From 5b939d7e7e0aa4f86dc24914cf52d3b4d646d125 Mon Sep 17 00:00:00 2001
From: Robin Sonnabend <robin@fsmpi.rwth-aachen.de>
Date: Sat, 17 Feb 2018 19:26:19 +0100
Subject: [PATCH] Add PAM auth backend
---
auth.py | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/auth.py b/auth.py
index e48e651..899509d 100644
--- a/auth.py
+++ b/auth.py
@@ -3,6 +3,7 @@ import ssl
import ldap3
from ldap3.utils.dn import parse_dn
from datetime import datetime
+import grp, pwd, pam
class User:
def __init__(self, username, groups, timestamp=None, obsolete=False, permanent=False):
@@ -137,7 +138,7 @@ class ADManager:
class StaticUserManager:
- def __init__(self, users):
+ def __init__(self, users, obsolete=False):
self.passwords = {
username: password
for (username, password, groups) in users
@@ -146,6 +147,7 @@ class StaticUserManager:
username: groups
for (username, password, groups) in users
}
+ self.obsolete = obsolete
def authenticate(self, username, password):
return (username in self.passwords
@@ -156,8 +158,27 @@ class StaticUserManager:
yield from self.groups[username]
def all_groups(self):
- return list(set(group for group in groups.values()))
+ yield from list(set(group for group in groups.values()))
+
+class PAMManager:
+ def __init__(self, obsolete=False):
+ self.pam = pam.pam()
+ self.obsolete = obsolete
+
+ def authenticate(self, username, password):
+ return self.pam.authenticate(username, password)
+
+ def groups(self, username, password=None):
+ print(username)
+ yield grp.getgrgid(pwd.getpwnam(username).pw_gid).gr_name
+ for group in grp.getgrall():
+ if username in group.gr_mem:
+ yield group.gr_name
+
+ def all_groups(self):
+ for group in grp.getgrall():
+ yield group.gr_name
class SecurityManager:
def __init__(self, key, max_duration=300):
--
GitLab