view release on metacpan or  search on metacpan

SimplePam.pm  view on Meta::CPAN

  return 0
    unless ref($pam);

  $pam_result = $pam->pam_chauthtok();

  $self->{_pam_result} = $pam_result;

  print "DEBUG: RESULT is $pam_result\n" if $DEBUG;

  $self->{_module_result} =  _pam2result($pam_result);
  return $self->{_module_result};
}

sub result2string {
  my ($self, $result) = @_;
  $result = $self->{_module_result}
    unless (defined ($result));

  if    ( $result == 0  ) { return "Authen::PAM error"                       }
  elsif ( $result == 1  ) { return "success"                                 }
  elsif ( $result == 2  ) { return "failure"                                 }
  elsif ( $result == 3  ) { return "insuficient credentials"                 }
  elsif ( $result == 4  ) { return "authentication information unavailable"  }
  elsif ( $result == 5  ) { return "user unknown"                            }
  elsif ( $result == 6  ) { return "maximum tries"                           }
  elsif ( $result == 7  ) { return "unknown error"                           }
  elsif ( $result == 8  ) { return "authentication error"                    }
  elsif ( $result == 9  ) { return "authentication information cannot be recovered" }
  elsif ( $result == 10 ) { return "authentication locked busy"              }
  elsif ( $result == 11 ) { return "authentication aging disable"            }
  elsif ( $result == 12 ) { return "permission denied"                       }
  elsif ( $result == 13 ) { return "try again"                               }
  elsif ( $result == 14 ) { return "dlopen error"                            }
  elsif ( $result == 15 ) { return "symbol not found"                        }
  elsif ( $result == 16 ) { return "memory buffer error"                     }
  elsif ( $result == 17 ) { return "the password should be changed"          }
  elsif ( $result == 18 ) { return "user account has expired"                }
  elsif ( $result == 19 ) { return "cannot make/remove an entry for the specified session" }
  elsif ( $result == 20 ) { return "cannot retrieve users credentials"       }
  elsif ( $result == 21 ) { return "user credentials expired"                }
  elsif ( $result == 22 ) { return "no pam module specific data is present"  }
  elsif ( $result == 23 ) { return "conversation error"                      }
  elsif ( $result == 24 ) { return "ignore underlying account module"        }
  elsif ( $result == 25 ) { return "critical error"                          }
  elsif ( $result == 26 ) { return "user authentication has expired"         }
  elsif ( $result == 27 ) { return "pam module is unknown"                   }
  elsif ( $result == 28 ) { return "bad item passed to pam"                  }
  elsif ( $result == 29 ) { return "conversation function is event driven and data is not available yet" }
  elsif ( $result == 30 ) { return "call this function again to complete authentication stack"           }
  elsif ( $result == 31 ) { return "error in service module"                 }
  elsif ( $result == 32 ) { return "system error"                            }
  elsif ( $result == 33 ) { return "failure setting user credential"         }
  else                    { return "invalid result number: $result"          }
}


#returns the EUID that is running this module
sub _get_username {
  #we use the EFECTIVE USER ID (EUID),
  #not the REAL USER ID ( UID )
  my $name = getpwuid($<);
  return $name;
}

#checks the meaning os a message
#Returns the state of a message:
#undef means a unknown message.
#0: old password
#1: new password (1st time)
#2: new password (2nsd time)
sub _check_msg {
  my ($message) = @_;

  unless (defined ($PAM_MESSAGES->{$message})) {
    warn __PACKAGE__ . " warning!\n";
    warn "Unclassified message: '$message' .\n";
    warn "Please contact the author at <raul\@dias.com.br> in order to improve SimplePam.\n";
    warn "Version used: $VERSION .\n";
    return undef;
  }
  return $PAM_MESSAGES->{$message};
}


#Converts a error message to its code.
sub _check_error_msg {
  my ($message) = @_;

  $message =~ s/^BAD PASSWORD: //;

  unless (defined ($PAM_ERROR_MESSAGES->{$message})) {
    warn __PACKAGE__ . " warning!\n";
    warn "Unclassified error message: '$message' .\n";
    warn "Please contact the author at <raul\@dias.com.br> in order to improve this module.\n";
    warn "Version used: $VERSION .\n";
    return undef;
  }
  return $PAM_ERROR_MESSAGES->{$message};
}


#converts pam result codes to
#our own result codes
#(source is _pam_types.h)
#attention, some PAM constants are commented out, because
#they are not present in Authen::PAM module
#latest tested version: 0.11

sub _pam2result {
  my ($pam_result) = @_;
  my $result;

  if    ($pam_result == PAM_SUCCESS              ) { $result = 1; }
  elsif ($pam_result == PAM_AUTH_ERR             ) { $result = 2; }
  elsif ($pam_result == PAM_CRED_INSUFFICIENT    ) { $result = 3; }
  elsif ($pam_result == PAM_AUTHINFO_UNAVAIL     ) { $result = 4; }
  elsif ($pam_result == PAM_USER_UNKNOWN         ) { $result = 5; }
  elsif ($pam_result == PAM_MAXTRIES             ) { $result = 6; }
  elsif ($pam_result == PAM_AUTHTOK_ERR          ) { $result = 8; }
  elsif ($pam_result == _PAM_AUTHTOK_RECOVER_ERR  ) { $result = 9; }
  elsif ($pam_result == PAM_AUTHTOK_LOCK_BUSY    ) { $result = 10;}