From c65d3cfb84e33fb6d75714f43bfec13d0f02b7d0 Mon Sep 17 00:00:00 2001 From: bryan brancotte Date: Fri, 13 Jan 2017 14:42:54 +0100 Subject: [PATCH 1/5] More resilient IP detection --- lib/security/cyclone_pam.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/security/cyclone_pam.py b/lib/security/cyclone_pam.py index abaef67..cb7296a 100644 --- a/lib/security/cyclone_pam.py +++ b/lib/security/cyclone_pam.py @@ -183,7 +183,7 @@ def start_server(pamh, argv): # create main uri using random generated port global PORT PORT = server.server_address[1] - host_ip = socket.getfqdn() + host_ip = socket.gethostbyname(socket.getfqdn()) global MY_URI MY_URI = 'http://{0}:{1}'.format(host_ip, str(PORT)) try: @@ -258,7 +258,7 @@ def check_whitelist(user_data, user, pamh): if email == str(user_data['email']): return pamh.PAM_SUCCESS - pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_ON, 'ERROR: Your user cannot login as' + user)) + pamh.conversation(pamh.Message(pamh.PAM_PROMPT_ECHO_ON, 'ERROR: Your user cannot login as ' + user)) return pamh.PAM_USER_UNKNOWN From cbb467736560b04712d07e4a4c15ea24de9164c5 Mon Sep 17 00:00:00 2001 From: bryan brancotte Date: Thu, 19 Jan 2017 12:58:16 +0100 Subject: [PATCH 2/5] compatibility with open stack When using it in an openstack, public IP can't be seen from the VM, so getting it from the cloud itself --- lib/security/cyclone_pam.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/security/cyclone_pam.py b/lib/security/cyclone_pam.py index cb7296a..29b1e80 100644 --- a/lib/security/cyclone_pam.py +++ b/lib/security/cyclone_pam.py @@ -183,7 +183,14 @@ def start_server(pamh, argv): # create main uri using random generated port global PORT PORT = server.server_address[1] - host_ip = socket.gethostbyname(socket.getfqdn()) + host_ip = None + #Get ip for openstack clouds + try: + host_ip = requests.get("http://169.254.169.254/latest/meta-data/public-ipv4").text + except Exception: + pass + if host_ip is None: + host_ip = socket.gethostbyname(socket.getfqdn()) global MY_URI MY_URI = 'http://{0}:{1}'.format(host_ip, str(PORT)) try: From 3f3628809a2807dfe59b2a665ac50576893abcc0 Mon Sep 17 00:00:00 2001 From: bryan brancotte Date: Thu, 19 Jan 2017 13:04:14 +0100 Subject: [PATCH 3/5] Update cyclone_pam.py --- lib/security/cyclone_pam.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/security/cyclone_pam.py b/lib/security/cyclone_pam.py index 29b1e80..899e180 100644 --- a/lib/security/cyclone_pam.py +++ b/lib/security/cyclone_pam.py @@ -10,6 +10,7 @@ import random from datetime import datetime import Queue +import requests from jose import jwt BASE_URI = 'https://federation.cyclone-project.eu/auth/realms/master/protocol/openid-connect' From 1c33a9105b38bb57b690666a1573904c6d769b0d Mon Sep 17 00:00:00 2001 From: bryan brancotte Date: Tue, 24 Jan 2017 14:40:58 +0100 Subject: [PATCH 4/5] Update cyclone_pam.py --- lib/security/cyclone_pam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/security/cyclone_pam.py b/lib/security/cyclone_pam.py index 899e180..037057d 100644 --- a/lib/security/cyclone_pam.py +++ b/lib/security/cyclone_pam.py @@ -190,7 +190,7 @@ def start_server(pamh, argv): host_ip = requests.get("http://169.254.169.254/latest/meta-data/public-ipv4").text except Exception: pass - if host_ip is None: + if host_ip is None or host_ip == "": host_ip = socket.gethostbyname(socket.getfqdn()) global MY_URI MY_URI = 'http://{0}:{1}'.format(host_ip, str(PORT)) From 40a6bea861e93912d1036d2d928ca295445b04d0 Mon Sep 17 00:00:00 2001 From: bryan brancotte Date: Tue, 24 Jan 2017 14:43:14 +0100 Subject: [PATCH 5/5] Update cyclone_pam.py --- lib/security/cyclone_pam.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/security/cyclone_pam.py b/lib/security/cyclone_pam.py index 037057d..44c15b6 100644 --- a/lib/security/cyclone_pam.py +++ b/lib/security/cyclone_pam.py @@ -190,6 +190,11 @@ def start_server(pamh, argv): host_ip = requests.get("http://169.254.169.254/latest/meta-data/public-ipv4").text except Exception: pass + if host_ip is None or host_ip == "": + try: + host_ip = requests.get("http://169.254.169.254/latest/meta-data/local-ipv4").text + except Exception: + pass if host_ip is None or host_ip == "": host_ip = socket.gethostbyname(socket.getfqdn()) global MY_URI