Advertisement
Guest User

Untitled

a guest
Jul 30th, 2016
92
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.84 KB | None | 0 0
  1. import duo_client
  2. import ldap
  3.  
  4. auth_api = duo_client.Auth(
  5. ikey='<ikey>',
  6. skey='<skey>',
  7. host='<host>',
  8. )
  9.  
  10. LDAP_SERVER = 'ldap://10.1.0.143'
  11. DOMAIN = 'matthias.local'
  12. ldap_client = None
  13.  
  14. def pam_sm_authenticate(pamh, flags, argv):
  15. #get username
  16. try:
  17. username = pamh.get_user()
  18. except pamh.exception:
  19. username = None
  20.  
  21. if username == None:
  22. return pamh.PAM_USER_UNKNOWN
  23.  
  24. #get password
  25. passwordPrompt = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF,
  26. 'Password: ')
  27. try:
  28. password = pamh.conversation(passwordPrompt)
  29. except pamh.exception:
  30. return pamh.PAM_SYSTEM_ERR
  31.  
  32. #try bind
  33. try:
  34. ldap_client = ldap.initialize(LDAP_SERVER)
  35. ldap_client.set_option(ldap.OPT_REFERRALS,0)
  36. ldap_client.simple_bind_s(username + "@" + DOMAIN, password.resp)
  37. except ldap.INVALID_CREDENTIALS:
  38. return pamh.PAM_USER_UNKNOWN
  39. except ldap.SERVER_DOWN:
  40. return pamh.PAM_SYSTEM_ERR
  41.  
  42. ldap_client.unbind()
  43.  
  44. #get token
  45. tokenPrompt = pamh.Message(pamh.PAM_PROMPT_ECHO_ON,
  46. 'Enter DUO Token: ')
  47. try:
  48. token = pamh.conversation(tokenPrompt)
  49. except pamh.exception:
  50. return pamh.PAM_SYSTEM_ERR
  51.  
  52.  
  53. #check token
  54. response = auth_api.auth(
  55. username=username,
  56. passcode=token.resp,
  57. factor="passcode",
  58. )
  59. if response['status'] == "allow":
  60. return pamh.PAM_SUCCESS
  61. else:
  62. return pamh.PAM_USER_UNKNOWN
  63.  
  64. def pam_sm_setcred(pamh, flags, argv):
  65. return pamh.PAM_SUCCESS
  66.  
  67. def pam_sm_acct_mgmt(pamh, flags, argv):
  68. return pamh.PAM_SUCCESS
  69.  
  70. def pam_sm_open_session(pamh, flags, argv):
  71. return pamh.PAM_SUCCESS
  72.  
  73. def pam_sm_close_session(pamh, flags, argv):
  74. return pamh.PAM_SUCCESS
  75.  
  76. def pam_sm_chauthtok(pamh, flags, argv):
  77. return pamh.PAM_SUCCESS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement