# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipsilon.login.common import LoginPageBase, LoginManagerBase
+from ipsilon.login.common import FACILITY
+from ipsilon.util.plugin import PluginObject
import cherrypy
import pam
+import subprocess
class Pam(LoginPageBase):
def get_tree(self, site):
self.page = Pam(site, self)
return self.page
+
+
+class Installer(object):
+
+ def __init__(self):
+ self.name = 'pam'
+ self.ptype = 'login'
+
+ def install_args(self, group):
+ group.add_argument('--pam', choices=['yes', 'no'], default='no',
+ help='Configure PAM authentication')
+ group.add_argument('--pam-service', action='store', default='remote',
+ help='PAM service name to use for authentication')
+
+ def configure(self, opts):
+ if opts['pam'] != 'yes':
+ return
+
+ # Add configuration data to database
+ po = PluginObject()
+ po.name = 'pam'
+ po.wipe_data()
+
+ po.wipe_config_values(FACILITY)
+ config = {'service name': opts['pam_service']}
+ po.set_config(config)
+ po.save_plugin_config(FACILITY)
+
+ # Update global config to add login plugin
+ po = PluginObject()
+ po.name = 'global'
+ globalconf = po.get_plugin_config(FACILITY)
+ if 'order' in globalconf:
+ order = globalconf['order'].split(',')
+ else:
+ order = []
+ order.append('pam')
+ globalconf['order'] = ','.join(order)
+ po.set_config(globalconf)
+ po.save_plugin_config(FACILITY)
+
+ # for selinux enabled platfroms, ignore if it fails just report
+ try:
+ subprocess.call(['/usr/sbin/setsebool', '-P',
+ 'httpd_mod_auth_pam=on',
+ 'httpd_tmp_t=on'])
+ except Exception: # pylint: disable=broad-except
+ pass