"""
Authentication module that uses /etc/cobbler/auth.conf
Choice of authentication module is in /etc/cobbler/modules.conf
"""
import os
import hashlib
[docs]def md5(key):
return hashlib.md5(key.encode('utf-8'))
[docs]def register():
"""
The mandatory cobbler module registration hook.
"""
return "authn"
def __parse_storage():
if not os.path.exists("/etc/cobbler/users.digest"):
return []
fd = open("/etc/cobbler/users.digest", encoding='utf-8')
data = fd.read()
fd.close()
results = []
lines = data.split("\n")
for line in lines:
try:
line = line.strip()
tokens = line.split(":")
results.append([tokens[0], tokens[1], tokens[2]])
except:
pass
return results
[docs]def authenticate(api_handle, username, password):
"""
Validate a username/password combo, returning True/False
Thanks to http://trac.edgewall.org/ticket/845 for supplying
the algorithm info.
"""
# debugging only (not safe to enable)
# api_handle.logger.debug("backend authenticate (%s,%s)" % (username,password))
userlist = __parse_storage()
for (user, realm, actual_blob) in userlist:
if user == username and realm == "Cobbler":
input = ":".join([user, realm, password])
input_blob = md5(input).hexdigest()
if input_blob.lower() == actual_blob.lower():
return True
return False