1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-22 13:34:04 +03:00

Fixing up core so we can provide some kind of access using Thin Clients or Software clients not using web & html

This commit is contained in:
Adolfo Gómez 2012-12-03 09:43:12 +00:00
parent 74fa2c28a2
commit 2716707952
7 changed files with 90 additions and 5 deletions

View File

@ -70,6 +70,7 @@ encoding//src/uds/core/services/__init__.py=utf-8
encoding//src/uds/core/transports/BaseTransport.py=utf-8
encoding//src/uds/core/transports/TransportsFactory.py=utf-8
encoding//src/uds/core/transports/__init__.py=utf-8
encoding//src/uds/core/transports/protocols.py=utf-8
encoding//src/uds/core/ui/UserInterface.py=utf-8
encoding//src/uds/core/util/AutoAttributes.py=utf-8
encoding//src/uds/core/util/Cache.py=utf-8
@ -94,6 +95,8 @@ encoding//src/uds/dispatchers/pam/urls.py=utf-8
encoding//src/uds/dispatchers/pam/views.py=utf-8
encoding//src/uds/dispatchers/test/urls.py=utf-8
encoding//src/uds/dispatchers/test/views.py=utf-8
encoding//src/uds/dispatchers/wyse_enterprise/urls.py=utf-8
encoding//src/uds/dispatchers/wyse_enterprise/views.py=utf-8
encoding//src/uds/management/commands/config.py=utf-8
encoding//src/uds/management/commands/taskManager.py=utf-8
encoding//src/uds/management/commands/taskManager_enterprise.py=utf-8

View File

@ -84,12 +84,19 @@ class IPAuth(Authenticator):
groupsManager.validate(g)
def authenticate(self, username, credentials, groupsManager):
# If credentials is a dict, that can't be sent directly from web interface, we allow entering
# We use this "trick" so authenticators
if self.cache().get(username) == credentials:
self.cache().remove(username)
self.getGroups(username, groupsManager)
return True
return False
def internalAuthenticate(self,username, credentials, groupsManager):
self.getGroups(username, groupsManager)
if len(groupsManager.getValidGroups()) > 0 and self.dbAuthenticator().isValidUser(username, True):
return True
return False
@staticmethod
def test(env, data):

View File

@ -219,6 +219,13 @@ class Authenticator(Module):
'''
return cls.getHtml != Authenticator.getHtml
@classmethod
def canCheckUserPassword(cls):
'''
Helper method to query if a class can do a login using credentials
'''
return cls.authenticate != Authenticator.authenticate
def searchUsers(self, pattern):
'''
If you provide this method, the user will be allowed to search users,
@ -275,7 +282,7 @@ class Authenticator(Module):
Args:
username: User name to authenticate
credentilas: Credentials for this user, (password, pki, or whatever needs to be used)
credentilas: Credentials for this user, (password, pki, or whatever needs to be used). (string)
groupManager: Group manager to modify with groups to which this users belongs to.
Returns:
@ -295,6 +302,42 @@ class Authenticator(Module):
'''
return False
def internalAuthenticate(self,username, credentials, groupsManager):
'''
This method is provided so "plugins" (For example, a custom dispatcher), can test
the username/credentials in an alternative way.
For example, ip authenticator generates, inside the custom html, a 1 time password
that will be used to authenticate the ip. If we create a custom dispatcher and we want
to auth the user without the html part being displayed, we have a big problem.
Using this method, the authenticator has the oportunitiy to, (for example, in case of
IP auth), ignore "credentials"
Args:
username: User name to authenticate
credentilas: Credentials for this user, (password, pki, or whatever needs to be used). (string)
groupManager: Group manager to modify with groups to which this users belongs to.
Returns:
True if authentication success, False if don't.
By default, internalAuthenticate simply invokes authenticate, but this method
is here so you can provide your own method if needed
See uds.core.auths.GroupsManager
:note: This method must check not only that the user has valid credentials, but also
check the valid groups from groupsManager.
If this method returns false, of method getValidGroups of the groupsManager
passed into this method has no elements, the user will be considered invalid.
So remember to check validity of groups this user belongs to (inside the authenticator,
not inside UDS) using groupsManager.validate(group to which this users belongs to).
This is done in this way, because UDS has only a subset of groups for this user, and
we let the authenticator decide inside wich groups of UDS this users is included.
'''
return self.authenticate(username, credentials, groupsManager)
def logout(self, username):
'''
Invoked whenever an user logs out.

View File

@ -105,7 +105,7 @@ def __registerUser(authenticator, authInstance, username):
return None
def authenticate(username, password, authenticator):
def authenticate(username, password, authenticator, useInternalAuthenticate = False):
'''
Given an username, password and authenticator, try to authenticate user
@param username: username to authenticate
@ -116,7 +116,12 @@ def authenticate(username, password, authenticator):
logger.debug('Authenticating user {0} with authenticator {1}'.format(username, authenticator))
gm = auths.GroupsManager(authenticator)
authInstance = authenticator.getInstance()
if authInstance.authenticate(username, password, gm) == False:
if useInternalAuthenticate is False:
res = authInstance.authenticate(username, password, gm)
else:
res = authInstance.internalAuthenticate(username, password, gm)
if res is False:
return None
logger.debug('Groups manager: {0}'.format(gm))

View File

@ -34,6 +34,7 @@
from django.utils.translation import ugettext as _
from uds.core.util import OsDetector
from uds.core import Module
import protocols
class Transport(Module):
'''
@ -101,6 +102,32 @@ class Transport(Module):
'''
return cls.supportedOss.count(osName) > 0
@classmethod
def providesConnetionInfo(cls):
'''
Helper method to check if transport provides information about connection
'''
return cls.getConnectionInfo != Transport.getConnectionInfo
def getConnectionInfo(self, userService, user, password):
'''
This method must provide information about connection.
We don't have to implement it, but if we wont to allow some types of connections
(such as Client applications, some kinds of TC, etc... we must provide it or those
kind of terminals/application will not work
Args:
userService: DeployedUserService for witch we are rendering the connection (db model)
user: user (dbUser) logged in
pass: password used in authentication
The expected result from this method is a dictionary, containing at least:
'protocol': protocol to use, (there are a few standard defined in 'protocols.py', if yours does not fit those, use your own name
'username': username (transformed if needed to) used to login to service
'password': password (transformed if needed to) used to login to service
'''
return {'protocol': protocols.NONE, 'usename': '', 'password': ''}
def renderForHtml(self, userService, id, ip, os, user, password):
'''
Requests the html rendering of connector for the destination ip, (dbUser) and password

View File

@ -11,7 +11,7 @@
from django.conf.urls.defaults import patterns, include
urlpatterns = patterns('uds.dispatchers.pam.views',
(r'^pam$', 'pam'),
urlpatterns = patterns(__package__,
(r'^pam$', 'views.pam'),
)