1 # Copyright (C) 2013 Ipsilon project Contributors, for license see COPYING
3 from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
5 from ipsilon.util.plugin import PluginObject
6 from ipsilon.util import config as pconfig
11 class Pam(LoginFormBase):
13 def _authenticate(self, username, password):
14 if self.lm.service_name:
15 ok = pam.pam().authenticate(username, password, self.lm.service_name)
17 ok = pam.pam().authenticate(username, password)
20 self.log("User %s successfully authenticated." % username)
23 self.log("User %s failed authentication." % username)
26 def POST(self, *args, **kwargs):
27 username = kwargs.get("login_name")
28 password = kwargs.get("login_password")
32 if username and password:
33 user = self._authenticate(username, password)
35 return self.lm.auth_successful(self.trans, user, 'password')
37 error = "Authentication failed"
40 error = "Username or password is missing"
41 self.error("Error: " + error)
43 context = self.create_tmpl_context(
46 error_password=not password,
47 error_username=not username
49 self.lm.set_auth_error()
50 return self._template('login/form.html', **context)
53 class LoginManager(LoginManagerBase):
55 def __init__(self, *args, **kwargs):
56 super(LoginManager, self).__init__(*args, **kwargs)
60 self.description = """
61 Form based login Manager that uses the system's PAM infrastructure
62 for authentication. """
67 'The name of the PAM service used to authenticate.',
73 'Text used to ask for the username at login time.',
77 'Text used to ask for the password at login time.',
81 'Text used to guide the user at login time.',
82 'Provide your Username and Password')
86 def service_name(self):
87 return self.get_config_value('service name')
91 return self.get_config_value('help text')
94 def username_text(self):
95 return self.get_config_value('username text')
98 def password_text(self):
99 return self.get_config_value('password text')
101 def get_tree(self, site):
102 self.page = Pam(site, self, 'login/pam')
106 class Installer(LoginManagerInstaller):
108 def __init__(self, *pargs):
109 super(Installer, self).__init__()
113 def install_args(self, group):
114 group.add_argument('--pam', choices=['yes', 'no'], default='no',
115 help='Configure PAM authentication')
116 group.add_argument('--pam-service', action='store', default='remote',
117 help='PAM service name to use for authentication')
119 def configure(self, opts, changes):
120 if opts['pam'] != 'yes':
123 # Add configuration data to database
124 po = PluginObject(*self.pargs)
127 po.wipe_config_values()
128 config = {'service name': opts['pam_service']}
129 po.save_plugin_config(config)
131 # Update global config to add login plugin
133 po.save_enabled_state()
135 # for selinux enabled platforms, ignore if it fails just report
137 subprocess.call(['/usr/sbin/setsebool', '-P',
138 'httpd_mod_auth_pam=on',
139 'httpd_tmp_exec=on'])
140 except Exception: # pylint: disable=broad-except