X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fauthpam.py;h=ba8ecdd9b7e15768cb72be1c5d2297be27ddf2ec;hp=1eb697b7d8fcfeed3431d9f004a34f11507ec46d;hb=0b40c36998ed29c7e98a8cf5f42a798e0bec0870;hpb=1d7df9dbac43b63424ee07ebfb86c6a106dcb43c diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py old mode 100755 new mode 100644 index 1eb697b..ba8ecdd --- a/ipsilon/login/authpam.py +++ b/ipsilon/login/authpam.py @@ -1,5 +1,3 @@ -#!/usr/bin/python -# # Copyright (C) 2013 Simo Sorce # # see file 'COPYING' for use and warranty information @@ -17,12 +15,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -from ipsilon.login.common import LoginPageBase, LoginManagerBase -import cherrypy +from ipsilon.login.common import LoginFormBase, LoginManagerBase, \ + LoginManagerInstaller +from ipsilon.util.plugin import PluginObject +from ipsilon.util import config as pconfig import pam +import subprocess -class Pam(LoginPageBase): +class Pam(LoginFormBase): def _authenticate(self, username, password): if self.lm.service_name: @@ -31,17 +32,12 @@ class Pam(LoginPageBase): ok = pam.authenticate(username, password) if ok: - cherrypy.log("User %s successfully authenticated." % username) + self.log("User %s successfully authenticated." % username) return username - cherrypy.log("User %s failed authentication." % username) + self.log("User %s failed authentication." % username) return None - def GET(self, *args, **kwargs): - context = self.create_tmpl_context() - # pylint: disable=star-args - return self._template('login/pam.html', **context) - def POST(self, *args, **kwargs): username = kwargs.get("login_name") password = kwargs.get("login_password") @@ -51,13 +47,13 @@ class Pam(LoginPageBase): if username and password: user = self._authenticate(username, password) if user: - return self.lm.auth_successful(user) + return self.lm.auth_successful(self.trans, user, 'password') else: error = "Authentication failed" - cherrypy.log.error(error) + self.error(error) else: error = "Username or password is missing" - cherrypy.log.error("Error: " + error) + self.error("Error: " + error) context = self.create_tmpl_context( username=username, @@ -65,30 +61,9 @@ class Pam(LoginPageBase): error_password=not password, error_username=not username ) + self.lm.set_auth_error() # pylint: disable=star-args - return self._template('login/pam.html', **context) - - def root(self, *args, **kwargs): - op = getattr(self, cherrypy.request.method, self.GET) - if callable(op): - return op(*args, **kwargs) - - def create_tmpl_context(self, **kwargs): - next_url = None - if self.lm.next_login is not None: - next_url = self.lm.next_login.path - - context = { - "title": 'Login', - "action": '%s/login/pam' % self.basepath, - "service_name": self.lm.service_name, - "username_text": self.lm.username_text, - "password_text": self.lm.password_text, - "description": self.lm.help_text, - "next_url": next_url, - } - context.update(kwargs) - return context + return self._template('login/form.html', **context) class LoginManager(LoginManagerBase): @@ -101,28 +76,25 @@ class LoginManager(LoginManagerBase): self.description = """ Form based login Manager that uses the system's PAM infrastructure for authentication. """ - self._options = { - 'service name': [ - """ The name of the PAM service used to authenticate. """, - 'string', - 'remote' - ], - 'help text': [ - """ The text shown to guide the user at login time. """, - 'string', - 'Insert your Username and Password and then submit.' - ], - 'username text': [ - """ The text shown to ask for the username in the form. """, - 'string', - 'Username' - ], - 'password text': [ - """ The text shown to ask for the password in the form. """, - 'string', - 'Password' - ], - } + self.new_config( + self.name, + pconfig.String( + 'service name', + 'The name of the PAM service used to authenticate.', + 'remote'), + pconfig.String( + 'username text', + 'Text used to ask for the username at login time.', + 'Username'), + pconfig.String( + 'password text', + 'Text used to ask for the password at login time.', + 'Password'), + pconfig.String( + 'help text', + 'Text used to guide the user at login time.', + 'Provide your Username and Password') + ) @property def service_name(self): @@ -141,15 +113,16 @@ for authentication. """ return self.get_config_value('password text') def get_tree(self, site): - self.page = Pam(site, self) + self.page = Pam(site, self, 'login/pam') return self.page -class Installer(object): +class Installer(LoginManagerInstaller): - def __init__(self): + def __init__(self, *pargs): + super(Installer, self).__init__() self.name = 'pam' - self.ptype = 'login' + self.pargs = pargs def install_args(self, group): group.add_argument('--pam', choices=['yes', 'no'], default='no', @@ -161,6 +134,22 @@ class Installer(object): if opts['pam'] != 'yes': return - if opts['pam_service'] != 'remote': - #TODO: add service_name in the database - return + # Add configuration data to database + po = PluginObject(*self.pargs) + po.name = 'pam' + po.wipe_data() + po.wipe_config_values() + config = {'service name': opts['pam_service']} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state() + + # for selinux enabled platforms, ignore if it fails just report + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_mod_auth_pam=on', + 'httpd_tmp_exec=on']) + except Exception: # pylint: disable=broad-except + pass