diff options
author | Michael DeHaan <mdehaan@redhat.com> | 2007-12-03 17:38:49 -0500 |
---|---|---|
committer | Michael DeHaan <mdehaan@redhat.com> | 2007-12-03 17:38:49 -0500 |
commit | 57ef142ab094e156bb25b077ce16563dfde5a8ff (patch) | |
tree | fde4c33234e973071b14826eb7cd7e3bb64e222e | |
parent | 892d8d4914197c0ab47f397012468752196e8d02 (diff) | |
download | third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.tar.gz third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.tar.xz third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.zip |
First start of pluggable authn/authz system for remote API + web interface,
using Apache modules.
-rw-r--r-- | MANIFEST.in | 1 | ||||
-rw-r--r-- | Makefile | 1 | ||||
-rw-r--r-- | cobbler.spec | 2 | ||||
-rw-r--r-- | config/cobbler.conf | 20 | ||||
-rwxr-xr-x | scripts/index.py | 72 | ||||
-rw-r--r-- | setup.py | 7 |
6 files changed, 98 insertions, 5 deletions
diff --git a/MANIFEST.in b/MANIFEST.in index 6af01ca..9cc1780 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -23,6 +23,7 @@ include scripts/cobblerd include scripts/findks.cgi include scripts/nopxe.cgi include scripts/webui.cgi +include scripts/gateway.py include scripts/post_install_trigger.cgi include snippets/* recursive-include po *.pot @@ -48,6 +48,7 @@ devinstall: find /var/lib/cobbler/triggers | xargs chmod +x chown -R apache /var/www/cobbler chown -R apache /var/www/cgi-bin/cobbler + chmod -R +x /var/www/cobbler/web sdist: clean messages updatewui python setup.py sdist diff --git a/cobbler.spec b/cobbler.spec index 1660c36..3fc9bb0 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -75,6 +75,8 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT %files %defattr(755,apache,apache) +%dir /var/www/cobbler/web/ +/var/www/cobbler/web/*.py %dir /var/www/cgi-bin/cobbler/ /var/www/cgi-bin/cobbler/*.cgi %defattr(660,apache,apache) diff --git a/config/cobbler.conf b/config/cobbler.conf index 3ebc9e6..422420d 100644 --- a/config/cobbler.conf +++ b/config/cobbler.conf @@ -7,7 +7,6 @@ AliasMatch ^/cobbler(.*)?$ "/var/www/cobbler$1" <Directory "/var/www/cobbler"> Options Indexes FollowSymLinks - AllowOverride None Order allow,deny Allow from all </Directory> @@ -24,7 +23,7 @@ ProxyPassReverse /cobbler_api_rw http://localhost:25152/ BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On -# For Web UI, see also: /var/www/cgi-bin/cobbler/.htaccess +# For misc CGI scripts <Directory "/var/www/cgi-bin/cobbler"> AllowOverride All @@ -33,4 +32,21 @@ BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On Allow from all </Directory> +# mod_python WebUI/services + +<Directory "/var/www/cobbler/web/"> + AuthType Basic + AuthName Cobbler + Require valid-user + SetHandler mod_python + PythonAccessHandler index + PythonAuthenHandler index + PythonAuthZHandler index + PythonHandler mod_python.publisher + + # disable in production + PythonDebug on + PythonAutoReload on +</Directory> + diff --git a/scripts/index.py b/scripts/index.py new file mode 100755 index 0000000..9076d6d --- /dev/null +++ b/scripts/index.py @@ -0,0 +1,72 @@ +""" +mod_python gateway to all interesting cobbler web and web service +functions. + +Copyright 2007, Red Hat, Inc +Michael DeHaan <mdehaan@redhat.com> + +This software may be freely redistributed under the terms of the GNU +general public license. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +""" + +# TO DO: +# connect backend authn via cobbler XMLRPC (non-RW) API +# connect backend authz via cobbler XMLRPC (RW) API +# serve up Web UI through this interface, via tokens in headers +# make REST interface for read/write commands (also?) + +from mod_python import apache + +def __get_user(req): + req.add_common_vars() + env_vars = req.subprocess_env.copy() + return env_vars["REMOTE_USER"] + +def index(req): + user = __get_user(req) + path = req.uri + return "Hello, %s, %s" % (user, path) + +def hello(req): + user = __get_user(req) + path = req.uri + return "We are in hello(%s)" % path + +def authenhandler(req): + + pw = req.get_basic_auth_pw() + user = req.user + + # FIXME: poll cobbler_api (not rw) here to check + # check_authn(user,pass) -> T/F + + apache.log_error("authenticate handler called") + + if user == "admin" and pw == "cobbler": + return apache.OK + else: + return apache.HTTP_UNAUTHORIZED + +def accesshandler(req): + uri = req.uri + + apache.log_error("accesshandler uri: %s" % (uri)) + + # FIXME: poll cobbler_api (not rw) here to check + # check_access(user,uri) -> T/F + + if uri.find("hello") != -1: + return apache.HTTP_FORBIDDEN + return apache.OK + +def authenzhandler(req): + + # we really don't need this because of the accesshandler. + # add in later if we find we /DO/ need it + return apache.OK + + @@ -45,6 +45,7 @@ if __name__ == "__main__": tftp_images = "/tftpboot/images" rotpath = "/etc/logrotate.d" cgipath = "/var/www/cgi-bin/cobbler" + modpython = "/var/www/cobbler/web" setup( name="cobbler", version = VERSION, @@ -60,10 +61,10 @@ if __name__ == "__main__": ], scripts = ["scripts/cobbler", "scripts/cobblerd"], data_files = [ - + (modpython, ['scripts/index.py']), # cgi files - (cgipath, ['scripts/findks.cgi', 'scripts/nopxe.cgi']), - (cgipath, ['scripts/webui.cgi', 'scripts/post_install_trigger.cgi']), + (cgipath, ['scripts/findks.cgi', 'scripts/nopxe.cgi']), + (cgipath, ['scripts/webui.cgi', 'scripts/post_install_trigger.cgi']), # miscellaneous config files (cgipath, ['config/.htaccess']), |