From 77af35ade388ab08dbd0620c15dcccda894ca2bb Mon Sep 17 00:00:00 2001
From: Aurélien Bompard <aurelien@bompard.org>
Date: Sep 23 2021 15:36:04 +0000
Subject: Modernize the PAM login module


Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

---

diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py
index 9ebee9d..1ab8615 100644
--- a/ipsilon/login/authpam.py
+++ b/ipsilon/login/authpam.py
@@ -6,49 +6,33 @@ from ipsilon.util.plugin import PluginObject
 from ipsilon.util import config as pconfig
 import pam
 import subprocess
-if 'pam' in dir(pam):
-    # Try to use newer API
-    pam_authenticate = pam.pam().authenticate  # pylint: disable=no-member
-elif 'authenticate' in dir(pam):
-    # This is an older, but supported, version
-    pam_authenticate = pam.authenticate  # pylint: disable=no-member
-else:
-    # We have never seen this version, let's abort early
-    raise ImportError('Python-PAM API unsupported')
 
 
 class Pam(LoginFormBase):
 
-    def _authenticate(self, username, password):
-        if self.lm.service_name:
-            ok = pam_authenticate(username, password, self.lm.service_name)
-        else:
-            ok = pam_authenticate(username, password)
-
-        if ok:
-            self.log("User %s successfully authenticated." % username)
-            return username
-
-        self.log("User %s failed authentication." % username)
-        return None
-
     def POST(self, *args, **kwargs):
         username = kwargs.get("login_name")
         password = kwargs.get("login_password")
         password += kwargs.get("login_otp", "")
-        user = None
         error = None
 
         if username and password:
-            user = self._authenticate(username, password)
-            if user:
-                return self.lm.auth_successful(self.trans, user, 'password')
+            pam_auth = pam.pam()
+            result = pam_auth.authenticate(
+                username, password, service=self.lm.service_name
+            )
+            if result:
+                self.log("User %s successfully authenticated." % username)
+                return self.lm.auth_successful(
+                    self.trans, username, 'password'
+                )
             else:
-                error = "Authentication failed"
-                self.error(error)
+                error = pam_auth.reason
+                self.error("Error %s: %s" % (pam_auth.code, error))
+                return self.lm.auth_failed(self.trans, error)
         else:
             error = "Username or password is missing"
-            self.error("Error: " + error)
+            self.error("Error: %s" % error)
 
         context = self.create_tmpl_context(
             username=username,