1 # Copyright (C) 2014 Simo Sorce <simo@redhat.com>
3 # see file 'COPYING' for use and warranty information
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
20 from ipsilon.util.plugin import PluginObject
21 from ipsilon.util.user import UserSession
22 from ipsilon.util import config as pconfig
23 from string import Template
29 class Form(LoginFormBase):
31 def POST(self, *args, **kwargs):
35 if not user.is_anonymous:
36 return self.lm.auth_successful(self.trans, user.name, 'password')
39 error = cherrypy.request.headers['EXTERNAL_AUTH_ERROR']
41 error = "Unknown error using external authentication"
42 cherrypy.log.error("Error: %s" % error, logging.ERROR)
43 return self.lm.auth_failed(self.trans)
46 class LoginManager(LoginManagerBase):
48 def __init__(self, *args, **kwargs):
49 super(LoginManager, self).__init__(*args, **kwargs)
53 self.service_name = 'form'
54 self.description = """
55 Form based login Manager. Relies on mod_intercept_form_submit plugin for
56 actual authentication. """
61 'Text used to ask for the username at login time.',
65 'Text used to ask for the password at login time.',
69 'Text used to guide the user at login time.',
70 'Insert your Username and Password and then submit.')
75 return self.get_config_value('help text')
78 def username_text(self):
79 return self.get_config_value('username text')
82 def password_text(self):
83 return self.get_config_value('password text')
85 def get_tree(self, site):
86 self.page = Form(site, self, 'login/form')
91 LoadModule intercept_form_submit_module modules/mod_intercept_form_submit.so
92 LoadModule authnz_pam_module modules/mod_authnz_pam.so
94 <Location /${instance}/login/form>
95 InterceptFormPAMService ${service}
96 InterceptFormLogin login_name
97 InterceptFormPassword login_password
98 # InterceptFormLoginSkip admin
99 # InterceptFormClearRemoteUserForSkipped on
100 InterceptFormPasswordRedact on
105 class Installer(LoginManagerInstaller):
107 def __init__(self, *pargs):
108 super(Installer, self).__init__()
112 def install_args(self, group):
113 group.add_argument('--form', choices=['yes', 'no'], default='no',
114 help='Configure External Form authentication')
115 group.add_argument('--form-service', action='store', default='remote',
116 help='PAM service name to use for authentication')
118 def configure(self, opts):
119 if opts['form'] != 'yes':
122 confopts = {'instance': opts['instance'],
123 'service': opts['form_service']}
125 tmpl = Template(CONF_TEMPLATE)
126 hunk = tmpl.substitute(**confopts) # pylint: disable=star-args
127 with open(opts['httpd_conf'], 'a') as httpd_conf:
128 httpd_conf.write(hunk)
130 # Add configuration data to database
131 po = PluginObject(*self.pargs)
134 po.wipe_config_values()
136 # Update global config to add login plugin
138 po.save_enabled_state()
140 # for selinux enabled platforms, ignore if it fails just report
142 subprocess.call(['/usr/sbin/setsebool', '-P',
143 'httpd_mod_auth_pam=on'])
144 except Exception: # pylint: disable=broad-except