X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fauthpam.py;h=f322e148743282ab9203902d6a160f0e0bcc54c2;hp=db409f714f2854885c2490cf4756f1080e3ad950;hb=ccd28c8113c715ece7aa48febbe03ceccac0d733;hpb=411a829b99d81939a6f194abe940eb0f3f88673e diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py index db409f7..f322e14 100755 --- a/ipsilon/login/authpam.py +++ b/ipsilon/login/authpam.py @@ -17,14 +17,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -from ipsilon.login.common import LoginPageBase, LoginManagerBase +from ipsilon.login.common import LoginFormBase, LoginManagerBase from ipsilon.login.common import FACILITY from ipsilon.util.plugin import PluginObject import cherrypy import pam +import subprocess -class Pam(LoginPageBase): +class Pam(LoginFormBase): def _authenticate(self, username, password): if self.lm.service_name: @@ -39,11 +40,6 @@ class Pam(LoginPageBase): cherrypy.log("User %s failed authentication." % username) return None - def GET(self, *args, **kwargs): - context = self.create_tmpl_context() - # pylint: disable=star-args - return self._template('login/pam.html', **context) - def POST(self, *args, **kwargs): username = kwargs.get("login_name") password = kwargs.get("login_password") @@ -53,7 +49,7 @@ class Pam(LoginPageBase): if username and password: user = self._authenticate(username, password) if user: - return self.lm.auth_successful(user) + return self.lm.auth_successful(user, 'password') else: error = "Authentication failed" cherrypy.log.error(error) @@ -68,29 +64,7 @@ class Pam(LoginPageBase): error_username=not username ) # pylint: disable=star-args - return self._template('login/pam.html', **context) - - def root(self, *args, **kwargs): - op = getattr(self, cherrypy.request.method, self.GET) - if callable(op): - return op(*args, **kwargs) - - def create_tmpl_context(self, **kwargs): - next_url = None - if self.lm.next_login is not None: - next_url = self.lm.next_login.path - - context = { - "title": 'Login', - "action": '%s/login/pam' % self.basepath, - "service_name": self.lm.service_name, - "username_text": self.lm.username_text, - "password_text": self.lm.password_text, - "description": self.lm.help_text, - "next_url": next_url, - } - context.update(kwargs) - return context + return self._template('login/form.html', **context) class LoginManager(LoginManagerBase): @@ -125,6 +99,8 @@ for authentication. """ 'Password' ], } + self.conf_opt_order = ['service name', 'username text', + 'password text', 'help text'] @property def service_name(self): @@ -143,7 +119,7 @@ for authentication. """ return self.get_config_value('password text') def get_tree(self, site): - self.page = Pam(site, self) + self.page = Pam(site, self, 'login/pam') return self.page @@ -185,3 +161,11 @@ class Installer(object): globalconf['order'] = ','.join(order) po.set_config(globalconf) po.save_plugin_config(FACILITY) + + # for selinux enabled platforms, ignore if it fails just report + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_mod_auth_pam=on', + 'httpd_tmp_exec=on']) + except Exception: # pylint: disable=broad-except + pass