#!/usr/bin/python
import sys
import PAM
if __name__ != "__main__":
	from mod_python import apache
	
# out is the output stream used to print debug
def auth(username, password, out):
	def pam_conv(aut, query_list, user_data):
		out.write("Query list: " + str(query_list) + "\n")
		
		# List to store the responses to the different queries
		resp = []
		
		for item in query_list:
			query, qtype = item
			
			# If PAM asks for an input, give the password
			if qtype == PAM.PAM_PROMPT_ECHO_ON or qtype == PAM.PAM_PROMPT_ECHO_OFF:
				resp.append((str(password), 0))
			
			elif qtype == PAM.PAM_PROMPT_ERROR_MSG or qtype == PAM.PAM_PROMPT_TEXT_INFO:
				resp.append(('', 0))
		
		out.write("Our response: " + str(resp) + "\n")
		return resp

	# If username of password is undefined, fail
	if username is None or password is None:
		return False

	service = 'login'
	pam_ = PAM.pam()
	pam_.start(service)
	
	# Set the username
	pam_.set_item(PAM.PAM_USER, str(username))
	
	# Set the conversation callback
	pam_.set_item(PAM.PAM_CONV, pam_conv)
	
	try:
		pam_.authenticate()
		pam_.acct_mgmt()
	except PAM.error, resp:
		out.write("Error: " + str(resp) + "\n")
		return False
	except:
		return False
	
	# If we get here, the authentication worked
	return True	

my_username = "markys"
my_good_password = "lalala"
my_bad_password = "lololo"

def handler(req):
	req.content_type = "text/plain"
	req.write("1- " + str(auth(my_username,my_good_password,req)) + "\n")
	req.write("2- " + str(auth(my_username,my_bad_password,req)) + "\n")
	return apache.OK
	
if __name__ == "__main__":
	print "1- " + str(auth(my_username,my_good_password,sys.__stdout__))
	print "2- " + str(auth(my_username,my_bad_password,sys.__stdout__))