1
by Dave Walker (Daviey)
Import upstream version 2.1.0~bzr1881 |
1 |
"""
|
2 |
mod_python gateway to all interesting cobbler web functions
|
|
3 |
||
4 |
Copyright 2007-2009, Red Hat, Inc
|
|
5 |
Michael DeHaan <mdehaan@redhat.com>
|
|
6 |
||
7 |
This software may be freely redistributed under the terms of the GNU
|
|
8 |
general public license.
|
|
9 |
||
10 |
You should have received a copy of the GNU General Public License
|
|
11 |
along with this program; if not, write to the Free Software
|
|
12 |
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
13 |
"""
|
|
14 |
||
15 |
from mod_python import apache |
|
16 |
from mod_python import Session |
|
17 |
from mod_python import util |
|
18 |
||
19 |
import xmlrpclib |
|
20 |
import cgi |
|
21 |
import os |
|
22 |
from cobbler.webui import CobblerWeb |
|
23 |
import cobbler.utils as utils |
|
24 |
import yaml # PyYAML |
|
25 |
||
26 |
XMLRPC_SERVER = "http://127.0.0.1:25151" # FIXME: pull port from settings |
|
27 |
||
28 |
#=======================================
|
|
29 |
||
30 |
class ServerProxy(xmlrpclib.ServerProxy): |
|
31 |
||
32 |
"""
|
|
33 |
Establishes a connection from the mod_python
|
|
34 |
web interface to cobblerd, which incidentally
|
|
35 |
is also being proxied by Apache.
|
|
36 |
"""
|
|
37 |
||
38 |
def __init__(self, url=None): |
|
39 |
xmlrpclib.ServerProxy.__init__(self, url, allow_none=True) |
|
40 |
||
41 |
xmlrpc_server = ServerProxy(XMLRPC_SERVER) |
|
42 |
||
43 |
#=======================================
|
|
44 |
||
45 |
def __get_user(req): |
|
46 |
"""
|
|
47 |
What user are we logged in as?
|
|
48 |
"""
|
|
49 |
req.add_common_vars() |
|
50 |
env_vars = req.subprocess_env.copy() |
|
51 |
return env_vars["REMOTE_USER"] |
|
52 |
||
53 |
def __get_session(req): |
|
54 |
"""
|
|
55 |
Get/Create the Apache Session Object
|
|
56 |
FIXME: any reason to not use MemorySession?
|
|
57 |
"""
|
|
58 |
if not hasattr(req,"session"): |
|
59 |
req.session = Session.MemorySession(req) |
|
60 |
return req.session |
|
61 |
||
62 |
#======================================================
|
|
63 |
||
64 |
def handler(req): |
|
65 |
||
66 |
"""
|
|
67 |
Right now, index serves everything.
|
|
68 |
||
69 |
Hitting this URL means we've already cleared authn/authz
|
|
70 |
but we still need to use the token for all remote requests.
|
|
71 |
"""
|
|
72 |
||
73 |
my_user = __get_user(req) |
|
74 |
my_uri = req.uri |
|
75 |
sess = __get_session(req) |
|
76 |
||
77 |
if not sess.has_key('cobbler_token'): |
|
78 |
# using Kerberos instead of Python Auth handler?
|
|
79 |
# We need to get our own token for use with authn_passthru
|
|
80 |
# which should also be configured in /etc/cobbler/modules.conf
|
|
81 |
# if another auth mode is configured in modules.conf this will
|
|
82 |
# most certaintly fail.
|
|
83 |
try: |
|
84 |
if not os.path.exists("/var/lib/cobbler/web.ss"): |
|
85 |
apache.log_error("cannot load /var/lib/cobbler/web.ss") |
|
86 |
return apache.HTTP_UNAUTHORIZED |
|
87 |
fd = open("/var/lib/cobbler/web.ss") |
|
88 |
data = fd.read() |
|
89 |
my_pw = data |
|
90 |
fd.close() |
|
91 |
token = xmlrpc_server.login(my_user,my_pw) |
|
92 |
except Exception, e: |
|
93 |
apache.log_error(str(e)) |
|
94 |
return apache.HTTP_UNAUTHORIZED |
|
95 |
sess['cobbler_token'] = token |
|
96 |
else: |
|
97 |
token = sess['cobbler_token'] |
|
98 |
||
99 |
# needed?
|
|
100 |
# usage later
|
|
101 |
req.add_common_vars() |
|
102 |
||
103 |
# process form and qs data, if any
|
|
104 |
fs = util.FieldStorage(req) |
|
105 |
form = {} |
|
106 |
for x in fs.keys(): |
|
107 |
form[x] = str(fs.get(x,'default')) |
|
108 |
||
109 |
fd = open("/etc/cobbler/settings") |
|
110 |
data = fd.read() |
|
111 |
fd.close() |
|
52
by Andres Rodriguez
Reverted changes back to rev50 |
112 |
ydata = yaml.load(data) |
1
by Dave Walker (Daviey)
Import upstream version 2.1.0~bzr1881 |
113 |
remote_port = ydata.get("xmlrpc_port", 25151) |
114 |
||
115 |
mode = form.get('mode','index') |
|
116 |
||
117 |
# instantiate a CobblerWeb object
|
|
118 |
cw = CobblerWeb.CobblerWeb( |
|
119 |
apache = apache, |
|
120 |
token = token, |
|
121 |
base_url = "/cobbler/web/", |
|
122 |
mode = mode, |
|
123 |
server = "http://127.0.0.1:%s" % remote_port |
|
124 |
)
|
|
125 |
||
126 |
# check for a valid path/mode
|
|
127 |
# handle invalid paths gracefully
|
|
128 |
if mode in cw.modes(): |
|
129 |
func = getattr( cw, mode ) |
|
130 |
content = func( **form ) |
|
131 |
else: |
|
132 |
func = getattr( cw, 'error_page' ) |
|
133 |
content = func( "Invalid Mode: \"%s\"" % mode ) |
|
134 |
||
135 |
if content.startswith("# REDIRECT "): |
|
136 |
util.redirect(req, location=content[11:], permanent=False) |
|
137 |
else: |
|
138 |
# apache.log_error("%s:%s ... %s" % (my_user, my_uri, str(form)))
|
|
139 |
req.content_type = "text/html;charset=utf-8" |
|
140 |
req.write(unicode(content).encode('utf-8')) |
|
141 |
||
142 |
if not content.startswith("# ERROR") and content.find("<!-- ERROR -->") == -1: |
|
143 |
return apache.OK |
|
144 |
else: |
|
145 |
# catch Cheetah errors and web errors
|
|
146 |
return apache.HTTP_INTERNAL_SERVER_ERROR |
|
147 |
||
148 |
#======================================================
|
|
149 |
||
150 |
def authenhandler(req): |
|
151 |
||
152 |
"""
|
|
153 |
Validates that username/password are a valid combination, but does
|
|
154 |
not check access levels.
|
|
155 |
"""
|
|
156 |
||
157 |
my_pw = req.get_basic_auth_pw() |
|
158 |
my_user = req.user |
|
159 |
my_uri = req.uri |
|
160 |
||
161 |
try: |
|
162 |
token = xmlrpc_server.login(my_user,my_pw) |
|
163 |
except Exception, e: |
|
164 |
apache.log_error(str(e)) |
|
165 |
return apache.HTTP_UNAUTHORIZED |
|
166 |
||
167 |
try: |
|
168 |
ok = xmlrpc_server.check_access(token,my_uri) |
|
169 |
except Exception, e: |
|
170 |
apache.log_error(str(e)) |
|
171 |
return apache.HTTP_FORBIDDEN |
|
172 |
||
173 |
||
174 |
sess=__get_session(req) |
|
175 |
sess['cobbler_token'] = token |
|
176 |
sess.save() |
|
177 |
||
178 |
return apache.OK |
|
179 |
||
180 |
#======================================================
|
|
181 |
||
182 |
def accesshandler(req): |
|
183 |
||
184 |
"""
|
|
185 |
Not using this
|
|
186 |
"""
|
|
187 |
||
188 |
return apache.OK |
|
189 |
||
190 |
#======================================================
|
|
191 |
||
192 |
def authenzhandler(req): |
|
193 |
||
194 |
"""
|
|
195 |
Not using this
|
|
196 |
"""
|
|
197 |
||
198 |
return apache.OK |
|
199 |