Source Code for Module backend.server.handlers.sat.auth

  1  # 
  2  # Copyright (c) 2008--2016 Red Hat, Inc. 
  3  # 
  4  # This software is licensed to you under the GNU General Public License, 
  5  # version 2 (GPLv2). There is NO WARRANTY for this software, express or 
  6  # implied, including the implied warranties of MERCHANTABILITY or FITNESS 
  7  # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 
  8  # along with this software; if not, see 
  9  # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 
 10  # 
 11  # Red Hat trademarks are not licensed under GPLv2. No permission is 
 12  # granted to use or replicate Red Hat trademarks that are incorporated 
 13  # in this software or its documentation. 
 14  # 
 15  # Satellite specific authentication xmlrpc method. 
 16   
 17  import time 
 18  import sys 
 19  from rhn.connections import idn_puny_to_unicode 
 20   
 21  from spacewalk.common.rhnLog import log_debug 
 22  from spacewalk.common.rhnConfig import CFG 
 23  from spacewalk.common.rhnException import rhnFault 
 24  from spacewalk.common.rhnTranslate import _ 
 25  from spacewalk.server.rhnHandler import rhnHandler 
 26  from spacewalk.server import rhnLib 
 27  from spacewalk.server import rhnSQL 
 28   
 29   
 30 -class Authentication(rhnHandler): 
 31   
 32      """ Simple authentication based on hostname and configured slaves """ 
 33   
 34 -    def __init__(self): 
 35          log_debug(3) 
 36          rhnHandler.__init__(self) 
 37          self.functions.append('check') 
 38          self.functions.append('login') 
 39   
 40          # this is populated directly by server.apacheRequest.py 
 41          self.remote_hostname = '' 
 42   
 43 -    def auth_system(self): 
 44          if CFG.DISABLE_ISS: 
 45              raise rhnFault(2005, _('ISS is disabled on this satellite.')) 
 46   
 47          if not rhnSQL.fetchone_dict("select 1 from rhnISSSlave where slave = :hostname and enabled = 'Y'", 
 48                                      hostname=idn_puny_to_unicode(self.remote_hostname)): 
 49              raise rhnFault(2004, 
 50                             _('Server "%s" is not enabled for ISS.') 
 51                             % self.remote_hostname) 
 52          return self.remote_hostname 
 53   
 54 -    def check(self, system_id_ignored): 
 55          """xmlrpc authentication. 
 56          """ 
 57          log_debug(3) 
 58   
 59          # Authenticate server 
 60          try: 
 61              self.auth_system() 
 62          except rhnFault: 
 63              e = sys.exc_info()[1] 
 64              if e.code == 2002: 
 65                  # Return an error code 
 66                  return 0 
 67              # Pass the exception through 
 68              raise 
 69          # This is a satellite 
 70          return 1 
 71   
 72      # Log in routine. 
 73 -    def login(self, system_id, extra_data={}): 
 74          """Return a dictionary of session token/channel information. 
 75             Also sets this information in the headers. 
 76          """ 
 77          log_debug(5, self.remote_hostname) 
 78          # Authenticate the system certificate. 
 79          self.auth_system() 
 80   
 81          # log the entry 
 82          log_debug(1, self.remote_hostname) 
 83   
 84          rhnServerTime = str(time.time()) 
 85          expireOffset = str(CFG.SATELLITE_AUTH_TIMEOUT) 
 86          signature = rhnLib.computeSignature(CFG.SECRET_KEY, 
 87                                              self.remote_hostname, 
 88                                              rhnServerTime, 
 89                                              expireOffset) 
 90   
 91          loginDict = { 
 92              'X-RHN-Server-Hostname': self.remote_hostname, 
 93              'X-RHN-Auth': signature, 
 94              'X-RHN-Auth-Server-Time': rhnServerTime, 
 95              'X-RHN-Auth-Expire-Offset': expireOffset, 
 96          } 
 97   
 98          # XXX This request is not proxy-cacheable 
 99          log_debug(5, "loginDict", loginDict) 
100   
101          return loginDict 
102