summaryrefslogtreecommitdiff
path: root/sample-scripts/auth-pam.pl
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2012-11-05 16:28:09 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2012-11-05 16:28:09 +0100
commit8dd0350e1607aa30f7a043c8d5ec7a7eeb874115 (patch)
tree566d0620eb693320cb121dfd93a5675fa704a30b /sample-scripts/auth-pam.pl
parent349cfa7acb95abe865209a28e417ec74b56f9bba (diff)
Imported Upstream version 2.3_rc1
Diffstat (limited to 'sample-scripts/auth-pam.pl')
-rwxr-xr-xsample-scripts/auth-pam.pl97
1 files changed, 0 insertions, 97 deletions
diff --git a/sample-scripts/auth-pam.pl b/sample-scripts/auth-pam.pl
deleted file mode 100755
index 5333bad..0000000
--- a/sample-scripts/auth-pam.pl
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/perl -t
-
-# OpenVPN PAM AUTHENTICATON
-# This script can be used to add PAM-based authentication
-# to OpenVPN 2.0. The OpenVPN client must provide
-# a username/password, using the --auth-user-pass directive.
-# The OpenVPN server should specify --auth-user-pass-verify
-# with this script as the argument and the 'via-file' method
-# specified. The server can also optionally specify
-# --client-cert-not-required and/or --username-as-common-name.
-
-# SCRIPT OPERATION
-# Return success or failure status based on whether or not a
-# given username/password authenticates using PAM.
-# Caller should write username/password as two lines in a file
-# which is passed to this script as a command line argument.
-
-# CAVEATS
-# * Requires Authen::PAM module, which may also
-# require the pam-devel package.
-# * May need to be run as root in order to
-# access username/password file.
-
-# NOTES
-# * This script is provided mostly as a demonstration of the
-# --auth-user-pass-verify script capability in OpenVPN.
-# For real world usage, see the auth-pam module in the plugin
-# folder.
-
-use Authen::PAM;
-use POSIX;
-
-# This "conversation function" will pass
-# $password to PAM when it asks for it.
-
-sub my_conv_func {
- my @res;
- while ( @_ ) {
- my $code = shift;
- my $msg = shift;
- my $ans = "";
-
- $ans = $password if $msg =~ /[Pp]assword/;
-
- push @res, (PAM_SUCCESS(),$ans);
- }
- push @res, PAM_SUCCESS();
- return @res;
-}
-
-# Identify service type to PAM
-$service = "login";
-
-# Get username/password from file
-
-if ($ARG = shift @ARGV) {
- if (!open (UPFILE, "<$ARG")) {
- print "Could not open username/password file: $ARG\n";
- exit 1;
- }
-} else {
- print "No username/password file specified on command line\n";
- exit 1;
-}
-
-$username = <UPFILE>;
-$password = <UPFILE>;
-
-if (!$username || !$password) {
- print "Username/password not found in file: $ARG\n";
- exit 1;
-}
-
-chomp $username;
-chomp $password;
-
-close (UPFILE);
-
-# Initialize PAM object
-
-if (!ref($pamh = new Authen::PAM($service, $username, \&my_conv_func))) {
- print "Authen::PAM init failed\n";
- exit 1;
-}
-
-# Authenticate with PAM
-
-$res = $pamh->pam_authenticate;
-
-# Return success or failure
-
-if ($res == PAM_SUCCESS()) {
- exit 0;
-} else {
- print "Auth '$username' failed, PAM said: ", $pamh->pam_strerror($res), "\n";
- exit 1;
-}