add PAM support

diff --git a/calypso/acl/pam.py b/calypso/acl/pam.py
new file mode 100644 (file)
index 0000000..01e063c
--- /dev/null
+++ b/calypso/acl/pam.py
@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Calypso Server - Calendar Server
+# Copyright © 2013 Joseph Nahmias
+#
+# This library is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Calypso.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+PAM authentication
+
+Use Pluggable Authentication Modules (PAM) system on Linux
+for checking users/passwords.
+
+"""
+
+import logging
+import PAM
+
+from calypso import config
+
+LOG = logging.getLogger()
+SVC = config.get("acl", "pam_service")
+PERSONAL = config.getboolean("acl", "personal")
+
+def has_right(owner, user, password):
+    """Check if ``user``/``password`` couple is valid."""
+    LOG.debug("owner %s user %s", owner, user)
+    if owner and owner != user and PERSONAL:
+        return False
+    def pam_conv(auth, query_list, userData):
+        result = []
+        result.append((password, 0))
+        return result
+    try:
+        auth = PAM.pam()
+        auth.start(SVC)
+        auth.set_item(PAM.PAM_USER, user)
+        auth.set_item(PAM.PAM_CONV, pam_conv)
+        auth.authenticate()
+        auth.acct_mgmt()
+        return True
+    except PAM.error, resp:
+        LOG.debug('PAM error: %s', resp)
+    return False
+
+# vi: set ts=4 sw=4 et si :

diff --git a/calypso/config.py b/calypso/config.py
index ddabe715902f34b71dc9e5d7b8f79ba14077efca..bf28cb92cb0fcf376c104ec8d0dceb731ceaea2d 100644 (file)
--- a/calypso/config.py
+++ b/calypso/config.py
@@ -54,7 +54,9 @@ INITIAL_CONFIG = {
         "type": "fake",
         "personal": "False",
         "filename": "/etc/calypso/users",
-        "encryption": "crypt"},
+        "encryption": "crypt",
+        "pam_service": "passwd",
+    },
     "storage": {
         "folder": os.path.expanduser("~/.config/calypso/calendars")}}
 

diff --git a/config b/config
index 9018ca08f34272b9cd195be7081ab9bf6a543d40..0c96ddf085788e494202a2033ba4c386d5f0ddae 100644 (file)
--- a/config
+++ b/config
@@ -29,7 +29,7 @@ stock = utf-8
 
 [acl]
 # Access method
-# Value: fake | htpasswd
+# Value: fake | htpasswd | pam
 type = fake
 # Personal calendars only available for logged in users (if needed)
 personal = False
@@ -38,6 +38,8 @@ filename = /etc/calypso/users
 # Htpasswd encryption method (if needed)
 # Value: plain | sha1 | crypt
 encryption = crypt
+# PAM service to use for authentication
+# pam_service = passwd
 
 [storage]
 # Folder for storing local calendars,