def get_user_info(request):
ret = {'status': 0}
try:
if request.session.get('admin'):
print(request.session['admin']['un'],
request.session['admin']['psd'])
kadm = kadmin.init_with_password(request.session['admin']['un'],
request.session['admin']['psd'])
un = request.GET.get('un')
princ = kadm.getprinc(un)
princ = '\n'.join([
"用户名 : %s" % princ.principal,
"最近更改密码时间 : %s" % princ.last_pwd_change or 'Never',
"最近成功登录时间 : %s" % princ.last_success or 'Never',
"最近登录失败时间 : %s" % princ.last_failure or 'Never',
"过期时间 : %s" % princ.expire or 'Never',
"密码过期时间 : %s" % princ.pwexpire or 'Never',
"票据最长生命周期 : %s" % princ.maxlife or 'Never',
"票据最长更新时间 : %s" % princ.maxrenewlife or 'Never',
])
ret = {'status': 1, 'princ': princ}
except Exception as e:
print(e)
ret['err'] = '用户信息读取失败'
return HttpResponse(json.dumps(ret))
def auth(self, username, password):
""" Check authentication against the backend
:param username: '******' attribute of the user
:type username: string
:param password: password of the user
:type password: string
:rtype: boolean (True is authentication success, False otherwise)
"""
try:
self._log("trying auth with username '%s' = principal '%s'" % (username, self._user2princ(username)))
kadm = kadmin.init_with_password(self._user2princ(username), password)
except kadmin.KRB5KDCClientNotFoundError:
""" user unknown """
return False
except kadmin.KRB5KDCPreauthFailedError:
""" wrong password, with pre-auth """
return False
except kadmin.PasswordError:
""" wrong password, without pre-auth """
return False
else:
cherrypy.session[SESSION_PRINCIPAL] = self._user2princ(username)
cherrypy.session[SESSION_PASSWORD] = password
return True
def test_init_with_password(self):
try:
kadm = kadmin.init_with_password(TEST_PRINCIPAL, TEST_PASSWORD);
except kadmin.KAdminError as error:
self.fail("kadmin.init_with_password failed")
self.assertIsNotNone(kadm, "kadmin handle is None")
def __enter__(self):
if cherrypy.session.get('isadmin', False) or self.as_admin:
self.kadm = kadmin.init_with_keytab(self.backend.config['principal'], self.backend.config['keytab'])
elif cherrypy.session.get(SESSION_PRINCIPAL, None) and cherrypy.session.get(SESSION_PASSWORD, None):
self.kadm = kadmin.init_with_password(cherrypy.session.get(SESSION_PRINCIPAL), cherrypy.session.get(SESSION_PASSWORD))
else:
raise PermissionDenied('(corrupted session)', self.backend.backend_name)
return self.kadm
def test_init_with_password(self):
try:
kadm = kadmin.init_with_password(TEST_PRINCIPAL, TEST_PASSWORD)
except kadmin.KAdminError as error:
self.fail("kadmin.init_with_password failed")
self.assertIsNotNone(kadm, "kadmin handle is None")
def _remove_principal_from_kdc(
principal,
realm,
kdc,
admin_server,
admin_principal,
admin_password,
):
"""Delete a Kerberos principal."""
# Note: kadmin.init_with_password requires a Kerberos config file.
# Create a temporary Kerberos config file.
krb5_config = configparser.ConfigParser()
krb5_config.optionxform = str
krb5_config.add_section('libdefaults')
krb5_config.set('libdefaults', 'default_realm', realm)
krb5_config.add_section('realms')
krb5_config.set(
'realms',
realm,
'\n'.join([
'{',
' kdc = ' + kdc,
' admin_server = ' + admin_server,
'}',
]),
)
with tempfile.NamedTemporaryFile(mode='w', delete=False) as krb5_conf:
krb5_config.write(krb5_conf)
# Activate the config file via an env var.
previous_krb5_conf = os.environ.get('KRB5_CONFIG')
os.environ['KRB5_CONFIG'] = krb5_conf.name
# Delete the principal.
kadmin.init_with_password(admin_principal, admin_password).delete_principal(principal)
# Reset the env var.
if previous_krb5_conf is None:
del os.environ['KRB5_CONFIG']
else:
os.environ['KRB5_CONFIG'] = previous_krb5_conf
# Delete the config file.
os.remove(krb5_conf.name)
def usermanage(request):
'''用户管理界面'''
if request.method == 'GET':
if request.session.get('admin'):
kadm = kadmin.init_with_password(request.session['admin']['un'],
request.session['admin']['psd'])
users = list(kadm.principals())
title = '用户管理'
return render(request, 'usermanage.html', locals())
def kadmin_login(request):
'''ajax/用户页面管理员登录'''
un = request.POST.get('un')
psd = request.POST.get('psd')
try:
kadm = kadmin.init_with_password(un, psd)
ret = {'status': 1, 'un': un}
request.session['admin'] = {'un': un, 'psd': psd}
except Exception:
ret = {'status': 0, 'err': '密码错误'}
return HttpResponse(json.dumps(ret))
def create_user(request):
ret = {'status': 0}
try:
if request.session.get('admin'):
kadm = kadmin.init_with_password(request.session['admin']['un'],
request.session['admin']['psd'])
un = request.POST.get('un')
psd = request.POST.get('psd')
kadm.ank(un, psd)
ret['status'] = 1
except Exception as e:
ret['err'] = '用户创建失败' + str(e)
return HttpResponse(json.dumps(ret))
def changepsd(request):
ret = {'status': 0}
try:
if request.session.get('admin'):
kadm = kadmin.init_with_password(request.session['admin']['un'],
request.session['admin']['psd'])
un = request.GET.get('un')
psd = request.GET.get('psd')
print(un, psd)
princ = kadm.getprinc(un)
princ.change_password(psd)
ret['status'] = 1
except Exception as e:
print(e)
ret['err'] = '用户密码修改失败'
return HttpResponse(json.dumps(ret))
def __init__(self,user,daemon,password): self.daemon = daemon adminUser = "******"%(user,self.daemon) self.admin = kadmin.init_with_password(adminUser,password)
def _get_kadm_session(user_name, user_cred):
return kadmin.init_with_password(user_name, user_cred)
def __init__(self):
# Open Kerberos admin connection
self.krb_wics = kadmin.init_with_password(
'%s@%s' % (KRB_ADMIN, REALM),
getpass.getpass('Enter Kerberos admin password: '))