Pam |
您所在的位置:网站首页 › pam认证 › Pam |
|
# -*- coding: utf-8 -*-
import random, string, hashlib, requests import urllib,urllib2 import pwd, syslog
class SMSOperation: """短信发送接口""" def__init__(self, pin, phone_num): self.pin = pin self.phone_num = phone_num self.url = "短信服务地址" self.params = {"account":"短信服务用户名","pswd":"短信服务密码", "msg":"One Time Pin:"+str(pin),"mobile":str(phone_num), "needstatus":"false","extno":""}
defparse_number(self): """设置用户手机号参数""" try: self.params['mobile'] =self.phone_num return 1 except: auth_log("Invalidphone number %s. Please check." % (user))
defsend_text(self,pamh): """发送请求""" try: self.parse_number() except: auth_log("Invalidphone number %s. Please check." % (user)) #msg = pamh.Message(pamh.PAM_ERROR_MSG,"The params are : (%s)"% (self.params)) #pamh.conversation(msg) resp = requests.post(self.url, data=self.params) temp =resp.content.split(',')[1] if(temp!=0): auth_log("Message cannot be sentto (%s), please check." %(self.phone_num) )
def auth_log(msg): """保存日志到/var/log/messages""" syslog.openlog(facility=syslog.LOG_AUTH) syslog.syslog("MultiFactors Authentication: " + msg) syslog.closelog()
def get_hash(plain_text): """获取短信验证码的sha512字符串,与用户输入的验证码进行校验""" key_hash = hashlib.sha512() key_hash.update(plain_text)
return key_hash.digest()
def get_user_number(user): """获取用户手机号码""" try: comments = pwd.getpwnam(user).pw_gecos except: auth_log("No local user (%s) found." % user) return -1
try: return comments.split(',')[2] # 返回用户手机号 except: auth_log("Invalid comment block for user %s. Phone number must belisted as Office Phone" % (user)) return -1
def gen_key(pamh, user, user_number, length): """生成短信验证码并发送到用户手机""" pin= ''.join(random.choice(string.digits) for i in range(length)) msg= pamh.Message(pamh.PAM_ERROR_MSG, "The pin is: (%s)" % (pin)) # 登陆界面输出验证码,测试目的,实际使用中注释掉即可 pamh.conversation(msg) sms= SMSOperation(pin, user_number) try: sms.send_text(pamh) except: if not user_number: auth_log("No phonenumber listed for user (%s)." % (user)) else: auth_log("Errorsending PIN to the given SMS number. (%s)" % (user_number)) return -1
return get_hash(pin)
def pam_sm_authenticate(pamh, flags, argv): PIN_LENGTH = 6 # 短信验证码长度 try: user = pamh.get_user() user_number = get_user_number(user) except pamh.exception, e: return e.pam_result
ifuser is None or user_number == -1: msg = pamh.Message(pamh.PAM_ERROR_MSG,"[1]Unable to get user's phone number.\nPlease check.") pamh.conversation(msg) return pamh.PAM_ABORT
pin= gen_key(pamh, user, user_number, PIN_LENGTH) ifpin == -1: msg = pamh.Message(pamh.PAM_ERROR_MSG, "[2]One time PIN could notbe generated.\nPlease check (%s)" % (user_number)) pamh.conversation(msg) return pamh.PAM_ABORT
forattempt in range(0,3): # 仅允许三次错误尝试 msg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Enter one time PIN:") resp = pamh.conversation(msg)
if get_hash(resp.resp) == pin: #用户输入与生成的验证码进行校验 return pamh.PAM_SUCCESS else: continue return pamh.PAM_AUTH_ERR
def pam_sm_setcred(pamh, flags, argv): return pamh.PAM_SUCCESS
def pam_sm_acct_mgmt(pamh, flags, argv): return pamh.PAM_SUCCESS
def pam_sm_open_session(pamh, flags, argv): return pamh.PAM_SUCCESS
def pam_sm_close_session(pamh, flags, argv): return pamh.PAM_SUCCESS
def pam_sm_chauthtok(pamh, flags, argv): return pamh.PAM_SUCCESS |
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |