From 26af9d1958608fb0237e2d1dd8b1b15d8cb862b7 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 19 Dec 2013 23:33:41 -0500 Subject: Add sample pam based login plugin Signed-off-by: Simo Sorce --- ipsilon/login/authpam.py | 114 +++++++++++++++++++++++++++++++++++++++++++++++ templates/login/pam.html | 33 ++++++++++++++ 2 files changed, 147 insertions(+) create mode 100755 ipsilon/login/authpam.py create mode 100644 templates/login/pam.html diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py new file mode 100755 index 0000000..ce60f39 --- /dev/null +++ b/ipsilon/login/authpam.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from ipsilon.login.common import LoginPageBase, LoginManagerBase +import cherrypy +import pam + + +class Pam(LoginPageBase): + + def _authenticate(self, username, password): + if self.lm.service_name: + ok = pam.authenticate(username, password, self.lm.service_name) + else: + ok = pam.authenticate(username, password) + + if ok: + cherrypy.log("User %s successfully authenticated." % username) + return username + + cherrypy.log("User %s failed authentication." % username) + return None + + def GET(self, *args, **kwargs): + return self._template('login/pam.html', title='Login', + action='%s/login/pam' % self.basepath, + service_name=self.lm.service_name, + username_text=self.lm.username_text, + password_text=self.lm.password_text) + + def POST(self, *args, **kwargs): + username = None + password = None + user = None + for key, value in kwargs.iteritems(): + if key == 'login_name': + username = value + elif key == 'login_password': + password = value + if username is not None and password is not None: + user = self._authenticate(username, password) + else: + cherrypy.log.error("Error: Username or password is missing") + + if user: + return self.lm.auth_successful(user) + else: + return self.lm.auth_failed() + + def root(self, *args, **kwargs): + op = getattr(self, cherrypy.request.method, self.GET) + if callable(op): + return op(*args, **kwargs) + + +class LoginManager(LoginManagerBase): + + def __init__(self, *args, **kwargs): + super(LoginManager, self).__init__(*args, **kwargs) + self.name = 'pam' + self.path = 'pam' + self.page = None + self.description = """ +Form based login Manager that uses the system's PAM infrastructure +for authentication. """ + self._options = { + 'service name': [ + """ The name of the PAM service used to authenticate. """, + 'string', + 'remote' + ], + 'username text': [ + """ The text shown to ask for the username in the form. """, + 'string', + 'Username' + ], + 'password text': [ + """ The text shown to ask for the password in the form. """, + 'string', + 'Password' + ], + } + + @property + def service_name(self): + return self.get_config_value('service name') + + @property + def username_text(self): + return self.get_config_value('username text') + + @property + def password_text(self): + return self.get_config_value('password text') + + def get_tree(self, site): + self.page = Pam(site, self) + return self.page diff --git a/templates/login/pam.html b/templates/login/pam.html new file mode 100644 index 0000000..4e490fe --- /dev/null +++ b/templates/login/pam.html @@ -0,0 +1,33 @@ + + + + + {{ title }} + + + + +
+ +
+
+

+ +
+ +

+

+ +
+ +

+

+ +

+
+
+
+ + -- cgit