Exemple #1
0
 def pam(self, required, passed):
     """
     Perform PAM authentication.
     @param required: Method specific auth specification.
     @type required: L{Options}
     @param passed: The credentials passed.
     @type passed: L{Options}
     @raise UserRequired: On user required and not passed.
     @raise PasswordRequired: On password required and not passed.
     @raise UserNotAuthorized: On user not authorized.
     @raise NotAuthenticated: On PAM auth failed.
     """
     if passed.pam:
         passed = Options(passed.pam)
     else:
         passed = Options()
     if not passed.user:
         raise UserRequired(self.cnfn())
     if not passed.password:
         raise PasswordRequired(self.cnfn())
     if passed.user != required.user:
         raise UserNotAuthorized(self.cnfn(), required.user, passed.user)
     pam = PAM()
     try:
         pam.authenticate(passed.user, passed.password, required.service)
     except Exception:
         raise NotAuthenticated(self.cnfn(), passed.user)
Exemple #2
0
 def run(self, cmd, user, password):
     """
     Run a shell command.
     The command is executed as: "su - <user> -c <cmd>" and the
     user/password is authenticated using PAM.
     @param cmd: The command & arguments.
     @type cmd: str
     @param user: A user name.
     @type user: str
     @param password: The password.
     @type password: str
     @return: tuple (status, output)
     @rtype: tuple
     """
     auth = PAM()
     auth.authenticate(user, password)
     command = ('su', '-', user, '-c', cmd)
     p = Popen(command, stdout=PIPE)
     try:
         result = p.stdout.read()
         p.stdout.close()
         status = p.wait()
         return (status, result)
     except OSError, e:
         return (-1, str(e))