diff options
Diffstat (limited to 'kvmd/plugins/auth')
-rw-r--r-- | kvmd/plugins/auth/__init__.py | 40 | ||||
-rw-r--r-- | kvmd/plugins/auth/htpasswd.py | 49 | ||||
-rw-r--r-- | kvmd/plugins/auth/http.py | 111 |
3 files changed, 200 insertions, 0 deletions
diff --git a/kvmd/plugins/auth/__init__.py b/kvmd/plugins/auth/__init__.py new file mode 100644 index 00000000..103f2857 --- /dev/null +++ b/kvmd/plugins/auth/__init__.py @@ -0,0 +1,40 @@ +# ========================================================================== # +# # +# KVMD - The main Pi-KVM daemon. # +# # +# Copyright (C) 2018 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +from typing import Type + +from .. import BasePlugin +from .. import get_plugin_class + + +# ===== +class BaseAuthService(BasePlugin): + async def login(self, user: str, passwd: str) -> bool: + raise NotImplementedError + + async def cleanup(self) -> None: + pass + + +# ===== +def get_auth_service_class(name: str) -> Type[BaseAuthService]: + return get_plugin_class("auth", name) # type: ignore diff --git a/kvmd/plugins/auth/htpasswd.py b/kvmd/plugins/auth/htpasswd.py new file mode 100644 index 00000000..099b1ae1 --- /dev/null +++ b/kvmd/plugins/auth/htpasswd.py @@ -0,0 +1,49 @@ +# ========================================================================== # +# # +# KVMD - The main Pi-KVM daemon. # +# # +# Copyright (C) 2018 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +from typing import Dict + +import passlib.apache + +from ...yamlconf import Option + +from ...validators.fs import valid_abs_path_exists + +from . import BaseAuthService + + +# ===== +class Plugin(BaseAuthService): + PLUGIN_NAME = "htpasswd" + + def __init__(self, path: str) -> None: # pylint: disable=super-init-not-called + self.__path = path + + @classmethod + def get_options(cls) -> Dict[str, Option]: + return { + "file": Option("/etc/kvmd/htpasswd", type=valid_abs_path_exists, unpack_as="path"), + } + + async def login(self, user: str, passwd: str) -> bool: + htpasswd = passlib.apache.HtpasswdFile(self.__path) + return htpasswd.check_password(user, passwd) diff --git a/kvmd/plugins/auth/http.py b/kvmd/plugins/auth/http.py new file mode 100644 index 00000000..e199069d --- /dev/null +++ b/kvmd/plugins/auth/http.py @@ -0,0 +1,111 @@ +# ========================================================================== # +# # +# KVMD - The main Pi-KVM daemon. # +# # +# Copyright (C) 2018 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +from typing import Dict +from typing import Optional + +import aiohttp +import aiohttp.web + +from ...yamlconf import Option + +from ...validators.basic import valid_bool +from ...validators.basic import valid_float_f01 + +from ...logging import get_logger + +from ... import __version__ + +from . import BaseAuthService + + +# ===== +class Plugin(BaseAuthService): + PLUGIN_NAME = "http" + + def __init__( # pylint: disable=super-init-not-called + self, + url: str, + verify: bool, + post: bool, + user: str, + passwd: str, + timeout: float, + ) -> None: + + self.__url = url + self.__verify = verify + self.__post = post + self.__user = user + self.__passwd = passwd + self.__timeout = timeout + + self.__http_session: Optional[aiohttp.ClientSession] = None + + @classmethod + def get_options(cls) -> Dict[str, Option]: + return { + "url": Option("http://localhost/auth_post"), + "verify": Option(True, type=valid_bool), + "post": Option(True, type=valid_bool), + "user": Option(""), + "passwd": Option(""), + "timeout": Option(5.0, type=valid_float_f01), + } + + async def login(self, user: str, passwd: str) -> bool: + kwargs: Dict = { + "method": "GET", + "url": self.__url, + "timeout": self.__timeout, + "headers": { + "User-Agent": "KVMD/%s" % (__version__), + "X-KVMD-User": user, + }, + } + if self.__post: + kwargs["method"] = "POST" + kwargs["json"] = {"user": user, "passwd": passwd} + + session = self.__ensure_session() + try: + async with session.request(**kwargs) as response: + response.raise_for_status() + return True + except Exception: + get_logger().exception("Failed HTTP auth request for user %r", user) + return False + + async def cleanup(self) -> None: + if self.__http_session: + await self.__http_session.close() + self.__http_session = None + + def __ensure_session(self) -> aiohttp.ClientSession: + if not self.__http_session: + kwargs: Dict = {} + if self.__user: + kwargs["auth"] = aiohttp.BasicAuth(login=self.__user, password=self.__passwd) + if not self.__verify: + kwargs["connector"] = aiohttp.TCPConnector(ssl=False) + self.__http_session = aiohttp.ClientSession(**kwargs) + return self.__http_session |