# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from ipsilon.login.common import LoginPageBase, LoginManagerBase
+from ipsilon.login.common import LoginFormBase, LoginManagerBase
+from ipsilon.login.common import FACILITY
+from ipsilon.util.plugin import PluginObject
import cherrypy
import pam
+import subprocess
-class Pam(LoginPageBase):
+class Pam(LoginFormBase):
def _authenticate(self, username, password):
if self.lm.service_name:
cherrypy.log("User %s failed authentication." % username)
return None
- def GET(self, *args, **kwargs):
- context = self.create_tmpl_context()
- # pylint: disable=star-args
- return self._template('login/pam.html', **context)
-
def POST(self, *args, **kwargs):
username = kwargs.get("login_name")
password = kwargs.get("login_password")
if username and password:
user = self._authenticate(username, password)
if user:
- return self.lm.auth_successful(user)
+ return self.lm.auth_successful(user, 'password')
else:
error = "Authentication failed"
cherrypy.log.error(error)
error_username=not username
)
# pylint: disable=star-args
- return self._template('login/pam.html', **context)
-
- def root(self, *args, **kwargs):
- op = getattr(self, cherrypy.request.method, self.GET)
- if callable(op):
- return op(*args, **kwargs)
-
- def create_tmpl_context(self, **kwargs):
- next_url = None
- if self.lm.next_login is not None:
- next_url = self.lm.next_login.path
-
- context = {
- "title": 'Login',
- "action": '%s/login/pam' % self.basepath,
- "service_name": self.lm.service_name,
- "username_text": self.lm.username_text,
- "password_text": self.lm.password_text,
- "description": self.lm.help_text,
- "next_url": next_url,
- }
- context.update(kwargs)
- return context
+ return self._template('login/form.html', **context)
class LoginManager(LoginManagerBase):
'Password'
],
}
+ self.conf_opt_order = ['service name', 'username text',
+ 'password text', 'help text']
@property
def service_name(self):
return self.get_config_value('password text')
def get_tree(self, site):
- self.page = Pam(site, self)
+ self.page = Pam(site, self, 'login/pam')
return self.page
if opts['pam'] != 'yes':
return
- if opts['pam_service'] != 'remote':
- #TODO: add service_name in the database
- return
+ # Add configuration data to database
+ po = PluginObject()
+ po.name = 'pam'
+ po.wipe_data()
+
+ po.wipe_config_values(FACILITY)
+ config = {'service name': opts['pam_service']}
+ po.set_config(config)
+ po.save_plugin_config(FACILITY)
+
+ # Update global config to add login plugin
+ po = PluginObject()
+ po.name = 'global'
+ globalconf = po.get_plugin_config(FACILITY)
+ if 'order' in globalconf:
+ order = globalconf['order'].split(',')
+ else:
+ order = []
+ order.append('pam')
+ globalconf['order'] = ','.join(order)
+ po.set_config(globalconf)
+ po.save_plugin_config(FACILITY)
+
+ # for selinux enabled platforms, ignore if it fails just report
+ try:
+ subprocess.call(['/usr/sbin/setsebool', '-P',
+ 'httpd_mod_auth_pam=on',
+ 'httpd_tmp_exec=on'])
+ except Exception: # pylint: disable=broad-except
+ pass
projects / cascardo / ipsilon.git / blobdiff