Menu

#5 Is the project dead?

2.0
open
None
2024-05-28
2018-10-24
No

Hey Russel,

The project last commit is from 2016 and the last version is already throwing errors for quite some time (https://sourceforge.net/p/pam-python/tickets/1/)

So I wanted to know more about the project future, will it be updated and maintained?

Thanks in advance,
Eduardo

Discussion

1 2 > >> (Page 1 of 2)
  • Russell Stuart

    Russell Stuart - 2018-10-25

    I'm a Debian Developer, so I tend to do things on Debian's cycle. Debian is coming up for a release next year, so things will happen by then.

    The major thing is the port to Python 3. The major hold up is python-pam isn't available for Python 3, and python-pam is used for unit tests, and I'm anal about unit tests. So I either have to write it myself or find alternative. I have looked for an alternative, but haven't had much success so far.

     
  • Eduardo Barretto

    Thanks Russel for the update!

     
  • Anders Blomdell

    Anders Blomdell - 2019-08-29

    On Fedora python3-pam exists, and comes from:

    https://github.com/FirefighterBlu3/python-pam

    if I can be of any help, just say so...

     
    • Stefan Wolfsheimer

      That software package is for PAM clients only.
      While this one here can be used to implment pam modules as well.

       
      • Anders Blomdell

        Anders Blomdell - 2020-06-17

        Yes, the client code (python-pam) is needed for testing pam-python.

        Actually the naming is horrible

         
  • Kenji Noguchi

    Kenji Noguchi - 2019-10-02

    I'm working on porting this to py3. The 11 of 12 unit tests pass. "run_xauthdata" is the only test that is failing.

     
  • Russell Stuart

    Russell Stuart - 2019-10-02

    Wow. I'm impressed. What are you using to drive the pam client side from Python?

     
  • danielpops

    danielpops - 2019-12-20

    Bump! I'd like to use this in the context of a python3 world, especially given python2.7's impending EOL. I'm wondering if there is an active ongoing effort to bring this library up to speed for python3 and/or when one could expect that to happen. Thanks!

     
    😕
    1
  • Anders Blomdell

    Anders Blomdell - 2020-02-20

    Continued kenji's work in

    https://sourceforge.net/u/anders_blomdell/pam-python/ci/py3/tree/

    now the python tests pass, ctest fails to unload the python libraries which might indicate memory leaks somewhere in the code.

     
    👍
    1
  • Anders Blomdell

    Anders Blomdell - 2020-02-20

    ctest fails due to

      /usr/lib64/python3.7/lib-dynload/_heapq.cpython-37m-x86_64-linux-gnu.so
    

    being loaded by the call

        tracebackModule = PyImport_ImportModule("traceback");
    

    forcibly unloading at end of cleanup_pamHandle by:

    static int dl_walk_heapq(struct dl_phdr_info* info, size_t size, void* data)
    {
      if (strstr(info->dlpi_name, "/_heapq.cpython") != 0) {
        void *handle = dlopen(info->dlpi_name, RTLD_NOW|RTLD_NOLOAD);
        if (handle) {
          while(dlclose(handle) == 0) { }
        }
      }
      return 0;
    }
    ...  
      dl_iterate_phdr(dl_walk_heapq, NULL);
      dlclose(dlhandle);
    }
    

    works, but is obviously not the correct cause of action...

     
  • Dan Fandrich

    Dan Fandrich - 2020-04-02

    FWIW, I tried the tree at https://sourceforge.net/u/anders_blomdell/pam-python/ci/f7a9e21bde726b8d68815d1e9572a0636d488a5c/tree/ with Python 3.8.2 and pam 1.3.1 on Linux x86_64 and it seems to work (it passes ctest, anyway). The install target doesn't work because it's missing the same glob in pam_python3.\*.so that the previous ln -s command has (it's missing in "cp build/lib.*/pam_python3.so $(DESTDIR)$(LIBDIR)). I couldn't find a PyPAM that works with Python 3 to try test.py but ctest passes, although I needed this patch or else "import test" would fail to find the file.

    --- test.py
    +++ test.py 2020-04-02 08:47:53.739533878 +0000
    @@ -34,8 +34,7 @@
    return test(pam_sm_chauthtok, pamh, flags, argv)

    def test(who, pamh, flags, argv):
    - import test
    - if not hasattr(test, "test_function"):# only true if not called via "main"
    + if not hasattr(globals(), "test_function"):# only true if not called via "main"
    return pamh.PAM_SUCCESS # normally happens only if run by ctest
    test_function = globals()[test.test_function.name]
    return test_function(test.test_results, who, pamh, flags, argv)

     
  • Dan Fandrich

    Dan Fandrich - 2020-04-02

    I used the Fedora PyPAM (thanks for sending that pointer OOB) and got some test failures. The first is a problem in the test harness itself:

    File "test.py", line 64, in assert_results
    assert len(expected_results) == len(results), (i, expected_results[len(results)])
    UnboundLocalError: local variable 'i' referenced before assignment

    This is because "results" was empty so the for loop never got a chance to set i.

    After working around that, I realized my patch in the previous comment was insufficient and changed it to:

    --- test.py
    +++ test.py     2020-04-02 10:15:05.069983210 +0000
    @@ -34,9 +34,9 @@
       return test(pam_sm_chauthtok, pamh, flags, argv)
    
     def test(who, pamh, flags, argv):
    -  import test
    -  if not hasattr(test, "test_function"):# only true if not called via "main"
    +  if 'test' not in sys.modules:# only true if not called via "main"
         return pamh.PAM_SUCCESS            # normally happens only if run by ctest
    +  import test
       test_function = globals()[test.test_function.__name__]
       return test_function(test.test_results, who, pamh, flags, argv)
    

    In trying to debug the failure (that caused results to be empty), I found that raising an exception in the PAM code (e.g., in test_basic_calls) would case a segfault:

    Testing basic_calls Traceback (most recent call last):
      File "./test.py", line 640, in <module>
        main(sys.argv)
      File "./test.py", line 620, in main
        run_test(run_basic_calls)
      File "./test.py", line 51, in run_test
        caller(test.test_results)
      File "./test.py", line 79, in run_basic_calls
        pam.authenticate(0)
    PAM.error: ('Error in service module', 3)
    
    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff70b95e0 in ?? ()
    (gdb) bt
    #0  0x00007ffff70b95e0 in ?? ()
    #1  0x00007ffff7b5ceac in collect.constprop () from /lib64/libpython3.8.so.1.0
    #2  0x00007ffff7c93b02 in _PyGC_CollectNoFail () from /lib64/libpython3.8.so.1.0
    #3  0x00007ffff7c9a74a in PyImport_Cleanup () from /lib64/libpython3.8.so.1.0
    #4  0x00007ffff7ca1e36 in Py_FinalizeEx () from /lib64/libpython3.8.so.1.0
    #5  0x00007ffff7ca312d in Py_RunMain () from /lib64/libpython3.8.so.1.0
    #6  0x00007ffff7ca3539 in Py_BytesMain () from /lib64/libpython3.8.so.1.0
    #7  0x00007ffff7e13d8b in __libc_start_main () from /lib64/libc.so.6
    #8  0x000000000040107a in _start ()
    

    After struggling some more, I discovered that the failure was because I was running the test with "python3 ./test.py"; running it as "python3 test.py" succeeds. Good grief. This patch fixes that:

    --- test.py
    +++ test.py     2020-04-02 10:15:05.069983210 +0000
    @@ -80,7 +82,7 @@
       pam.open_session()
       pam.close_session()
       del pam
    -  me = os.path.join(os.getcwd(), __file__)
    +  me = os.path.normpath(os.path.join(os.getcwd(), __file__))
       expected_results = [
           (pam_sm_authenticate.__name__, 0, [me]),
           (pam_sm_acct_mgmt.__name__, 0, [me, 'arg1', 'arg2']),
    

    I also got a deprecation warning on the xauthdata test:

    Testing xauthdata /home/dan/rpm/BUILD/pam-python-1.0.7/src/test.py:393: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
      xauthdata1 = pamh.xauthdata
    /home/dan/rpm/BUILD/pam-python-1.0.7/src/test.py:409: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
      xauthdata2 = pamh.xauthdata
    /home/dan/rpm/BUILD/pam-python-1.0.7/src/test.py:415: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats
      xauthdata4 = pamh.xauthdata
    OK
    

    But, at least I got the tests working!

     
    👍
    1
    • Russell Stuart

      Russell Stuart - 2020-04-02

      Well, colour me impressed. You've done what I thought was a huge job hard. I'll try to have a closer look this weekend.

       
  • Dan Fandrich

    Dan Fandrich - 2020-04-02

    It probably was a huge, hard job :-)

     
  • Russell Stuart

    Russell Stuart - 2020-04-05

    I'm just letting everybody know now the tests work, I've started intergrating all the changes for a new release.

     
    👍
    2
  • Rahul

    Rahul - 2020-08-20

    Hi all,

    I downloaded source from https://sourceforge.net/u/anders_blomdell/pam-python/ci/py3/tree/
    and build it using make and make install on CentOS8.1.

    I defined a pam_sm_authenticate() function in seperate python file and try to called it inside /etc/pam.d/sshd file :
    auth required /lib/security/pam-python3.so /home/test.py use_first_pass

    But in /var/log/secure i am getting the following error
    Aug 20 15:26:17 localhost /home/test.py[7911]: Can not open module: Permission denied

    and my test.py is just a simple file as follows-

    def pam_sm_authenticate(pamh, flags, argv):
    print("hello")
    return pamh.PAM_SUCCESS

    def pam_sm_setcred(pamh, flags, argv):
    return pamh.PAM_SUCCESS

    def pam_sm_acct_mgmt(pamh, flags, argv):
    return pamh.PAM_SUCCESS

    def pam_sm_open_session(pamh, flags, argv):
    return pamh.PAM_SUCCESS

    def pam_sm_close_session(pamh, flags, argv):
    return pamh.PAM_SUCCESS

    def pam_sm_chauthtok(pamh, flags, argv):
    return pamh.PAM_SUCCESS

    Please suggest how to resolve this. Any lead will be appreciated.

     

    Last edit: Rahul 2020-08-21
  • Raymond Bennett

    Raymond Bennett - 2020-10-22

    @rstuart any luck on merging python3 functionality?

    I am trying to get this to work on Clear Linux which is on python3.8. I know some stuff changed about how to embed python. I couldn't get it to work.

    I don't know if this is the right solution, but I found that in setup.py distutils.sysconfig.get_config_var('INSTSONAME') returned libpython3.8.a. When trying to dlopen this in pam_python.c I am getting an error that libpython3.8.a: invalid ELF Header.

    I was wondering if libpython3.8.a is what you are wanting to link to? So I tried compiling it and manually overriding it to 'libpython3.8.so' and now it works, but I am not sure if this is the correct thing to do?

     
    • Russell Stuart

      Russell Stuart - 2020-11-18

      @rstuart any luck on merging python3 functionality?

      Almost all of it is merged in 1.0.9. The only thing that isn't merged is actually building the .so, I think. That will have to wait until I have tests.

       
  • the2nd

    the2nd - 2021-01-17

    Hi,

    is there any documentation how to build pam-python for python3?

     
    • Dan Fandrich

      Dan Fandrich - 2021-01-18

      I was able to build 1.0.8 on Python 3.8 with "make" after applying the following patch. I haven't actually run this version to see that this patch is correct or that it even works, though, nor tried to get the test suites running:

      diff -ru /tmp/pam-python-1.0.8/src/pam_python.c /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src/pam_python.c
      --- /tmp/pam-python-1.0.8/src/pam_python.c  2020-11-10 01:58:10.000000000 -0800
      +++ /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src/pam_python.c 2021-01-18 09:19:27.082023704 -0800
      @@ -104,7 +104,7 @@
       #define    Py23_String_FromStringAndSize PyUnicode_FromStringAndSize
       #define    Py23_String_GET_SIZE    PyUnicode_GET_SIZE
       #define    Py23_String_Parse_Char  "U"
      -#define    Py23_String_Size    PyUnicode_Size
      +#define    Py23_String_Size    PyBytes_Size
       #define    Py23_String_Type    PyUnicode_Type
       #define    Py23_TYPE(p)        Py_TYPE(p)
       #endif
      @@ -434,7 +434,7 @@
          * Just print the exception in some recognisable form, hopefully.
          */
         syslog_open(module_path);
      -  if (PyClass_Check(ptype))
      +  if (PyType_Check(ptype))
           stype = PyObject_GetAttrString(ptype, "__name__");
         else
         {
      @@ -876,7 +876,7 @@
           value = 0;
         else
         {
      -    value = Py23_String_AsString(pyValue);
      +    value = (char*) Py23_String_AsString(pyValue);
           if (value == 0)
           {
             snprintf(
      Only in /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src: pam_python.so
      diff -ru /tmp/pam-python-1.0.8/src/setup.py /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src/setup.py
      --- /tmp/pam-python-1.0.8/src/setup.py  2020-11-10 01:58:10.000000000 -0800
      +++ /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src/setup.py 2021-01-18 09:08:21.485867575 -0800
      @@ -1,4 +1,4 @@
      -#!/usr/bin/python2 -W default
      +#!/usr/bin/python3 -W default
       import warnings; warnings.simplefilter('default')
      
       import distutils.sysconfig
      Only in /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src: test-pam_python.pam
      diff -ru /tmp/pam-python-1.0.8/src/test.py /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src/test.py
      --- /tmp/pam-python-1.0.8/src/test.py   2020-11-10 01:58:10.000000000 -0800
      +++ /home/dan/chroot-cauldron/tmp/pam-python-1.0.8/src/test.py  2021-01-18 09:08:17.370729760 -0800
      @@ -1,4 +1,4 @@
      -#!/usr/bin/python2 -W default
      +#!/usr/bin/python3 -W default
       #
       # This is the test script for libpython-pam.  There aren't many stones
       # left unturned.
      
       
  • the2nd

    the2nd - 2021-01-19

    Thanks a lot for the patch. I had to create a symlink because of the make failing with "/usr/bin/ld: cannot find -lpython3.5"

    After creating the following symlink it compiled successful.
    ln -sf /usr/lib/x86_64-linux-gnu/libpython3.5m.so /usr/lib/x86_64-linux-gnu/libpython3.5.so

    Now my module is called on login. I'll report any issues while migrating my module to python3.

     
  • Rion

    Rion - 2022-03-05

    https://sourceforge.net/u/anders_blomdell/pam-python/ci/py3/tree/ worked well for me.

    The patch below unifies naming with other pam modules and make it compatible with alpine/musl.

    diff -r 58a247137c70 src/Makefile
    --- a/src/Makefile      Wed Apr 07 09:36:11 2021 +0200
    +++ b/src/Makefile      Sat Mar 05 15:43:35 2022 +0300
    @@ -17,7 +17,7 @@
     install: install-lib
     install-lib:
            mkdir -p $(DESTDIR)$(LIBDIR)
    -       cp build/lib.*/pam_python3.*.so $(DESTDIR)$(LIBDIR)/pam-python3.so
    +       cp build/lib.*/pam_python3.*.so $(DESTDIR)$(LIBDIR)/pam_python3.so
    
     .PHONY: clean
     clean:
    diff -r 58a247137c70 src/pam_python.c
    --- a/src/pam_python.c  Wed Apr 07 09:36:11 2021 +0200
    +++ b/src/pam_python.c  Sat Mar 05 15:43:35 2022 +0300
    @@ -48,6 +48,11 @@
     #include <structmember.h>
     #include <syslog.h>
    
    +#ifndef __STRING
    +#define __STRING(s) str_helper(s)
    +#define str_helper(s) #s
    +#endif
    +
     #ifndef        MODULE_NAME
     #define        MODULE_NAME             "libpam_python"
     #endif
    
     
  • Rion

    Rion - 2022-03-31

    my fork of https://sourceforge.net/u/anders_blomdell/pam-python/ci/py3/tree/
    is here https://github.com/castlabs/pam-python

    ChangeLog:
    1. Added GIL locking to make is compatible with python-pam
    2. Fixed crash/abort on invalid initialization of a doc string
    3. Optimized module filename getter
    4. Use macros macros provided by Python itself for object clearing and traversing
    5. Removed parts explicitly related to already dead Python2
    6. Added musl compatibility
    7. other minor fixes and optimizations

    Unresolved issues:
    1. Python exception handling on the C side doesn't always work well (seems like it depends on what exactly was raised). So it's better to catch everything on the python side.

    Checked with debug version of Python 3.9 and 3.10 and also with python-pam and minimal C application

     
    • the2nd

      the2nd - 2023-01-02

      Thanks a lot for your work @rion. Works perfectly with my python pam module.

       
  • Anders Blomdell

    Anders Blomdell - 2023-11-23

    My latest additions (python 3.12 initialization stuff) are in the py3 branch of the git repo in https://anders_blomdell@git.code.sf.net/p/pam-python-py3/code

     
1 2 > >> (Page 1 of 2)

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.