Exemple #1
0
def setCreds(dsip_creds=b'', api_creds=b'', kam_creds=b'', mail_creds=b'', ipc_creds=b''):
    """
    Set secure credentials, either by hashing or encrypting
    :param dsip_creds:      dsiprouter admin password as byte string
    :param api_creds:       dsiprouter api token as byte string
    :param kam_creds:       kamailio db password as byte string
    :param mail_creds:      dsiprouter mail password as byte string
    :param ipc_creds:       dsiprouter ipc connection password as byte string
    :return:                None
    """
    fields = {}

    if len(dsip_creds) > 0:
        if len(dsip_creds) > 64:
            raise ValueError('dsiprouter credentials must be 64 bytes or less')
        hash, salt = hashCreds(dsip_creds)
        fields['DSIP_PASSWORD'] = hash
        fields['DSIP_SALT'] = salt

    if len(api_creds) > 0:
        if len(api_creds) > 64:
            raise ValueError('kamailio credentials must be 64 bytes or less')
        fields['DSIP_API_TOKEN'] = AES_CTR.encrypt(api_creds)

    if len(kam_creds) > 0:
        if len(kam_creds) > 64:
            raise ValueError('kamailio credentials must be 64 bytes or less')
        fields['KAM_DB_PASS'] = AES_CTR.encrypt(kam_creds)

    if len(mail_creds) > 0:
        if len(mail_creds) > 64:
            raise ValueError('mail credentials must be 64 bytes or less')
        fields['MAIL_PASSWORD'] = AES_CTR.encrypt(mail_creds)

    if len(ipc_creds) > 0:
        if len(ipc_creds) > 64:
            raise ValueError('mail credentials must be 64 bytes or less')
        fields['DSIP_IPC_PASS'] = AES_CTR.encrypt(ipc_creds)

    if settings.LOAD_SETTINGS_FROM == 'file':
        updateConfig(settings, fields)
    elif settings.LOAD_SETTINGS_FROM == 'db':
        from database import SessionLoader, DummySession
        db = DummySession()
        try:
            db = SessionLoader()
            db.execute(
                'update dsip_settings set {} where DSIP_ID={}'.format(', '.join(['{}=:{}'.format(x, x) for x in fields.keys()]), settings.DSIP_ID),
                fields)
            db.commit()
        except sql_exceptions.SQLAlchemyError:
            db.rollback()
            raise
        finally:
            db.remove()
Exemple #2
0
    def setCreds(dsip_creds=b'', api_creds=b'', kam_creds=b'', mail_creds=b'', ipc_creds=b'', rootdb_creds=b''):
        """
        Set secure credentials, either by hashing or encrypting\n
        Values must be within size limit and empty values are ignored\n

        :param dsip_creds:      dsiprouter admin password as byte string
        :type dsip_creds:       bytes|str
        :param api_creds:       dsiprouter api token as byte string
        :type api_creds:        bytes|str
        :param kam_creds:       kamailio db password as byte string
        :type kam_creds:        bytes|str
        :param mail_creds:      dsiprouter mail password as byte string
        :type mail_creds:       bytes|str
        :param ipc_creds:       dsiprouter ipc connection password as byte string
        :type ipc_creds:        bytes|str
        :param rootdb_creds:    root db user's password as byte string
        :type rootdb_creds:     bytes|str
        :return:                None
        :rtype:                 None
        """
        fields = {}
        local_fields = {}


        if len(dsip_creds) > 0:
            if len(dsip_creds) > Credentials.CREDS_MAX_LEN:
                raise ValueError('dsiprouter credentials must be {} bytes or less'.format(str(Credentials.CREDS_MAX_LEN)))
            fields['DSIP_PASSWORD'] = Credentials.hashCreds(dsip_creds)

        if len(api_creds) > 0:
            if len(api_creds) > Credentials.CREDS_MAX_LEN:
                raise ValueError('kamailio credentials must be {} bytes or less'.format(str(Credentials.CREDS_MAX_LEN)))
            fields['DSIP_API_TOKEN'] = AES_CTR.encrypt(api_creds)

        if len(kam_creds) > 0:
            if len(kam_creds) > Credentials.CREDS_MAX_LEN:
                raise ValueError('kamailio credentials must be {} bytes or less'.format(str(Credentials.CREDS_MAX_LEN)))
            fields['KAM_DB_PASS'] = AES_CTR.encrypt(kam_creds)

        if len(mail_creds) > 0:
            if len(mail_creds) > Credentials.CREDS_MAX_LEN:
                raise ValueError('mail credentials must be {} bytes or less'.format(str(Credentials.CREDS_MAX_LEN)))
            fields['MAIL_PASSWORD'] = AES_CTR.encrypt(mail_creds)

        if len(ipc_creds) > 0:
            if len(ipc_creds) > Credentials.CREDS_MAX_LEN:
                raise ValueError('mail credentials must be {} bytes or less'.format(str(Credentials.CREDS_MAX_LEN)))
            fields['DSIP_IPC_PASS'] = AES_CTR.encrypt(ipc_creds)

        # some fields are not synced with DB
        if len(rootdb_creds) > 0:
            local_fields['ROOT_DB_PASS'] = AES_CTR.encrypt(rootdb_creds)

        # update settings based on where they are loaded from
        if settings.LOAD_SETTINGS_FROM == 'file':
            updateConfig(settings, fields)
        elif settings.LOAD_SETTINGS_FROM == 'db':
            from database import SessionLoader, DummySession
            db = DummySession()
            try:
                db = SessionLoader()
                db.execute(
                    'update dsip_settings set {} where DSIP_ID={}'.format(', '.join(['{}=:{}'.format(x, x) for x in fields.keys()]), settings.DSIP_ID),
                    fields)
                db.commit()
            except sql_exceptions.SQLAlchemyError:
                db.rollback()
                raise
            finally:
                db.remove()

        # update local only settings everytime
        updateConfig(settings, local_fields)