File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/auth/__pycache__/django.cpython-310.pyc
o
�����N�g���������������������
���@���s����d�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�z�d�d�l�Z�d�d�l�m�Z���d�Z�W�n���e�y0��Z ��z�d�Z�W�Y�d�Z [ n�d�Z [ w�w�d�a
e���e���Z
d�Z�d�d���Z�d d
��Z�d�d���Z�d
d���Z�d�d���Z�d�S�)�a����
Provide authentication using Django Web Framework
:depends: - Django Web Framework
Django authentication depends on the presence of the django framework in the
``PYTHONPATH``, the Django project's ``settings.py`` file being in the
``PYTHONPATH`` and accessible via the ``DJANGO_SETTINGS_MODULE`` environment
variable.
Django auth can be defined like any other eauth module:
.. code-block:: yaml
external_auth:
django:
fred:
- .*
- '@runner'
This will authenticate Fred via Django and allow him to run any execution
module and all runners.
The authorization details can optionally be located inside the Django database.
The relevant entry in the ``models.py`` file would look like this:
.. code-block:: python
class SaltExternalAuthModel(models.Model):
user_fk = models.ForeignKey(User, on_delete=models.CASCADE)
minion_or_fn_matcher = models.CharField(max_length=255)
minion_fn = models.CharField(max_length=255)
The :conf_master:`external_auth` clause in the master config would then look
like this:
.. code-block:: yaml
external_auth:
django:
^model: <fully-qualified reference to model class>
When a user attempts to authenticate via Django, Salt will import the package
indicated via the keyword ``^model``. That model must have the fields
indicated above, though the model DOES NOT have to be named
'SaltExternalAuthModel'.
�����N)��
connectionTF��djangoc��������������������C���s����t�r�t�S�d�S�)�NF)��
HAS_DJANGO��__virtualname__��r����r�����D/opt/saltstack/salt/lib/python3.10/site-packages/salt/auth/django.py��__virtual__I���s����������r����c��������������������C���s&���z�t�j�������W�d�S���t�y�������Y�d�S�w�)�NFT)�r����Z�ping� Exceptionr����r����r����r������is_connection_usableO���s����������������r
���c��������������������C���s����t�j�d�k�r t�������t�d�u�r�d�S�d�t�d���d���v�rFt�d���d���d���}�|���d���d���}�d���|���d���d�d�������}�t�|�t���t ��d ��}�d
|�����}�t
|���a�d�S�d�S�)�zG
Prepare the connection to the Django authentication framework
)�����������Nz�^modelZ
external_authr������.���r����Z�SaltExternalAuthModelz�django_auth_module.)�r������VERSION��setup��DJANGO_AUTH_CLASS��__opts__��split��join�
__import__��globals��locals��eval)�Z�django_model_fullnameZ�django_model_nameZ�django_module_nameZ�django_auth_moduleZ�DJANGO_AUTH_CLASS_strr����r����r������__django_auth_setupX���s����
���������������������
�����r����c��������������������C���s����t�d���}�|�t�j�v�r�t�j���|�����t�j���d�t�d�������t�����t���s"t �
����d�d�l�}�|�j�j
j�|�|�d���}�|�d�u�rD|�j�r=t���d�����d�S�t���d ����d�S�t���d
����d�S�)�z�
Simple Django auth
��django_auth_pathZ�DJANGO_SETTINGS_MODULEZ�django_auth_settingsr����N)���username��passwordz Django authentication successfulTzIDjango authentication: the password is valid but the account is disabled.z�Django authentication failed.F)�r������sys��path��append��os��environ�
setdefaultr����r
���r������closeZ�django.contrib.authZ�contrib��authZ�authenticateZ is_active��log��debug)�r����r����r����r������userr����r����r����r$���v���s&�����
�������������������
�����������
���r$���c��������������������C���s
���t�����|�d�u�r
t�j�����}�n�t�j�j�|�d���}�i�}�|�D�]d}�|�j�j�|�v�r&g�|�|�j�j�<�|�j�s7|�j�r7|�|�j�j���� |�j�����q�|�j�rH|�j�sH|�|�j�j���� |�j�����q�d�}�|�|�j�j���D�]�}�t
|�t���rk|�j�|�v�rk|�|�j�j���|�j���� |�j�����d�}�qP|�s||�|�j�j���� |�j�|�j�g�i�����q�t��
d�|�����|�S�)�a����
:param username: Username to filter for
:return: Dictionary that can be slotted into the ``__opts__`` structure for
eauth that designates the user associated ACL
Database records such as:
=========== ==================== =========
username minion_or_fn_matcher minion_fn
=========== ==================== =========
fred test.ping
fred server1 network.interfaces
fred server1 raid.list
fred server2 .*
guru .*
smartadmin server1 .*
=========== ==================== =========
Should result in an eauth config such as:
.. code-block:: yaml
fred:
- test.ping
- server1:
- network.interfaces
- raid.list
- server2:
- .*
guru:
- .*
smartadmin:
- server1:
- .*
N)�Z�user_fk__usernameFTz�django auth_dict is %s)�r����r����Z�objects��all��filterZ�user_fkr����Z�minion_or_fn_matcherZ minion_fnr�����
isinstance��dictr%���r&���)�r����Z
db_recordsZ auth_dict��a��found��dr����r����r������acl����s8����&��������������������������
�
�������������������������r/���)���__doc__��loggingr ���r����r����Z django.dbr����r����r �����excr����� getLogger��__name__r%���r����r����r
���r����r$���r/���r����r����r����r������<module>����s(������0����������������������
�������� ����