def change_expired_password(self, username, old_password, new_password):
prompts = []
answers = {
PAM_PROMPT_ECHO_ON: [username],
PAM_PROMPT_ECHO_OFF: [old_password, new_password, new_password], # old, new, retype
}
conversation = self._get_conversation(answers, prompts)
pam = self.start(conversation)
try:
pam.chauthtok()
except PAMError as pam_err:
AUTH.warn('Changing password failed (%s). Prompts: %r' % (pam_err, prompts))
message = self.parse_error_message_from(prompts)
raise PasswordChangeFailed(message)
def authenticate(self, username, password):
answers = {
# PAM_PROMPT_ECHO_ON: [password],
PAM_PROMPT_ECHO_OFF: [password],
}
conversation = self._get_conversation(answers)
pam = self.start(conversation)
pam.set_item(PAM_USER, username)
try:
pam.authenticate()
except PAMError as autherr:
AUTH.error("PAM: authentication error: %s" % (autherr,))
raise AuthenticationFailed(str(autherr[0]))
self._validate_account(pam)
def authenticate(self, username, password, new_password=None):
"""Authenticate the client. Change password if expired. Should be run in a thread."""
user = self.getSession(User)
AUTH.info('Trying to authenticate user %r' % (username,))
try:
user.authenticate(username, password)
except AuthenticationFailed as auth_failed:
AUTH.error(str(auth_failed))
raise
except PasswordExpired as pass_expired:
AUTH.info(str(pass_expired))
if new_password is None:
raise
try:
user.change_expired_password(username, password, new_password)
except PasswordChangeFailed as change_failed:
AUTH.error(str(change_failed))
raise
else:
AUTH.info('Password change for %r was successful' % (username,))
else:
AUTH.info('Authentication for %r was successful' % (username,))
