Make SELinux happy

[cascardo/ipsilon.git] / ipsilon / login / authpam.py

diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py
index 1eb697b..14ebae4 100755 (executable)
--- a/ipsilon/login/authpam.py
+++ b/ipsilon/login/authpam.py
@@ -18,8 +18,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from ipsilon.login.common import LoginPageBase, LoginManagerBase
+from ipsilon.login.common import FACILITY
+from ipsilon.util.plugin import PluginObject
 import cherrypy
 import pam
+import subprocess
 
 
 class Pam(LoginPageBase):
@@ -161,6 +164,33 @@ class Installer(object):
         if opts['pam'] != 'yes':
             return
 
-        if opts['pam_service'] != 'remote':
-            #TODO: add service_name in the database
-            return
+        # Add configuration data to database
+        po = PluginObject()
+        po.name = 'pam'
+        po.wipe_data()
+
+        po.wipe_config_values(FACILITY)
+        config = {'service name': opts['pam_service']}
+        po.set_config(config)
+        po.save_plugin_config(FACILITY)
+
+        # Update global config to add login plugin
+        po = PluginObject()
+        po.name = 'global'
+        globalconf = po.get_plugin_config(FACILITY)
+        if 'order' in globalconf:
+            order = globalconf['order'].split(',')
+        else:
+            order = []
+        order.append('pam')
+        globalconf['order'] = ','.join(order)
+        po.set_config(globalconf)
+        po.save_plugin_config(FACILITY)
+
+        # for selinux enabled platfroms, ignore if it fails just report
+        try:
+            subprocess.call(['/usr/sbin/setsebool', '-P',
+                             'httpd_mod_auth_pam=on',
+                             'httpd_tmp_t=on'])
+        except Exception:  # pylint: disable=broad-except
+            pass