diff options
author | Simo Sorce <simo@redhat.com> | 2013-12-19 23:33:41 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-01-24 17:32:21 -0500 |
commit | 26af9d1958608fb0237e2d1dd8b1b15d8cb862b7 (patch) | |
tree | d07e661b5310358c60ea51b803fdc0672008c262 /ipsilon/login | |
parent | 2fb8bff093e49d95ab25eb8343ebbb1091f6e7a6 (diff) | |
download | ipsilon-26af9d1958608fb0237e2d1dd8b1b15d8cb862b7.tar.gz ipsilon-26af9d1958608fb0237e2d1dd8b1b15d8cb862b7.tar.xz ipsilon-26af9d1958608fb0237e2d1dd8b1b15d8cb862b7.zip |
Add sample pam based login plugin
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/login')
-rwxr-xr-x | ipsilon/login/authpam.py | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py new file mode 100755 index 0000000..ce60f39 --- /dev/null +++ b/ipsilon/login/authpam.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from ipsilon.login.common import LoginPageBase, LoginManagerBase +import cherrypy +import pam + + +class Pam(LoginPageBase): + + def _authenticate(self, username, password): + if self.lm.service_name: + ok = pam.authenticate(username, password, self.lm.service_name) + else: + ok = pam.authenticate(username, password) + + if ok: + cherrypy.log("User %s successfully authenticated." % username) + return username + + cherrypy.log("User %s failed authentication." % username) + return None + + def GET(self, *args, **kwargs): + return self._template('login/pam.html', title='Login', + action='%s/login/pam' % self.basepath, + service_name=self.lm.service_name, + username_text=self.lm.username_text, + password_text=self.lm.password_text) + + def POST(self, *args, **kwargs): + username = None + password = None + user = None + for key, value in kwargs.iteritems(): + if key == 'login_name': + username = value + elif key == 'login_password': + password = value + if username is not None and password is not None: + user = self._authenticate(username, password) + else: + cherrypy.log.error("Error: Username or password is missing") + + if user: + return self.lm.auth_successful(user) + else: + return self.lm.auth_failed() + + def root(self, *args, **kwargs): + op = getattr(self, cherrypy.request.method, self.GET) + if callable(op): + return op(*args, **kwargs) + + +class LoginManager(LoginManagerBase): + + def __init__(self, *args, **kwargs): + super(LoginManager, self).__init__(*args, **kwargs) + self.name = 'pam' + self.path = 'pam' + self.page = None + self.description = """ +Form based login Manager that uses the system's PAM infrastructure +for authentication. """ + self._options = { + 'service name': [ + """ The name of the PAM service used to authenticate. """, + 'string', + 'remote' + ], + 'username text': [ + """ The text shown to ask for the username in the form. """, + 'string', + 'Username' + ], + 'password text': [ + """ The text shown to ask for the password in the form. """, + 'string', + 'Password' + ], + } + + @property + def service_name(self): + return self.get_config_value('service name') + + @property + def username_text(self): + return self.get_config_value('username text') + + @property + def password_text(self): + return self.get_config_value('password text') + + def get_tree(self, site): + self.page = Pam(site, self) + return self.page |