diff options
| author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2012-11-05 16:28:09 +0100 |
|---|---|---|
| committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2012-11-05 16:28:09 +0100 |
| commit | 8dd0350e1607aa30f7a043c8d5ec7a7eeb874115 (patch) | |
| tree | 566d0620eb693320cb121dfd93a5675fa704a30b /sample-scripts/auth-pam.pl | |
| parent | 349cfa7acb95abe865209a28e417ec74b56f9bba (diff) | |
Imported Upstream version 2.3_rc1
Diffstat (limited to 'sample-scripts/auth-pam.pl')
| -rwxr-xr-x | sample-scripts/auth-pam.pl | 97 |
1 files changed, 0 insertions, 97 deletions
diff --git a/sample-scripts/auth-pam.pl b/sample-scripts/auth-pam.pl deleted file mode 100755 index 5333bad..0000000 --- a/sample-scripts/auth-pam.pl +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl -t - -# OpenVPN PAM AUTHENTICATON -# This script can be used to add PAM-based authentication -# to OpenVPN 2.0. The OpenVPN client must provide -# a username/password, using the --auth-user-pass directive. -# The OpenVPN server should specify --auth-user-pass-verify -# with this script as the argument and the 'via-file' method -# specified. The server can also optionally specify -# --client-cert-not-required and/or --username-as-common-name. - -# SCRIPT OPERATION -# Return success or failure status based on whether or not a -# given username/password authenticates using PAM. -# Caller should write username/password as two lines in a file -# which is passed to this script as a command line argument. - -# CAVEATS -# * Requires Authen::PAM module, which may also -# require the pam-devel package. -# * May need to be run as root in order to -# access username/password file. - -# NOTES -# * This script is provided mostly as a demonstration of the -# --auth-user-pass-verify script capability in OpenVPN. -# For real world usage, see the auth-pam module in the plugin -# folder. - -use Authen::PAM; -use POSIX; - -# This "conversation function" will pass -# $password to PAM when it asks for it. - -sub my_conv_func { - my @res; - while ( @_ ) { - my $code = shift; - my $msg = shift; - my $ans = ""; - - $ans = $password if $msg =~ /[Pp]assword/; - - push @res, (PAM_SUCCESS(),$ans); - } - push @res, PAM_SUCCESS(); - return @res; -} - -# Identify service type to PAM -$service = "login"; - -# Get username/password from file - -if ($ARG = shift @ARGV) { - if (!open (UPFILE, "<$ARG")) { - print "Could not open username/password file: $ARG\n"; - exit 1; - } -} else { - print "No username/password file specified on command line\n"; - exit 1; -} - -$username = <UPFILE>; -$password = <UPFILE>; - -if (!$username || !$password) { - print "Username/password not found in file: $ARG\n"; - exit 1; -} - -chomp $username; -chomp $password; - -close (UPFILE); - -# Initialize PAM object - -if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) { - print "Authen::PAM init failed\n"; - exit 1; -} - -# Authenticate with PAM - -$res = $pamh->pam_authenticate; - -# Return success or failure - -if ($res == PAM_SUCCESS()) { - exit 0; -} else { - print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n"; - exit 1; -} |