8 """Send errors to default auth log"""
9 syslog.openlog(facility=syslog.LOG_AUTH)
11 syslog.syslog("libpam python Logged: " + msg)
15 def check_arvados_token(requested_username, token):
16 auth_log("%s %s" % (requested_username, token))
19 f=file('/etc/default/arvados_pam')
20 config=dict([l for l in f.readlines() if not l.startswith('#') or l.strip()==""])
21 arvados_api_host=config['ARVADOS_API_HOST'].strip()
22 hostname=config['HOSTNAME'].strip()
23 except Exception as e:
24 auth_log("problem getting default values" % (str(e)))
27 arv = arvados.api('v1',host=arvados_api_host, token=token, cache=None)
28 except Exception as e:
33 matches = arv.virtual_machines().list(filters=[['hostname','=',hostname]]).execute()['items']
34 except Exception as e:
40 auth_log("libpam_arvados could not determine vm uuid for '%s'" % hostname)
43 this_vm_uuid = matches[0]['uuid']
44 auth_log("this_vm_uuid: %s" % this_vm_uuid)
45 client_user_uuid = arv.users().current().execute()['uuid']
48 ['link_class','=','permission'],
49 ['name','=','can_login'],
50 ['head_uuid','=',this_vm_uuid],
51 ['tail_uuid','=',client_user_uuid]]
53 for l in arv.links().list(filters=filters).execute()['items']:
54 if requested_username == l['properties']['username']:
59 def pam_sm_authenticate(pamh, flags, argv):
61 user = pamh.get_user()
62 except pamh.exception, e:
66 return pamh.PAM_USER_UNKNOWN
69 resp = pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, ''))
70 except pamh.exception, e:
74 check = check_arvados_token(user, resp.resp)
75 except Exception as e:
80 auth_log("Auth failed Remote Host: %s (%s:%s)" % (pamh.rhost, user, resp.resp))
81 return pamh.PAM_AUTH_ERR
83 auth_log("Success! Remote Host: %s (%s:%s)" % (pamh.rhost, user, resp.resp))
84 return pamh.PAM_SUCCESS
86 def pam_sm_setcred(pamh, flags, argv):
87 return pamh.PAM_SUCCESS
89 def pam_sm_acct_mgmt(pamh, flags, argv):
90 return pamh.PAM_SUCCESS
92 def pam_sm_open_session(pamh, flags, argv):
93 return pamh.PAM_SUCCESS
95 def pam_sm_close_session(pamh, flags, argv):
96 return pamh.PAM_SUCCESS
98 def pam_sm_chauthtok(pamh, flags, argv):
99 return pamh.PAM_SUCCESS