Beispiel #1
0
    def parseConfigurationFile(self):

        try:
            # Parse configuration file
            self.doc = amara.parse("file:" + C.YENCAP_CONF_HOME +
                                   "/netconfd.xml")

            # Read IP version (4 or 6)
            ipVersion = int(str(self.doc.yencap.ipversion))

            if ipVersion not in [4, 6]:
                raise Exception(
                    "Ip version must be 4 or 6 in %s/netconfd.xml file." %
                    (C.YENCAP_CONF_HOME))

            # Read application protocol (only ssh is implemented.)
            appProtocol = str(self.doc.yencap.protocol.active)

            if appProtocol == "ssh":
                sshData = {}
                sshData["hostKeyType"] = str(
                    self.doc.yencap.protocol.ssh.privatekeyfile.keytype)
                sshData["hostKeyFile"] = str(
                    self.doc.yencap.protocol.ssh.privatekeyfile)
                self.monserver = ServerSSH(ipVersion, sshData)
                LogManager.getInstance().logInfo("Netconf over SSH started.")
            else:
                raise Exception(
                    "Only ssh is supported as a transport protocol.")

            # Read options
            for elem in self.doc.yencap.options.option:
                name = str(elem.name)
                value = str(elem.value)

                if (name == "accesscontrol"):
                    if (value == "active"):
                        rbacManager.getInstance().setActive(True)
                    elif (value == "unactive"):
                        rbacManager.getInstance().setActive(False)
                    else:
                        raise Exception(
                            "accesscontrol option value must be one of active or unactive."
                        )
                else:
                    raise Exception("Unknown option in %s/netconfd.xml." %
                                    (C.YENCAP_CONF_HOME))

        except Exception, exp:
            LogManager.getInstance().logError(
                'Error while reading %s/netconfd.xml: %s' %
                (C.YENCAP_CONF_HOME, str(exp)))
	def execute(self):
		"""
			Execute the close-session operation.
		"""
		if self.operationReply.isError():
			return self.operationReply

		if self.action == C.ACTIVATE:
			nodeReply = rbacManager.getInstance().activate(self.session, self.roles)
		if self.action == C.DEACTIVATE:
			nodeReply = rbacManager.getInstance().deactivate(self.session, self.roles)
		
		self.operationReply.setNode(nodeReply)
		return self.operationReply
    def check_auth_publickey(self, username, key):
        """
			PKI-based Authentication.
		"""

        # Get the singleton instance of the RBAC manager
        rm = rbacManager.getInstance()

        # Use RBAC manager to retrieve the User object from its login
        u = rm.getUserFromLogin(username)

        if u == None:
            # If user does not exist, authentication must fail:
            return paramiko.AUTH_FAILED
        else:
            # If user public key does not exist in the RBAC manager, authentication must fail:
            if u.publickey == "":
                return paramiko.AUTH_FAILED
            else:
                # Build the known manager public key object from the RBAC manager.
                if u.publickeytype == "rsa":
                    manager_public_key = paramiko.RSAKey(
                        data=base64.decodestring(u.publickey))
                elif u.publickeytype == "dss":
                    manager_public_key = paramiko.DSSKey(
                        data=base64.decodestring(u.publickey))
                else:
                    return paramiko.AUTH_FAILED

                # Compare the known public key with the received one:
                if (key == manager_public_key):
                    self.user = username
                    return paramiko.AUTH_SUCCESSFUL
                else:
                    return paramiko.AUTH_FAILED
	def check_auth_publickey(self, username, key):
		"""
			PKI-based Authentication.
		"""

		# Get the singleton instance of the RBAC manager
		rm = rbacManager.getInstance()

		# Use RBAC manager to retrieve the User object from its login
		u = rm.getUserFromLogin(username)
		
		if u == None:
			# If user does not exist, authentication must fail:
			return paramiko.AUTH_FAILED
		else:
			# If user public key does not exist in the RBAC manager, authentication must fail:
			if u.publickey == "":
				return paramiko.AUTH_FAILED
			else:
				# Build the known manager public key object from the RBAC manager.
				if u.publickeytype == "rsa":
					manager_public_key = paramiko.RSAKey(data=base64.decodestring(u.publickey))
				elif u.publickeytype == "dss":
					manager_public_key = paramiko.DSSKey(data=base64.decodestring(u.publickey))
				else:
					return paramiko.AUTH_FAILED

				# Compare the known public key with the received one:
				if (key == manager_public_key):
					self.user = username
					return paramiko.AUTH_SUCCESSFUL
				else:
					return paramiko.AUTH_FAILED
    def execute(self):
        """
			Execute the close-session operation.
		"""
        if self.operationReply.isError():
            return self.operationReply

        if self.action == C.ACTIVATE:
            nodeReply = rbacManager.getInstance().activate(
                self.session, self.roles)
        if self.action == C.DEACTIVATE:
            nodeReply = rbacManager.getInstance().deactivate(
                self.session, self.roles)

        self.operationReply.setNode(nodeReply)
        return self.operationReply
	def filterResponse(self):
		# Creating the XML response filter
		moduleReply = None

		abstractFilter = None
		
		if self.filterType == C.SUBTREE:
			if self.subtree != None:
				abstractFilter = SubtreeFilter(self.operationReply.getNode(), self.subtree)
				moduleReply = abstractFilter.applyFilter()
			else:
				moduleReply = ModuleReply(replynode=self.operationReply.getNode())

		elif self.filterType == C.XPATH:
			abstractFilter = XpathFilter(self.operationReply.getNode(), [self.xpathrequest], self.prefixes)
			moduleReply = abstractFilter.applyFilter()

		if moduleReply.isError():
			self.operationReply.setError()
			self.operationReply.setNode(moduleReply.getXMLNodeReply())
			return
		else:
			self.operationReply.setNode(moduleReply.getXMLNodeReply())

		rm = rbacManager.getInstance()
		
		if rm.isActive():
			moduleReply = rm.filterNode(self.operationReply.getNode(), self.session)
			if moduleReply.isError():
				self.operationReply.setError()
				self.operationReply.setNode(moduleReply.getXMLNodeReply())
				return
			else:
				self.operationReply.setNode(moduleReply.getXMLNodeReply())
    def __init__(self):
        """
			Instanciates the validate operation
		"""
        self.datastoreManager = DatastoreManager.getInstance()
        self.moduleManager = ModuleManager.getInstance()
        self.rbacManager = rbacManager.getInstance()
        self.config = None
	def __init__(self): 
		"""
			Instanciates the validate operation
		"""
		self.datastoreManager = DatastoreManager.getInstance()
		self.moduleManager = ModuleManager.getInstance()
		self.rbacManager = rbacManager.getInstance()
		self.config = None
	def parseConfigurationFile(self):

		try:
			# Parse configuration file
			self.doc = amara.parse("file:" + C.YENCAP_CONF_HOME + "/netconfd.xml")

			# Read IP version (4 or 6)
			ipVersion = int(str(self.doc.yencap.ipversion))

			if ipVersion not in [4, 6]:
				raise Exception("Ip version must be 4 or 6 in %s/netconfd.xml file." % (C.YENCAP_CONF_HOME))

			# Read application protocol (only ssh is implemented.)
			appProtocol = str(self.doc.yencap.protocol.active)

			if appProtocol == "ssh":
				sshData = {}
				sshData["hostKeyType"] = str(self.doc.yencap.protocol.ssh.privatekeyfile.keytype)
				sshData["hostKeyFile"] = str(self.doc.yencap.protocol.ssh.privatekeyfile)
				self.monserver = ServerSSH(ipVersion, sshData)
				LogManager.getInstance().logInfo("Netconf over SSH started.")
			else:
				raise Exception("Only ssh is supported as a transport protocol.")
				
			# Read options
			for elem in self.doc.yencap.options.option:
				name = str(elem.name)
				value = str(elem.value)
				
				if (name == "accesscontrol"):
					if (value == "active"):
						rbacManager.getInstance().setActive(True)
					elif (value == "unactive"):
						rbacManager.getInstance().setActive(False)
					else:
						raise Exception("accesscontrol option value must be one of active or unactive.")
				else:
					raise Exception("Unknown option in %s/netconfd.xml." % (C.YENCAP_CONF_HOME))

		except Exception, exp:
			LogManager.getInstance().logError('Error while reading %s/netconfd.xml: %s' % (C.YENCAP_CONF_HOME, str(exp)))
    def __init__(self):
        """
			Constructor of a Lock_operation command.
		"""
        # Get the unique instance of DatastoreManager class
        self.datastoreManager = DatastoreManager.getInstance()
        self.rbacManager = rbacManager.getInstance()

        # "running", "startup", "candidate", "url"
        self.target = None
        # target url text value (e.g.: ftp://madynes.loria.fr/config.txt)
        self.urlTarget = None
Beispiel #11
0
    def __init__(self):
        """
			Instanciates the edit-config operation
		"""
        self.datastoreManager = DatastoreManager.getInstance()
        self.moduleManager = ModuleManager.getInstance()
        self.rbacManager = rbacManager.getInstance()

        # Set default values
        self.defaultOperation = C.MERGE
        self.testOption = C.SET
        self.errorOption = C.STOP_ON_ERROR
    def __init__(self):
        """
			Constructor of a Lock_operation command.
		"""
        # Get the unique instance of DatastoreManager class
        self.datastoreManager = DatastoreManager.getInstance()
        self.rbacManager = rbacManager.getInstance()

        # "running", "startup", "candidate", "url"
        self.target = None
        # target url text value (e.g.: ftp://madynes.loria.fr/config.txt)
        self.urlTarget = None
	def __init__(self): 
		"""
			Instanciates the edit-config operation
		"""
		self.datastoreManager = DatastoreManager.getInstance()
		self.moduleManager = ModuleManager.getInstance()
		self.rbacManager = rbacManager.getInstance()

		# Set default values
		self.defaultOperation = C.MERGE
		self.testOption = C.SET
		self.errorOption = C.STOP_ON_ERROR
	def __init__(self): 
		"""
			Constructor of a Copy_config_operation command.
		"""
		self.datastoreManager = DatastoreManager.getInstance()
		self.moduleManager = ModuleManager.getInstance()
		self.rbacManager = rbacManager.getInstance()

		# "running", "startup", "candidate", "url"
		self.source = None
		# "running", "startup", "candidate", "url"
		self.target = None
		# source url text value (e.g.: ftp://madynes.loria.fr/config.txt)
		self.urlSource = None
		# target url text value (e.g.: ftp://madynes.loria.fr/config.txt)
		self.urlTarget = None
	def __init__(self): 
		"""
			Constructor of a Copy_config_operation command.
		"""
		self.datastoreManager = DatastoreManager.getInstance()
		self.moduleManager = ModuleManager.getInstance()
		self.rbacManager = rbacManager.getInstance()

		# "running", "startup", "candidate", "url"
		self.source = None
		# "running", "startup", "candidate", "url"
		self.target = None
		# source url text value (e.g.: ftp://madynes.loria.fr/config.txt)
		self.urlSource = None
		# target url text value (e.g.: ftp://madynes.loria.fr/config.txt)
		self.urlTarget = None
		
		self.sourceInbound = None
    def check_auth_password(self, username, password):
        """
			Password-based Authentication.
		"""

        # Get the singleton instance of the RBAC manager
        rm = rbacManager.getInstance()

        # Use RBAC manager to retrieve the User object from its login
        u = rm.getUserFromLogin(username)

        if u == None:
            # If user does not exist, authentication must fail:
            return paramiko.AUTH_FAILED
        else:
            # Else compare the known password with the received one:
            if (password == u.password):
                self.user = username
                return paramiko.AUTH_SUCCESSFUL
            else:
                return paramiko.AUTH_FAILED
	def check_auth_password(self, username, password):
		"""
			Password-based Authentication.
		"""

		# Get the singleton instance of the RBAC manager
		rm = rbacManager.getInstance()

		# Use RBAC manager to retrieve the User object from its login
		u = rm.getUserFromLogin(username)

		if u == None:
			# If user does not exist, authentication must fail:
			return paramiko.AUTH_FAILED
		else:
			# Else compare the known password with the received one:
			if (password == u.password):
				self.user = username
				return paramiko.AUTH_SUCCESSFUL
			else:
				return paramiko.AUTH_FAILED
    def setParameters(self, operation, NSS=None):
        """
		Set the target parameter

		@type  operation: Node
		@param operation: The operation node of the current Netconf request.
		"""

        for child in operation.childNodes:
            if child.nodeType == Node.ELEMENT_NODE:
                if child.tagName in [C.ACTIVATE, C.DEACTIVATE]:
                    self.action = child.tagName
                    for node in child.childNodes:
                        if node.nodeType == Node.ELEMENT_NODE:
                            if node.tagName in C.ROLES:
                                for nodeee in node.childNodes:
                                    if nodeee.nodeType == Node.ELEMENT_NODE:
                                        if nodeee.tagName in C.ROLE:
                                            tmpval = nodeee.childNodes[
                                                0].nodeValue
                                            roleName = string.strip(
                                                str(tmpval))
                                            role = rbacManager.getInstance(
                                            ).getRoleFromName(roleName)
                                            if role == None:
                                                moduleReply = ModuleReply(
                                                    error_type=ModuleReply.
                                                    PROTOCOL,
                                                    error_tag=ModuleReply.
                                                    UNKNOWN_ELEMENT,
                                                    error_severity=ModuleReply.
                                                    ERROR,
                                                    error_message="Role " +
                                                    roleName +
                                                    " does not exist.")
                                                moduleReply.addErrorInfo(
                                                    "bad-element", roleName)
                                                self.operationReply.setError()
                                                self.operationReply.setNode(
                                                    moduleReply.
                                                    getXMLNodeReply())
                                                return
                                            else:
                                                self.roles.append(role)
                                        else:
                                            moduleReply = ModuleReply(
                                                error_type=ModuleReply.
                                                PROTOCOL,
                                                error_tag=ModuleReply.
                                                UNKNOWN_ELEMENT,
                                                error_severity=ModuleReply.
                                                ERROR,
                                                error_message=
                                                "An element is not known.")
                                            moduleReply.addErrorInfo(
                                                "bad-element", nodeee.tagName)
                                            self.operationReply.setError()
                                            self.operationReply.setNode(
                                                moduleReply.getXMLNodeReply())
                                            return
                            else:
                                moduleReply = ModuleReply(
                                    error_type=ModuleReply.PROTOCOL,
                                    error_tag=ModuleReply.UNKNOWN_ELEMENT,
                                    error_severity=ModuleReply.ERROR,
                                    error_message="An element is not known.")
                                moduleReply.addErrorInfo(
                                    "bad-element", node.tagName)
                                self.operationReply.setError()
                                self.operationReply.setNode(
                                    moduleReply.getXMLNodeReply())
                                return
                else:
                    moduleReply = ModuleReply(
                        error_type=ModuleReply.PROTOCOL,
                        error_tag=ModuleReply.UNKNOWN_ELEMENT,
                        error_severity=ModuleReply.ERROR,
                        error_message="An element is not known.")
                    moduleReply.addErrorInfo("bad-element", child.tagName)
                    self.operationReply.setError()
                    self.operationReply.setNode(moduleReply.getXMLNodeReply())
                    return
Beispiel #19
0
 def __init__(self, name, path, namespace, cacheLifetime, arguments):
     EasyModule.__init__(self, name, path, namespace, cacheLifetime)
     self.rbacManager = rbacManager.getInstance()
	def __init__(self, name, path, namespace, cacheLifetime, arguments):
		EasyModule.__init__(self, name, path, namespace, cacheLifetime)
		self.rbacManager = rbacManager.getInstance()
	def  setParameters(self, operation, NSS = None):
		"""
		Set the target parameter

		@type  operation: Node
		@param operation: The operation node of the current Netconf request.
		"""

		for child in operation.childNodes:
			if child.nodeType==Node.ELEMENT_NODE:
				if child.tagName in [C.ACTIVATE,C.DEACTIVATE]:
					self.action = child.tagName
					for node in child.childNodes:
						if node.nodeType==Node.ELEMENT_NODE:
							if node.tagName in C.ROLES:
								for nodeee in node.childNodes:
									if nodeee.nodeType==Node.ELEMENT_NODE:
										if nodeee.tagName in C.ROLE:
											tmpval = nodeee.childNodes[0].nodeValue
											roleName = string.strip(str(tmpval))
											role = rbacManager.getInstance().getRoleFromName(roleName)
											if role == None:
												moduleReply = ModuleReply(
												error_type = ModuleReply.PROTOCOL,
												error_tag = ModuleReply.UNKNOWN_ELEMENT,
												error_severity = ModuleReply.ERROR,
												error_message = "Role " + roleName + " does not exist.")
												moduleReply.addErrorInfo("bad-element", roleName)
												self.operationReply.setError()
												self.operationReply.setNode(moduleReply.getXMLNodeReply())
												return
											else:
												self.roles.append(role)
										else:
											moduleReply = ModuleReply(
											error_type = ModuleReply.PROTOCOL,
											error_tag = ModuleReply.UNKNOWN_ELEMENT,
											error_severity = ModuleReply.ERROR,
											error_message = "An element is not known.")
											moduleReply.addErrorInfo("bad-element",nodeee.tagName)
											self.operationReply.setError()
											self.operationReply.setNode(moduleReply.getXMLNodeReply())
											return
							else:
								moduleReply = ModuleReply(
								error_type = ModuleReply.PROTOCOL,
								error_tag = ModuleReply.UNKNOWN_ELEMENT,
								error_severity = ModuleReply.ERROR,
								error_message = "An element is not known.")
								moduleReply.addErrorInfo("bad-element",node.tagName)
								self.operationReply.setError()
								self.operationReply.setNode(moduleReply.getXMLNodeReply())
								return
				else:
					moduleReply = ModuleReply(
					error_type = ModuleReply.PROTOCOL,
					error_tag = ModuleReply.UNKNOWN_ELEMENT,
					error_severity = ModuleReply.ERROR,
					error_message = "An element is not known.")
					moduleReply.addErrorInfo("bad-element",child.tagName)
					self.operationReply.setError()
					self.operationReply.setNode(moduleReply.getXMLNodeReply())
					return