Ejemplo n.º 1
0
 def __init__(self, context):
     self.context = context
     childContext = Context(context)
     childContext.addService(Logger("SecurityDBApi"))
     self.securityApi = SecurityDBApi(childContext)
     self.securityTokenFactory = SecurityTokenFactory(
         childContext, CherryPySecurityTokenImpl)
     self.siteDBApi = self.securityApi.api
     context.addService(self.securityApi)
     context.addService(self.siteDBApi)
     context.addService(self.securityTokenFactory)
     RedirectorToLogin.context = staticmethod(lambda: self.context)
     RedirectToLocalPage.context = staticmethod(lambda: self.context)
     RedirectAway.context = staticmethod(lambda: self.context)
Ejemplo n.º 2
0
from Framework.Context import Context
from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi
import codecs

if __name__ == "__main__":
    parser = OptionParser ()
    parser.add_option ("-f", "--file",
                       help="input HN shadow passwd",
                       default="passwd",
                       dest="source")
    parser.add_option ("-d", "--db",
                       help="target SiteDB database",
                       default="sitedb_test.db",
                       dest="db")
    options, args = parser.parse_args ()
    context = Context ()
    context.addService (Logger ("importHNShadow"))
    api = SecurityDBApi (context)
    context.Logger().message ("HN file is " + options.source )
    shadowFile = codecs.open (options.source, "r", "ascii", "replace")
    for line in shadowFile:
      contact = line.split(":")
      if " " in contact[4]:
        forename, surname =  contact[4].split (" ", 1)
      else:
        forename, surname = (contact[4], contact[4])
      api.importHNAccount (username=contact[0].encode ("ascii", "replace"), 
                           passwd=contact[1], 
                           forename=forename.encode ("ascii", "replace"),
                           email=contact[7].strip(),
                           surname=surname.encode ("ascii", "replace"))
Ejemplo n.º 3
0
 def __init__ (self, context):
     self.context = context
     Controller.__init__ (self, context, __file__)
     self.security_api = SecurityDBApi (context)
     self.context.addService (self.security_api)
     self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER"))
Ejemplo n.º 4
0
class SecurityModule (Controller):
    def __init__ (self, context):
        self.context = context
        Controller.__init__ (self, context, __file__)
        self.security_api = SecurityDBApi (context)
        self.context.addService (self.security_api)
        self.context.addService (Logger ("SECURITY_MODULE_CONTROLLER"))
        
    def readyToRun (self):
        pass
 
    @templatepage
    def login (self, requestedPage="../Studio/login", **args):#FIXME: Get the real requested page
        # VK: requested page is truncated at first &, all parameters passed via args, put them back
        for key in args.keys():
            requestedPage+="&%s=%s"%(key,args[key])
#        raise cherrypy.HTTPRedirect ("/base/SecurityModule/loginReal?requestedPage=%s" % requestedPage)
#        raise cherrypy.HTTPRedirect (self.context.CmdLineArgs ().opts.baseUrl + "/SecurityModule/loginReal?requestedPage=%s" % requestedPage)
        return {'requestedPage': requestedPage}

    @expose
    def loginReal (self, requestedPage, **args):#FIXME: Get the real requested page
        # VK: requested page is truncated at first &, all parameters passed via args, put them back
        for key in args.keys():
            requestedPage+="&%s=%s"%(key,args[key])
        return self.templatePage ("login", {'requestedPage': requestedPage})
    
    @templatepage
    @require_args ("user", "password", "requestedPage", onFail=RedirectorToLogin)
    def authenticate (self, user, password, requestedPage="../Studio/login"): #FIXME: Get the real requested page
        #TODO: adapt to the new schema.
        self.context.Logger().message("Trying to authenticate %s" % user)
        passwdEntry = self.security_api.getPasswordFromUsername (user)
        if not passwdEntry.has_key (0):
            return {'redirect': requestedPage}
        encryptedPassword = passwdEntry[0]['passwd'] 
        #if request.headers['Ssl-Client-S-Dn'] != '(null)':
            #context.Logger().message("Authenticated by certificate")
            #context.Logger().message(request.headers['Ssl-Client-S-Dn'])
            #user = self.security_api.getUsernameFromDN(request.headers['Ssl-Client-S-Dn'])[0]['username']   
        if encryptedPassword == crypt.crypt (password, encryptedPassword):
            self.context.Logger().message("Valid password for user %s" % user)
            cherrypy.response.cookie['dn'] = encryptCookie (user, self.security_api)
            cherrypy.response.cookie['dn']['path'] = '/'
            cherrypy.response.cookie['dn']['max-age'] = 3600*24
            cherrypy.response.cookie['dn']['version'] = 1
            datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
            cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
            cherrypy.response.cookie['authentication_time']["path"] = '/'
            cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
            cherrypy.response.cookie['dn']['version'] = 1
            cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
            cherrypy.response.cookie['originator_hash']['path'] = '/'
            cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
            cherrypy.response.cookie['originator_hash']['version'] = 1
            return {'redirect': requestedPage}
        return {'redirect': requestedPage}
    
    @templatepage
    def logout (self, redirect="../SecurityModule/login", *args, **kw):
        # VK: requested page is truncated at first &, all parameters passed via args, put them back
        for key in kw.keys():
            redirect+="&%s=%s"%(key,kw[key])
        cherrypy.response.cookie['dn'] = encryptCookie ("guest", self.security_api)
        cherrypy.response.cookie['dn']['path'] = '/'
        cherrypy.response.cookie['dn']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
        cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
        cherrypy.response.cookie['authentication_time']["path"] = '/'
        cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
        cherrypy.response.cookie['originator_hash']['path'] = '/'
        cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
        cherrypy.response.cookie['originator_hash']['version'] = 1
        return {'redirect': redirect}
    
    @exposeSerialized (serializer = PythonDictSerializer ('user'))
    def userInfo (self, *args, **kw):
        #TODO: add a query to get the DN from the id.
        token = SecurityToken ()
        return {"dn": token.dn}
    
    @expose
    @is_authorized (Role ("Global Admin"), Group ("global"), onFail=RedirectorToLogin ("../SecurityModule/login"))
    def becomeUser (self, username, requestedPage, **args):
        cherrypy.response.cookie['dn'] = encryptCookie (username, self.security_api)
        cherrypy.response.cookie['dn']['path'] = '/'
        cherrypy.response.cookie['dn']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        datetimeCookie = strftime("%Y-%m-%dT%H:%M:%S", datetime.now ().timetuple ())
        cherrypy.response.cookie['authentication_time'] = encryptCookie (datetimeCookie, self.security_api)
        cherrypy.response.cookie['authentication_time']["path"] = '/'
        cherrypy.response.cookie['authentication_time']['max-age'] = 3600*24
        cherrypy.response.cookie['dn']['version'] = 1
        cherrypy.response.cookie['originator_hash'] = encryptCookie ("some_hash", self.security_api)
        cherrypy.response.cookie['originator_hash']['path'] = '/'
        cherrypy.response.cookie['originator_hash']['max-age'] = 3600*24
        cherrypy.response.cookie['originator_hash']['version'] = 1
        return self.templatePage ("authenticate", {'redirect': requestedPage})
    
    @expose
    @is_authenticated (onFail=NotAuthenticated)
    def checkIfAuthenticated (self):
        return "This page can be seen only if you are authenticated."
    
    @expose
    @is_authorized (Role ("Global Admin"), Group ("global"), onFail=NotAuthenticated)
    def checkIfAuthorized (self):
        return "This page can be seen only if you are authorized."

    @expose
    def getMasthead(self):
        pass
Ejemplo n.º 5
0
import codecs

if __name__ == "__main__":
    parser = OptionParser()
    parser.add_option("-f",
                      "--file",
                      help="input HN shadow passwd",
                      default="passwd",
                      dest="source")
    parser.add_option("-d",
                      "--db",
                      help="target SiteDB database",
                      default="sitedb_test.db",
                      dest="db")
    options, args = parser.parse_args()
    context = Context()
    context.addService(Logger("importHNShadow"))
    api = SecurityDBApi(context)
    context.Logger().message("HN file is " + options.source)
    shadowFile = codecs.open(options.source, "r", "ascii", "replace")
    for line in shadowFile:
        contact = line.split(":")
        if " " in contact[4]:
            forename, surname = contact[4].split(" ", 1)
        else:
            forename, surname = (contact[4], contact[4])
        api.importHNAccount(username=contact[0].encode("ascii", "replace"),
                            passwd=contact[1],
                            forename=forename.encode("ascii", "replace"),
                            email=contact[7].strip(),
                            surname=surname.encode("ascii", "replace"))
Ejemplo n.º 6
0
from Framework import Context
from Framework.Logger import Logger

from Crypto.Cipher import Blowfish
from base64 import b64encode, b64decode
import crypt

import time, calendar, datetime

from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi

print "**** Security Module tests ****"
context = Context()
context.addService(Logger("securitymoduletest"))
api = SecurityDBApi(context)

context.Logger().message("Test roles:")
context.Logger().message(
    "    swakef as prod operator: %s" %
    api.hasGroupResponsibility("swakef", "production", "Production Operator"))
context.Logger().message(
    "    metson as RAL DM: %s" %
    api.hasSiteResponsibility("metson", "RAL", "Data Manager"))
context.Logger().message(
    "    metson as site 1 Site Admin: %s" %
    api.hasSiteResponsibility("metson", "1", "Site Admin"))

context.Logger().message("hasGroup:")
context.Logger().message("    swakef as member of production group: %s" %
                         api.hasGroup("swakef", "production"))
context.Logger().message("    metson as member of production group: %s" %
Ejemplo n.º 7
0
from Framework import Context
from Framework.Logger import Logger

from Crypto.Cipher import Blowfish
from base64 import b64encode, b64decode
import crypt

import time, calendar, datetime

from Tools.SecurityModuleCore.SecurityDBApi import SecurityDBApi
print "**** Security Module tests ****"
context = Context ()
context.addService (Logger ("securitymoduletest"))
api = SecurityDBApi (context)

context.Logger().message("Test roles:")
context.Logger().message("    swakef as prod operator: %s" % api.hasGroupResponsibility ("swakef", "production", "Production Operator"))
context.Logger().message("    metson as RAL DM: %s" % api.hasSiteResponsibility ("metson", "RAL", "Data Manager"))
context.Logger().message("    metson as site 1 Site Admin: %s" % api.hasSiteResponsibility ("metson", "1", "Site Admin"))

context.Logger().message("hasGroup:")
context.Logger().message("    swakef as member of production group: %s" % api.hasGroup ("swakef", "production"))
context.Logger().message("    metson as member of production group: %s" % api.hasGroup ("metson", "production"))
context.Logger().message("    metson as member of global group: %s" % api.hasGroup ("metson", "global"))

context.Logger().message("hasSite:")
context.Logger().message("    swakef as associated to RAL: %s" % api.hasSite ("swakef", "RAL"))
context.Logger().message("    metson as associated to RAL: %s" % api.hasSite("metson", "RAL"))
context.Logger().message("    metson as associated to site 1: %s" % api.hasSite("metson", "1"))

context.Logger().message("hasResponsibility:")