summaryrefslogtreecommitdiff
path: root/pam
diff options
context:
space:
mode:
authorSam Chudnick <sam@chudnick.com>2022-06-30 04:25:26 -0400
committerSam Chudnick <sam@chudnick.com>2022-06-30 04:25:26 -0400
commit01c24eb1f6f6a54bb780940c7665acd280b42aaf (patch)
tree75403dc126da5aac507985608148b59a4f5c0484 /pam
parent570d0da295f3e2fcd7b8c80ae2e6c42fc365abdd (diff)
Added support for TOTP
Added TOTP as an MFA option. Also made a couple of of minor changes. Changed all database connections to use with statement. Read some options from a config file.
Diffstat (limited to 'pam')
-rwxr-xr-xpam/pam.py24
1 files changed, 19 insertions, 5 deletions
diff --git a/pam/pam.py b/pam/pam.py
index 28450ee..5a2fee8 100755
--- a/pam/pam.py
+++ b/pam/pam.py
@@ -22,6 +22,11 @@ def parse_arguments():
22 parser = argparse.ArgumentParser() 22 parser = argparse.ArgumentParser()
23 parser.add_argument("--user",type=str,help="PAM username",required=True) 23 parser.add_argument("--user",type=str,help="PAM username",required=True)
24 parser.add_argument("--service",type=str,help="PAM service",required=True) 24 parser.add_argument("--service",type=str,help="PAM service",required=True)
25 parser.add_argument("--host",type=str,help="PAM hostname")
26 parser.add_argument("--config",type=str,help="Path to config file",\
27 default="/etc/mfa/mfa.conf")
28 parser.add_argument("--server",type=str,help="MFA server address")
29 parser.add_argument("--port",type=str,help="MFA server PAM connection port")
25 return parser.parse_args() 30 return parser.parse_args()
26 31
27def init_connection(mfa_server, pam_port): 32def init_connection(mfa_server, pam_port):
@@ -43,7 +48,7 @@ def init_connection(mfa_server, pam_port):
43 return None 48 return None
44 49
45 50
46def read_config(config_file="/etc/mfa/mfa.conf"): 51def read_config(config_file):
47 # Read config file for server and port info 52 # Read config file for server and port info
48 # Return tuple (server,port) 53 # Return tuple (server,port)
49 server = "" 54 server = ""
@@ -68,10 +73,19 @@ def main():
68 service = args.service 73 service = args.service
69 74
70 # Compile data to send to server 75 # Compile data to send to server
71 mfa_server, pam_port = read_config() 76 # Read server and port from config file but allow command line options
72 hostname = None 77 # to override those settings
73 with open("/etc/hostname") as f: 78 mfa_server, pam_port = read_config(args.config)
74 hostname = f.read().strip() 79 if args.server != None:
80 mfa_server = args.server
81 if args.port != None:
82 pam_port = args.port
83 # Get hostname if not given on command line
84 if args.host == None:
85 with open("/etc/hostname") as f:
86 hostname = f.read().strip()
87 else:
88 hostname = args.host
75 data = user + "," + hostname + "," + service 89 data = user + "," + hostname + "," + service
76 90
77 91