investigate python auth problem

David Hláčik david at hlacik.eu
Sat Jun 7 07:16:11 EDT 2008


Hello Julien, ALL

I have reproduced steps, to show you sample on another module and its
results in INN (becouse i really like to solve this :)

Here is part from nnrpd_auth.py module autheticate(args) which is called
when authentication begins:

part from readers.conf :

*auth "pdg" {
        python_auth: "nnrpd_auth.py"
}*

part from nnrpd_auth.py: (here you can also see how i solved problem with
ldap module, i am calling external script and reading result from its
standard output - commented lines)

*def authenticate(self, attributes):
        """Called when python_auth is encountered in readers.conf"""

        # just for debugging purposes
        syslog('notice', 'n_a authenticate() invoked: hostname %s, ipaddress
%s, interface %s, user %s' % (\
                attributes['hostname'], \
                attributes['ipaddress'], \
                attributes['interface'], \
                attributes['user']))

        # do username passworld authentication
        #if 'foo' == str(attributes['user'])  \
        #   and 'foo' == str(attributes['pass']):
        #    syslog('notice', 'authentication by username succeeded')
        #    return ( self.authcodes['ALLOWED'], 'No error', 'default_user')
        #else:
        #    syslog('notice', 'authentication by username failed')
        #    return ( self.authcodes['DENIED'], 'Access Denied!')

        #import os
        #result = int(os.popen("%s %s %s"
%("/opt/pdg/newsauth.py",str(attributes['user']),str(attributes['pass'])),
"r").read())
        #if result == 1:
        #       syslog('notice', 'authentication by username succeeded')
        #       return(self.authcodes['ALLOWED'], 'OK')
        #else:
        #       syslog('notice', 'authentication by username failed')
        #       return ( self.authcodes['DENIED'], 'FAILED')
        import commands
        result = commands.getoutput('ls -l')
        syslog('notice', result)

*And now comes my test.py where i am testing my nnrpd_auth.py:

*from nnrpd_auth import *

myauth = AUTH()

print
myauth.authenticate({'user':'boss','pass':'supersecret','interface':None,'ipaddress':None,'hostname':None})
*
As you can see my test.py is calling autenticate method same as INN is
calling when auth begins.
Here comes the result from my test.py:

-- syslog level: notice message: nnrpd authentication class instance created
** set_auth_hook for <nnrpd_auth.AUTH instance at 0xb7eb424c>
-- syslog level: notice message: authentication module successfully hooked
into nnrpd
-- syslog level: notice message: nnrpd authentication class instance created
-- syslog level: notice message: n_a authenticate() invoked: hostname None,
ipaddress None, interface None, user boss
*-- syslog level: notice message: total 104
-rw-r--r-- 1 news news  859 Jun  4 10:38 INN.py
-rw-r--r-- 1 news news 1351 Jun  4 10:38 INN.pyc
-rw-r--r-- 1 news news 1351 Jun  4 10:38 INN.pyo
-rw-r--r-- 1 news news  479 Jun  4 10:38 filter.tcl
-rw-r--r-- 1 news news 8860 Jun  4 10:38 filter_innd.py
-rw-r--r-- 1 news news 7381 Jun  4 10:38 filter_innd.pyc
-rw-r--r-- 1 news news 7381 Jun  4 10:38 filter_innd.pyo
-rw-r--r-- 1 news news 2259 Jun  4 10:38 filter_nnrpd.pl
-rw-r--r-- 1 root root  512 Jun  4 10:37 nnrpd.py
-rw-r--r-- 1 root root  603 Jun  5 11:34 nnrpd.pyc
-rw-r--r-- 1 news news 4181 Jun  4 10:38 nnrpd_access.pl
-rw-r--r-- 1 news news 2657 Jun  4 10:38 nnrpd_auth.pl
-rw-r--r-- 1 root root 7998 Jun  7 13:06 nnrpd_auth.py
-rw-r--r-- 1 root root 8200 Jun  5 12:18 nnrpd_auth.py.backup
-rw-r--r-- 1 root root 3109 Jun  7 13:06 nnrpd_auth.pyc
-rw-r--r-- 1 news news  469 Jun  4 10:38 startup.tcl
-rw-r--r-- 1 news news 1324 Jun  4 10:38 startup_innd.pl
-rw-r--r-- 1 root root  259 Jun  7 13:06 test.py*
None

Please note the syslog result .. which is this part from nnrpd_auth.py :
*import commands
        result = commands.getoutput('ls -l')
        syslog('notice', result)

*And now please note the result from INN where result is completely ignored
:*

Jun  7 13:15:20 dev01 nnrpd[1400]: python: n_a authenticate() invoked:
hostname david-nb.net.hlacik.eu, ipaddress 10.10.10.199, interface
10.10.10.183, user b
Jun  7 13:15:20 dev01 nnrpd[1400]: python authenticate method returned wrong
result
Jun  7 13:15:20 dev01 nnrpd[1400]: david-nb.net.hlacik.eu times user 0.000
system 0.008 idle 0.000 elapsed 0.034

Thanks!

David
*

On Sat, Jun 7, 2008 at 11:35 AM, David Hláčik <david at hlacik.eu> wrote:

> Hello , of course i am importing without .py . I have checked all paths
> with sys.path and also check if INN is using same python version with same
> environment as mine - and yes it is.
> What i have discovered is that nnrpd_auth.py has a really problem with
> importing anything except builtin sys module.
> Module ldap is not working, module commands is not working ... it will
> simple print no result ...
> When i test it trought my test script it will does. When i test it directly
> with INN i see only "python auth returned wrong result".
> When i try to investigate that with try except Exception .. i simple see no
> error there but null result ... it will simple not call the result... even
> simple commands.getoutput("ls -l") does not work! :(
> Only one solution i have found is to import sys module and call popen to
> open external script .. also writen in python .. which will simple to
> standart out return result (and which is using module ldap without problem)
> .. and then i read output in nnrpd_auth and work with that.
> Such ugly think , i spent 3 days working with nnrpd_auth.py and nothing
> worked as i wanted (and i am programming in python for 3 years actually so i
> dont think i am lame ).
>
> Thanks! and if someone really will help me to investigate problem i will
> sent them a package of Czech Beers (Gambrinus,Plzen or Budvar) as i am live
> in czech republic!
>
>
> On Fri, Jun 6, 2008 at 8:27 PM, Julien ÉLIE <julien at trigofacile.com>
> wrote:
>
>> Hi David (thrice),
>>
>>  I have created own try, except part to see error, but all i got is :
>>> python:
>>> Error: No module named py
>>> I want to know more , i want to know why? There is no other info in logs.
>>>
>>
>> Do you "import module.py" or "import module"?  The last one is the right
>> thing to do
>> inside your scripts.  Also check whether paths are correct.
>>
>> And in readers.conf, did you try without ".py" too in the python_auth:
>> parameter?
>> (I do not know whether it is required.)
>>
>> --
>> Julien ÉLIE
>>
>> « Mon père, ce héros au sourire si doux. » (Victor Hugo)
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20080607/b37fd78d/attachment.html>


More information about the Python-list mailing list