Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# This file is part of Xpra. 

2# Copyright (C) 2013-2019 Antoine Martin <antoine@xpra.org> 

3# Xpra is released under the terms of the GNU GPL v2, or, at your option, any 

4# later version. See the file COPYING for details. 

5 

6import os 

7import sys 

8 

9from xpra.util import envbool 

10from xpra.os_util import strtobytes 

11from xpra.scripts.config import parse_bool 

12from xpra.server.auth.sys_auth_base import SysAuthenticator, log 

13 

14PAM_AUTH_SERVICE = os.environ.get("XPRA_PAM_AUTH_SERVICE", "login") 

15PAM_CHECK_ACCOUNT = envbool("XPRA_PAM_CHECK_ACCOUNT", False) 

16 

17 

18def check(username, password, service=PAM_AUTH_SERVICE, check_account=PAM_CHECK_ACCOUNT): 

19 log("pam check(%s, [..])", username) 

20 from xpra.server.pam import pam_session #@UnresolvedImport 

21 b = strtobytes 

22 session = pam_session(b(username), b(password), service) 

23 if not session.start(b(password)): 

24 return False 

25 try: 

26 success = session.authenticate() 

27 if success and check_account: 

28 success = session.check_account() 

29 finally: 

30 try: 

31 session.close() 

32 except: 

33 log("error closing session %s", session, exc_info=True) 

34 return success 

35 

36 

37class Authenticator(SysAuthenticator): 

38 

39 def __init__(self, username, **kwargs): 

40 self.service = kwargs.pop("service", PAM_AUTH_SERVICE) 

41 self.check_account = parse_bool("check-account", kwargs.pop("check-account", PAM_CHECK_ACCOUNT), False) 

42 super().__init__(username, **kwargs) 

43 

44 def check(self, password) -> bool: 

45 log("pam.check(..) pw=%s", self.pw) 

46 if self.pw is None: 

47 return False 

48 return check(self.username, password, self.service, self.check_account) 

49 

50 def get_challenge(self, digests): 

51 if "xor" not in digests: 

52 log.error("Error: pam authentication requires the 'xor' digest") 

53 return None 

54 return super().get_challenge(["xor"]) 

55 

56 def __repr__(self): 

57 return "PAM" 

58 

59 

60def main(args): 

61 if len(args)!=3: 

62 print("invalid number of arguments") 

63 print("usage:") 

64 print("%s username password" % (args[0],)) 

65 return 1 

66 a = Authenticator(args[1]) 

67 if a.check(args[2]): 

68 print("success") 

69 return 0 

70 else: 

71 print("failed") 

72 return -1 

73 

74if __name__ == "__main__": 

75 sys.exit(main(sys.argv))