1 # Copyright (C) 2013 Ipsilon project Contributors, for license see COPYING
3 from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
5 from ipsilon.util.plugin import PluginObject
6 from ipsilon.util import config as pconfig
11 class Pam(LoginFormBase):
13 def _authenticate(self, username, password):
14 if self.lm.service_name:
15 ok = pam.authenticate(username, password, self.lm.service_name)
17 ok = pam.authenticate(username, password)
20 self.log("User %s successfully authenticated." % username)
23 self.log("User %s failed authentication." % username)
26 def POST(self, *args, **kwargs):
27 username = kwargs.get("login_name")
28 password = kwargs.get("login_password")
32 if username and password:
33 user = self._authenticate(username, password)
35 return self.lm.auth_successful(self.trans, user, 'password')
37 error = "Authentication failed"
40 error = "Username or password is missing"
41 self.error("Error: " + error)
43 context = self.create_tmpl_context(
46 error_password=not password,
47 error_username=not username
49 self.lm.set_auth_error()
50 return self._template('login/form.html', **context)
53 class LoginManager(LoginManagerBase):
55 def __init__(self, *args, **kwargs):
56 super(LoginManager, self).__init__(*args, **kwargs)
60 self.description = """
61 Form based login Manager that uses the system's PAM infrastructure
62 for authentication. """
67 'The name of the PAM service used to authenticate.',
71 'Text used to ask for the username at login time.',
75 'Text used to ask for the password at login time.',
79 'Text used to guide the user at login time.',
80 'Provide your Username and Password')
84 def service_name(self):
85 return self.get_config_value('service name')
89 return self.get_config_value('help text')
92 def username_text(self):
93 return self.get_config_value('username text')
96 def password_text(self):
97 return self.get_config_value('password text')
99 def get_tree(self, site):
100 self.page = Pam(site, self, 'login/pam')
104 class Installer(LoginManagerInstaller):
106 def __init__(self, *pargs):
107 super(Installer, self).__init__()
111 def install_args(self, group):
112 group.add_argument('--pam', choices=['yes', 'no'], default='no',
113 help='Configure PAM authentication')
114 group.add_argument('--pam-service', action='store', default='remote',
115 help='PAM service name to use for authentication')
117 def configure(self, opts, changes):
118 if opts['pam'] != 'yes':
121 # Add configuration data to database
122 po = PluginObject(*self.pargs)
125 po.wipe_config_values()
126 config = {'service name': opts['pam_service']}
127 po.save_plugin_config(config)
129 # Update global config to add login plugin
131 po.save_enabled_state()
133 # for selinux enabled platforms, ignore if it fails just report
135 subprocess.call(['/usr/sbin/setsebool', '-P',
136 'httpd_mod_auth_pam=on',
137 'httpd_tmp_exec=on'])
138 except Exception: # pylint: disable=broad-except