A patch to allow multiple "chainloaded" authn modules to be checked in order.

These result in a logical or applying through the authentication system.

Typically I'm using it when I need an API account for a system that doesn't or shouldn't exist in my LDAP directory for some reason.


James


---
 cobbler/modules/authn_chainload.py        |   64 +++++++++++++++++++++++++++++
 installer_templates/modules.conf.template |    1 +
 installer_templates/settings.template     |    6 +++
 3 files changed, 71 insertions(+), 0 deletions(-)
 create mode 100644 cobbler/modules/authn_chainload.py

diff --git a/cobbler/modules/authn_chainload.py b/cobbler/modules/authn_chainload.py
new file mode 100644
index 0000000..8de56c9
--- /dev/null
+++ b/cobbler/modules/authn_chainload.py
@@ -0,0 +1,64 @@
+"""
+Authentication module that chains other authentication modules togeter based on
+the settings in /etc/cobbler/settings
+
+Copyright 2011
+James Clendenan <james.clendenan@gmail.com>
+
+This software may be freely redistributed under the terms of the GNU
+general public license.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+"""
+
+import distutils.sysconfig
+import sys
+import os
+from cobbler import utils
+from utils import _
+import traceback
+
+plib = distutils.sysconfig.get_python_lib()
+mod_path="%s/cobbler" % plib
+sys.path.insert(0, mod_path)
+
+import cexceptions
+import utils
+
+def register():
+    """
+    The mandatory cobbler module registration hook.
+    """
+    return "authn"
+
+def authenticate(api_handle,username,password):
+
+    # deny login to start
+    rc = False
+
+    authn_modules = api_handle.settings().authn_chainload_modules
+    # allow multiple or single authn_modules split by a space
+    if authn_modules.find(" "):
+        authn_modules = authn_modules.split()
+    else:
+        authn_modules = [authn_modules]
+
+    # print "authn modules: %s" % authn_modules
+
+    for module in authn_modules:
+       lib = "import %s as authn_mod" % module
+       exec(lib) # import module library
+       mod_rc = authn_mod.authenticate(api_handle,username,password)
+
+       # debuging returncode from each module
+       # print "%s rc=%s" % (module,mod_rc)
+
+       rc = rc or mod_rc
+
+    return rc
+
+if __name__ == "__main__":
+    api_handle = cobbler_api.BootAPI()
+    print authenticate(api_handle, "guest", "guest")
diff --git a/installer_templates/modules.conf.template b/installer_templates/modules.conf.template
index 80edd77..6417444 100644
--- a/installer_templates/modules.conf.template
+++ b/installer_templates/modules.conf.template
@@ -10,6 +10,7 @@
 #    authn_passthru   -- ask Apache to handle it (used for kerberos)
 #    authn_ldap       -- authenticate against LDAP
 #    authn_spacewalk  -- ask Spacewalk/Satellite (experimental)
+#    authn_chainload  -- chain multiple authn modules together
 #    authn_testing    -- username/password is always testing/testing (debug)
 #    (user supplied)  -- you may write your own module
 #
diff --git a/installer_templates/settings.template b/installer_templates/settings.template
index 335c320..0fa618e 100644
--- a/installer_templates/settings.template
+++ b/installer_templates/settings.template
@@ -160,6 +160,12 @@ ldap_search_bind_dn: ''
 ldap_search_passwd: ''
 ldap_search_prefix: 'uid='

+# configuration options for authn_chainload.
+# Chainload these modules in this order. (space separated list)
+# Keep authn_denyall at the end for safety.
+authn_chainload_modules: authn_configfile authn_ldap authn_denyall
+
+
 # cobbler has a feature that allows for integration with config management
 # systems such as Puppet.  The following parameters work in conjunction with
 # --mgmt-classes  and are described in furhter detail at:
--
1.7.2.1