def authenticate(self, **tokens):
resp = False
for token in self.auth_token_order():
if token in tokens.keys() and tokens[token] is not None:
if token == 'password':
query = """select id from client where uid='%s' and
'%s' = password""" % (
Q(self.username),
Q(sha.new(tokens['password']).hexdigest()))
if self.sql_get(query):
resp = True
break
elif token == 'pubkey':
pubkeys = self.get_token(token, '').split('\n')
pubkeys = [pk.split()[0] for pk in pubkeys if len(pk)]
for pk in pubkeys:
if pk == tokens[token]:
resp = True
break
ClientDB()._unauth_pubkey = tokens[token]
elif self.get_token(token) == tokens[token]:
resp = True
break
pubkey = getattr(ClientDB(), '_unauth_pubkey', None)
if resp and pubkey and istrue(get_config('sshproxy')['auto_add_key']):
tokens['pubkey'] = pubkey
if self.add_pubkey(**tokens):
Server().message_client("WARNING: Your public key"
" has been added to the keyring\n")
del ClientDB()._unauth_pubkey
return resp
def save(self):
sid = self._sid
if sid is None:
return
if not self.login:
tok = self.s_tokens
self.sql_set(
'site', **{
'id': sid,
'name': self.name,
'ip_address': tok.get('ip_address', ''),
'port': tok.get('port', '22'),
})
for tag, value in self.s_tokens.items():
if tag in ('name', 'ip_address', 'port'):
continue
elif value and len(str(value)):
self.sql_set(
'acltags', **{
'object': 'site',
'id': sid,
'tag': tag,
'value': str(value)
})
else:
query = ("delete from acltags where object = 'site'"
" and id = %d and tag = '%s'" % (sid, Q(tag)))
self.sql_del(query)
else:
lid = self._lid
if not lid:
return
tok = self.l_tokens
self.sql_set(
'login', **{
'id': lid,
'site_id': sid,
'login': self.login,
'password': tok.get('password', ''),
'pkey': tok.get('pkey', ''),
'priority': tok.get('priority', ''),
})
for tag, value in self.l_tokens.items():
if tag in ('name', 'login', 'password', 'pkey', 'priority'):
continue
elif value and len(str(value)):
self.sql_set(
'acltags', **{
'object': 'login',
'id': lid,
'tag': tag,
'value': str(value)
})
else:
query = ("delete from acltags where object = 'login'"
" and id = %d and tag = '%s'" % (lid, Q(tag)))
self.sql_del(query)
def set_rule(self, acl, rule, index):
if not ACLDB.set_rule(self, acl, rule, index):
return False
query = """update aclrules set rule = '%s'
where name = '%s' and weight = %d"""
self.sql_update(query % (Q(rule), Q(acl), index))
return True
def del_rule(self, acl, index):
if index is not None:
query = """delete from aclrules
where name = '%s' and weight = %d"""
self.sql_del(query % (Q(acl), index))
query = """update aclrules set weight = weight-1
where name = '%s' and weight >= %d"""
self.sql_update(query % (Q(acl), index))
return ACLDB.del_rule(self, acl, index)
def add_client(self, username, **tokens):
if self.exists(username, **tokens):
return 'Client %s does already exist' % username
query = "insert into client (uid, password) values ('%s', '%s')"
id = self.sql_add(query % (Q(username), Q(tokens.get('password', ''))))
if not id:
return 'A problem occured when adding client %s' % username
client = ClientInfo(username, **tokens)
client.save()
return 'Client %s added' % username
def add_rule(self, acl, rule=None, index=None, updatedb=True):
index = ACLDB.add_rule(self, acl, rule, index)
if not updatedb:
return index
if index < len(self.rules[acl]):
query = """update aclrules set weight = weight+1
where name = '%s' and weight >= %d"""
self.sql_update(query % (Q(acl), index))
query = """insert into aclrules (name, rule, weight)
values ('%s', '%s', %d)"""
self.sql_add(query % (Q(acl), Q(rule), index))
return index
def save(self):
id = self._id
if id is None:
return
for tag, value in self.tokens.items():
if tag == 'username':
continue
elif tag == 'password':
self.sql_set(
'client', **{
'id': id,
'uid': self.username,
'password': str(value)
})
elif value and len(str(value)):
self.sql_set(
'acltags', **{
'object': 'client',
'id': id,
'tag': tag,
'value': str(value)
})
else:
query = ("delete from acltags where object = 'client'"
" and id = %d and tag = '%s'" % (id, Q(tag)))
self.sql_del(query)
def load(self):
query = """select id, name, ip_address, port from site
where name = '%s'""" % Q(self.name)
site = self.sql_get(query)
if not site:
return
self._sid, name, ip_address, port = site
query = """select tag, value from acltags where object = 'site'
and id = %d""" % self._sid
tags = {}
for tag, value in self.sql_list(query):
tags[tag] = value
self.s_tokens.update(tags)
tags = {'name': name, 'ip_address': ip_address, 'port': port}
self.s_tokens.update(tags)
# TODO: handle the default case, see also in file backend
query = """select id, login, password, pkey, priority from login
where site_id = %d and ('%s' = 'None' or '%s' = login)
order by priority desc""" % (self._sid, Q(
self.login), Q(self.login))
login = self.sql_get(query)
if login:
self._lid, login, password, pkey, priority = login
tags = {
'login': login,
'password': password,
'priority': priority,
'pkey': pkey
}
self.l_tokens.update(tags)
query = """select tag, value from acltags where object = 'login'
and id = %d""" % self._lid
tags = {}
for tag, value in self.sql_list(query):
tags[tag] = value
self.l_tokens.update(tags)
self.loaded = True
def add_site(self, sitename, **tokens):
login, site = self.split_user_site(sitename)
if login == '*':
return "'*' is not allowed, be more specific."
if not login:
if self.exists(site, **tokens):
return 'Site %s does already exist' % site
# create site
port = tokens.get('port', 22)
try:
port = int(port)
if not (0 < port < 65536):
raise ValueError
except ValueError:
return ('Port must be numeric and have a strictly positive '
'value inferior to 65536')
query = ("insert into site (name, ip_address, port) "
"values ('%s', '%s', '%s')")
sid = self.sql_add(
query % (Q(site), Q(tokens.get('ip_address', '')), port))
if not sid:
return 'A problem occured when adding site %s' % sitename
elif not self.exists(site, **tokens):
# if site does not exist and a login was given, exit with an error
return 'Please create site %s first' % site
else:
if self.exists(sitename, **tokens):
return 'Site %s does already exist' % sitename
sid = self.sql_get("select id from site where name = '%s'" %
Q(site))
query = ("insert into login (site_id, login, password) "
"values (%d, '%s', '%s')")
lid = self.sql_add(query %
(sid, Q(login), Q(tokens.get('password', ''))))
if not lid:
return 'A problem occured when adding site %s' % sitename
site = SiteInfo(login, site, **tokens)
site.save()
return 'Site %s added' % sitename
def exists(self, sitename, **tokens):
login, site = self.split_user_site(sitename)
if login == '*':
login = None
query = "select id from site where name = '%s'" % Q(site)
id = self.sql_get(query)
if not id:
return False
if not login:
return id
query = "select id from login where login = '******' and site_id = %d"
id = self.sql_get(query % (Q(login), id))
return id or False
def load(self):
query = """select id, password from client
where uid = '%s'""" % Q(self.username)
result = self.sql_get(query)
if not result:
return
self._id, password = result
self.load_tags(self._id, password=password)
def load_tags(self, id=None, **tokens):
if id is None:
id = self._id
if id is None:
return
query = """select tag, value from acltags where object = 'client'
and id = %d""" % id
tags = tokens
for tag, value in self.sql_list(query):
if len(value):
tags[tag] = value
else:
query = ("delete from acltags where object = 'client'"
" and id = %d and tag = '%s'" % (id, Q(tag)))
self.sql_del(query)
self.set_tokens(**tags)
def exists(self, username, **tokens):
query = "select id from client where uid = '%s'" % Q(username)
id = self.sql_get(query)
if id:
return id
return False