Added HTTP basic authorization.

bin/yubiadmin-server

@@ -1,14 +1,20 @@
 #!/usr/bin/python
 
 import os
+import base64
 from wsgiref.simple_server import make_server
 from webob.dec import wsgify
+from webob import exc
 from yubiadmin import server
 from yubiadmin.static import FileApp, DirectoryApp
+from yubiadmin.config import settings
+
+REALM = 'YubiADMIN'
+STATIC_ASSETS = ['js', 'css', 'img', 'favicon.ico']
 
 
 if __name__ == '__main__':
-    #TODO: Take command line args to set port.
+    # TODO: Take command line args to set port.
     mod_dir = os.path.dirname(server.__file__)
     base_dir = os.path.abspath(os.path.join(mod_dir, os.pardir))
     static_dir = os.path.join(base_dir, 'static')
@@ -18,10 +24,19 @@ if __name__ == '__main__':
 
     @wsgify
     def with_static(request):
-        base = request.path_info_peek()
-        if base in ['js', 'css', 'img', 'favicon.ico']:
-            return request.get_response(static_app)
-        return request.get_response(server.application)
+        if request.authorization:
+            _, auth = request.authorization
+            if base64.b64decode(auth) == '%s:%s' % (settings['user'],
+                                                    settings['pass']):
+                base = request.path_info_peek()
+                if base in STATIC_ASSETS:
+                    return request.get_response(static_app)
+                return request.get_response(server.application)
 
-    httpd = make_server('localhost', 8080, with_static)
+        #Deny access
+        response = exc.HTTPUnauthorized()
+        response.www_authenticate = ('Basic', {'realm': REALM})
+        return response
+
+    httpd = make_server(settings['iface'], settings['port'], with_static)
     httpd.serve_forever()

yubiadmin/config.py

@@ -0,0 +1,43 @@
+import sys
+import os
+import imp
+import errno
+from yubiadmin import default_settings
+
+__all__ = [
+    'settings'
+]
+
+SETTINGS_FILE = os.getenv('YUBIADMIN_SETTINGS',
+                          '/etc/yubico/admin/yubiadmin.conf')
+
+VALUES = {
+    #Web interface
+    'USERNAME': 'user',
+    'PASSWORD': 'pass',
+    'INTERFACE': 'iface',
+    'PORT': 'port'
+}
+
+
+def parse(conf, settings={}):
+    for confkey, settingskey in VALUES.items():
+        try:
+            settings[settingskey] = conf.__getattribute__(confkey)
+        except AttributeError:
+            pass
+    return settings
+
+
+settings = parse(default_settings)
+
+dont_write_bytecode = sys.dont_write_bytecode
+try:
+    sys.dont_write_bytecode = True
+    user_settings = imp.load_source('user_settings', SETTINGS_FILE)
+    settings = parse(user_settings, settings)
+except IOError, e:
+    if not e.errno in [errno.ENOENT, errno.EACCES]:
+        raise e
+finally:
+    sys.dont_write_bytecode = dont_write_bytecode

yubiadmin/default_settings.py

@@ -0,0 +1,13 @@
+#
+# YubiAdmin settings
+#
+
+# Credentials needed to access the web interface
+USERNAME = "yubiadmin"
+PASSWORD = "yubiadmin"
+
+# Interface to listen to
+INTERFACE = "127.0.0.1"
+
+# Listen port
+PORT = 8080