diff options
| author | Michael DeHaan <mdehaan@redhat.com> | 2008-03-26 12:49:35 -0400 |
|---|---|---|
| committer | Michael DeHaan <mdehaan@redhat.com> | 2008-03-26 12:49:35 -0400 |
| commit | a6a82750ac3cab01fbafdd689a7ea1f5f6dc0bf7 (patch) | |
| tree | a7807216eb748704facc493065095c9abcdf701e /cobbler/remote.py | |
| parent | 297805a2c498e57556348f3bb28e8f054c2556aa (diff) | |
| download | third_party-cobbler-a6a82750ac3cab01fbafdd689a7ea1f5f6dc0bf7.tar.gz third_party-cobbler-a6a82750ac3cab01fbafdd689a7ea1f5f6dc0bf7.tar.xz third_party-cobbler-a6a82750ac3cab01fbafdd689a7ea1f5f6dc0bf7.zip | |
Updated LDAP and authorization code, plus packaging
Diffstat (limited to 'cobbler/remote.py')
| -rw-r--r-- | cobbler/remote.py | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/cobbler/remote.py b/cobbler/remote.py index 5131323..4b04fcb 100644 --- a/cobbler/remote.py +++ b/cobbler/remote.py @@ -561,10 +561,6 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): FIXME: currently looks for users in /etc/cobbler/auth.conf Would be very nice to allow for PAM and/or just Kerberos. """ - if not self.auth_enabled and input_user == "<system>": - return True - if self.auth_enabled and input_user == "<system>": - return False return self.api.authenticate(input_user,input_password) def __validate_token(self,token): @@ -579,11 +575,12 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): self.__invalidate_expired_tokens() self.__invalidate_expired_objects() - if not self.auth_enabled: - user = self.get_user_from_token(token) - if user == "<system>": - self.token_cache[token] = (time.time(), user) # update to prevent timeout - return True + #if not self.auth_enabled: + # user = self.get_user_from_token(token) + # # old stuff, preserving for future usage + # # if user == "<system>": + # # self.token_cache[token] = (time.time(), user) # update to prevent timeout + # # return True if self.token_cache.has_key(token): user = self.get_user_from_token(token) @@ -598,10 +595,16 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): def check_access(self,token,resource,arg1=None,arg2=None): validated = self.__validate_token(token) + user = self.get_user_from_token(token) if not self.auth_enabled: + # for public read-only XMLRPC, permit access + self.log("permitting read-only access") return True - return self.__authorize(token,resource,arg1,arg2) - + rc = self.__authorize(token,resource,arg1,arg2) + self.log("authorization result: %s" % rc) + if not rc: + raise CX(_("authorization failure for user %s" % user)) + return rc def login(self,login_user,login_password): """ @@ -621,7 +624,9 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): def __authorize(self,token,resource,arg1=None,arg2=None): user = self.get_user_from_token(token) - if self.api.authorize(user,resource,arg1,arg2): + self.log("calling authorize for resource %s" % resource, user=user) + rc = self.api.authorize(user,resource,arg1,arg2) + if rc: return True else: raise CX(_("user does not have access to resource: %s") % resource) |