From jlukens@botch.com Fri Mar 7 03:37:36 2014 Received: (at submit) by bugs.x2go.org; 7 Mar 2014 02:37:37 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from felt.botch.com (felt.botch.com [207.145.43.98]) by ymir (Postfix) with ESMTP id 194DA5DA6C for ; Fri, 7 Mar 2014 03:37:36 +0100 (CET) Received: from [127.0.0.1] (unknown [192.168.254.1]) (Authenticated sender: jlukens) by felt.botch.com (Postfix) with ESMTP id 3FDE71AC0C5 for ; Thu, 6 Mar 2014 21:37:35 -0500 (EST) Date: Thu, 6 Mar 2014 21:37:37 -0500 From: Josh Lukens To: submit@bugs.x2go.org Message-ID: <2F693A444327401DADB52F7C8D6B3C0A@botch.com> Subject: [PATCH] Add simple https get authmech X-Mailer: sparrow 1.6.4 (build 1178) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: x2gobroker Version: 0.0.2.4 Severity: wishlist Very simple authmech that requests a webpage over https with basic auth. If the page is fetched successfully (status 200) the user is authenticated. Used in conjunction with something like an apache server you can get easy access to the full handful of existing auth modules for things like radius, RSA, etc. --- x2gobroker/authmechs/https_get_authmech.py | 62 ++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100755 x2gobroker/authmechs/https_get_authmech.py diff --git a/x2gobroker/authmechs/https_get_authmech.py b/x2gobroker/authmechs/https_get_authmech.py new file mode 100755 index 0000000..03741f0 --- /dev/null +++ b/x2gobroker/authmechs/https_get_authmech.py @@ -0,0 +1,62 @@ +# -*- coding: utf-8 -*- + +# Copyright (C) 2012-2013 by Mike Gabriel +# Copyright (C) 2012-2013 by Oleksandr Shneyder +# +# X2Go Session Broker is free software; you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# X2Go Session Broker is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +# Very simple authmech that requests a webpage over https with basic auth. +# If the page is fetched successfully (status 200) the user is authenticated. +# +# Used in conjunction with something like an apache server you can get easy +# access to the full handful of existing auth modules for things like radius, +# RSA, etc. +# +# Server name and path must be hard coded below for the time being. Also note +# that the httplib module used does not verify SSL certificates so be sure +# you are on a trusted network as there is a possibility of a man in the middle +# attack. + +# modules +import sys +import httplib +import base64 +import string + +class X2GoBrokerAuthMech(object): + + def authenticate(self, username, password): + + ## FIXME: these should really be specificed in config file + host = "my.webserver.com (http://my.webserver.com)" + path = "/auth/index.html" + + # base64 encode the username and password + auth = base64.standard_b64encode('%s:%s' % (username, password)).replace('\n', '') + + https = httplib.HTTPSConnection(host) + https.putrequest("GET", path) + https.putheader("Host", host) + https.putheader("User-Agent", "x2go http auth") + https.putheader("Authorization", "Basic %s" % auth) + https.endheaders() + + response = https.getresponse() + https.close() + + if response.status == 200: + return True + return False -- 1.8.3.4 (Apple Git-47)