def setup_module(): global xc, sc xc = xcauth(domain_db={ 'xdomain': '99999\thttps://remotehost\tydomain\t', 'udomain': '8888\thttps://oldhost\t', }, default_url='https://localhost', default_secret='01234') sc = sigcloud(xc, 'user1', 'domain1')
def setup_module(): global xc, sc xc = xcauth(default_url='https://localhost', default_secret='01234', #sql_db='/tmp/auth.sqlite3', cache_storage='db', #sql_db='/tmp/auth.sqlite3', cache_storage='db', #sql_db=':memory:', cache_storage='db', sql_db=':memory:', cache_storage='memory', bcrypt_rounds=(6, 6)) sc = sigcloud(xc, 'user2', 'domain2', 'pass2')
def setup_module(): global xc, sc xc = xcauth(domain_db={ b'xdomain': b'99999\thttps://remotehost\tydomain\t', b'udomain': b'8888\thttps://oldhost\t', }, sql_db=':memory:', cache_storage='db', default_url='https://localhost', default_secret='01234') sc = sigcloud(xc, 'user1', 'domain1')
def setup_module(): global xc, sc xc = xcauth(domain_db={ 'xdomain': '99999\thttps://remotehost\tydomain\t', 'udomain': '8888\thttps://oldhost\t', }, default_url='https://localhost', default_secret='01234', ejabberdctl='/no/bin/ejabberdctl', shared_roster_db={}) xc.ejabberd_controller = ejabberdctl(xc) sc = sigcloud(xc, 'user1', 'domain1')
def perform(args): global errfile # Set up logging logfile = args.log + '/xcauth.log' signal.signal(signal.SIGUSR1, log_info) if (args.interactive or args.auth_test or args.isuser_test or args.roster_test): signal.signal(signal.SIGHUP, signal.SIG_IGN) logging.basicConfig(stream=sys.stderr, level=logging.DEBUG, format='%(asctime)s %(levelname)s: %(message)s') else: errfile = args.log + '/xcauth.err' rebind_stderr(0, None) signal.signal(signal.SIGHUP, rebind_stderr) try: from logging.handlers import WatchedFileHandler logging.basicConfig(handlers=(WatchedFileHandler(logfile),), level=logging.DEBUG if args.debug else logging.INFO, format='%(asctime)s %(levelname)s: %(message)s') except OSError as e: logging.basicConfig(stream=sys.stderr) logging.warning('Cannot log to %s: %s' % (logfile, str(e))) logging.debug('Start external auth script %s for %s with endpoint: %s', VERSION, args.type, args.url) # Set up global environment (incl. cache, db) if args.cache_storage != 'none': try: import bcrypt except ImportError as e: logging.warn('Cannot import bcrypt (%s); caching disabled' % e) args.cache_storage = 'none' ttls = {'query': args.cache_query_ttl, 'verify': args.cache_verification_ttl, 'unreach': args.cache_unreachable_ttl} xc = xcauth(default_url = args.url, default_secret = args.secret, ejabberdctl = args.ejabberdctl if 'ejabberdctl' in args else None, sql_db = args.db, cache_storage = args.cache_storage, domain_db = args.domain_db, cache_db = args.cache_db, shared_roster_db = args.shared_roster_db, timeout = args.timeout, ttls = ttls, bcrypt_rounds = args.cache_bcrypt_rounds) # Check for one-shot commands if args.isuser_test: sc = sigcloud(xc, args.isuser_test[0], args.isuser_test[1]) success = sc.isuser() print(success) return if args.roster_test: sc = sigcloud(xc, args.roster_test[0], args.roster_test[1]) success, response = sc.roster_cloud() print(str(response)) if args.ejabberdctl: sc.try_roster(async=False) return elif args.auth_test: sc = sigcloud(xc, args.auth_test[0], args.auth_test[1], args.auth_test[2]) success = sc.auth() print(success) return # Read commands from file descriptors # Acceptor socket? listeners = listen_fds_with_names() if listeners is None: # Single socket; unclear whether it is connected or an acceptor try: stdinfd = sys.stdin.fileno() except io.UnsupportedOperation: stdinfd = None if stdinfd is None: # Not a real socket, assume stdio communication perform_from_fd(sys.stdin, sys.stdout, xc, args.type) else: s = socket.socket(fileno=stdinfd) try: # Is it an acceptor socket? s.listen() # Yes, accept connections (fake systemd context) perform_from_listeners({0: args.type}, xc, args.type) except OSError: # Not an acceptor socket, use for stdio perform_from_fd(sys.stdin, sys.stdout, xc, args.type, closefds=(sys.stdin,sys.stdout,s)) else: # Uses systemd socket activation perform_from_listeners(listeners, xc, args.type)
def perform(args): logfile = args.log + '/xcauth.log' if (args.interactive or args.auth_test or args.isuser_test or args.roster_test): logging.basicConfig(stream=sys.stderr, level=logging.DEBUG, format='%(asctime)s %(levelname)s: %(message)s') else: logging.basicConfig( filename=logfile, level=logging.DEBUG if args.debug else logging.INFO, format='%(asctime)s %(levelname)s: %(message)s') # redirect stderr errfile = args.log + '/xcauth.err' sys.stderr = open(errfile, 'a+') logging.debug('Start external auth script %s for %s with endpoint: %s', VERSION, args.type, args.url) if args.domain_db: domain_db = anydbm.open(args.domain_db, 'c', 0600) atexit.register(domain_db.close) else: domain_db = {} if args.cache_db: import bcrypt cache_db = anydbm.open(args.cache_db, 'c', 0600) atexit.register(cache_db.close) else: cache_db = {'': ''} # "Do not use" marker if args.shared_roster_db: shared_roster_db = anydbm.open(args.shared_roster_db, 'c', 0600) atexit.register(shared_roster_db.close) else: # Will never be accessed, as `ejabberdctl` will not be set shared_roster_db = None ttls = { 'query': args.cache_query_ttl, 'verify': args.cache_verification_ttl, 'unreach': args.cache_unreachable_ttl } xc = xcauth( default_url=args.url, default_secret=args.secret, ejabberdctl=args.ejabberdctl if 'ejabberdctl' in args else None, shared_roster_db=shared_roster_db, domain_db=domain_db, cache_db=cache_db, timeout=args.timeout, ttls=ttls, bcrypt_rounds=args.cache_bcrypt_rounds) if args.isuser_test: sc = sigcloud(xc, args.isuser_test[0], args.isuser_test[1]) success = sc.isuser() print success return if args.roster_test: sc = sigcloud(xc, args.roster_test[0], args.roster_test[1]) success, response = sc.roster_cloud() print str(response) if args.update_roster: sc.try_roster(async=False) return elif args.auth_test: sc = sigcloud(xc, args.auth_test[0], args.auth_test[1], args.auth_test[2]) success = sc.auth() print success return if args.type == 'ejabberd': from xclib.ejabberd_io import ejabberd_io xmpp = ejabberd_io elif args.type == 'saslauthd': from xclib.saslauthd_io import saslauthd_io xmpp = saslauthd_io else: # 'generic' or 'prosody' from xclib.prosody_io import prosody_io xmpp = prosody_io for data in xmpp.read_request(): logging.debug('Receive operation ' + data[0]) success = False if data[0] == "auth" and len(data) == 4: sc = sigcloud(xc, data[1], data[2], data[3]) success = sc.auth() elif data[0] == "isuser" and len(data) == 3: sc = sigcloud(xc, data[1], data[2]) success = sc.isuser() elif data[0] == "roster" and len(data) == 3: # Nonstandard extension, only useful with -t generic sc = sigcloud(xc, data[1], data[2]) success, response = sc.roster_cloud() success = str(response) # Convert from unicode elif data[0] == "quit" or data[0] == "exit": break xmpp.write_response(success) logging.debug('Shutting down...')
def test_echo(): xc = xcauth(ejabberdctl='/bin/echo') e = ejabberdctl(xc) assertEqual(e.execute(['Hello', 'world']), 'Hello world\n')
def test_false(): xc = xcauth(ejabberdctl='/bin/false') e = ejabberdctl(xc) assertEqual(e.execute(['Hello', 'world']), None)
def test_true(): xc = xcauth(ejabberdctl='/bin/true') e = ejabberdctl(xc) assertEqual(e.execute(['Hello', 'world']), '')
def setup_module(): global xc, sc xc = xcauth(default_url='https://localhost', default_secret='01234', bcrypt_rounds=6) sc = sigcloud(xc, 'user2', 'domain2', 'pass2')