Mailinglist Archive: yast-devel (40 mails)

< Previous Next >
[yast-devel] [PATCH] various rpam improvements
  • From: Duncan Mac-Vicar Prett <dmacvicar@xxxxxxx>
  • Date: Wed, 22 Apr 2009 17:51:06 +0200
  • Message-id: <49EF3CEA.2070609@xxxxxxx>

Hi Andre,

We are using rpam extensively for our YaST web service project.

Klaus Kaempf (in CC) did some improvements in order to make it work for
our project, plus some added tests and build facilities.

Originally, we were keeping a fork in-tree, however we would like to
keep as close with your upstream version, therefore I attach the patch
we use to build our package.

If you apply it (or part of it) please tell us so we can adapt our
package :-)

Thanks for this useful piece of software!

--
Duncan Mac-Vicar P. - Engineering Manager, YaST
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/ext/Rpam/rpam.c rpam-1.0-0.suse/ext/Rpam/rpam.c
--- rpam-1.0-0/ext/Rpam/rpam.c 2009-04-22 17:09:03.000000000 +0200
+++ rpam-1.0-0.suse/ext/Rpam/rpam.c 2009-04-22 17:33:09.000000000 +0200
@@ -53,13 +53,15 @@
struct pam_response *response = 0;

/* parameter sanity checking */
- if (!resp || !msg || !userinfo)
- return PAM_CONV_ERR;
+ if (!resp || !msg || !userinfo) {
+ return PAM_CONV_ERR;
+ }

/* allocate memory to store response */
response = malloc(num_msg * sizeof(struct pam_response));
- if (!response)
+ if (!response) {
return PAM_CONV_ERR;
+ }

/* copy values */
for (i = 0; i < num_msg; i++) {
@@ -76,6 +78,14 @@
case PAM_PROMPT_ECHO_OFF:
response[i].resp = strdup(userinfo->pw);
break;
+ case PAM_ERROR_MSG:
+ if (response) free(response);
+ rb_raise(rb_eRuntimeError, msg[i]->msg);
+ break;
+ case PAM_TEXT_INFO:
+ if (response) free(response);
+ rb_raise(rb_eSecurityError, msg[i]->msg);
+ break;
default:
if (response)
free(response);
@@ -88,15 +98,23 @@

}

-/* Authenticates a user and returns TRUE on success, FALSE on failure */
-VALUE method_authpam(VALUE self, VALUE username, VALUE password) {
+/*
+ * Authenticates a user and returns TRUE on success, FALSE on failure
+ *
+ * authpam(username, password) -> boolean
+ *
+ * raises RuntimeError in case of PAM error
+ * raises SecurityError in case of missing rights (e.g. run as non-root)
+ */
+
+VALUE method_authpam(VALUE self, VALUE username, VALUE password) {
pam_auth_t userinfo = {NULL, NULL};
struct pam_conv conv_info = {&auth_pam_talker, (void *) &userinfo};
pam_handle_t *pamh = NULL;
int result;

- userinfo.name = STR2CSTR(username);
- userinfo.pw = STR2CSTR(password);
+ userinfo.name = StringValuePtr(username);
+ userinfo.pw = StringValuePtr(password);

if ((result = pam_start(rpam_servicename, userinfo.name, &conv_info,
&pamh))
!= PAM_SUCCESS) {
@@ -124,5 +142,5 @@
/* initialize */
void Init_rpam() {
Rpam = rb_define_module("Rpam");
- rb_define_method(Rpam, "authpam", method_authpam, 2);
+ rb_define_module_function(Rpam, "authpam", method_authpam, 2);
}
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/Makefile rpam-1.0-0.suse/Makefile
--- rpam-1.0-0/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/Makefile 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,39 @@
+#
+# Makefile for rpam
+#
+
+all: ext/Rpam/Makefile
+ (cd ext/Rpam; make)
+
+ext/Rpam/Makefile: ext/Rpam/extconf.rb
+ (cd ext/Rpam; ruby -rvendor-specific extconf.rb)
+
+install: all
+ (cd ext/Rpam; make install)
+ mkdir -p $(DESTDIR)/etc/pam.d
+ install -c -m 0644 rpam.pam $(DESTDIR)/etc/pam.d/rpam
+
+uninstall:
+ rm -f $(shell ruby -r rbconfig -e "print
Config::CONFIG['vendorarchdir']")/rpam.so
+ rm -f $(DESTDIR)/etc/pam.d/rpam
+
+doc: ext/Rpam/Makefile
+ (cd ext/Rpam; rdoc --all --line-numbers --charset=UTF-8 --fmt=html -p
--inline-source --op=rdoc)
+
+test: all
+ (cd test; make)
+
+clean:
+ (cd ext/Rpam; make clean || exit 0)
+ (cd test; make clean || exit 0)
+
+distclean: clean
+ rm -f *~
+ rm -f ext/Rpam/*~
+ rm -f ext/Rpam/*o
+ rm -rf ext/Rpam/rdoc
+ rm -f ext/Rpam/Makefile
+ rm -rf package/*bz2
+
+dist: distclean
+ (cd ..; tar -cj --exclude=rpam/package -f
rpam/package/ruby-rpam-1.0.1.tar.bz2 rpam)
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/rpam.pam rpam-1.0-0.suse/rpam.pam
--- rpam-1.0-0/rpam.pam 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/rpam.pam 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth include common-auth
+account include common-account
+password include common-password
+session include common-session
+
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/badarg.rb rpam-1.0-0.suse/test/badarg.rb
--- rpam-1.0-0/test/badarg.rb 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/badarg.rb 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,16 @@
+#
+# Test bad arguments
+#
+
+$:.unshift "../ext/Rpam"
+require 'test/unit'
+require 'rpam'
+
+class LoadTest < Test::Unit::TestCase
+ def test_bad_arg
+ assert_raise(ArgumentError) { Rpam::authpam() }
+ assert_raise(ArgumentError) { Rpam::authpam(nil) }
+ assert_raise(TypeError) { Rpam::authpam(1,false) }
+ assert_nothing_raised { Rpam::authpam("", "") }
+ end
+end
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/fail.rb rpam-1.0-0.suse/test/fail.rb
--- rpam-1.0-0/test/fail.rb 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/fail.rb 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,24 @@
+#
+# Test failed authentication
+#
+
+$:.unshift "../ext/Rpam"
+require 'test/unit'
+require 'rpam'
+
+class LoadTest < Test::Unit::TestCase
+ def test_auth_fail
+ assert !Rpam::authpam("","")
+ # just return false on unknown user
+ assert_nothing_raised { Rpam::authpam("xyzzy", "") }
+if false
+ if (Process.uid == 0 || (Process.uid==99 && File.exist?("/.buildenv")))
+ # raise (if called as non-root) with known user
+ assert_nothing_raised { Rpam::authpam("root","root") }
+ else
+ # raise (if called as non-root) with known user
+ assert_raise(SecurityError) { Rpam::authpam("root","root") }
+ end
+end
+ end
+end
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/interactive.rb rpam-1.0-0.suse/test/interactive.rb
--- rpam-1.0-0/test/interactive.rb 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/interactive.rb 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,20 @@
+#
+# Test login
+#
+
+$:.unshift "../ext/Rpam"
+require 'test/unit'
+require 'rpam'
+
+class InteractiveTest < Test::Unit::TestCase
+ def test_login
+ print "User: "
+ user = gets.chomp
+ print "Password: "
+ system("stty -echo")
+ pass = gets.chomp
+ system("stty echo")
+ puts
+ assert Rpam::authpam(user,pass)
+ end
+end
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/loading.rb rpam-1.0-0.suse/test/loading.rb
--- rpam-1.0-0/test/loading.rb 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/loading.rb 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,13 @@
+#
+# Test loading of rpam
+#
+
+$:.unshift "../ext/Rpam"
+require 'test/unit'
+
+class LoadTest < Test::Unit::TestCase
+ def test_loading
+ require 'rpam'
+ assert Rpam
+ end
+end
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/Makefile rpam-1.0-0.suse/test/Makefile
--- rpam-1.0-0/test/Makefile 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/Makefile 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,14 @@
+#
+# Makefile for rpam/test
+#
+
+check:
+ ruby loading.rb
+ ruby badarg.rb
+ ruby fail.rb
+ ruby pam.rb
+
+clean:
+ rm -f *~
+ rm -f core
+
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/pam.rb rpam-1.0-0.suse/test/pam.rb
--- rpam-1.0-0/test/pam.rb 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/pam.rb 2009-04-22 17:33:09.000000000 +0200
@@ -0,0 +1,22 @@
+#!/usr/bin/ruby
+
+# load the local copy, not the installed rpam.so
+$:.unshift("../ext/Rpam")
+
+require "rpam"
+include Rpam
+
+user = "root"
+password = "password"
+
+begin
+ res = authpam(user,password)
+ if res
+ puts "Authenticate Successful"
+ else
+ puts "Authenticate Failure"
+ end
+rescue
+ $stderr.puts "Please edit pam.rb and choose a different user name"
+ exit
+end
diff -urN '--exclude=*ext/Rpam/Makefile' '--exclude=.svn' '--exclude=*.log'
'--exclude=.gitignore' '--exclude=*.changes' '--exclude=*.spec'
rpam-1.0-0/test/unix2_checkpwd.rb rpam-1.0-0.suse/test/unix2_checkpwd.rb
--- rpam-1.0-0/test/unix2_checkpwd.rb 1970-01-01 01:00:00.000000000 +0100
+++ rpam-1.0-0.suse/test/unix2_checkpwd.rb 2009-04-22 17:33:09.000000000
+0200
@@ -0,0 +1,17 @@
+#!/usr/bin/ruby
+require 'rubygems'
+require 'session'
+
+puts "Starting /sbin/unix2_chkpwd"
+
+cmd = "/sbin/unix2_chkpwd rpam root"
+text = "llllll"
+
+se = Session.new
+result, err = se.execute cmd, :stdin => text
+
+puts result
+puts err
+puts se.get_status
+
+puts "End /sbin/unix2_chkpwd"
\ No newline at end of file
< Previous Next >
This Thread
  • No further messages