# (c) 2009-2024 Martin Wendt and contributors; see WsgiDAV https://github.com/mar10/wsgidav# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php"""Implementation of a domain controller that allows users to authenticate againsta Pluggable Authentication Module ('PAM').Used by HTTPAuthenticator. Only available on linux and macOS.See https://wsgidav.readthedocs.io/en/latest/user_guide_configure.html"""importthreadingfromwsgidavimportutilfromwsgidav.dc.base_dcimportBaseDomainController__docformat__="reStructuredText"_logger=util.get_module_logger(__name__)try:importpamexceptImportError:_logger.error("pam_dc requires the `python-pam` module. Try `pip install wsgidav[pam]`.")raise
[docs]defbasic_auth_user(self,realm,user_name,password,environ):# Seems that python_pam is not threadsafe (#265)withself.lock:is_ok=self.pam.authenticate(user_name,password,service=self.pam_service,resetcreds=self.pam_resetcreds,encoding=self.pam_encoding,)ifnotis_ok:_logger.warning(f"pam.authenticate({user_name!r}, '<redacted>', {self.pam_service!r}) failed with code {self.pam.code}: {self.pam.reason}")returnFalse_logger.debug(f"User {user_name!r} logged on.")returnTrue
[docs]defsupports_http_digest_auth(self):# We don't have access to a plaintext password (or stored hash)returnFalse