pam: use a pam object method instead of pam module function authenticate is a method for a pam object. This prevents a 500 error when using the PAM plugin. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br>
Mark the service as readonly in the UI in authpam plugin Update the Option class to take a readonly keyword argument, defaulting to False. Extend its subclasses to pass this value along. The page template will add the disabled keyword to input and textarea if a config option is marked as readonly. https://fedorahosted.org/ipsilon/ticket/6 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Implement change registration This will make it possible for plugins to register what they have changed during installation, so that they can revert any changes they made during the uninstallation. https://fedorahosted.org/ipsilon/ticket/67 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Update Copyright header point to COPYING file Point to a file containing the license rather than including it in every single source file. This will make it easier to manage the license in the future without another humongous commit. https://fedorahosted.org/ipsilon/ticket/126 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
pylint 1.4.3 version fixes Pylint 1.4.3 completely stopped recognizing the star-args condition. In order to avoid pylint error with > 1.4.3 stop caring for star-args and add cmdline option to ignore those errors completly so older pylint versions are happy too. Also fix type() vs isinstance() checks, isinstance is generally a more correct approach to check for classes. In some 'admin' files the type() -> isinstance() fix required to invert the order in which ComplexList and MappingList are checked as the latter is a subclass of ComplexList, so it needs to be checked first otherwise the check for isinstance(option, ComplexList) matches for both and the code stops functioning properly. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Fix error returned from login plugins Some login plugins use form based authentication and let the user retry on authentication errors. This is fine, however the wrong error code is returned in this case, 401 should be returned. Fixes: https://fedorahosted.org/ipsilon/ticket/94 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Add uninstallation support. As part of this, made all plugins use a Installer baseclass. https://fedorahosted.org/ipsilon/ticket/38 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Fix file permissions and remove shebang's Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
Refactor plugin initialization and enablement Move most plugin enablement and initialization code in plugin.py to reduce code duplication and simplify and unifify plugin enablement for all base plugin types (login, info, providers). This patch breaks backwards compatibility as it changes how the list of enabled plugins is stored in the database tables. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Refactor plugin configuration Fork a PluginConfig class out of PluginObject, the base object now supports a simple dictionary config, while using PluginConfig provide access to structured util.config based configuration. Change UI code that deal with plugins configuration to properly use the new structured config objects in order to represent data in appropriate format based on the data type. Use the new util.config objects to represent plugins configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
In configure we do not need to set_config() All we care about in configure is to store the config in the db, so skip setting the config explicitly in the plugin object and go straight to the database. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Use self.log in authpam.py Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Use transactions throughout the code Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Add proper ordering to login plugins config opts Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Use helper cookie to remember the username This makes the login page a lot more friendy Available only over HTTPS Max age set to 15 days Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Create common form handler page Reduce duplication Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Rename form login page Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Fix typo Signed-off-by: Simo Sorce <simo@redhat.com>
Fix typo in selinux boolean name This was causing pam auth to fail, as the boolean was not being turned on. Signed-off-by: Simo Sorce <simo@redhat.com>
Make SELinux happy Add proper context to shared state directories so that httpd can write there. Relax SElinux boolans to allow use of pam modules This allows running Ipsilon in fully enforcing mode when pam auth using the python-pam modules is used. Signed-off-by: Simo Sorce <simo@redhat.com>