diff options
author | Michael DeHaan <mdehaan@redhat.com> | 2007-12-04 16:36:32 -0500 |
---|---|---|
committer | Michael DeHaan <mdehaan@redhat.com> | 2007-12-04 16:36:32 -0500 |
commit | 58cae26af9b3a868041b52fc0dde6047faff73a3 (patch) | |
tree | 6ed3d21a598cfc3e513e6315d7275d2b32ff8101 /scripts | |
parent | 57ef142ab094e156bb25b077ce16563dfde5a8ff (diff) | |
download | third_party-cobbler-58cae26af9b3a868041b52fc0dde6047faff73a3.tar.gz third_party-cobbler-58cae26af9b3a868041b52fc0dde6047faff73a3.tar.xz third_party-cobbler-58cae26af9b3a868041b52fc0dde6047faff73a3.zip |
AuthN/AuthZ modules are now pluggable, http://127.0.0.1/cobbler/web now active for mod_python using AuthN/AuthZ, backend now also doing AuthZ. default AuthN mechanism is using /etc/cobbler/auth.conf for now, which needs to be replaced, should use htdigest data at minimum.
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/index.py | 122 |
1 files changed, 96 insertions, 26 deletions
diff --git a/scripts/index.py b/scripts/index.py index 9076d6d..fc528df 100755 --- a/scripts/index.py +++ b/scripts/index.py @@ -13,60 +13,130 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. """ -# TO DO: -# connect backend authn via cobbler XMLRPC (non-RW) API -# connect backend authz via cobbler XMLRPC (RW) API +# still TODO: # serve up Web UI through this interface, via tokens in headers -# make REST interface for read/write commands (also?) from mod_python import apache +from mod_python import Session +import xmlrpclib + +XMLRPC_SERVER = "http://127.0.0.1/cobbler_api_rw" + +#======================================= + +class ServerProxy(xmlrpclib.ServerProxy): + + """ + Establishes a connection from the mod_python + web interface to cobblerd, which incidentally + is also being proxied by Apache. + """ + + def __init__(self, url=None): + xmlrpclib.ServerProxy.__init__(self, url, allow_none=True) + +xmlrpc_server = ServerProxy(XMLRPC_SERVER) + +#======================================= def __get_user(req): + """ + What user are we logged in as? + """ req.add_common_vars() env_vars = req.subprocess_env.copy() return env_vars["REMOTE_USER"] +def __get_session(req): + """ + Get/Create the Apache Session Object + FIXME: any reason to not use MemorySession? + """ + if not hasattr(req,"session"): + req.session = Session.MemorySession(req) + return req.session + +#====================================================== + def index(req): - user = __get_user(req) - path = req.uri - return "Hello, %s, %s" % (user, path) + + """ + Right now, index serves everything. + + Hitting this URL means we've already cleared authn/authz + but we still need to use the token for all remote requests. + + FIXME: deal with query strings and defer to CobblerWeb.py + """ + + my_user = __get_user(req) + my_uri = req.uri + + sess = __get_session(req) + token = sess['cobbler_token'] + + return "it seems to be all good: %s" % token + +#====================================================== def hello(req): + + """ + This is just another example for the publisher handler. + """ + user = __get_user(req) path = req.uri return "We are in hello(%s)" % path -def authenhandler(req): +#====================================================== - pw = req.get_basic_auth_pw() - user = req.user +def authenhandler(req): - # FIXME: poll cobbler_api (not rw) here to check - # check_authn(user,pass) -> T/F + """ + Validates that username/password are a valid combination, but does + not check access levels. + """ - apache.log_error("authenticate handler called") + my_pw = req.get_basic_auth_pw() + my_user = req.user + my_uri = req.uri - if user == "admin" and pw == "cobbler": - return apache.OK - else: + apache.log_error("authenhandler called: %s" % my_user) + try: + token = xmlrpc_server.login(my_user,my_pw) + except: return apache.HTTP_UNAUTHORIZED -def accesshandler(req): - uri = req.uri + try: + ok = xmlrpc_server.check_access(token,my_uri) + except: + return apache.HTTP_FORBIDDEN + - apache.log_error("accesshandler uri: %s" % (uri)) + sess=__get_session(req) + sess['cobbler_token'] = token + sess.save() - # FIXME: poll cobbler_api (not rw) here to check - # check_access(user,uri) -> T/F + return apache.OK + +#====================================================== + +def accesshandler(req): + + """ + Not using this + """ - if uri.find("hello") != -1: - return apache.HTTP_FORBIDDEN return apache.OK +#====================================================== + def authenzhandler(req): - # we really don't need this because of the accesshandler. - # add in later if we find we /DO/ need it - return apache.OK + """ + Not using this + """ + return apache.OK |