Ejemplo n.º 1
0
 def user_login(self, user):
     """
     Called immediately after a user authenticates successfully.  Saves
     session information in the user's directory.  Expects *user* to be a
     dict containing a 'upn' value representing the username or
     userPrincipalName. e.g. 'user@REALM' or just 'someuser'.  Any additional
     values will be attached to the user object/cookie.
     """
     logging.debug("user_login(%s)" % user['upn'])
     user.update(additional_attributes(user))
     # Make a directory to store this user's settings/files/logs/etc
     user_dir = os.path.join(self.settings['user_dir'], user['upn'])
     if not os.path.exists(user_dir):
         logging.info(_("Creating user directory: %s" % user_dir))
         mkdir_p(user_dir)
         os.chmod(user_dir, 0o700)
     session_file = os.path.join(user_dir, 'session')
     session_file_exists = os.path.exists(session_file)
     if session_file_exists:
         session_data = open(session_file).read()
         try:
             session_info = tornado.escape.json_decode(session_data)
         except ValueError: # Something wrong with the file
             session_file_exists = False # Overwrite it below
     if not session_file_exists:
         with open(session_file, 'w') as f:
             # Save it so we can keep track across multiple clients
             session_info = {
                 'session': generate_session_id(),
             }
             session_info.update(user)
             session_info_json = tornado.escape.json_encode(session_info)
             f.write(session_info_json)
     self.set_secure_cookie(
         "gateone_user", tornado.escape.json_encode(session_info))
Ejemplo n.º 2
0
def create_user_ssh_dir(self):
    """
    To be called by the 'Auth' hook that gets called after the user is done
    authenticating, ensures that the `<user's dir>/ssh` directory exists.
    """
    self.ssh_log.debug("create_user_ssh_dir()")
    user = self.current_user['upn']
    users_dir = os.path.join(self.ws.settings['user_dir'], user) # "User's dir"
    ssh_dir = os.path.join(users_dir, '.ssh')
    try:
        mkdir_p(ssh_dir)
    except OSError as e:
        self.ssh_log.error(_("Error creating user's ssh directory: %s\n" % e))
Ejemplo n.º 3
0
def create_user_ssh_dir(self):
    """
    To be called by the 'Auth' hook that gets called after the user is done
    authenticating, ensures that the `<user's dir>/ssh` directory exists.
    """
    self.ssh_log.debug("create_user_ssh_dir()")
    user = self.current_user['upn']
    users_dir = os.path.join(self.ws.settings['user_dir'], user) # "User's dir"
    ssh_dir = os.path.join(users_dir, '.ssh')
    try:
        mkdir_p(ssh_dir)
    except OSError as e:
        self.ssh_log.error(_("Error creating user's ssh directory: %s\n" % e))
Ejemplo n.º 4
0
 def user_login(self, user):
     """
     Called immediately after a user authenticates successfully.  Saves
     session information in the user's directory.  Expects *user* to be a
     dict containing a 'upn' value representing the username or
     userPrincipalName. e.g. 'user@REALM' or just 'someuser'.
     Any additional values will be attached to the user object/cookie.
     """
     logging.debug("user_login(%s)" % user['upn'])
     user.update(additional_attributes(user))
     # Make a directory to store this user's settings/files/logs/etc
     try:
         # NOTE: These bytes checks are for Python 2
         # (not needed in Python 3)
         upn = user['upn']
         if isinstance(user['upn'], bytes):
             upn = user['upn'].decode('utf-8')
         user_dir = os.path.join(self.settings['user_dir'], upn)
         if isinstance(user_dir, bytes):
             user_dir = user_dir.decode('utf-8')
         if not os.path.exists(user_dir):
             logging.info(_("Creating user directory: %s" % user_dir))
             mkdir_p(user_dir)
             os.chmod(user_dir, 0o700)
     except UnicodeEncodeError:
         logging.error(
             _("You're trying to use non-ASCII user information on a system "
               "that has the locale set to ASCII (or similar).  Please change"
               "your system's locale to something that supports Unicode "
               "characters. "))
         return
     session_file = os.path.join(user_dir, 'session')
     session_file_exists = os.path.exists(session_file)
     if session_file_exists:
         session_data = open(session_file).read()
         try:
             session_info = tornado.escape.json_decode(session_data)
         except ValueError:
             # Something wrong with the file, overwrite it below
             session_file_exists = False
     if not session_file_exists:
         with open(session_file, 'w') as f:
             # Save it so we can keep track across multiple clients
             session_info = {
                 'session': generate_session_id(),
             }
             session_info.update(user)
             session_info_json = tornado.escape.json_encode(session_info)
             f.write(session_info_json)
     self.set_secure_cookie("gateone_user",
                            tornado.escape.json_encode(session_info))
Ejemplo n.º 5
0
 def user_login(self, user):
     """
     Called immediately after a user authenticates successfully.  Saves
     session information in the user's directory.  Expects *user* to be a
     dict containing a 'upn' value representing the username or
     userPrincipalName. e.g. 'user@REALM' or just 'someuser'.  Any additional
     values will be attached to the user object/cookie.
     """
     logging.debug("user_login(%s)" % user['upn'])
     user.update(additional_attributes(user))
     # Make a directory to store this user's settings/files/logs/etc
     try:
         # NOTE: These bytes checks are for Python 2 (not needed in Python 3)
         upn = user['upn']
         if isinstance(user['upn'], bytes):
             upn = user['upn'].decode('utf-8')
         user_dir = os.path.join(self.settings['user_dir'], upn)
         if isinstance(user_dir, bytes):
             user_dir = user_dir.decode('utf-8')
         if not os.path.exists(user_dir):
             logging.info(_("Creating user directory: %s" % user_dir))
             mkdir_p(user_dir)
             os.chmod(user_dir, 0o700)
     except UnicodeEncodeError:
         logging.error(_(
             "You're trying to use non-ASCII user information on a system "
             "that has the locale set to ASCII (or similar).  Please change"
             "your system's locale to something that supports Unicode "
             "characters. "))
         return
     session_file = os.path.join(user_dir, 'session')
     session_file_exists = os.path.exists(session_file)
     if session_file_exists:
         session_data = open(session_file).read()
         try:
             session_info = tornado.escape.json_decode(session_data)
         except ValueError: # Something wrong with the file
             session_file_exists = False # Overwrite it below
     if not session_file_exists:
         with open(session_file, 'w') as f:
             # Save it so we can keep track across multiple clients
             session_info = {
                 'session': generate_session_id(),
             }
             session_info.update(user)
             session_info_json = tornado.escape.json_encode(session_info)
             f.write(session_info_json)
     self.set_secure_cookie(
         "gateone_user", tornado.escape.json_encode(session_info))
Ejemplo n.º 6
0
 def user_login(self, user):
     """
     This is an override of BaseAuthHandler since anonymous auth is special.
     Generates a unique session ID for this user and saves it in a browser
     cookie.  This is to ensure that anonymous users can't access each
     other's sessions.
     """
     logging.debug("NullAuthHandler.user_login(%s)" % user["upn"])
     # Make a directory to store this user's settings/files/logs/etc
     user_dir = os.path.join(self.settings["user_dir"], user["upn"])
     if not os.path.exists(user_dir):
         logging.info(_("Creating user directory: %s" % user_dir))
         mkdir_p(user_dir)
         os.chmod(user_dir, 0o700)
     session_info = {"session": generate_session_id()}
     session_info.update(user)
     self.set_secure_cookie("gateone_user", tornado.escape.json_encode(session_info))
Ejemplo n.º 7
0
 def user_login(self, user):
     """
     This is an override of BaseAuthHandler since anonymous auth is special.
     Generates a unique session ID for this user and saves it in a browser
     cookie.  This is to ensure that anonymous users can't access each
     other's sessions.
     """
     logging.debug("NullAuthHandler.user_login(%s)" % user['upn'])
     # Make a directory to store this user's settings/files/logs/etc
     user_dir = os.path.join(self.settings['user_dir'], user['upn'])
     if not os.path.exists(user_dir):
         logging.info(_("Creating user directory: %s" % user_dir))
         mkdir_p(user_dir)
         os.chmod(user_dir, 0o700)
     session_info = {'session': generate_session_id()}
     session_info.update(user)
     self.set_secure_cookie("gateone_user",
                            tornado.escape.json_encode(session_info))
Ejemplo n.º 8
0
Archivo: ssh.py Proyecto: truth/GateOne 
def save_known_hosts(self, known_hosts):
    """
    Attached to the (server-side) `terminal:ssh_save_known_hosts` WebSocket
    action; saves the given *known_hosts* (string) to the user's known_hosts
    file.
    """
    user = self.current_user["upn"]
    ssh_log.debug("known_hosts updated by %s" % user)
    users_dir = os.path.join(self.settings["user_dir"], user)  # "User's dir"
    users_ssh_dir = os.path.join(users_dir, ".ssh")
    if not os.path.isdir(users_ssh_dir):  # Make .ssh dir if not present
        mkdir_p(users_ssh_dir)
        os.chmod(users_ssh_dir, 0o700)
    kh_path = os.path.join(users_ssh_dir, "known_hosts")
    try:
        with io.open(kh_path, "wb") as f:
            f.write(known_hosts)
    except Exception as e:
        error_msg = _("Exception trying to save known_hosts file: %s" % e)
        ssh_log.error(error_msg)
        self.write_message(
            _("An error was encountered trying to save the known_hosts file.  " "See server logs for details.")
        )