1
#============================================================================
2
# This library is free software; you can redistribute it and/or
3
# modify it under the terms of version 2.1 of the GNU Lesser General Public
4
# License as published by the Free Software Foundation.
6
# This library is distributed in the hope that it will be useful,
7
# but WITHOUT ANY WARRANTY; without even the implied warranty of
8
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9
# Lesser General Public License for more details.
11
# You should have received a copy of the GNU Lesser General Public
12
# License along with this library; if not, write to the Free Software
13
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14
#============================================================================
15
# Copyright (C) 2006 XenSource Ltd.
16
#============================================================================
20
from xen.xend import uuid
21
from xen.xend.XendError import *
22
from xen.xend.XendLogging import log
24
class XendAuthSessions:
25
"""Keeps track of Xen API Login Sessions using PAM.
27
Note: Login sessions are not valid across instances of Xend.
35
def login_unconditionally(self, username):
36
"""Returns a session UUID if valid.
41
new_session = uuid.createString()
42
self.sessions[new_session] = (username, time.time())
45
def login_with_password(self, username, password):
46
"""Returns a session UUID if valid, otherwise raises an error.
48
@raises XendError: If login fails.
52
if self.is_authorized(username, password):
53
return self.login_unconditionally(username)
55
raise XendError("Login failed")
57
def logout(self, session):
58
"""Delete session of it exists."""
59
if self.is_session_valid(session):
60
del self.sessions[session]
62
def is_session_valid(self, session):
63
"""Returns true is session is valid."""
64
if type(session) == type(str()):
65
return (session in self.sessions)
68
def is_authorized(self, username, password):
69
"""Returns true is a user is authorised via PAM.
71
Note: We use the 'login' PAM stack rather than inventing
81
log.warn("python-pam is required for XenAPI support.")
84
# if PAM doesn't exist, let's ignore it
87
pam_auth.start("login")
88
pam_auth.set_item(PAM.PAM_USER, username)
90
def _pam_conv(auth, query_list, user_data = None):
92
for i in range(len(query_list)):
93
query, qtype = query_list[i]
94
if qtype == PAM.PAM_PROMPT_ECHO_ON:
95
resp.append((username, 0))
96
elif qtype == PAM.PAM_PROMPT_ECHO_OFF:
97
resp.append((password, 0))
102
pam_auth.set_item(PAM.PAM_CONV, _pam_conv)
105
pam_auth.authenticate()
107
except PAM.error, resp:
110
log.warn("Error with PAM: %s" % str(e))
115
def get_user(self, session):
117
return self.sessions[session][0]
118
except (KeyError, IndexError):
123
"""Singleton constructor. Use this instead of the class constructor.
129
inst = XendAuthSessions()