diff options
| author | Michael DeHaan <mdehaan@redhat.com> | 2007-12-03 17:38:49 -0500 |
|---|---|---|
| committer | Michael DeHaan <mdehaan@redhat.com> | 2007-12-03 17:38:49 -0500 |
| commit | 57ef142ab094e156bb25b077ce16563dfde5a8ff (patch) | |
| tree | fde4c33234e973071b14826eb7cd7e3bb64e222e /scripts | |
| parent | 892d8d4914197c0ab47f397012468752196e8d02 (diff) | |
| download | third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.tar.gz third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.tar.xz third_party-cobbler-57ef142ab094e156bb25b077ce16563dfde5a8ff.zip | |
First start of pluggable authn/authz system for remote API + web interface,
using Apache modules.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/index.py | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/scripts/index.py b/scripts/index.py new file mode 100755 index 0000000..9076d6d --- /dev/null +++ b/scripts/index.py @@ -0,0 +1,72 @@ +""" +mod_python gateway to all interesting cobbler web and web service +functions. + +Copyright 2007, Red Hat, Inc +Michael DeHaan <mdehaan@redhat.com> + +This software may be freely redistributed under the terms of the GNU +general public license. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +""" + +# TO DO: +# connect backend authn via cobbler XMLRPC (non-RW) API +# connect backend authz via cobbler XMLRPC (RW) API +# serve up Web UI through this interface, via tokens in headers +# make REST interface for read/write commands (also?) + +from mod_python import apache + +def __get_user(req): + req.add_common_vars() + env_vars = req.subprocess_env.copy() + return env_vars["REMOTE_USER"] + +def index(req): + user = __get_user(req) + path = req.uri + return "Hello, %s, %s" % (user, path) + +def hello(req): + user = __get_user(req) + path = req.uri + return "We are in hello(%s)" % path + +def authenhandler(req): + + pw = req.get_basic_auth_pw() + user = req.user + + # FIXME: poll cobbler_api (not rw) here to check + # check_authn(user,pass) -> T/F + + apache.log_error("authenticate handler called") + + if user == "admin" and pw == "cobbler": + return apache.OK + else: + return apache.HTTP_UNAUTHORIZED + +def accesshandler(req): + uri = req.uri + + apache.log_error("accesshandler uri: %s" % (uri)) + + # FIXME: poll cobbler_api (not rw) here to check + # check_access(user,uri) -> T/F + + if uri.find("hello") != -1: + return apache.HTTP_FORBIDDEN + return apache.OK + +def authenzhandler(req): + + # we really don't need this because of the accesshandler. + # add in later if we find we /DO/ need it + return apache.OK + + |