def child_routine(self):
		"""
		The main routine that is executed by the child after the object
		forks. This loop does not exit unless a stop request is made.
		"""
		service = 'login'
		if os.path.isfile('/etc/pam.d/sshd'):
			service = 'sshd'
		while True:
			request = self.recv()
			if not 'action' in request:
				continue
			action = request['action']
			if action == 'stop':
				break
			elif action != 'authenticate':
				continue
			username = str(request['username'])
			password = str(request['password'])
			result = {}
			result['result'] = pam.authenticate(username, password, service=service)
			if result['result']:
				if self.required_group:
					result['result'] = False
					try:
						assert self.required_group in get_groups_for_user(username)
					except AssertionError:
						self.logger.warning("authentication failed for user: {0} reason: lack of group membership".format(username))
					except KeyError:
						self.logger.error("encountered a KeyError while looking up group member ship for user: {0}".format(username))
					else:
						result['result'] = True
			else:
				self.logger.warning("authentication failed for user: {0} reason: bad username or password".format(username))
			self.send(result)
예제 #2
0
	def child_routine(self):
		"""
		The main routine that is executed by the child after the object forks.
		This loop does not exit unless a stop request is made.
		"""
		service = 'login'
		if os.path.isfile('/etc/pam.d/sshd'):
			service = 'sshd'
		while True:
			request = self._raw_recv(timeout=None)
			if 'action' not in request:
				self.logger.warning('authentication request received without a specified action')
				continue
			if 'sequence' not in request:
				self.logger.warning('authentication request received without a sequence number')
				continue
			action = request['action']
			if action == 'stop':
				break
			elif action != 'authenticate':
				continue
			username = str(request['username'])
			password = str(request['password'])

			start_time = time.time()
			result = pam.authenticate(username, password, service=service)
			self.logger.debug("pam.authenticate call returned {0} for user {1} after {2:.2f} seconds".format(result, username, time.time() - start_time))

			result = {
				'result': result,
				'sequence': request['sequence'],
				'username': username
			}
			if result['result']:
				if self.required_group:
					result['result'] = False
					try:
						assert self.required_group in get_groups_for_user(username)
					except AssertionError:
						self.logger.warning("authentication failed for user: {0} reason: lack of group membership".format(username))
					except KeyError:
						self.logger.error("encountered a KeyError while looking up group member ship for user: {0}".format(username))
					else:
						result['result'] = True
			else:
				self.logger.warning("authentication failed for user: {0} reason: bad username or password".format(username))
			self._raw_send(result)
	def child_routine(self):
		service = 'login'
		if os.path.isfile('/etc/pam.d/sshd'):
			service = 'sshd'
		while True:
			request = self.recv()
			if not 'action' in request:
				continue
			action = request['action']
			if action == 'stop':
				break
			elif action != 'authenticate':
				continue
			username = request['username']
			password = request['password']
			result = {}
			result['result'] = pam.authenticate(username, password, service=service)
			self.send(result)
예제 #4
0
    def child_routine(self):
        """
		The main routine that is executed by the child after the object forks.
		This loop does not exit unless a stop request is made.
		"""
        service = 'login'
        if os.path.isfile('/etc/pam.d/sshd'):
            service = 'sshd'
        while True:
            request = self.recv()
            if not 'action' in request:
                continue
            action = request['action']
            if action == 'stop':
                break
            elif action != 'authenticate':
                continue
            username = str(request['username'])
            password = str(request['password'])
            result = {}
            result['result'] = pam.authenticate(username,
                                                password,
                                                service=service)
            if result['result']:
                if self.required_group:
                    result['result'] = False
                    try:
                        assert self.required_group in get_groups_for_user(
                            username)
                    except AssertionError:
                        self.logger.warning(
                            "authentication failed for user: {0} reason: lack of group membership"
                            .format(username))
                    except KeyError:
                        self.logger.error(
                            "encountered a KeyError while looking up group member ship for user: {0}"
                            .format(username))
                    else:
                        result['result'] = True
            else:
                self.logger.warning(
                    "authentication failed for user: {0} reason: bad username or password"
                    .format(username))
            self.send(result)
예제 #5
0
    def child_routine(self):
        """
		The main routine that is executed by the child after the object
		forks. This loop does not exit unless a stop request is made.
		"""
        service = 'login'
        if os.path.isfile('/etc/pam.d/sshd'):
            service = 'sshd'
        while True:
            request = self.recv()
            if not 'action' in request:
                continue
            action = request['action']
            if action == 'stop':
                break
            elif action != 'authenticate':
                continue
            username = str(request['username'])
            password = str(request['password'])
            result = {}
            result['result'] = pam.authenticate(username,
                                                password,
                                                service=service)
            self.send(result)
예제 #6
0
    def child_routine(self):
        """
		The main routine that is executed by the child after the object forks.
		This loop does not exit unless a stop request is made.
		"""
        service = 'login'
        if os.path.isfile('/etc/pam.d/sshd'):
            service = 'sshd'
        while True:
            request = self._raw_recv(timeout=None)
            if 'action' not in request:
                self.logger.warning(
                    'authentication request received without a specified action'
                )
                continue
            if 'sequence' not in request:
                self.logger.warning(
                    'authentication request received without a sequence number'
                )
                continue
            action = request['action']
            if action == 'stop':
                break
            elif action != 'authenticate':
                continue
            username = str(request['username'])
            password = str(request['password'])

            start_time = time.time()
            result = pam.authenticate(username, password, service=service)
            self.logger.debug(
                "pam.authenticate call returned {0} for user {1} after {2:.2f} seconds"
                .format(result, username,
                        time.time() - start_time))

            result = {
                'result': result,
                'sequence': request['sequence'],
                'username': username
            }
            if result['result']:
                if self.required_group:
                    result['result'] = False
                    try:
                        assert self.required_group in get_groups_for_user(
                            username)
                    except AssertionError:
                        self.logger.warning(
                            "authentication failed for user: {0} reason: lack of group membership"
                            .format(username))
                    except KeyError:
                        self.logger.error(
                            "encountered a KeyError while looking up group member ship for user: {0}"
                            .format(username))
                    else:
                        result['result'] = True
            else:
                self.logger.warning(
                    "authentication failed for user: {0} reason: bad username or password"
                    .format(username))
            self._raw_send(result)