"Fossies" - the Fresh Open Source Software Archive

Member "openvpn-2.4.7/sample/sample-scripts/auth-pam.pl" (20 Feb 2019, 2408 Bytes) of package /linux/misc/openvpn-2.4.7.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Perl source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "auth-pam.pl" see the Fossies "Dox" file reference documentation.

    1 #!/usr/bin/perl -t
    2 
    3 # OpenVPN PAM AUTHENTICATON
    4 #   This script can be used to add PAM-based authentication
    5 #   to OpenVPN 2.0.  The OpenVPN client must provide
    6 #   a username/password, using the --auth-user-pass directive.
    7 #   The OpenVPN server should specify --auth-user-pass-verify
    8 #   with this script as the argument and the 'via-file' method
    9 #   specified.  The server can also optionally specify
   10 #   --client-cert-not-required and/or --username-as-common-name.
   11 
   12 # SCRIPT OPERATION
   13 #   Return success or failure status based on whether or not a
   14 #   given username/password authenticates using PAM.
   15 #   Caller should write username/password as two lines in a file
   16 #   which is passed to this script as a command line argument.
   17 
   18 # CAVEATS
   19 #   * Requires Authen::PAM module, which may also
   20 #     require the pam-devel package.
   21 #   * May need to be run as root in order to
   22 #     access username/password file.
   23 
   24 # NOTES
   25 #   * This script is provided mostly as a demonstration of the
   26 #     --auth-user-pass-verify script capability in OpenVPN.
   27 #     For real world usage, see the auth-pam module in the plugin
   28 #     folder.
   29 
   30 use Authen::PAM;
   31 use POSIX;
   32 
   33 # This "conversation function" will pass
   34 # $password to PAM when it asks for it.
   35 
   36 sub my_conv_func {
   37     my @res;
   38     while ( @_ ) {
   39         my $code = shift;
   40         my $msg = shift;
   41         my $ans = "";
   42 
   43         $ans = $password if $msg =~ /[Pp]assword/;
   44 
   45         push @res, (PAM_SUCCESS(),$ans);
   46     }
   47     push @res, PAM_SUCCESS();
   48     return @res;
   49 }
   50 
   51 # Identify service type to PAM
   52 $service = "login";
   53 
   54 # Get username/password from file
   55 
   56 if ($ARG = shift @ARGV) {
   57     if (!open (UPFILE, "<$ARG")) {
   58     print "Could not open username/password file: $ARG\n";
   59     exit 1;
   60     }
   61 } else {
   62     print "No username/password file specified on command line\n";
   63     exit 1;
   64 }
   65 
   66 $username = <UPFILE>;
   67 $password = <UPFILE>;
   68 
   69 if (!$username || !$password) {
   70     print "Username/password not found in file: $ARG\n";
   71     exit 1;
   72 }
   73 
   74 chomp $username;
   75 chomp $password;
   76 
   77 close (UPFILE);
   78 
   79 # Initialize PAM object
   80 
   81 if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) {
   82     print "Authen::PAM init failed\n";
   83     exit 1;
   84 }
   85 
   86 # Authenticate with PAM
   87 
   88 $res = $pamh->pam_authenticate;
   89 
   90 # Return success or failure
   91 
   92 if ($res == PAM_SUCCESS()) {
   93     exit 0;
   94 } else {
   95     print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n";
   96     exit 1;
   97 }