Начало Каталог Помощ
Вход
SoftwareDesign
/
csu3_am335x
8
0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
Клон: master
Клонове Маркери
csu3_am335x
/
EVSE
/
GPL
/
openvpn-2.4.9
/
sample
/
sample-scripts
/
auth-pam.pl

auth-pam.pl 2.4 KB
Постоянна връзка История Директен файл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. #!/usr/bin/perl -t
    2. 

  2. 

  3. # OpenVPN PAM AUTHENTICATON
    4. 

  4. #   This script can be used to add PAM-based authentication
    5. 

  5. #   to OpenVPN 2.0.  The OpenVPN client must provide
    6. 

  6. #   a username/password, using the --auth-user-pass directive.
    7. 

  7. #   The OpenVPN server should specify --auth-user-pass-verify
    8. 

  8. #   with this script as the argument and the 'via-file' method
    9. 

  9. #   specified.  The server can also optionally specify
    10. 

  10. #   --client-cert-not-required and/or --username-as-common-name.
    11. 

  11. 

  12. # SCRIPT OPERATION
    13. 

  13. #   Return success or failure status based on whether or not a
    14. 

  14. #   given username/password authenticates using PAM.
    15. 

  15. #   Caller should write username/password as two lines in a file
    16. 

  16. #   which is passed to this script as a command line argument.
    17. 

  17. 

  18. # CAVEATS
    19. 

  19. #   * Requires Authen::PAM module, which may also
    20. 

  20. #     require the pam-devel package.
    21. 

  21. #   * May need to be run as root in order to
    22. 

  22. #     access username/password file.
    23. 

  23. 

  24. # NOTES
    25. 

  25. #   * This script is provided mostly as a demonstration of the
    26. 

  26. #     --auth-user-pass-verify script capability in OpenVPN.
    27. 

  27. #     For real world usage, see the auth-pam module in the plugin
    28. 

  28. #     folder.
    29. 

  29. 

  30. use Authen::PAM;
    31. 

  31. use POSIX;
    32. 

  32. 

  33. # This "conversation function" will pass
    34. 

  34. # $password to PAM when it asks for it.
    35. 

  35. 

  36. sub my_conv_func {
    37. 

  37.     my @res;
    38. 

  38.     while ( @_ ) {
    39. 

  39.         my $code = shift;
    40. 

  40.         my $msg = shift;
    41. 

  41.         my $ans = "";
    42. 

  42. 

  43.         $ans = $password if $msg =~ /[Pp]assword/;
    44. 

  44. 

  45.         push @res, (PAM_SUCCESS(),$ans);
    46. 

  46.     }
    47. 

  47.     push @res, PAM_SUCCESS();
    48. 

  48.     return @res;
    49. 

  49. }
    50. 

  50. 

  51. # Identify service type to PAM
    52. 

  52. $service = "login";
    53. 

  53. 

  54. # Get username/password from file
    55. 

  55. 

  56. if ($ARG = shift @ARGV) {
    57. 

  57.     if (!open (UPFILE, "<$ARG")) {
    58. 

  58. 	print "Could not open username/password file: $ARG\n";
    59. 

  59. 	exit 1;
    60. 

  60.     }
    61. 

  61. } else {
    62. 

  62.     print "No username/password file specified on command line\n";
    63. 

  63.     exit 1;
    64. 

  64. }
    65. 

  65. 

  66. $username = <UPFILE>;
    67. 

  67. $password = <UPFILE>;
    68. 

  68. 

  69. if (!$username || !$password) {
    70. 

  70.     print "Username/password not found in file: $ARG\n";
    71. 

  71.     exit 1;
    72. 

  72. }
    73. 

  73. 

  74. chomp $username;
    75. 

  75. chomp $password;
    76. 

  76. 

  77. close (UPFILE);
    78. 

  78. 

  79. # Initialize PAM object
    80. 

  80. 

  81. if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) {
    82. 

  82.     print "Authen::PAM init failed\n";
    83. 

  83.     exit 1;
    84. 

  84. }
    85. 

  85. 

  86. # Authenticate with PAM
    87. 

  87. 

  88. $res = $pamh->pam_authenticate;
    89. 

  89. 

  90. # Return success or failure
    91. 

  91. 

  92. if ($res == PAM_SUCCESS()) {
    93. 

  93.     exit 0;
    94. 

  94. } else {
    95. 

  95.     print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n";
    96. 

  96.     exit 1;
    97. 

  97. }
    98.