3 # Copyright (C) 2013 Simo Sorce <simo@redhat.com>
5 # see file 'COPYING' for use and warranty information
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation, either version 3 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
20 from ipsilon.login.common import LoginPageBase, LoginManagerBase
21 from ipsilon.login.common import FACILITY
22 from ipsilon.util.plugin import PluginObject
27 class Pam(LoginPageBase):
29 def _authenticate(self, username, password):
30 if self.lm.service_name:
31 ok = pam.authenticate(username, password, self.lm.service_name)
33 ok = pam.authenticate(username, password)
36 cherrypy.log("User %s successfully authenticated." % username)
39 cherrypy.log("User %s failed authentication." % username)
42 def GET(self, *args, **kwargs):
43 context = self.create_tmpl_context()
44 # pylint: disable=star-args
45 return self._template('login/pam.html', **context)
47 def POST(self, *args, **kwargs):
48 username = kwargs.get("login_name")
49 password = kwargs.get("login_password")
53 if username and password:
54 user = self._authenticate(username, password)
56 return self.lm.auth_successful(user)
58 error = "Authentication failed"
59 cherrypy.log.error(error)
61 error = "Username or password is missing"
62 cherrypy.log.error("Error: " + error)
64 context = self.create_tmpl_context(
67 error_password=not password,
68 error_username=not username
70 # pylint: disable=star-args
71 return self._template('login/pam.html', **context)
73 def root(self, *args, **kwargs):
74 op = getattr(self, cherrypy.request.method, self.GET)
76 return op(*args, **kwargs)
78 def create_tmpl_context(self, **kwargs):
80 if self.lm.next_login is not None:
81 next_url = self.lm.next_login.path
85 "action": '%s/login/pam' % self.basepath,
86 "service_name": self.lm.service_name,
87 "username_text": self.lm.username_text,
88 "password_text": self.lm.password_text,
89 "description": self.lm.help_text,
92 context.update(kwargs)
96 class LoginManager(LoginManagerBase):
98 def __init__(self, *args, **kwargs):
99 super(LoginManager, self).__init__(*args, **kwargs)
103 self.description = """
104 Form based login Manager that uses the system's PAM infrastructure
105 for authentication. """
108 """ The name of the PAM service used to authenticate. """,
113 """ The text shown to guide the user at login time. """,
115 'Insert your Username and Password and then submit.'
118 """ The text shown to ask for the username in the form. """,
123 """ The text shown to ask for the password in the form. """,
130 def service_name(self):
131 return self.get_config_value('service name')
135 return self.get_config_value('help text')
138 def username_text(self):
139 return self.get_config_value('username text')
142 def password_text(self):
143 return self.get_config_value('password text')
145 def get_tree(self, site):
146 self.page = Pam(site, self)
150 class Installer(object):
156 def install_args(self, group):
157 group.add_argument('--pam', choices=['yes', 'no'], default='no',
158 help='Configure PAM authentication')
159 group.add_argument('--pam-service', action='store', default='remote',
160 help='PAM service name to use for authentication')
162 def configure(self, opts):
163 if opts['pam'] != 'yes':
166 # Add configuration data to database
171 po.wipe_config_values(FACILITY)
172 config = {'service name': opts['pam_service']}
173 po.set_config(config)
174 po.save_plugin_config(FACILITY)
176 # Update global config to add login plugin
179 globalconf = po.get_plugin_config(FACILITY)
180 if 'order' in globalconf:
181 order = globalconf['order'].split(',')
185 globalconf['order'] = ','.join(order)
186 po.set_config(globalconf)
187 po.save_plugin_config(FACILITY)