Exemple #1
0
    def _doCertificateLogon(self, request):
        """Attempt to logon using the client certificate
        
        This can only succeed if:
        * the client certificate CN matches a username 
        * cert_logins is not disabled in the configuration file
        """
        from ccsd_session import startSession, startBasicSession
        from crcnetd.modules.ccs_contact import getUserCache
        
        # Check incoming peer certificate
        cert = request.channel.transport.socket.get_peer_certificate()
        subj = cert.get_subject()
        domain = config_get('network','domain', '')
        username = "******" % (subj.CN , domain)

        allow_login = config_getboolean(None, "cert_logins", True)
        if not allow_login:
            None
            # CN matches a MAC address
            #return startBasicSession(username, SESSION_RW)
        
        # Does the CN match a username?
        users = getUserCache(ADMIN_SESSION_ID)
        if username in users.keys():
            if users[username]["enabled"]:
                # Make sure a session exists for the user
                return startSession(users[username]['login_id'], SESSION_RW)
            
        # CN matches a MAC address
        #return startBasicSession(username, SESSION_RW)
        return None
Exemple #2
0
    def hasPerms(self, mode, group):
        """Checks that the specified session has the appropriate group 
        memberships"""

        # Import here to avoid circular dependencies
        from crcnetd.modules.ccs_contact import getUserCache, getCustomerCache, getGroupCache
        
        # Check session is of appropriate type
        if mode == SESSION_RW:
            if self.mode != SESSION_RW:
                return SESSION_NONE

        # normal users have AUTH_AUTHENTICATED by default
        if group == AUTH_AUTHENTICATED:
            return mode
        
        # If we have a cached permission record, return that
        if group in self.permCache.keys():
            return self.permCache[group]

        # Check group membership
        users = getUserCache(self.session_id)
        customers = getCustomerCache(self.session_id)
        groups = getGroupCache(self.session_id)
        admin_id = users[self.login_id]["admin_id"]

        if self._isGroupMember(admin_id, groups[group], groups):
            self.permCache[group] = mode
            return mode

        self.permCache[group] = SESSION_NONE
        return SESSION_NONE
Exemple #3
0
def cookieLogin(username, token):
    """Allows authentication with the server using a stored token.

    Looks up token & username in the cookies table. If a match is found
    the authentication is successful.

    Returns a session description dictionary as returned by the session
    object. 
    """
    from crcnetd.modules.ccs_contact import getUserCache
    
    # Validate username / token
    #if len(username) <= 0:
    #    raise ccsd_session_error("Username too short, must be > 0 characters!")
    #if len(username) > 16:
    #    raise ccsd_session_error("Username too long, must be < 16 characters!")
    if len(token) <= 0:
        raise ccsd_session_error("Token too short, must be > 0 characters!")
    if len(token) > 32 :
        raise ccsd_session_error("Token too long, must be < 32 characters!")
    
    #Get the login_id from the users cache
    users = getUserCache(ADMIN_SESSION_ID)
    if username in users.keys():
        login_id = users[username]['login_id']
    else:
        raise ccsd_session_error("Invalid username or cookie token!")

    # Check username / token
    if not _validateCookieToken(login_id, token):
        raise ccsd_session_error("Invalid username or cookie token!")

    # Return the users read-only session
    return startSession(login_id, SESSION_RO)
Exemple #4
0
    def getGroupMemberships(self):
        """Returns a list of all groups this session belongs to"""
        # Import here to avoid circular dependencies
        from crcnetd.modules.ccs_contact import getUserCache, getCustomerCache, getGroupCache

        # Check group membership
        users = getUserCache(self.session_id)
        customers = getCustomerCache(self.session_id)
        groups = getGroupCache(self.session_id)
        if self.login_id in users.keys():
            contact_id = users[self.login_id]["admin_id"]
        else:
            return []
        
        # Cache memberships
        res = []
        for group in groups.keys():
            if self._isGroupMember(contact_id, groups[group], groups):
                res.append(group)
        return res
Exemple #5
0
def _validatePassword(username, password):
    """Helper routine for login. Validates the users password"""
    from crcnetd.modules.ccs_contact import getUserCache

    session = getSessionE(ADMIN_SESSION_ID)
    users = getUserCache(ADMIN_SESSION_ID)

    # Check if user exists
    if username not in users.keys():
        log_warn("No user %s" % username)
        return None

    # Get password
    passwd = users[username]["passwd"]
    if len(passwd) <= 0:
        log_warn("No password set for %s" % username)
        return None

    # Check password
    if crypt.crypt(password, passwd) != passwd:
        log_info("Password check failed for %s" % username)
        return None
    
    return users[username]['login_id']