Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 1 | From 3540ddcc7448dc784b65c74424c8a25132cb8534 Mon Sep 17 00:00:00 2001 |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 2 | From: Hongxu Jia <hongxu.jia@windriver.com> |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 3 | Date: Tue, 31 Jul 2018 17:24:47 +0800 |
Andrew Geissler | eff2747 | 2021-10-29 15:35:00 -0500 | [diff] [blame] | 4 | Subject: [PATCH] support authentication for kickstart |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 5 | |
| 6 | While download kickstart file from web server, |
| 7 | we support basic/digest authentication. |
| 8 | |
| 9 | Add KickstartAuthError to report authentication failure, |
| 10 | which the invoker could parse this specific error. |
| 11 | |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 12 | Upstream-Status: Inappropriate [oe specific] |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 13 | |
| 14 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> |
| 15 | --- |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 16 | pykickstart/errors.py | 17 +++++++++++++++++ |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 17 | pykickstart/load.py | 32 +++++++++++++++++++++++++++----- |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 18 | pykickstart/parser.py | 4 ++-- |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 19 | 3 files changed, 46 insertions(+), 7 deletions(-) |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 20 | |
| 21 | diff --git a/pykickstart/errors.py b/pykickstart/errors.py |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 22 | index 8294f59..3d20bf8 100644 |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 23 | --- a/pykickstart/errors.py |
| 24 | +++ b/pykickstart/errors.py |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 25 | @@ -32,6 +32,9 @@ This module exports several exception classes: |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 26 | KickstartVersionError - An exception for errors relating to unsupported |
| 27 | syntax versions. |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 28 | |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 29 | + KickstartAuthError - An exception for errors relating to authentication |
| 30 | + failed while downloading kickstart from web server |
| 31 | + |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 32 | And some warning classes: |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 33 | |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 34 | KickstartWarning - A generic warning class. |
Andrew Geissler | 748a483 | 2020-07-24 16:24:21 -0500 | [diff] [blame] | 35 | @@ -125,3 +128,17 @@ class KickstartDeprecationWarning(KickstartParseWarning, DeprecationWarning): |
| 36 | """A class for warnings occurring during parsing related to using deprecated |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 37 | commands and options. |
| 38 | """ |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 39 | + |
| 40 | +class KickstartAuthError(KickstartError): |
| 41 | + """An exception for errors relating to authentication failed while |
| 42 | + downloading kickstart from web server |
| 43 | + """ |
| 44 | + def __init__(self, msg): |
| 45 | + """Create a new KickstartAuthError exception instance with the |
Andrew Geissler | 748a483 | 2020-07-24 16:24:21 -0500 | [diff] [blame] | 46 | + descriptive message val. val should be the return value of |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 47 | + formatErrorMsg. |
| 48 | + """ |
| 49 | + KickstartError.__init__(self, msg) |
| 50 | + |
| 51 | + def __str__(self): |
| 52 | + return self.value |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 53 | diff --git a/pykickstart/load.py b/pykickstart/load.py |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 54 | index eb76b65..f51cf08 100644 |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 55 | --- a/pykickstart/load.py |
| 56 | +++ b/pykickstart/load.py |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 57 | @@ -18,9 +18,11 @@ |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 58 | # with the express permission of Red Hat, Inc. |
| 59 | # |
| 60 | import requests |
| 61 | +from requests.auth import HTTPDigestAuth |
| 62 | +from requests.auth import HTTPBasicAuth |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 63 | import shutil |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 64 | |
| 65 | -from pykickstart.errors import KickstartError |
| 66 | +from pykickstart.errors import KickstartError, KickstartAuthError |
| 67 | from pykickstart.i18n import _ |
| 68 | from requests.exceptions import SSLError, RequestException |
| 69 | |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 70 | @@ -28,7 +30,7 @@ is_url = lambda location: '://' in location # RFC 3986 |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 71 | |
| 72 | SSL_VERIFY = True |
| 73 | |
| 74 | -def load_to_str(location): |
| 75 | +def load_to_str(location, user=None, passwd=None): |
| 76 | '''Load a destination URL or file into a string. |
| 77 | Type of input is inferred automatically. |
| 78 | |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 79 | @@ -39,7 +41,7 @@ def load_to_str(location): |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 80 | Raises: KickstartError on error reading''' |
| 81 | |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 82 | if is_url(location): |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 83 | - return _load_url(location) |
| 84 | + return _load_url(location, user=user, passwd=passwd) |
| 85 | else: |
| 86 | return _load_file(location) |
| 87 | |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 88 | @@ -69,11 +71,31 @@ def load_to_file(location, destination): |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 89 | _copy_file(location, destination) |
| 90 | return destination |
| 91 | |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 92 | -def _load_url(location): |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 93 | +def _get_auth(location, user=None, passwd=None): |
| 94 | + |
| 95 | + auth = None |
| 96 | + request = requests.get(location, verify=SSL_VERIFY) |
| 97 | + if request.status_code == requests.codes.unauthorized: |
| 98 | + if user is None or passwd is None: |
| 99 | + log.info("Require Authentication") |
| 100 | + raise KickstartAuthError("Require Authentication.\nAppend 'ksuser=<username> kspasswd=<password>' to boot command") |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 101 | + |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 102 | + reasons = request.headers.get("WWW-Authenticate", "").split() |
| 103 | + if reasons: |
| 104 | + auth_type = reasons[0] |
| 105 | + if auth_type == "Basic": |
| 106 | + auth = HTTPBasicAuth(user, passwd) |
| 107 | + elif auth_type == "Digest": |
| 108 | + auth=HTTPDigestAuth(user, passwd) |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 109 | + |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 110 | + return auth |
| 111 | + |
| 112 | +def _load_url(location, user=None, passwd=None): |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 113 | '''Load a location (URL or filename) and return contents as string''' |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 114 | + auth = _get_auth(location, user=user, passwd=passwd) |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 115 | |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 116 | try: |
| 117 | - request = requests.get(location, verify=SSL_VERIFY) |
| 118 | + request = requests.get(location, verify=SSL_VERIFY, auth=auth) |
| 119 | except SSLError as e: |
| 120 | raise KickstartError(_('Error securely accessing URL "%s"') % location + ': {e}'.format(e=str(e))) |
| 121 | except RequestException as e: |
| 122 | diff --git a/pykickstart/parser.py b/pykickstart/parser.py |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 123 | index 7edf8aa..46c5299 100644 |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 124 | --- a/pykickstart/parser.py |
| 125 | +++ b/pykickstart/parser.py |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 126 | @@ -790,7 +790,7 @@ class KickstartParser(object): |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 127 | i = PutBackIterator(s.splitlines(True) + [""]) |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 128 | self._stateMachine(i) |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 129 | |
| 130 | - def readKickstart(self, f, reset=True): |
| 131 | + def readKickstart(self, f, reset=True, username=None, password=None): |
| 132 | """Process a kickstart file, given by the filename f.""" |
| 133 | if reset: |
| 134 | self._reset() |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 135 | @@ -811,7 +811,7 @@ class KickstartParser(object): |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 136 | self.currentdir[self._includeDepth] = cd |
| 137 | |
| 138 | try: |
| 139 | - s = load_to_str(f) |
| 140 | + s = load_to_str(f, user=username, passwd=password) |
| 141 | except KickstartError as e: |
Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame] | 142 | raise KickstartError(_("Unable to open input kickstart file: %s") % str(e), lineno=0) |
Brad Bishop | d7bf8c1 | 2018-02-25 22:55:05 -0500 | [diff] [blame] | 143 | |
Andrew Geissler | 6aa7eec | 2023-03-03 12:41:14 -0600 | [diff] [blame] | 144 | -- |
| 145 | 2.34.1 |
| 146 | |