| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 | From 3540ddcc7448dc784b65c74424c8a25132cb8534 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 31 Jul 2018 17:24:47 +0800
Subject: [PATCH] support authentication for kickstart
While download kickstart file from web server,
we support basic/digest authentication.
Add KickstartAuthError to report authentication failure,
which the invoker could parse this specific error.
Upstream-Status: Inappropriate [oe specific]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 pykickstart/errors.py | 17 +++++++++++++++++
 pykickstart/load.py   | 32 +++++++++++++++++++++++++++-----
 pykickstart/parser.py |  4 ++--
 3 files changed, 46 insertions(+), 7 deletions(-)
diff --git a/pykickstart/errors.py b/pykickstart/errors.py
index 8294f59..3d20bf8 100644
--- a/pykickstart/errors.py
+++ b/pykickstart/errors.py
@@ -32,6 +32,9 @@ This module exports several exception classes:
     KickstartVersionError - An exception for errors relating to unsupported
                             syntax versions.
 
+    KickstartAuthError - An exception for errors relating to authentication
+                         failed while downloading kickstart from web server
+
 And some warning classes:
 
     KickstartWarning - A generic warning class.
@@ -125,3 +128,17 @@ class KickstartDeprecationWarning(KickstartParseWarning, DeprecationWarning):
     """A class for warnings occurring during parsing related to using deprecated
        commands and options.
     """
+
+class KickstartAuthError(KickstartError):
+    """An exception for errors relating to authentication failed while
+       downloading kickstart from web server
+    """
+    def __init__(self, msg):
+        """Create a new KickstartAuthError exception instance with the
+           descriptive message val. val should be the return value of
+           formatErrorMsg.
+        """
+        KickstartError.__init__(self, msg)
+
+    def __str__(self):
+        return self.value
diff --git a/pykickstart/load.py b/pykickstart/load.py
index eb76b65..f51cf08 100644
--- a/pykickstart/load.py
+++ b/pykickstart/load.py
@@ -18,9 +18,11 @@
 # with the express permission of Red Hat, Inc.
 #
 import requests
+from requests.auth import HTTPDigestAuth
+from requests.auth import HTTPBasicAuth
 import shutil
 
-from pykickstart.errors import KickstartError
+from pykickstart.errors import KickstartError, KickstartAuthError
 from pykickstart.i18n import _
 from requests.exceptions import SSLError, RequestException
 
@@ -28,7 +30,7 @@ is_url = lambda location: '://' in location  # RFC 3986
 
 SSL_VERIFY = True
 
-def load_to_str(location):
+def load_to_str(location, user=None, passwd=None):
     '''Load a destination URL or file into a string.
     Type of input is inferred automatically.
 
@@ -39,7 +41,7 @@ def load_to_str(location):
     Raises: KickstartError on error reading'''
 
     if is_url(location):
-        return _load_url(location)
+        return _load_url(location, user=user, passwd=passwd)
     else:
         return _load_file(location)
 
@@ -69,11 +71,31 @@ def load_to_file(location, destination):
         _copy_file(location, destination)
         return destination
 
-def _load_url(location):
+def _get_auth(location, user=None, passwd=None):
+
+    auth = None
+    request = requests.get(location, verify=SSL_VERIFY)
+    if request.status_code == requests.codes.unauthorized:
+        if user is None or passwd is None:
+            log.info("Require Authentication")
+            raise KickstartAuthError("Require Authentication.\nAppend 'ksuser=<username> kspasswd=<password>' to boot command")
+
+        reasons = request.headers.get("WWW-Authenticate", "").split()
+        if reasons:
+            auth_type = reasons[0]
+        if auth_type == "Basic":
+            auth = HTTPBasicAuth(user, passwd)
+        elif auth_type == "Digest":
+            auth=HTTPDigestAuth(user, passwd)
+
+    return auth
+
+def _load_url(location, user=None, passwd=None):
     '''Load a location (URL or filename) and return contents as string'''
+    auth = _get_auth(location, user=user, passwd=passwd)
 
     try:
-        request = requests.get(location, verify=SSL_VERIFY)
+        request = requests.get(location, verify=SSL_VERIFY, auth=auth)
     except SSLError as e:
         raise KickstartError(_('Error securely accessing URL "%s"') % location + ': {e}'.format(e=str(e)))
     except RequestException as e:
diff --git a/pykickstart/parser.py b/pykickstart/parser.py
index 7edf8aa..46c5299 100644
--- a/pykickstart/parser.py
+++ b/pykickstart/parser.py
@@ -790,7 +790,7 @@ class KickstartParser(object):
         i = PutBackIterator(s.splitlines(True) + [""])
         self._stateMachine(i)
 
-    def readKickstart(self, f, reset=True):
+    def readKickstart(self, f, reset=True, username=None, password=None):
         """Process a kickstart file, given by the filename f."""
         if reset:
             self._reset()
@@ -811,7 +811,7 @@ class KickstartParser(object):
         self.currentdir[self._includeDepth] = cd
 
         try:
-            s = load_to_str(f)
+            s = load_to_str(f, user=username, passwd=password)
         except KickstartError as e:
             raise KickstartError(_("Unable to open input kickstart file: %s") % str(e), lineno=0)
 
-- 
2.34.1
 |