-
Notifications
You must be signed in to change notification settings - Fork 3
/
keystone-auth.py
executable file
·68 lines (59 loc) · 2.07 KB
/
keystone-auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#
# Authenticate against OpenStack Keystone
#
import syslog, os, traceback, sys
import urllib2, json,hashlib
import memcache
def pam_sm_authenticate(pamh, flags, argv):
try:
pamh.user
pamh.authtok
if pamh.authtok == None:
passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Keystone password")
rsp = pamh.conversation(passmsg)
pamh.authtok = rsp.resp
try:
mu = hashlib.sha1()
mu.update(pamh.user)
mp = hashlib.sha1()
mp.update(pamh.authtok)
mc = memcache.Client([('127.0.0.1',11211)])
v = mc.get("%s-%s" % (mu.hexdigest(),mp.hexdigest()))
if v != None:
return pamh.PAM_SUCCESS
import json, urllib2
val = {
"auth": {
"passwordCredentials": {
"password": pamh.authtok,
"username": pamh.user
}
}
}
req = urllib2.Request('https://keystone.sandvine.rocks/v2.0/tokens')
req.add_header('Content-Type', 'application/json')
try:
response = urllib2.urlopen(req, json.dumps(val))
if (response.getcode() == 200):
mc.set("%s-%s" % (mu.hexdigest(),mp.hexdigest()),"true", 900)
syslog.syslog("pam-keystone: user %s login" % pamh.user)
return pamh.PAM_SUCCESS
except:
# Don't want this error, its the 401
pass
except:
syslog.syslog("pam keystone fail for %s (%s)" % (pamh.user, traceback.format_exc()))
pass
except:
syslog.syslog("Unhandled exception %s " % traceback.format_exc())
return pamh.PAM_AUTH_ERR
def pam_sm_setcred(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_acct_mgmt(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_open_session(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_close_session(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_chauthtok(pamh, flags, argv):
return pamh.PAM_SUCCESS