def pam(self, required, passed):
"""
Perform PAM authentication.
@param required: Method specific auth specification.
@type required: L{Options}
@param passed: The credentials passed.
@type passed: L{Options}
@raise UserRequired: On user required and not passed.
@raise PasswordRequired: On password required and not passed.
@raise UserNotAuthorized: On user not authorized.
@raise NotAuthenticated: On PAM auth failed.
"""
if passed.pam:
passed = Options(passed.pam)
else:
passed = Options()
if not passed.user:
raise UserRequired(self.cnfn())
if not passed.password:
raise PasswordRequired(self.cnfn())
if passed.user != required.user:
raise UserNotAuthorized(self.cnfn(), required.user, passed.user)
pam = PAM()
try:
pam.authenticate(passed.user, passed.password, required.service)
except Exception:
raise NotAuthenticated(self.cnfn(), passed.user)
def run(self, cmd, user, password):
"""
Run a shell command.
The command is executed as: "su - <user> -c <cmd>" and the
user/password is authenticated using PAM.
@param cmd: The command & arguments.
@type cmd: str
@param user: A user name.
@type user: str
@param password: The password.
@type password: str
@return: tuple (status, output)
@rtype: tuple
"""
auth = PAM()
auth.authenticate(user, password)
command = ('su', '-', user, '-c', cmd)
p = Popen(command, stdout=PIPE)
try:
result = p.stdout.read()
p.stdout.close()
status = p.wait()
return (status, result)
except OSError, e:
return (-1, str(e))