diff options
author | Sam Chudnick <sam@chudnick.com> | 2022-06-30 04:25:26 -0400 |
---|---|---|
committer | Sam Chudnick <sam@chudnick.com> | 2022-06-30 04:25:26 -0400 |
commit | 01c24eb1f6f6a54bb780940c7665acd280b42aaf (patch) | |
tree | 75403dc126da5aac507985608148b59a4f5c0484 /pam | |
parent | 570d0da295f3e2fcd7b8c80ae2e6c42fc365abdd (diff) |
Added support for TOTP
Added TOTP as an MFA option. Also made a couple of of minor changes.
Changed all database connections to use with statement. Read some
options from a config file.
Diffstat (limited to 'pam')
-rwxr-xr-x | pam/pam.py | 24 |
1 files changed, 19 insertions, 5 deletions
@@ -22,6 +22,11 @@ def parse_arguments(): | |||
22 | parser = argparse.ArgumentParser() | 22 | parser = argparse.ArgumentParser() |
23 | parser.add_argument("--user",type=str,help="PAM username",required=True) | 23 | parser.add_argument("--user",type=str,help="PAM username",required=True) |
24 | parser.add_argument("--service",type=str,help="PAM service",required=True) | 24 | parser.add_argument("--service",type=str,help="PAM service",required=True) |
25 | parser.add_argument("--host",type=str,help="PAM hostname") | ||
26 | parser.add_argument("--config",type=str,help="Path to config file",\ | ||
27 | default="/etc/mfa/mfa.conf") | ||
28 | parser.add_argument("--server",type=str,help="MFA server address") | ||
29 | parser.add_argument("--port",type=str,help="MFA server PAM connection port") | ||
25 | return parser.parse_args() | 30 | return parser.parse_args() |
26 | 31 | ||
27 | def init_connection(mfa_server, pam_port): | 32 | def init_connection(mfa_server, pam_port): |
@@ -43,7 +48,7 @@ def init_connection(mfa_server, pam_port): | |||
43 | return None | 48 | return None |
44 | 49 | ||
45 | 50 | ||
46 | def read_config(config_file="/etc/mfa/mfa.conf"): | 51 | def read_config(config_file): |
47 | # Read config file for server and port info | 52 | # Read config file for server and port info |
48 | # Return tuple (server,port) | 53 | # Return tuple (server,port) |
49 | server = "" | 54 | server = "" |
@@ -68,10 +73,19 @@ def main(): | |||
68 | service = args.service | 73 | service = args.service |
69 | 74 | ||
70 | # Compile data to send to server | 75 | # Compile data to send to server |
71 | mfa_server, pam_port = read_config() | 76 | # Read server and port from config file but allow command line options |
72 | hostname = None | 77 | # to override those settings |
73 | with open("/etc/hostname") as f: | 78 | mfa_server, pam_port = read_config(args.config) |
74 | hostname = f.read().strip() | 79 | if args.server != None: |
80 | mfa_server = args.server | ||
81 | if args.port != None: | ||
82 | pam_port = args.port | ||
83 | # Get hostname if not given on command line | ||
84 | if args.host == None: | ||
85 | with open("/etc/hostname") as f: | ||
86 | hostname = f.read().strip() | ||
87 | else: | ||
88 | hostname = args.host | ||
75 | data = user + "," + hostname + "," + service | 89 | data = user + "," + hostname + "," + service |
76 | 90 | ||
77 | 91 | ||