diff options
author | Michael DeHaan <mdehaan@redhat.com> | 2008-04-14 16:31:08 -0400 |
---|---|---|
committer | Michael DeHaan <mdehaan@redhat.com> | 2008-04-14 16:31:08 -0400 |
commit | 51119d1acc532cfad68b9fe4a1daa945fe7cd3f0 (patch) | |
tree | ba5f3f661513b51c4a850b4c4fec2a1fa2b9fd5b /scripts | |
parent | 6f6c1c700aac364d5cb2f29d039c950f26767f10 (diff) | |
download | cobbler-51119d1acc532cfad68b9fe4a1daa945fe7cd3f0.tar.gz cobbler-51119d1acc532cfad68b9fe4a1daa945fe7cd3f0.tar.xz cobbler-51119d1acc532cfad68b9fe4a1daa945fe7cd3f0.zip |
Better kerberos support. See the Wiki.
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/cobbler_auth_help | 55 | ||||
-rwxr-xr-x | scripts/index.py | 25 |
2 files changed, 23 insertions, 57 deletions
diff --git a/scripts/cobbler_auth_help b/scripts/cobbler_auth_help deleted file mode 100644 index c43cd5b2..00000000 --- a/scripts/cobbler_auth_help +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/perl - -# Kerberos helper for logins -# -# Copyright 2007, Red Hat, Inc -# Michael DeHaan <mdehaan@redhat.com> -# -# This software may be freely redistributed under the terms of the GNU -# general public license. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -# Usage: -# cobbler_auth_helper kerberos username pass -# (may do other auth types later) -# Returns: -# 0 on ok, non-0 on failure -# API info: -# http://search.cpan.org/~chansen/Authen-Simple-Kerberos-0.1/ - -use warnings; -use strict; - -use Authen::Simple::Kerberos; -use Getopt::Long; - -my $method; -my $username; -my $realm; -my $password; -my $verbose=1; - -my $result = GetOptions( - "method=s" => \$method, - "username=s" => \$username, - "realm=s" => \$realm, - "password=s" => \$password, -); - -my $kerberos = Authen::Simple::Kerberos->new( - realm => $realm -); - -print "authenticating: $username against (realm=$realm) (pass=$password)\n" if $verbose; - -if ( $kerberos->authenticate( $username, $password ) ) { - print "ok\n" if $verbose; - exit(42); -} - -print "denied\n" if $verbose; -exit(1); - diff --git a/scripts/index.py b/scripts/index.py index d32a3a67..281e36ea 100755 --- a/scripts/index.py +++ b/scripts/index.py @@ -18,6 +18,7 @@ from mod_python import util import xmlrpclib import cgi +import os from cobbler.webui import CobblerWeb XMLRPC_SERVER = "http://127.0.0.1:25152" # was http://127.0.0.1/cobbler_api_rw" @@ -70,7 +71,28 @@ def handler(req): my_user = __get_user(req) my_uri = req.uri sess = __get_session(req) - token = sess['cobbler_token'] + + if not sess.has_key('cobbler_token'): + # using Kerberos instead of Python Auth handler? + # We need to get our own token for use with authn_passthru + # which should also be configured in /etc/cobbler/modules.conf + # if another auth mode is configured in modules.conf this will + # most certaintly fail. + try: + if not os.path.exists("/var/lib/cobbler/web.ss"): + apache.log_error("cannot load /var/lib/cobbler/web.ss") + return apache.HTTP_UNAUTHORIZED + fd = open("/var/lib/cobbler/web.ss") + data = fd.read() + my_pw = data + fd.close() + token = xmlrpc_server.login(my_user,my_pw) + except Exception, e: + apache.log_error(str(e)) + return apache.HTTP_UNAUTHORIZED + sess['cobbler_token'] = token + else: + token = sess['cobbler_token'] # needed? req.add_common_vars() @@ -118,7 +140,6 @@ def authenhandler(req): my_user = req.user my_uri = req.uri - apache.log_error("authenhandler called: %s" % my_user) try: token = xmlrpc_server.login(my_user,my_pw) except Exception, e: |