projects / cascardo / ipsilon.git / blob
? search:


c7cb9a0a041a6e3bab35cf191a18f2bec67b8030
[cascardo/ipsilon.git] / ipsilon / login / authpam.py
1 #!/usr/bin/python
2 #
3 # Copyright (C) 2013  Simo Sorce <simo@redhat.com>
4 #
5 # see file 'COPYING' for use and warranty information
6 #
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
19
20 from ipsilon.login.common import LoginFormBase, LoginManagerBase
21 from ipsilon.login.common import FACILITY
22 from ipsilon.util.plugin import PluginObject
23 from ipsilon.util import config as pconfig
24 import pam
25 import subprocess
26
27
28 class Pam(LoginFormBase):
29
30     def _authenticate(self, username, password):
31         if self.lm.service_name:
32             ok = pam.authenticate(username, password, self.lm.service_name)
33         else:
34             ok = pam.authenticate(username, password)
35
36         if ok:
37             self.log("User %s successfully authenticated." % username)
38             return username
39
40         self.log("User %s failed authentication." % username)
41         return None
42
43     def POST(self, *args, **kwargs):
44         username = kwargs.get("login_name")
45         password = kwargs.get("login_password")
46         user = None
47         error = None
48
49         if username and password:
50             user = self._authenticate(username, password)
51             if user:
52                 return self.lm.auth_successful(self.trans, user, 'password')
53             else:
54                 error = "Authentication failed"
55                 self.error(error)
56         else:
57             error = "Username or password is missing"
58             self.error("Error: " + error)
59
60         context = self.create_tmpl_context(
61             username=username,
62             error=error,
63             error_password=not password,
64             error_username=not username
65         )
66         # pylint: disable=star-args
67         return self._template('login/form.html', **context)
68
69
70 class LoginManager(LoginManagerBase):
71
72     def __init__(self, *args, **kwargs):
73         super(LoginManager, self).__init__(*args, **kwargs)
74         self.name = 'pam'
75         self.path = 'pam'
76         self.page = None
77         self.description = """
78 Form based login Manager that uses the system's PAM infrastructure
79 for authentication. """
80         self.new_config(
81             self.name,
82             pconfig.String(
83                 'service name',
84                 'The name of the PAM service used to authenticate.',
85                 'remote'),
86             pconfig.String(
87                 'username text',
88                 'Text used to ask for the username at login time.',
89                 'Username'),
90             pconfig.String(
91                 'password text',
92                 'Text used to ask for the password at login time.',
93                 'Password'),
94             pconfig.String(
95                 'help text',
96                 'Text used to guide the user at login time.',
97                 'Provide your Username and Password')
98         )
99
100     @property
101     def service_name(self):
102         return self.get_config_value('service name')
103
104     @property
105     def help_text(self):
106         return self.get_config_value('help text')
107
108     @property
109     def username_text(self):
110         return self.get_config_value('username text')
111
112     @property
113     def password_text(self):
114         return self.get_config_value('password text')
115
116     def get_tree(self, site):
117         self.page = Pam(site, self, 'login/pam')
118         return self.page
119
120
121 class Installer(object):
122
123     def __init__(self):
124         self.name = 'pam'
125         self.ptype = 'login'
126
127     def install_args(self, group):
128         group.add_argument('--pam', choices=['yes', 'no'], default='no',
129                            help='Configure PAM authentication')
130         group.add_argument('--pam-service', action='store', default='remote',
131                            help='PAM service name to use for authentication')
132
133     def configure(self, opts):
134         if opts['pam'] != 'yes':
135             return
136
137         # Add configuration data to database
138         po = PluginObject()
139         po.name = 'pam'
140         po.wipe_data()
141
142         po.wipe_config_values(FACILITY)
143         config = {'service name': opts['pam_service']}
144         po.save_plugin_config(FACILITY, config)
145
146         # Update global config to add login plugin
147         po = PluginObject()
148         po.name = 'global'
149         globalconf = po.get_plugin_config(FACILITY)
150         if 'order' in globalconf:
151             order = globalconf['order'].split(',')
152         else:
153             order = []
154         order.append('pam')
155         globalconf['order'] = ','.join(order)
156         po.save_plugin_config(FACILITY, globalconf)
157
158         # for selinux enabled platforms, ignore if it fails just report
159         try:
160             subprocess.call(['/usr/sbin/setsebool', '-P',
161                              'httpd_mod_auth_pam=on',
162                              'httpd_tmp_exec=on'])
163         except Exception:  # pylint: disable=broad-except
164             pass
Unnamed repository; edit this file 'description' to name the repository.