp.json()['valid'] == True:
+      return True
+  return False
+
+def totp_check(user, pamh):
+  req = {"key": api_key, "action": "hastotp", "username": user}
+  resp = requests.post(api_url, data=req)
+  if resp.json()['status'] == "OK":
+    if resp.json()['otp'] == True:
+      otpmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "[Portal] enter 2-factor auth code for " + user + ": ")
+      rsp = pamh.conversation(otpmsg)
+      otpcode = rsp.resp
+      return totp_verify(user, otpcode)
+    else:
+      return True
+  return False
+
+def portal_auth(user, password, pamh):
+  req = {"key": api_key, "action": "auth", "username": user, "password": password}
+  resp = requests.post(api_url, data=req)
+  if resp.json()['status'] == "OK":
+     return totp_check(user, pamh)
+  else:
+    return False

-def custom_auth(user, password, command):
-  return os.system(command + ' ' + user + ' ' + password) == 0

 def pam_sm_authenticate(pamh, flags, argv):

@ -36,18 +69,18 @@ def pam_sm_authenticate(pamh, flags, argv):
    password = pamh.authtok
    if password == None:
      ## got no password in authtok - trying through conversation...
-      passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Custom auth: ")
+      passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "[Portal] enter password for " + user + ": ")
      rsp = pamh.conversation(passmsg)
      password = rsp.resp
      # so we should at this point have the password either through the
      # prompt or from previous module

-    if custom_auth(user, password, argv[1]):
+    if portal_auth(user, password, pamh):
      return pamh.PAM_SUCCESS
    else:
      return pamh.PAM_AUTH_ERR

-  except pamh.exception, e:
+  except pamh.exception as e:
    return e.pam_result

 def pam_sm_setcred(pamh, flags, argv):