def _admin_valid_login(req, realm, username, password, log=True):
users = get_uvm_settings_item('admin', 'users')
if users == None:
return False
if users['list'] == None:
return False
for user in users['list']:
if user['username'] != username:
continue
pw_hash_shadow = user.get('passwordHashShadow')
if pw_hash_shadow:
if pw_hash_shadow == crypt.crypt(password, pw_hash_shadow):
if log:
uvm_login.log_login(req, username, True, None)
return True
else:
if log:
uvm_login.log_login(req, username, False, 'P')
return False
else:
pw_hash_base64 = user['passwordHashBase64']
pw_hash = base64.b64decode(pw_hash_base64)
raw_pw = pw_hash[0:len(pw_hash) - 8]
salt = pw_hash[len(pw_hash) - 8:]
if raw_pw == md5.new(password + salt).digest():
if log:
uvm_login.log_login(req, username, True, None)
return True
else:
if log:
uvm_login.log_login(req, username, False, 'P')
return False
if log:
uvm_login.log_login(req, username, False, 'U')
return False
def headerparserhandler(req):
options = req.get_options()
if options.has_key('Realm'):
realm = options['Realm']
else:
apache.log_error('no realm specified')
return apache.DECLINED
sess = Session.Session(req, lock=0)
sess.set_timeout(SESSION_TIMEOUT)
sess.lock()
username = session_user(sess, realm)
if None == username and realm == 'Reports':
username = session_user(sess, 'Administrator')
if None == username and realm == 'SetupWizard':
username = session_user(sess, 'Administrator')
if None == username and realm == 'SetupWizard' and not is_wizard_complete(
):
username = '******'
save_session_user(sess, realm, username)
if None == username and is_local_process_uid_authorized(req):
username = '******'
log_login(req, username, True, True, None)
save_session_user(sess, realm, username)
sess.save()
sess.unlock()
if None != username:
pw = base64.encodestring('%s' % username).strip()
req.headers_in['Authorization'] = "BASIC % s" % pw
req.notes['authorized'] = 'true'
return apache.OK
else:
# we only do this as to not present a login screen when access
# is restricted. a tomcat valve enforces this setting.
if options.get('UseRemoteAccessSettings', 'no') == 'yes':
http_enabled = get_uvm_settings_item('system',
'httpAdministrationAllowed')
connection = req.connection
(addr, port) = connection.local_addr
apache.log_error('rjt: addr=%s port=%s' % (str(addr), str(port)))
apache.log_error('rjt: connection.remote_ip = %s' %
(str(connection.remote_ip)))
if not re.match('127\.|\:\:1', connection.remote_ip):
if port == 80 and not http_enabled:
return apache.HTTP_FORBIDDEN
apache.log_error(
'Auth failure [Username not specified]. Redirecting to auth page. (realm: %s)'
% realm)
login_redirect(req, realm)
def get_uvm_language():
lang = 'us'
setval = get_uvm_settings_item('language','language')
if (setval != None):
lang = setval
return lang
def get_uvm_language():
lang = 'us'
setval = get_uvm_settings_item('language', 'language')
if (setval != None):
lang = setval
return lang
def headerparserhandler(req):
options = req.get_options()
if options.has_key('Realm'):
realm = options['Realm']
else:
apache.log_error('no realm specified')
return apache.DECLINED
sess = Session.Session(req, lock=0)
sess.set_timeout(SESSION_TIMEOUT)
sess.lock()
username = session_user(sess, realm)
if None == username and realm == 'Reports':
username = session_user(sess, 'Administrator')
if None == username and realm == 'SetupWizard':
username = session_user(sess, 'Administrator')
if None == username and realm == 'SetupWizard' and not is_wizard_complete():
username = '******'
save_session_user(sess, realm, username)
if None == username and is_local_process_uid_authorized(req):
username = '******'
log_login(req, username, True, True, None)
save_session_user(sess, realm, username)
sess.save()
sess.unlock()
if None != username:
pw = base64.encodestring('%s' % username).strip()
req.headers_in['Authorization'] = "BASIC % s" % pw
req.notes['authorized'] = 'true'
return apache.OK
else:
# we only do this as to not present a login screen when access
# is restricted. a tomcat valve enforces this setting.
if options.get('UseRemoteAccessSettings', 'no') == 'yes':
http_enabled = get_uvm_settings_item('system','httpAdministrationAllowed')
connection = req.connection
(addr, port) = connection.local_addr
apache.log_error('rjt: addr=%s port=%s' % (str(addr), str(port)))
apache.log_error('rjt: connection.remote_ip = %s' % (str(connection.remote_ip)))
if not re.match('127\.|\:\:1', connection.remote_ip):
if port == 80 and not http_enabled:
return apache.HTTP_FORBIDDEN
apache.log_error('Auth failure [Username not specified]. Redirecting to auth page. (realm: %s)' % realm)
login_redirect(req, realm)
def _admin_valid_login(req, realm, username, password, log=True):
users = get_uvm_settings_item('admin','users')
if users == None:
return False;
if users['list'] == None:
return False;
for user in users['list']:
if user['username'] != username:
continue;
pw_hash_base64 = user['passwordHashBase64']
pw_hash = base64.b64decode(pw_hash_base64)
raw_pw = pw_hash[0:len(pw_hash) - 8]
salt = pw_hash[len(pw_hash) - 8:]
if raw_pw == md5.new(password + salt).digest():
if log:
uvm_login.log_login(req, username, False, True, None)
return True
else:
if log:
uvm_login.log_login(req, username, False, False, 'P')
return False
if log:
uvm_login.log_login(req, username, False, False, 'U')
return False
def login(req, url=None, realm='Administrator', token=None):
uvm_login.setup_gettext()
options = req.get_options()
args = util.parse_qs(req.args or '')
error_msg = None
if req.form.has_key('username') or req.form.has_key('password'):
error_msg = '%s' % cgi.escape(
_('Error: Username and Password do not match'))
connection = req.connection
(addr, port) = connection.local_addr
is_local = re.match('127\.', connection.remote_ip)
if connection.remote_ip == '::1':
is_local = True
if port == 80 and not get_uvm_settings_item(
'system', 'httpAdministrationAllowed') and not is_local:
write_error_page(req, "Permission denied")
return
if token != None and get_uvm_settings_item('system', 'cloudEnabled'):
if _valid_token(req, token):
sess = Session.Session(req, lock=0)
sess.lock()
sess.set_timeout(uvm_login.SESSION_TIMEOUT)
uvm_login.save_session_user(sess, realm, "token")
sess.save()
sess.unlock()
if url == None:
return apache.OK
else:
url = re.sub('[^A-Za-z0-9-_/.#?=]', '', url) # sanitize input
if req.form.has_key('fragment') and req.form['fragment'] != '':
url = url + req.form['fragment']
util.redirect(req, url)
return
if req.form.has_key('username') and req.form.has_key('password'):
username = req.form['username']
password = req.form['password']
# debug
# req.log_error("User:Pass = %s %s" % (username,password))
if _valid_login(req, realm, username, password):
sess = Session.Session(req, lock=0)
sess.lock()
sess.set_timeout(uvm_login.SESSION_TIMEOUT)
uvm_login.save_session_user(sess, realm, username)
sess.save()
sess.unlock()
if url == None:
return apache.OK
else:
url = re.sub('[^A-Za-z0-9-_/.#?=]', '', url) # sanitize input
if req.form.has_key('fragment') and req.form['fragment'] != '':
url = url + req.form['fragment']
util.redirect(req, url)
return
company_name = uvm_login.get_company_name()
title = _("Administrator Login")
# some i18n company_names cause exception here, so wrap to handle this
# revert to "Administrator Login" if exception occurs
try:
title = cgi.escape(_("%s Administrator Login") % company_name)
except:
pass
host = cgi.escape(req.hostname)
_write_login_form(req, title, host, error_msg)
def _write_login_form(req, title, host, error_msg):
login_url = cgi.escape(req.unparsed_uri)
req.content_type = "text/html; charset=utf-8"
req.send_http_header()
if error_msg == None:
error_msg = ''
server_str = cgi.escape(_("Server:"))
username_str = cgi.escape(_("Username:"******"Password:"******"Login"))
if not type(title) is str:
title = cgi.escape(title).encode("utf-8")
if not type(host) is str:
host = cgi.escape(host).encode("utf-8")
try:
default_username = get_uvm_settings_item('admin', 'defaultUsername')
if default_username == None:
default_username = "******"
else:
default_username = str(default_username)
except:
default_username = ""
focus_field_id = "password"
if default_username == "":
focus_field_id = "username"
banner_msg = get_app_settings_item('branding-manager', 'bannerMessage')
if banner_msg != None and banner_msg != "":
banner_msg = banner_msg.replace("\n", "<br/>")
banner_msg = "<p>" + banner_msg.encode('utf-8') + "</p>"
else:
banner_msg = ""
html = """\
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="initial-scale=1.0, width=device-width">
<meta name="description" content="loginPage">
<title>%s</title>
<script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script>
<style type="text/css">
/* <![CDATA[ */
@import url(/images/base.css);
/* ]]> */
</style>
</head>
<body>
<header>
<img src="/images/BrandingLogo.png" style="max-width: 150px; max-height: 140px;">
</header>
<div class="form-login">
<form method="post" action="%s">
<h2>%s</h2>
<p class="server">%s</p>
<div class="banner">%s</div>
<p class="error">%s</p>
<input id="fragment" type="hidden" name="fragment" value=""/>
<input id="username" type="text" name="username" value="%s" placeholder="%s"/>
<input id="password" type="password" name="password" placeholder="%s"/>
<button type="submit">%s</button>
</form>
</div>
<script type="text/javascript">document.getElementById('%s').focus();</script>
<script type="text/javascript">document.getElementById('fragment').value=window.location.hash;</script>
</body>
</html>""" % (title, login_url, title, host, banner_msg, error_msg,
default_username, username_str, password_str, login_str,
focus_field_id)
req.write(html)
location = args[0]
base = args[1]
name = args[2]
option_to_lower = False
default_value = None
for opt in opts:
k, v = opt
if k == '-l' or k == '--lower':
option_to_lower = True
elif k == '-d' or k == '--default':
default_value = str(v)
if location == "uvm":
setting = get_uvm_settings_item(base, name)
elif location == "app":
setting = get_app_settings_item(base, name)
else:
print "usage: %s [uvm|app] [basename|app] settings_name" % sys.argv[0]
sys.exit(1)
if setting == None:
setting = default_value
if option_to_lower:
setting = str(setting).lower();
print setting
location = args[0]
base = args[1]
name = args[2]
option_to_lower = False
default_value = None
for opt in opts:
k, v = opt
if k == '-l' or k == '--lower':
option_to_lower = True
elif k == '-d' or k == '--default':
default_value = str(v)
if location == "uvm":
setting = get_uvm_settings_item(base, name)
elif location == "app":
setting = get_app_settings_item(base, name)
else:
print("usage: %s [uvm|app] [basename|app] settings_name" % sys.argv[0])
sys.exit(1)
if setting == None:
setting = default_value
if option_to_lower:
setting = str(setting).lower();
print(setting)
def login(req, url=None, realm='Administrator', token=None):
uvm_login.setup_gettext()
options = req.get_options()
args = util.parse_qs(req.args or '')
error_msg = None
if req.form.has_key('username') or req.form.has_key('password'):
error_msg = '%s' % cgi.escape(_('Error: Username and Password do not match'))
connection = req.connection
(addr, port) = connection.local_addr
is_local = re.match('127\.', connection.remote_ip)
if connection.remote_ip == '::1':
is_local = True
if port == 80 and not get_uvm_settings_item('system','httpAdministrationAllowed') and not is_local:
write_error_page(req, "Permission denied")
return
if token != None and get_uvm_settings_item('system','cloudEnabled'):
if _valid_token(req, token):
sess = Session.Session(req, lock=0)
sess.lock()
sess.set_timeout(uvm_login.SESSION_TIMEOUT)
uvm_login.save_session_user(sess, realm, "token")
sess.save()
sess.unlock()
if url == None:
return apache.OK
else:
url = re.sub('[^A-Za-z0-9-_/.#?=]','',url) # sanitize input
if req.form.has_key('fragment') and req.form['fragment'] != '':
url = url + req.form['fragment']
util.redirect(req, url)
return
if req.form.has_key('username') and req.form.has_key('password'):
username = req.form['username']
password = req.form['password']
# debug
# req.log_error("User:Pass = %s %s" % (username,password))
if _valid_login(req, realm, username, password):
sess = Session.Session(req, lock=0)
sess.lock()
sess.set_timeout(uvm_login.SESSION_TIMEOUT)
uvm_login.save_session_user(sess, realm, username)
sess.save()
sess.unlock()
if url == None:
return apache.OK
else:
url = re.sub('[^A-Za-z0-9-_/.#?=]','',url) # sanitize input
if req.form.has_key('fragment') and req.form['fragment'] != '':
url = url + req.form['fragment']
util.redirect(req, url)
return
company_name = uvm_login.get_company_name()
title = _("Administrator Login")
# some i18n company_names cause exception here, so wrap to handle this
# revert to "Administrator Login" if exception occurs
try:
title = cgi.escape(_("%s Administrator Login") % company_name)
except:
pass
host = cgi.escape(req.hostname)
_write_login_form(req, title, host, error_msg)
def _write_login_form(req, title, host, error_msg):
login_url = cgi.escape(req.unparsed_uri)
req.content_type = "text/html; charset=utf-8"
req.send_http_header()
if error_msg == None:
error_msg = ''
server_str = cgi.escape(_("Server:"))
username_str = cgi.escape(_("Username:"******"Password:"******"Login"))
if not type(title) is str:
title = cgi.escape(title).encode("utf-8")
if not type(host) is str:
host = cgi.escape(host).encode("utf-8")
try:
default_username = get_uvm_settings_item('admin','defaultUsername')
if default_username == None:
default_username = "******"
else:
default_username = str(default_username)
except:
default_username = ""
focus_field_id = "password"
if default_username == "":
focus_field_id = "username"
banner_msg = get_app_settings_item('branding-manager','bannerMessage')
if banner_msg != None and banner_msg != "":
banner_msg = banner_msg.replace("\n", "<br/>")
banner_msg = "<p>" + banner_msg.encode('utf-8') + "</p>"
else:
banner_msg = ""
html = """\
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="initial-scale=1.0, width=device-width">
<meta name="description" content="loginPage">
<title>%s</title>
<script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script>
<style type="text/css">
/* <![CDATA[ */
@import url(/images/base.css);
/* ]]> */
</style>
</head>
<body>
<header>
<img src="/images/BrandingLogo.png" style="max-width: 150px; max-height: 140px;">
</header>
<div class="form-login">
<form method="post" action="%s">
<h2>%s</h2>
<p class="server">%s</p>
<div class="banner">%s</div>
<p class="error">%s</p>
<input id="fragment" type="hidden" name="fragment" value=""/>
<input id="username" type="text" name="username" value="%s" placeholder="%s"/>
<input id="password" type="password" name="password" placeholder="%s"/>
<button type="submit">%s</button>
</form>
</div>
<script type="text/javascript">document.getElementById('%s').focus();</script>
<script type="text/javascript">document.getElementById('fragment').value=window.location.hash;</script>
</body>
</html>""" % (title, login_url, title, host, banner_msg, error_msg, default_username, username_str, password_str, login_str, focus_field_id)
req.write(html)
