def __init__(self, verbose):
super(RainMoveClient, self).__init__()
#Load Config
self._conf = RainMoveClientConf()
self.verbose = verbose
self._port = self._conf.getPort()
self._serveraddr = self._conf.getServeraddr()
self._ca_certs = self._conf.getCaCerts()
self._certfile = self._conf.getCertFile()
self._keyfile = self._conf.getKeyFile()
self._connMoveServer = None
self.passwdtype = "ldappassmd5"
#Setup log
self._log = fgLog.fgLog(self._conf.getLogFile(), self._conf.getLogLevel(), "Rain Move Client", False)
def auth(userId, cred):
ret = False
testmode = False
# find the config file
_localpath = "~/.fg/"
_configfile = os.path.expanduser(_localpath) + "/" + configFileName
_fgpath = ""
try:
_fgpath = os.environ['FG_PATH']
except KeyError:
_fgpath = os.path.dirname(os.path.abspath(__file__)) + "/../"
if not os.path.isfile(_configfile):
_configfile = "/etc/futuregrid/" + configFileName #os.path.expanduser(_fgpath) + "/etc/" + configFileName
#if not os.path.isfile(_configfile):
# _configfile = os.path.expanduser(os.path.dirname(__file__)) + "/" + configFileName
if not os.path.isfile(_configfile):
print "ERROR: configuration file " + configFileName + " not found"
sys.exit(1)
configFile = _configfile
config = ConfigParser.ConfigParser()
config.read(configFile)
logfile = os.path.expanduser(config.get("LDAP", "log"))
try:
testinput=eval(config.get("LDAP", "test"))
if testinput != False and testinput != True:
testmode = False
else:
testmode=testinput
except:
testmode = False
log = fgLog(logfile, logging.INFO, "utils.FGAuth Auth", False)
authProvider = cred.getProvider()
authCred = cred.getCred()
# print "'" + userId + "':'" + authProvider + "':'" + authCred + "'"
if(authProvider == "ldappass" or authProvider == "ldappassmd5"):
if(authCred != ""):
host = config.get('LDAP', 'LDAPHOST')
adminuser = config.get('LDAP', 'LDAPUSER')
adminpass = config.get('LDAP', 'LDAPPASS')
#print adminuser, adminpass
userdn = "uid=" + userId + ",ou=People,dc=futuregrid,dc=org"
#print userdn
ldapconn = ldap.initialize("ldap://" + host)
log.info("Initializing the LDAP connection to server: " + host)
try:
ldapconn.start_tls_s()
log.info("tls started...")
ldapconn.bind_s(adminuser, adminpass)
passwd_input = authCred
if(authProvider == "ldappass"):
m = hashlib.md5()
m.update(authCred)
passwd_input = m.hexdigest()
#print passwd_input
passwd_processed = "{MD5}" + base64.b64encode(binascii.unhexlify(passwd_input))
#print passwd_processed
#print base64.b64encode(passwd_processed)
if(ldapconn.compare_s(userdn, 'userPassword', passwd_processed)):
ret = True
log.info("User '" + userId + "' successfully authenticated")
else:
ret = False
log.info("User '" + userId + "' failed to authenticate due to incorrect credential")
#print ldapconn.compare_s(userdn, 'mail', "*****@*****.**")
#basedn = "ou=People,dc=futuregrid,dc=org"
#filter = "(uid=" + userId + ")"
#attrs = ['userPassword']
#print ldapconn.search_s( basedn, ldap.SCOPE_SUBTREE, filter, attrs )
except ldap.INVALID_CREDENTIALS:
log.info("Your username or password is incorrect. Cannot bind as admin.")
ret = False
except ldap.LDAPError:
log.info("User '" + userId + "' failed to authenticate due to LDAP error. The user may not exist."+ str(sys.exc_info()))
ret = False
except:
ret = False
log.info("User '" + userId + "' failed to authenticate due to possible password encryption error."+str(sys.exc_info()))
finally:
log.info("Unbinding from the LDAP.")
ldapconn.unbind()
elif(authProvider == "drupalplain"):
import MySQLdb
if(authCred != ""):
m = hashlib.md5()
m.update(authCred)
passwd_input = m.hexdigest()
dbhost = config.get('PortalDB', 'host')
dbuser = config.get('PortalDB', 'user')
dbpasswd = config.get('PortalDB', 'passwd')
dbname = config.get('PortalDB', 'db')
conn = MySQLdb.connect(dbhost,dbuser,dbpasswd,dbname)
cursor = conn.cursor()
queryuser = "******" + userId + "'"
cursor.execute(queryuser)
passwd_db = ""
passwd = cursor.fetchall()
for thepass in passwd:
passwd_db = list(thepass)[0]
if(passwd_db != "" and passwd_db==passwd_input):
ret = True
log.info("User " + userId + " successfully authenticated")
else:
ret = False
log.info("User " + userId + " failed to authenticate")
if not testmode:
return ret
else:
return True
def simpleauth(userId, cred):
ret = False
testmode = False
# find the config file
_localpath = "~/.fg/"
_configfile = os.path.expanduser(_localpath) + "/" + configFileNameClient
_fgpath = ""
try:
_fgpath = os.environ['FG_PATH']
except KeyError:
_fgpath = os.path.dirname(os.path.abspath(__file__)) + "/../"
if not os.path.isfile(_configfile):
_configfile = "/etc/futuregrid/" + configFileNameClient #os.path.expanduser(_fgpath) + "/etc/" + configFileNameClient
#if not os.path.isfile(_configfile):
# _configfile = os.path.expanduser(os.path.dirname(__file__)) + "/" + configFileNameClient
if not os.path.isfile(_configfile):
print "ERROR: configuration file " + configFileNameClient + " not found"
sys.exit(1)
configFile = _configfile
config = ConfigParser.ConfigParser()
config.read(configFile)
logfile = os.path.expanduser(os.path.expandvars(config.get("LDAP", "log")))
log = fgLog(logfile, logging.INFO, "utils.FGAuth Auth", False)
try:
testinput=eval(config.get("LDAP", "test"))
if testinput != False and testinput != True:
testmode = False
else:
testmode=testinput
except:
testmode = False
authProvider = cred.getProvider()
authCred = cred.getCred()
# print "'" + userId + "':'" + authProvider + "':'" + authCred + "'"
if(authProvider == "ldappass"):
if(authCred != ""):
host = config.get('LDAP', 'LDAPHOST')
#print adminuser, adminpass
userdn = "uid=" + userId + ",ou=People,dc=futuregrid,dc=org"
#print userdn
ldapconn = ldap.initialize("ldap://" + host)
log.info("Initializing the LDAP connection to server: " + host)
try:
ldapconn.start_tls_s()
log.info("tls started...")
ldapconn.bind_s(userdn, authCred)
ret = True
except ldap.INVALID_CREDENTIALS:
log.info("Your username or password is incorrect. Cannot bind.")
ret = False
except ldap.LDAPError:
log.info("User '" + userId + "' failed to authenticate due to LDAP error. The user may not exist."+ str(sys.exc_info()))
ret = False
except:
ret = False
log.info("User '" + userId + "' failed to authenticate due to possible password encryption error."+str(sys.exc_info()))
finally:
log.info("Unbinding from the LDAP.")
ldapconn.unbind()
if not testmode:
return ret
else:
return True