Changeset - 7ef7536bf8e7
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Andrew Shadura - 10 years ago 2016-02-24 13:32:33
andrew@shadura.me
Grafted from: 9e0c363ed9ea
auth: support both old and new python-pam API

python-pam 1.8.* provides a new API replacing the previously
available authenticate() function. The latest unreleased
version brings it back, but until it's available, use a
custom shim instead.
1 file changed with 9 insertions and 2 deletions:
kallithea/lib/auth_modules/auth_pam.py
9
2
0 comments (0 inline, 0 general)
kallithea/lib/auth_modules/auth_pam.py
Show inline comments
 
@@ -16,25 +16,32 @@ kallithea.lib.auth_modules.auth_pam
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

			




	
	
	
		
 
Kallithea authentication library for PAM

			




	
	
	
		
 

			




	
	
	
		
 
This file was forked by the Kallithea project in July 2014.

			




	
	
	
		
 
Original author and date, and relevant copyright and licensing information is below:

			




	
	
	
		
 
:created_on: Created on Apr 09, 2013

			




	
	
	
		
 
:author: Alexey Larikov

			




	
	
	
		
 
"""

			




	
	
	
		
 

			




	
	
	
		
 
import logging

			




	
	
	
		
 
import time

			




	
	
	
		
 
import pam

			




	
	
	
		
 

			




	
	
	
		
 
try:

			




	
	
	
		
 
    from pam import authenticate as pam_authenticate

			




	
	
	
		
 
except ImportError:

			




	
	
	
		
 
    # work around pam.authenticate missing in python-pam 1.8.*

			




	
	
	
		
 
    from pam import pam

			




	
	
	
		
 
    pam_authenticate = pam().authenticate

			




	
	
	
		
 

			




	
	
	
		
 
import pwd

			




	
	
	
		
 
import grp

			




	
	
	
		
 
import re

			




	
	
	
		
 
import socket

			




	
	
	
		
 
import threading

			




	
	
	
		
 

			




	
	
	
		
 
from kallithea.lib import auth_modules

			




	
	
	
		
 
from kallithea.lib.compat import formatted_json, hybrid_property

			




	
	
	
		
 

			




	
	
	
		
 
log = logging.getLogger(__name__)

			




	
	
	
		
 

			




	
	
	
		
 
# Cache to store PAM authenticated users

			




	
	
		
 
@@ -83,25 +90,25 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 

			




	
	
	
		
 
    def use_fake_password(self):

			




	
	
	
		
 
        return True

			




	
	
	
		
 

			




	
	
	
		
 
    def auth(self, userobj, username, password, settings, **kwargs):

			




	
	
	
		
 
        if not username:

			




	
	
	
		
 
            log.debug('Empty username - skipping...')

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        if username not in _auth_cache:

			




	
	
	
		
 
            # Need lock here, as PAM authentication is not thread safe

			




	
	
	
		
 
            _pam_lock.acquire()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                auth_result = pam.authenticate(username, password,

			




	
	
	
		
 
                auth_result = pam_authenticate(username, password,

			




	
	
	
		
 
                                               settings["service"])

			




	
	
	
		
 
                # cache result only if we properly authenticated

			




	
	
	
		
 
                if auth_result:

			




	
	
	
		
 
                    _auth_cache[username] = time.time()

			




	
	
	
		
 
            finally:

			




	
	
	
		
 
                _pam_lock.release()

			




	
	
	
		
 

			




	
	
	
		
 
            if not auth_result:

			




	
	
	
		
 
                log.error("PAM was unable to authenticate user: %s", username)

			




	
	
	
		
 
                return None

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.debug("Using cached auth for user: %s", username)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.