add pam configuration, and helper script to authenticate with Django

This commit is contained in:
Benjamin Dauvergne 2014-05-07 12:03:16 +02:00
parent 0d284fdc6f
commit 479f4bc8fd
4 changed files with 51 additions and 10 deletions

19
check-password Executable file
View File

@ -0,0 +1,19 @@
#!/usr/bin/python
import logging
import logging.handlers
import sys
log = logging.getLogger()
log.setLevel(logging.DEBUG)
log.addHandler(logging.handlers.SysLogHandler(address = '/dev/log'))
try:
from django.contrib.auth import authenticate
user, password = sys.argv[1:3]
user = authenticate(username=unicode(user, 'utf-8'), password=unicode(password, 'utf-8'))
except:
log.exception('django.contrib.auth.authenticate raised an exception')
else:
if user is None:
sys.exit(1)
sys.exit(0)

3
pam.conf Normal file
View File

@ -0,0 +1,3 @@
#%PAM-1.0
auth required pam_python.so pam_django.py helper=/usr/local/lib/pam-django/check-password DJANGO_SETTINGS_MODULE=settings
account required pam_python.so pam_django.py

View File

@ -1,18 +1,21 @@
import os
import syslog
import sys
import subprocess
def auth_log(msg):
syslog.openlog(facility=syslog.LOG_AUTH)
syslog.syslog("django_pam: " + msg)
def auth_log(msg, priority=syslog.LOG_NOTICE):
syslog.openlog(ident='pam-django', facility=syslog.LOG_AUTH)
syslog.syslog(priority, msg)
syslog.closelog()
def pam_sm_authenticate(pamh, flags, argv):
auth_log("pam_sm_authenticate")
auth_log('sys.path %r' % argv)
argv = dict(arg.split('=', 1) for arg in argv[1:] if '=' in arg)
try:
user = pamh.get_user(None)
except pamh.exception, e:
return e.pam_result
if not user:
return pamh.PAM_USER_UNKNOWN
@ -21,10 +24,16 @@ def pam_sm_authenticate(pamh, flags, argv):
resp = pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, 'Password:'))
except pamh.exception, e:
return e.pam_result
password = resp.resp
auth_log("%s %s %s" % (pamh.rhost, user, password))
return pamh.PAM_SUCCESS
env = os.environ.copy()
if 'DJANGO_SETTINGS_MODULE' in argv:
env['DJANGO_SETTINGS_MODULE'] = argv['DJANGO_SETTINGS_MODULE']
ret = subprocess.call([argv['helper'], user, resp.resp],
stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env)
if ret == 0:
auth_log('login success')
return pamh.PAM_SUCCESS
auth_log('login failure')
return pamh.PAM_AUTH_ERR
def pam_sm_setcred(pamh, flags, argv):
auth_log("pam_sm_setcred")
@ -45,3 +54,4 @@ def pam_sm_close_session(pamh, flags, argv):
def pam_sm_chauthtok(pamh, flags, argv):
auth_log("pam_sm_chauthtok")
return pamh.PAM_SUCCESS

9
settings.py Normal file
View File

@ -0,0 +1,9 @@
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': '/home/bdauvergne/Code/docbow/docbow.db',
}
}
INSTALLED_APPS=('django.contrib.auth',)
AUTHENTICATION_BACKENDS=('django.contrib.auth.backends.ModelBackend',)
SECRET_KEY='xxx'