[X2Go-Dev] Bug#450: [PATCH] Add simple https get authmech

Fri Mar 7 03:37:37 CET 2014

Package: x2gobroker
Version: 0.0.2.4
Severity: wishlist



Very simple authmech that requests a webpage over https with basic auth.  If the page is fetched successfully (status 200) the user is authenticated.  Used in conjunction with something like an apache server you can get easy access to the full handful of existing auth modules for things like radius, RSA, etc.

---
x2gobroker/authmechs/https_get_authmech.py | 62 ++++++++++++++++++++++++++++++
1 file changed, 62 insertions(+)
create mode 100755 x2gobroker/authmechs/https_get_authmech.py

diff --git a/x2gobroker/authmechs/https_get_authmech.py b/x2gobroker/authmechs/https_get_authmech.py
new file mode 100755
index 0000000..03741f0
--- /dev/null
+++ b/x2gobroker/authmechs/https_get_authmech.py
@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2012-2013 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de (mailto:mike.gabriel at das-netzwerkteam.de)>
+# Copyright (C) 2012-2013 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de (mailto:oleksandr.shneyder at obviously-nice.de)>
+#
+# X2Go Session Broker is free software; you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# X2Go Session Broker is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Very simple authmech that requests a webpage over https with basic auth.
+# If the page is fetched successfully (status 200) the user is authenticated.
+#
+# Used in conjunction with something like an apache server you can get easy
+# access to the full handful of existing auth modules for things like radius,
+# RSA, etc.
+#
+# Server name and path must be hard coded below for the time being. Also note
+# that the httplib module used does not verify SSL certificates so be sure
+# you are on a trusted network as there is a possibility of a man in the middle
+# attack.
+
+# modules
+import sys
+import httplib
+import base64
+import string
+
+class X2GoBrokerAuthMech(object):
+
+ def authenticate(self, username, password):
+
+ ## FIXME: these should really be specificed in config file
+ host = "my.webserver.com (http://my.webserver.com)"
+ path = "/auth/index.html"
+
+ # base64 encode the username and password
+ auth = base64.standard_b64encode('%s:%s' % (username, password)).replace('\n', '')
+
+ https = httplib.HTTPSConnection(host)
+ https.putrequest("GET", path)
+ https.putheader("Host", host)
+ https.putheader("User-Agent", "x2go http auth")
+ https.putheader("Authorization", "Basic %s" % auth)
+ https.endheaders()
+
+ response = https.getresponse()
+ https.close()
+
+ if response.status == 200:
+ return True
+ return False
-- 
1.8.3.4 (Apple Git-47)

