Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Uyuni:Snapshots:2022.05
cobbler
v3-1-2-remove-testing-auth.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File v3-1-2-remove-testing-auth.patch of Package cobbler
From c2f5f336afd134b040f43808510f49d70084eba1 Mon Sep 17 00:00:00 2001 From: Enno Gotthold <egotthold@suse.de> Date: Mon, 7 Feb 2022 12:33:42 +0100 Subject: [PATCH] Authentication: Remove testing module The testing module is shipping a well known username and password combination. This is insecure. For testing purposes we have the default password which is well-known as well. Since noone should use this for production I don't consider removing this a regression for a new minor release. --- cobbler/modules/authentication/testing.py | 50 ------------------- docs/cobbler-conf.rst | 1 - .../cobbler.modules.authentication.rst | 9 ---- 3 files changed, 60 deletions(-) delete mode 100644 cobbler/modules/authentication/testing.py diff --git a/cobbler/modules/authentication/testing.py b/cobbler/modules/authentication/testing.py deleted file mode 100644 index 48580207..00000000 --- a/cobbler/modules/authentication/testing.py +++ /dev/null @@ -1,50 +0,0 @@ -""" -Authentication module that denies everything. -Unsafe demo. Allows anyone in with testing/testing. - -Copyright 2007-2009, Red Hat, Inc and Others -Michael DeHaan <michael.dehaan AT gmail> - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA -""" - - -def register(): - """ - The mandatory Cobbler module registration hook. - - :return: Always "authn" - :rtype: str - """ - return "authn" - - -def authenticate(api_handle, username, password): - """ - Validate a username/password combo, returning True/False - - Thanks to http://trac.edgewall.org/ticket/845 for supplying the algorithm info. - - :param api_handle: This parameter is not used currently. - :param username: The username which should be checked. - :param password: The password which should be checked. - :return: True if username is "testing" and password is "testing". Otherwise False. - :rtype: bool - """ - - if username == "testing" and password == "testing": - return True - return False diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst index f1dda64f..3153b571 100644 --- a/docs/cobbler-conf.rst +++ b/docs/cobbler-conf.rst @@ -662,7 +662,6 @@ Choices: - authn_ldap -- authenticate against LDAP - authn_spacewalk -- ask Spacewalk/Satellite (experimental) - authn_pam -- use PAM facilities -- authn_testing -- username/password is always testing/testing (debug) - (user supplied) -- you may write your own module WARNING: this is a security setting, do not choose an option blindly. diff --git a/docs/code-autodoc/cobbler.modules.authentication.rst b/docs/code-autodoc/cobbler.modules.authentication.rst index 60f290f6..2aeafce6 100644 --- a/docs/code-autodoc/cobbler.modules.authentication.rst +++ b/docs/code-autodoc/cobbler.modules.authentication.rst @@ -52,15 +52,6 @@ cobbler.modules.authentication.spacewalk module :undoc-members: :show-inheritance: -cobbler.modules.authentication.testing module ---------------------------------------------- - -.. automodule:: cobbler.modules.authentication.testing - :members: - :undoc-members: - :show-inheritance: - - Module contents --------------- -- 2.34.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor