summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael DeHaan <mdehaan@redhat.com>2007-12-03 17:38:49 -0500
committerMichael DeHaan <mdehaan@redhat.com>2007-12-03 17:38:49 -0500
commit57ef142ab094e156bb25b077ce16563dfde5a8ff (patch)
treefde4c33234e973071b14826eb7cd7e3bb64e222e
parent892d8d4914197c0ab47f397012468752196e8d02 (diff)
downloadthird_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.tar.gz
third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.tar.xz
third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.zip
First start of pluggable authn/authz system for remote API + web interface,
using Apache modules.
-rw-r--r--MANIFEST.in1
-rw-r--r--Makefile1
-rw-r--r--cobbler.spec2
-rw-r--r--config/cobbler.conf20
-rwxr-xr-xscripts/index.py72
-rw-r--r--setup.py7
6 files changed, 98 insertions, 5 deletions
diff --git a/MANIFEST.in b/MANIFEST.in
index 6af01ca..9cc1780 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -23,6 +23,7 @@ include scripts/cobblerd
include scripts/findks.cgi
include scripts/nopxe.cgi
include scripts/webui.cgi
+include scripts/gateway.py
include scripts/post_install_trigger.cgi
include snippets/*
recursive-include po *.pot
diff --git a/Makefile b/Makefile
index ca8f57c..6e8ac88 100644
--- a/Makefile
+++ b/Makefile
@@ -48,6 +48,7 @@ devinstall:
find /var/lib/cobbler/triggers | xargs chmod +x
chown -R apache /var/www/cobbler
chown -R apache /var/www/cgi-bin/cobbler
+ chmod -R +x /var/www/cobbler/web
sdist: clean messages updatewui
python setup.py sdist
diff --git a/cobbler.spec b/cobbler.spec
index 1660c36..3fc9bb0 100644
--- a/cobbler.spec
+++ b/cobbler.spec
@@ -75,6 +75,8 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT
%files
%defattr(755,apache,apache)
+%dir /var/www/cobbler/web/
+/var/www/cobbler/web/*.py
%dir /var/www/cgi-bin/cobbler/
/var/www/cgi-bin/cobbler/*.cgi
%defattr(660,apache,apache)
diff --git a/config/cobbler.conf b/config/cobbler.conf
index 3ebc9e6..422420d 100644
--- a/config/cobbler.conf
+++ b/config/cobbler.conf
@@ -7,7 +7,6 @@ AliasMatch ^/cobbler(.*)?$ "/var/www/cobbler$1"
<Directory "/var/www/cobbler">
Options Indexes FollowSymLinks
- AllowOverride None
Order allow,deny
Allow from all
</Directory>
@@ -24,7 +23,7 @@ ProxyPassReverse /cobbler_api_rw http://localhost:25152/
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
-# For Web UI, see also: /var/www/cgi-bin/cobbler/.htaccess
+# For misc CGI scripts
<Directory "/var/www/cgi-bin/cobbler">
AllowOverride All
@@ -33,4 +32,21 @@ BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
Allow from all
</Directory>
+# mod_python WebUI/services
+
+<Directory "/var/www/cobbler/web/">
+ AuthType Basic
+ AuthName Cobbler
+ Require valid-user
+ SetHandler mod_python
+ PythonAccessHandler index
+ PythonAuthenHandler index
+ PythonAuthZHandler index
+ PythonHandler mod_python.publisher
+
+ # disable in production
+ PythonDebug on
+ PythonAutoReload on
+</Directory>
+
diff --git a/scripts/index.py b/scripts/index.py
new file mode 100755
index 0000000..9076d6d
--- /dev/null
+++ b/scripts/index.py
@@ -0,0 +1,72 @@
+"""
+mod_python gateway to all interesting cobbler web and web service
+functions.
+
+Copyright 2007, Red Hat, Inc
+Michael DeHaan <mdehaan@redhat.com>
+
+This software may be freely redistributed under the terms of the GNU
+general public license.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+"""
+
+# TO DO:
+# connect backend authn via cobbler XMLRPC (non-RW) API
+# connect backend authz via cobbler XMLRPC (RW) API
+# serve up Web UI through this interface, via tokens in headers
+# make REST interface for read/write commands (also?)
+
+from mod_python import apache
+
+def __get_user(req):
+ req.add_common_vars()
+ env_vars = req.subprocess_env.copy()
+ return env_vars["REMOTE_USER"]
+
+def index(req):
+ user = __get_user(req)
+ path = req.uri
+ return "Hello, %s, %s" % (user, path)
+
+def hello(req):
+ user = __get_user(req)
+ path = req.uri
+ return "We are in hello(%s)" % path
+
+def authenhandler(req):
+
+ pw = req.get_basic_auth_pw()
+ user = req.user
+
+ # FIXME: poll cobbler_api (not rw) here to check
+ # check_authn(user,pass) -> T/F
+
+ apache.log_error("authenticate handler called")
+
+ if user == "admin" and pw == "cobbler":
+ return apache.OK
+ else:
+ return apache.HTTP_UNAUTHORIZED
+
+def accesshandler(req):
+ uri = req.uri
+
+ apache.log_error("accesshandler uri: %s" % (uri))
+
+ # FIXME: poll cobbler_api (not rw) here to check
+ # check_access(user,uri) -> T/F
+
+ if uri.find("hello") != -1:
+ return apache.HTTP_FORBIDDEN
+ return apache.OK
+
+def authenzhandler(req):
+
+ # we really don't need this because of the accesshandler.
+ # add in later if we find we /DO/ need it
+ return apache.OK
+
+
diff --git a/setup.py b/setup.py
index 05bc079..d8d229f 100644
--- a/setup.py
+++ b/setup.py
@@ -45,6 +45,7 @@ if __name__ == "__main__":
tftp_images = "/tftpboot/images"
rotpath = "/etc/logrotate.d"
cgipath = "/var/www/cgi-bin/cobbler"
+ modpython = "/var/www/cobbler/web"
setup(
name="cobbler",
version = VERSION,
@@ -60,10 +61,10 @@ if __name__ == "__main__":
],
scripts = ["scripts/cobbler", "scripts/cobblerd"],
data_files = [
-
+ (modpython, ['scripts/index.py']),
# cgi files
- (cgipath, ['scripts/findks.cgi', 'scripts/nopxe.cgi']),
- (cgipath, ['scripts/webui.cgi', 'scripts/post_install_trigger.cgi']),
+ (cgipath, ['scripts/findks.cgi', 'scripts/nopxe.cgi']),
+ (cgipath, ['scripts/webui.cgi', 'scripts/post_install_trigger.cgi']),
# miscellaneous config files
(cgipath, ['config/.htaccess']),