class AuthenticationHandler(Daemon):
def __init__(self, useSSL=True):
Daemon.__init__(self, useSSL)
self.__MIN_ID = 100000
self.__MAX_ID = 100000000
self.__SESSION_TIMEOUT_HOURS = 48
self.__loggedInUsers = {}
self.__reverseLoggedInUsers = {}
self.__userProtocols = {}
self.__systemProtocol = Protocol(None)
self.__controlProtocol = Protocol(None)
try:
self.__systemProtocol.open(DaemonLocations.systemDaemon[0],
DaemonLocations.systemDaemon[1])
except:
print "warning, could not connect to system daemon"
try:
self.__controlProtocol.open(DaemonLocations.controlDaemon[0],
DaemonLocations.controlDaemon[1])
except:
print "warning, could not connect to control daemon"
self.registerMethodHandler("login", self.login)
self.registerMethodHandler("logout", self.logout)
self.registerMethodHandler("system", self.systemOperation)
self.registerMethodHandler("control", self.controlOperation)
self.__consoleOperationReply = None
self.__controlOperationReply = None
self.__systemOperationReply = None
self.__ldapClient = LDAPClient("ldap://henldap:389")
def login(self, prot, seq, ln, payload):
(username, password) = pickle.loads(payload)
validLogin = self.__ldapClient.authenticate(username, password)
groups = None
if (validLogin):
ldapInfo = self.__ldapClient.getUserInfoByLogin(username)
groups = ldapInfo.getGroups()
email = ldapInfo.getEmail()
loggedInID = random.randint(self.__MIN_ID, self.__MAX_ID)
loginDate = datetime.datetime.now()
loggedInUser = LoggedInUser(username, loggedInID, email, \
loginDate, groups)
self.__loggedInUsers[loggedInID] = loggedInUser
self.__reverseLoggedInUsers[username] = loggedInID
prot.sendReply(200, seq, str(loggedInID))
else:
prot.sendReply(421, seq, "")
def logout(self, prot, seq, ln, payload):
loggedInID = int(pickle.loads(payload))
if (self.__loggedInUsers.has_key(loggedInID)):
del self.__loggedInUsers[loggedInID]
if (self.__reverseLoggedInUsers.has_key(loggedInID)):
del self.__reverseLoggedInUsers[loggedInID]
if (self.__userProtocols.has_key(loggedInID)):
del self.__userProtocols[loggedInID]
prot.sendReply(200, seq, "")
def systemOperation(self, prot, seq, ln, payload):
(loggedInID, operation, parameters) = pickle.loads(payload)
if (not self.__isLoggedIn(loggedInID, prot, seq)):
return
username = self.__loggedInUsers[loggedInID].getUsername()
groups = self.__loggedInUsers[loggedInID].getGroups()
result = self.__systemProtocol.doSynchronousCall(operation, \
pickle.dumps((username, groups, parameters)))
resID = len(result) - 1
if resID < 0:
prot.sendReply(500, seq, "Got 0 result from systemdaemon!")
return
else:
prot.sendReply(result[resID][0], seq, result[resID][2])
def controlOperation(self, prot, seq, ln, payload):
(loggedInID, operation, parameters) = pickle.loads(payload)
print loggedInID, operation, parameters
# Special console case
if ((operation == "console") or (operation == "console_output")):
self.__console(prot, seq, ln, payload)
return
if (not self.__isLoggedIn(loggedInID, prot, seq)):
return
username = self.__loggedInUsers[loggedInID].getUsername()
groups = self.__loggedInUsers[loggedInID].getGroups()
result = self.__controlProtocol.doSynchronousCall(operation, \
pickle.dumps((username, groups, parameters)))
resID = len(result) - 1
#print "got result",result
if resID < 0:
prot.sendReply(500, seq, "Got 0 result from controldaemon!")
return
else:
prot.sendReply(result[resID][0], seq, result[resID][2])
def __console(self, prot, seq, ln, payload):
(loggedInID, operation, parameters) = pickle.loads(payload)
# Request from hm client
if (operation == "console"):
if (not self.__isLoggedIn(loggedInID, prot, seq)):
return
username = self.__loggedInUsers[loggedInID].getUsername()
groups = self.__loggedInUsers[loggedInID].getGroups()
action = parameters[0]
# Record client protocol so we can later reply to it
if (not self.__userProtocols.has_key(loggedInID)):
self.__userProtocols[loggedInID] = prot
self.__controlProtocol.sendRequest("console", \
pickle.dumps((username, groups, parameters)), \
self.__consoleOperationReplyHandler)
if (action == "open" or action == "close"):
self.__controlProtocol.readAndProcess()
prot.sendReply(self.__consoleOperationReply[0], seq,
self.__consoleOperationReply[3])
# Request from control daemon, forward to console client
elif (operation == "console_output"):
(username, operation, parameters) = pickle.loads(payload)
consoleOutput = parameters[0]
loggedInID = self.__reverseLoggedInUsers[username]
payload = pickle.dumps((200, consoleOutput))
self.__userProtocols[loggedInID].sendRequest(
"console", payload, self.__consoleOperationReplyHandler)
else:
print "unknown console operation received"
return
prot.sendRequest("console", self.__consoleOperationReply[3],
self.__consoleOperationReplyHandler)
def __consoleOperationReplyHandler(self, code, seq, sz, payload):
self.__consoleOperationReply = (code, seq, sz, payload)
def __isLoggedIn(self, loggedInID, prot, seq):
if ((not self.__loggedInUsers.has_key(loggedInID)) or \
self.__hasSessionExpired(loggedInID)):
print "not logged in"
prot.sendReply(400, seq, "")
return False
return True
def __hasSessionExpired(self, loggedInID):
loginDate = self.__loggedInUsers[loggedInID].getLoginDate()
now = datetime.datetime.now()
difference = now - loginDate
minutes, seconds = divmod(difference.seconds, 60)
hours, minutes = divmod(minutes, 60)
sessionTime = hours + (24 * difference.days)
if (sessionTime > self.__SESSION_TIMEOUT_HOURS):
return True
return False
from auxiliary.ldapclient import LDAPClient
serverURL = "ldap://henldap:389"
#login = "******"
login = "******"
password = "******"
ldapClient = LDAPClient(serverURL)
print ldapClient.authenticate(login, password)
#ldapInfo = ldapClient.getUserInfoByLogin("fhuici")
#print str(ldapInfo)
#print ldapInfo.getMD5Object().digest()
#ldapInfo = ldapClient.getUserInfoByLogin("fhuici")
#print ldapInfo.getGroups()
print "Content-Type: text/xml"
print ""
print ""
# read data from standard in
data = sys.stdin.read()
form = cgi.parse_qs(data)
# Make sure that the necessary cgi parameters are given and retrieve them
if ( (not form.has_key("username")) or (not form.has_key("password")) ):
sys.exit()
username = form['username'][0]
password = form['password'][0]
ldapClient = LDAPClient("ldap://henldap:389")
validLogin = ldapClient.authenticate(username, password)
groups = None
if (validLogin):
groups = ldapClient.getUserInfoByLogin(username).getGroups()
# Print the results
string = '<ldapresponse validlogin="******">\n'
if (groups):
for group in groups:
string += '\t<group id="' + str(group) + '" />\n'
string += '</ldapresponse>'
print string
class AuthenticationHandler(Daemon):
def __init__(self, useSSL=True):
Daemon.__init__(self, useSSL)
self.__MIN_ID = 100000
self.__MAX_ID = 100000000
self.__SESSION_TIMEOUT_HOURS = 48
self.__loggedInUsers = {}
self.__reverseLoggedInUsers = {}
self.__userProtocols = {}
self.__systemProtocol = Protocol(None)
self.__controlProtocol = Protocol(None)
try:
self.__systemProtocol.open(DaemonLocations.systemDaemon[0], DaemonLocations.systemDaemon[1])
except:
print "warning, could not connect to system daemon"
try:
self.__controlProtocol.open(DaemonLocations.controlDaemon[0], DaemonLocations.controlDaemon[1])
except:
print "warning, could not connect to control daemon"
self.registerMethodHandler("login", self.login)
self.registerMethodHandler("logout", self.logout)
self.registerMethodHandler("system", self.systemOperation)
self.registerMethodHandler("control", self.controlOperation)
self.__consoleOperationReply = None
self.__controlOperationReply = None
self.__systemOperationReply = None
self.__ldapClient = LDAPClient("ldap://henldap:389")
def login(self,prot,seq,ln,payload):
(username, password) = pickle.loads(payload)
validLogin = self.__ldapClient.authenticate(username, password)
groups = None
if (validLogin):
ldapInfo = self.__ldapClient.getUserInfoByLogin(username)
groups = ldapInfo.getGroups()
email = ldapInfo.getEmail()
loggedInID = random.randint(self.__MIN_ID, self.__MAX_ID)
loginDate = datetime.datetime.now()
loggedInUser = LoggedInUser(username, loggedInID, email, \
loginDate, groups)
self.__loggedInUsers[loggedInID] = loggedInUser
self.__reverseLoggedInUsers[username] = loggedInID
prot.sendReply(200, seq, str(loggedInID))
else:
prot.sendReply(421, seq, "")
def logout(self,prot,seq,ln,payload):
loggedInID = int(pickle.loads(payload))
if (self.__loggedInUsers.has_key(loggedInID)):
del self.__loggedInUsers[loggedInID]
if (self.__reverseLoggedInUsers.has_key(loggedInID)):
del self.__reverseLoggedInUsers[loggedInID]
if (self.__userProtocols.has_key(loggedInID)):
del self.__userProtocols[loggedInID]
prot.sendReply(200,seq,"")
def systemOperation(self,prot,seq,ln,payload):
(loggedInID, operation, parameters) = pickle.loads(payload)
if (not self.__isLoggedIn(loggedInID, prot, seq)):
return
username = self.__loggedInUsers[loggedInID].getUsername()
groups = self.__loggedInUsers[loggedInID].getGroups()
result = self.__systemProtocol.doSynchronousCall(operation, \
pickle.dumps((username, groups, parameters)))
resID = len(result)-1
if resID<0:
prot.sendReply(500,seq,"Got 0 result from systemdaemon!")
return
else:
prot.sendReply(result[resID][0],seq,result[resID][2])
def controlOperation(self,prot,seq,ln,payload):
(loggedInID, operation, parameters) = pickle.loads(payload)
print loggedInID, operation, parameters
# Special console case
if ((operation == "console") or (operation == "console_output")):
self.__console(prot,seq,ln,payload)
return
if (not self.__isLoggedIn(loggedInID, prot, seq)):
return
username = self.__loggedInUsers[loggedInID].getUsername()
groups = self.__loggedInUsers[loggedInID].getGroups()
result = self.__controlProtocol.doSynchronousCall(operation, \
pickle.dumps((username, groups, parameters)))
resID = len(result)-1
#print "got result",result
if resID<0:
prot.sendReply(500,seq,"Got 0 result from controldaemon!")
return
else:
prot.sendReply(result[resID][0],seq,result[resID][2])
def __console(self,prot,seq,ln,payload):
(loggedInID, operation, parameters) = pickle.loads(payload)
# Request from hm client
if (operation == "console"):
if (not self.__isLoggedIn(loggedInID, prot, seq)):
return
username = self.__loggedInUsers[loggedInID].getUsername()
groups = self.__loggedInUsers[loggedInID].getGroups()
action = parameters[0]
# Record client protocol so we can later reply to it
if (not self.__userProtocols.has_key(loggedInID)):
self.__userProtocols[loggedInID] = prot
self.__controlProtocol.sendRequest("console", \
pickle.dumps((username, groups, parameters)), \
self.__consoleOperationReplyHandler)
if (action == "open" or action == "close"):
self.__controlProtocol.readAndProcess()
prot.sendReply(self.__consoleOperationReply[0], seq, self.__consoleOperationReply[3])
# Request from control daemon, forward to console client
elif (operation == "console_output"):
(username, operation, parameters) = pickle.loads(payload)
consoleOutput = parameters[0]
loggedInID = self.__reverseLoggedInUsers[username]
payload = pickle.dumps((200, consoleOutput))
self.__userProtocols[loggedInID].sendRequest("console", payload, self.__consoleOperationReplyHandler)
else:
print "unknown console operation received"
return
prot.sendRequest("console", self.__consoleOperationReply[3], self.__consoleOperationReplyHandler)
def __consoleOperationReplyHandler(self, code, seq, sz, payload):
self.__consoleOperationReply = (code, seq, sz, payload)
def __isLoggedIn(self, loggedInID, prot, seq):
if ((not self.__loggedInUsers.has_key(loggedInID)) or \
self.__hasSessionExpired(loggedInID)):
print "not logged in"
prot.sendReply(400,seq,"")
return False
return True
def __hasSessionExpired(self, loggedInID):
loginDate = self.__loggedInUsers[loggedInID].getLoginDate()
now = datetime.datetime.now()
difference = now - loginDate
minutes, seconds = divmod(difference.seconds, 60)
hours, minutes = divmod(minutes, 60)
sessionTime = hours + (24 * difference.days)
if (sessionTime > self.__SESSION_TIMEOUT_HOURS):
return True
return False
from auxiliary.ldapclient import LDAPClient
serverURL = "ldap://henldap:389"
# login = "******"
login = "******"
password = "******"
ldapClient = LDAPClient(serverURL)
print ldapClient.authenticate(login, password)
# ldapInfo = ldapClient.getUserInfoByLogin("fhuici")
# print str(ldapInfo)
# print ldapInfo.getMD5Object().digest()
# ldapInfo = ldapClient.getUserInfoByLogin("fhuici")
# print ldapInfo.getGroups()
