Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import duo_client
- import ldap
- auth_api = duo_client.Auth(
- ikey='<ikey>',
- skey='<skey>',
- host='<host>',
- )
- LDAP_SERVER = 'ldap://10.1.0.143'
- DOMAIN = 'matthias.local'
- ldap_client = None
- def pam_sm_authenticate(pamh, flags, argv):
- #get username
- try:
- username = pamh.get_user()
- except pamh.exception:
- username = None
- if username == None:
- return pamh.PAM_USER_UNKNOWN
- #get password
- passwordPrompt = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF,
- 'Password: ')
- try:
- password = pamh.conversation(passwordPrompt)
- except pamh.exception:
- return pamh.PAM_SYSTEM_ERR
- #try bind
- try:
- ldap_client = ldap.initialize(LDAP_SERVER)
- ldap_client.set_option(ldap.OPT_REFERRALS,0)
- ldap_client.simple_bind_s(username + "@" + DOMAIN, password.resp)
- except ldap.INVALID_CREDENTIALS:
- return pamh.PAM_USER_UNKNOWN
- except ldap.SERVER_DOWN:
- return pamh.PAM_SYSTEM_ERR
- ldap_client.unbind()
- #get token
- tokenPrompt = pamh.Message(pamh.PAM_PROMPT_ECHO_ON,
- 'Enter DUO Token: ')
- try:
- token = pamh.conversation(tokenPrompt)
- except pamh.exception:
- return pamh.PAM_SYSTEM_ERR
- #check token
- response = auth_api.auth(
- username=username,
- passcode=token.resp,
- factor="passcode",
- )
- if response['status'] == "allow":
- return pamh.PAM_SUCCESS
- else:
- return pamh.PAM_USER_UNKNOWN
- def pam_sm_setcred(pamh, flags, argv):
- return pamh.PAM_SUCCESS
- def pam_sm_acct_mgmt(pamh, flags, argv):
- return pamh.PAM_SUCCESS
- def pam_sm_open_session(pamh, flags, argv):
- return pamh.PAM_SUCCESS
- def pam_sm_close_session(pamh, flags, argv):
- return pamh.PAM_SUCCESS
- def pam_sm_chauthtok(pamh, flags, argv):
- return pamh.PAM_SUCCESS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement