summaryrefslogtreecommitdiff
path: root/kvmd/plugins/auth
diff options
context:
space:
mode:
Diffstat (limited to 'kvmd/plugins/auth')
-rw-r--r--kvmd/plugins/auth/__init__.py40
-rw-r--r--kvmd/plugins/auth/htpasswd.py49
-rw-r--r--kvmd/plugins/auth/http.py111
3 files changed, 200 insertions, 0 deletions
diff --git a/kvmd/plugins/auth/__init__.py b/kvmd/plugins/auth/__init__.py
new file mode 100644
index 00000000..103f2857
--- /dev/null
+++ b/kvmd/plugins/auth/__init__.py
@@ -0,0 +1,40 @@
+# ========================================================================== #
+# #
+# KVMD - The main Pi-KVM daemon. #
+# #
+# Copyright (C) 2018 Maxim Devaev <[email protected]> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <https://www.gnu.org/licenses/>. #
+# #
+# ========================================================================== #
+
+
+from typing import Type
+
+from .. import BasePlugin
+from .. import get_plugin_class
+
+
+# =====
+class BaseAuthService(BasePlugin):
+ async def login(self, user: str, passwd: str) -> bool:
+ raise NotImplementedError
+
+ async def cleanup(self) -> None:
+ pass
+
+
+# =====
+def get_auth_service_class(name: str) -> Type[BaseAuthService]:
+ return get_plugin_class("auth", name) # type: ignore
diff --git a/kvmd/plugins/auth/htpasswd.py b/kvmd/plugins/auth/htpasswd.py
new file mode 100644
index 00000000..099b1ae1
--- /dev/null
+++ b/kvmd/plugins/auth/htpasswd.py
@@ -0,0 +1,49 @@
+# ========================================================================== #
+# #
+# KVMD - The main Pi-KVM daemon. #
+# #
+# Copyright (C) 2018 Maxim Devaev <[email protected]> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <https://www.gnu.org/licenses/>. #
+# #
+# ========================================================================== #
+
+
+from typing import Dict
+
+import passlib.apache
+
+from ...yamlconf import Option
+
+from ...validators.fs import valid_abs_path_exists
+
+from . import BaseAuthService
+
+
+# =====
+class Plugin(BaseAuthService):
+ PLUGIN_NAME = "htpasswd"
+
+ def __init__(self, path: str) -> None: # pylint: disable=super-init-not-called
+ self.__path = path
+
+ @classmethod
+ def get_options(cls) -> Dict[str, Option]:
+ return {
+ "file": Option("/etc/kvmd/htpasswd", type=valid_abs_path_exists, unpack_as="path"),
+ }
+
+ async def login(self, user: str, passwd: str) -> bool:
+ htpasswd = passlib.apache.HtpasswdFile(self.__path)
+ return htpasswd.check_password(user, passwd)
diff --git a/kvmd/plugins/auth/http.py b/kvmd/plugins/auth/http.py
new file mode 100644
index 00000000..e199069d
--- /dev/null
+++ b/kvmd/plugins/auth/http.py
@@ -0,0 +1,111 @@
+# ========================================================================== #
+# #
+# KVMD - The main Pi-KVM daemon. #
+# #
+# Copyright (C) 2018 Maxim Devaev <[email protected]> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <https://www.gnu.org/licenses/>. #
+# #
+# ========================================================================== #
+
+
+from typing import Dict
+from typing import Optional
+
+import aiohttp
+import aiohttp.web
+
+from ...yamlconf import Option
+
+from ...validators.basic import valid_bool
+from ...validators.basic import valid_float_f01
+
+from ...logging import get_logger
+
+from ... import __version__
+
+from . import BaseAuthService
+
+
+# =====
+class Plugin(BaseAuthService):
+ PLUGIN_NAME = "http"
+
+ def __init__( # pylint: disable=super-init-not-called
+ self,
+ url: str,
+ verify: bool,
+ post: bool,
+ user: str,
+ passwd: str,
+ timeout: float,
+ ) -> None:
+
+ self.__url = url
+ self.__verify = verify
+ self.__post = post
+ self.__user = user
+ self.__passwd = passwd
+ self.__timeout = timeout
+
+ self.__http_session: Optional[aiohttp.ClientSession] = None
+
+ @classmethod
+ def get_options(cls) -> Dict[str, Option]:
+ return {
+ "url": Option("http://localhost/auth_post"),
+ "verify": Option(True, type=valid_bool),
+ "post": Option(True, type=valid_bool),
+ "user": Option(""),
+ "passwd": Option(""),
+ "timeout": Option(5.0, type=valid_float_f01),
+ }
+
+ async def login(self, user: str, passwd: str) -> bool:
+ kwargs: Dict = {
+ "method": "GET",
+ "url": self.__url,
+ "timeout": self.__timeout,
+ "headers": {
+ "User-Agent": "KVMD/%s" % (__version__),
+ "X-KVMD-User": user,
+ },
+ }
+ if self.__post:
+ kwargs["method"] = "POST"
+ kwargs["json"] = {"user": user, "passwd": passwd}
+
+ session = self.__ensure_session()
+ try:
+ async with session.request(**kwargs) as response:
+ response.raise_for_status()
+ return True
+ except Exception:
+ get_logger().exception("Failed HTTP auth request for user %r", user)
+ return False
+
+ async def cleanup(self) -> None:
+ if self.__http_session:
+ await self.__http_session.close()
+ self.__http_session = None
+
+ def __ensure_session(self) -> aiohttp.ClientSession:
+ if not self.__http_session:
+ kwargs: Dict = {}
+ if self.__user:
+ kwargs["auth"] = aiohttp.BasicAuth(login=self.__user, password=self.__passwd)
+ if not self.__verify:
+ kwargs["connector"] = aiohttp.TCPConnector(ssl=False)
+ self.__http_session = aiohttp.ClientSession(**kwargs)
+ return self.__http_session