diff options
Diffstat (limited to 'cobbler/remote.py')
-rw-r--r-- | cobbler/remote.py | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/cobbler/remote.py b/cobbler/remote.py index 07539e4..898e712 100644 --- a/cobbler/remote.py +++ b/cobbler/remote.py @@ -53,9 +53,10 @@ class CobblerXMLRPCInterface: interface are intentionally /not/ validated. It's a public API. """ - def __init__(self,api,logger): + def __init__(self,api,logger,enable_auth_if_relevant): self.api = api self.logger = logger + self.auth_enabled = enable_auth_if_relevant def __sorter(self,a,b): return cmp(a["name"],b["name"]) @@ -427,9 +428,9 @@ class CobblerXMLRPCServer(SimpleXMLRPCServer.SimpleXMLRPCServer): class ProxiedXMLRPCInterface: - def __init__(self,api,logger,proxy_class): + def __init__(self,api,logger,proxy_class,enable_auth_if_relevant=True): self.logger = logger - self.proxied = proxy_class(api,logger) + self.proxied = proxy_class(api,logger,enable_auth_if_relevant) def _dispatch(self, method, params): @@ -449,8 +450,9 @@ class ProxiedXMLRPCInterface: class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): - def __init__(self,api,logger): + def __init__(self,api,logger,enable_auth_if_relevant): self.api = api + self.auth_enabled = enable_auth_if_relevant self.logger = logger self.token_cache = TOKEN_CACHE self.object_cache = OBJECT_CACHE @@ -511,9 +513,16 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): Returns whether this user/pass combo should be given access to the cobbler read-write API. + For the system user, this answer is always "yes", but + it is only valid for the socket interface. + FIXME: currently looks for users in /etc/cobbler/auth.conf Would be very nice to allow for PAM and/or just Kerberos. """ + if not self.auth_enabled and input_user == "<system>": + return True + if self.auth_enabled and input_user == "<system>": + return False return self.api.authenticate(input_user,input_password) def __validate_token(self,token): @@ -527,8 +536,18 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): """ self.__invalidate_expired_tokens() self.__invalidate_expired_objects() + + if not self.auth_enabled: + user = self.get_user_from_token(token) + if user == "<system>": + self.token_cache[token] = (time.time(), user) # update to prevent timeout + return True + if self.token_cache.has_key(token): user = self.get_user_from_token(token) + if user == "<system>": + # system token is only valid over Unix socket + return False self.token_cache[token] = (time.time(), user) # update to prevent timeout return True else: @@ -537,6 +556,8 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): def check_access(self,token,resource,arg1=None,arg2=None): validated = self.__validate_token(token) + if not self.auth_enabled: + return True return self.__authorize(token,resource,arg1,arg2) |