[XEND] Switch to PAM authentication for login sessions

[XENAPI] Fix case difference in API for Host.* functions

Signed-off-by: Alastair Tse <atse@xensource.com>

diff --git a/tools/python/scripts/xapi.py b/tools/python/scripts/xapi.py
index 8ba865931467e0e431af1edeb5a31c4197cda138..4b7b8d382bd63e79a42979086ec9b0b5ccc07d31 100644 (file)
--- a/tools/python/scripts/xapi.py
+++ b/tools/python/scripts/xapi.py
@@ -20,6 +20,7 @@ from xen.util.xmlrpclib2 import ServerProxy
 from optparse import *
 from pprint import pprint
 from types import DictType
+from getpass import getpass
 
 MB = 1024 * 1024
 
@@ -30,7 +31,6 @@ SR_LIST_FORMAT = '%(name_label)-18s %(uuid)-36s %(physical_size)-10s' \
                  '%(type)-10s'
 VDI_LIST_FORMAT = '%(name_label)-18s %(uuid)-36s %(virtual_size)-8s '\
                   '%(sector_size)-8s'
-LOGIN = ('atse', 'passwd')
 
 COMMANDS = {
     'host-info': ('', 'Get Xen Host Info'),
@@ -132,8 +132,11 @@ def execute(fn, *args):
 
 
 def _connect(*args):
-    server = ServerProxy('httpu:///var/run/xend/xmlrpc.sock')        
-    session = execute(server.session.login_with_password, *LOGIN)
+    server = ServerProxy('httpu:///var/run/xend/xmlrpc.sock')
+    login = raw_input("Login: ")
+    password = getpass()
+    creds = (login, password)
+    session = execute(server.session.login_with_password, *creds)
     host = execute(server.session.get_this_host, session)
     return (server, session)
 
@@ -158,9 +161,9 @@ def resolve_vm(server, session, vm_name):
 
 def xapi_host_info(*args):
     server, session = _connect()
-    hosts = execute(server.Host.get_all, session)
+    hosts = execute(server.host.get_all, session)
     for host in hosts: # there is only one, but ..
-        hostinfo = execute(server.Host.get_record, session, host)
+        hostinfo = execute(server.host.get_record, session, host)
         print HOST_INFO_FORMAT % ('Name', hostinfo['name_label'])
         print HOST_INFO_FORMAT % ('Version', hostinfo['software_version'])
         print HOST_INFO_FORMAT % ('CPUs', len(hostinfo['host_CPUs']))

diff --git a/tools/python/xen/xend/XendAuthSessions.py b/tools/python/xen/xend/XendAuthSessions.py
index 7ced317e97c520901f4fc5bc2f7f24d9c4529d0d..08cf61bb36cc81bd9e616e4b267b39e148e629c2 100644 (file)
--- a/tools/python/xen/xend/XendAuthSessions.py
+++ b/tools/python/xen/xend/XendAuthSessions.py
@@ -16,6 +16,7 @@
 #============================================================================
 
 import time
+import PAM
 
 from xen.xend import uuid
 from xen.xend.XendError import *
@@ -26,7 +27,6 @@ class XendAuthSessions:
 
     def __init__(self):
         self.sessions = {}
-        self.users = {'atse': 'passwd'}
 
     def init(self):
         pass
@@ -47,11 +47,36 @@ class XendAuthSessions:
         if type(session) == type(str()):
             return (session in self.sessions)
         return False
-    
+
     def is_authorized(self, username, password):
-        if username in self.users and self.users[username] == password:
+        pam_auth = PAM.pam()
+        pam_auth.start("login")
+        pam_auth.set_item(PAM.PAM_USER, username)
+
+        def _pam_conv(auth, query_list, user_data):
+            resp = []
+            for i in range(len(query_list)):
+                query, qtype = query_list[i]
+                if qtype == PAM.PAM_PROMPT_ECHO_ON:
+                    resp.append((username, 0))
+                elif qtype == PAM.PAM_PROMPT_ECHO_OFF:
+                    resp.append((password, 0))
+                else:
+                    return None
+            return resp
+
+        pam_auth.set_item(PAM.PAM_CONV, _pam_conv)
+        
+        try:
+            pam_auth.authenticate()
+            pam_auth.acct_mgmt()
+        except PAM.error, resp:
+            return False
+        except Exception, e:
+            log.warn("Error with PAM: %s" % str(e))
+            return False
+        else:
             return True
-        return False
 
     def get_user(self, session):
         try: