def _login_pam(self):
ctx_user = '******' % (AUTH_USER_KEY, self.account.client_user)
ctx_pwd = '%s=%s' % (AUTH_PWD_KEY, self.account.password)
ctx_ttl = '%s=%s' % (AUTH_TTL_KEY, "60")
ctx = ";".join([ctx_user, ctx_pwd, ctx_ttl])
message_body = PluginAuthMessage(auth_scheme_=PAM_AUTH_SCHEME,
context_=ctx)
auth_req = iRODSMessage(
msg_type='RODS_API_REQ',
msg=message_body,
# int_info=725
int_info=1201)
self.send(auth_req)
# Getting the new password
output_message = self.recv()
auth_out = output_message.get_main_message(AuthPluginOut)
self.disconnect()
self._connect()
self._login_native(password=auth_out.result_)
logger.info("PAM authorization validated")
def _login_pam(self):
time_to_live_in_seconds = 60
pam_password = PAM_PW_ESC_PATTERN.sub(lambda m: '\\' + m.group(1),
self.account.password)
ctx_user = '******' % (AUTH_USER_KEY, self.account.client_user)
ctx_pwd = '%s=%s' % (AUTH_PWD_KEY, pam_password)
ctx_ttl = '%s=%s' % (AUTH_TTL_KEY, str(time_to_live_in_seconds))
ctx = ";".join([ctx_user, ctx_pwd, ctx_ttl])
if type(self.socket) is socket.socket:
if getattr(self, 'DISALLOWING_PAM_PLAINTEXT', True):
raise PlainTextPAMPasswordError
Pam_Long_Tokens = (ALLOW_PAM_LONG_TOKENS
and (len(ctx) >= MAX_NAME_LEN))
if Pam_Long_Tokens:
message_body = PamAuthRequest(pamUser=self.account.client_user,
pamPassword=pam_password,
timeToLive=time_to_live_in_seconds)
else:
message_body = PluginAuthMessage(auth_scheme_=PAM_AUTH_SCHEME,
context_=ctx)
auth_req = iRODSMessage(msg_type='RODS_API_REQ',
msg=message_body,
int_info=(725 if Pam_Long_Tokens else 1201))
self.send(auth_req)
# Getting the new password
output_message = self.recv()
Pam_Response_Class = (PamAuthRequestOut
if Pam_Long_Tokens else AuthPluginOut)
auth_out = output_message.get_main_message(Pam_Response_Class)
self.disconnect()
self._connect()
if hasattr(self.account, 'store_pw'):
drop = self.account.store_pw
if type(drop) is list:
drop[:] = [auth_out.result_]
self._login_native(password=auth_out.result_)
logger.info("PAM authorization validated")
def gsi_client_auth_request(self):
# Request for authentication with GSI on current user
message_body = PluginAuthMessage(
auth_scheme_=GSI_AUTH_PLUGIN,
context_='%s=%s' % (AUTH_USER_KEY, self.account.client_user))
# GSI = 1201
# https://github.com/irods/irods/blob/master/lib/api/include/apiNumber.h#L158
auth_req = iRODSMessage(msg_type='RODS_API_REQ',
msg=message_body,
int_info=1201)
self.send(auth_req)
# Getting the challenge message
self.recv()
def _login_pam(self):
ctx_user = '******' % (AUTH_USER_KEY, self.account.client_user)
ctx_pwd = '%s=%s' % (AUTH_PWD_KEY, self.account.password)
ctx_ttl = '%s=%s' % (AUTH_TTL_KEY, "60")
ctx = ";".join([ctx_user, ctx_pwd, ctx_ttl])
if type(self.socket) is socket.socket:
if getattr(self,'DISALLOWING_PAM_PLAINTEXT',True):
raise PlainTextPAMPasswordError
message_body = PluginAuthMessage(
auth_scheme_=PAM_AUTH_SCHEME,
context_=ctx
)
auth_req = iRODSMessage(
msg_type='RODS_API_REQ',
msg=message_body,
# int_info=725
int_info=1201
)
self.send(auth_req)
# Getting the new password
output_message = self.recv()
auth_out = output_message.get_main_message(AuthPluginOut)
self.disconnect()
self._connect()
if hasattr(self.account,'store_pw'):
drop = self.account.store_pw
if type(drop) is list:
drop[:] = [ auth_out.result_ ]
self._login_native(password=auth_out.result_)
logger.info("PAM authorization validated")