Author: jsrain Date: Thu Jul 3 10:38:46 2008 New Revision: 48794 URL: http://svn.opensuse.org/viewcvs/yast?rev=48794&view=rev Log: update with permission checking Modified: branches/research/web-service/services/ntp.py Modified: branches/research/web-service/services/ntp.py URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/services/ntp.py?rev=48794&r1=48793&r2=48794&view=diff ============================================================================== --- branches/research/web-service/services/ntp.py (original) +++ branches/research/web-service/services/ntp.py Thu Jul 3 10:38:46 2008 @@ -2,24 +2,73 @@ from django_restapi.model_resource import Collection from django_restapi.responder import XMLResponder from django_restapi.resource import Resource -from django.http import HttpResponse +#from django.http import HttpResponse HttpResponseForbidden HttpResponseServerError +from django.http import * from django_restapi.authentication import * import os import dbus +import polkitbind +import logging + +class PolkitResource(Resource): + def __init__(self, authentication=None, permitted_methods=None, + mimetype=None, polkit_actions=""): + Resource.__init__(self, authentication, permitted_methods, mimetype) + self.polkit_actions=polkit_actions + + def PolkitCheck(self, method, user): + if not method in self.polkit_actions: + return 0 + polkit_action = self.polkit_actions.get(method) + if (polkit_action == ""): + return 0 + result = polkitbind.checkPolicyLow(polkit_action,user) + logging.basicConfig(level=logging.DEBUG, + format='%(asctime)s %(levelname)s %(message)s', + filename='/tmp/polkitcheck.log', + filemode='a') + logging.info('checking name %s result: %i'%(polkit_action,result)) + return result + + def AuthenticatedUser(self, request): + (authmeth, auth) = request.META['HTTP_AUTHORIZATION'].split(" ", 1) + amap = self.authentication.get_auth_dict(auth) + username = amap['username'] + return username + + def ReturnAutorizationError(self, error): + if error == -3: + return HttpResponseForbidden() + return HttpResponseServerError() + +def digest_authfunc(username, realm): + """ + Exemplary authfunc for HTTP Digest. In production situations, + the combined hashes of realm, username and password are usually + stored in an external file/db. + """ + hashes = { + ('realm1', 'john') : '3014aff1d0d0f0038e23c1195301def3', # Password: johnspass + ('realm1', 'jim') : 'b92ea52783e356acae8a26087d8d1e83' # Password: jimspass + } + ret = hashes[(username, realm)] + return ret class Ntp(Resource): - authentication = HttpBasicAuthentication() def read(self, request): return HttpResponse('<a href="/services/ntp/status">Status</a><br><a href="/services/ntp/start">Start</a>') # FIXME how to do a link to POST? -class NtpStatus(Resource): +class NtpStatus(PolkitResource): def read(self, request): + permission_check = self.PolkitCheck ("read", self.AuthenticatedUser(request)); + if (permission_check != 0): + return self.ReturnAutorizationError(permission_check) exit = os.system("/etc/init.d/ntp status") running = (exit == 0) if running: - return HttpResponse ("Yes") - return HttpResponse ("No") + return HttpResponse ("Hi " + self.AuthenticatedUser(request) + "! Yes, it is running") + return HttpResponse ("Hi " + self.AuthenticatedUser(request) + "! No, it is not running") class NtpStart(Resource): def create(self, request): @@ -50,20 +99,19 @@ return HttpResponse ("Failed") class NtpServers(Resource): - responder = XMLResponder(), - authentication = HttpBasicAuthentication() -# def read(self, request): -# return HttpResponse("Servers: Guess ;-)") + def read(self, request): + return HttpResponse("Servers: Guess ;-)") # TODO return real list of servers -# def update(self, request): -# server = request.PUT + def update(self, request): + server = request.PUT # TODO add the server -# return HttpResponse("Server added") + return HttpResponse("Server added") urlpatterns = patterns('', - (r'^services/ntp/?$', Ntp(permitted_methods = ('GET', 'PUT'))), - (r'^services/ntp/status', NtpStatus(permitted_methods = ('GET', 'PUT'))), + (r'^services/ntp/?$', Ntp(authentication = HttpDigestAuthentication(digest_authfunc, 'realm1'), permitted_methods = ('GET', 'PUT'))), + (r'^services/ntp/status', NtpStatus(authentication = HttpDigestAuthentication(digest_authfunc, 'realm1'), permitted_methods = ('GET', 'PUT'), polkit_actions = { 'read' : 'org.freedesktop.hal.storage.mount-fixed' })), +#TODO: Use real action names, this is just for testing (r'^services/ntp/start', NtpStart(permitted_methods = ('GET', 'POST'))), (r'^services/ntp/stop', NtpStop(permitted_methods = ('GET', 'POST'))), (r'^services/ntp/restart', NtpRestart(permitted_methods = ('GET', 'POST'))), -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org