def __init__(self): self.processes = TimeExpiredDict(600) with open("pvt.key", "r") as key_file: self.key = key_file.read()
class Impersonator(Resource): def __init__(self): self.processes = TimeExpiredDict(600) with open("pvt.key", "r") as key_file: self.key = key_file.read() def authenticate(self, username, password, venv=None): process = self.processes.get(username) if process == None: process = subprocess.Popen( 'su %s -c " ../venv/bin/python login.py %s %s"' % (username, username, password), shell=True, stdout=subprocess.PIPE) output, error = process.communicate() print output, error if output.endswith('0\n'): self.processes.add(username, password) else: return False elif process != password: self.process.expire(username) return False return True def render_POST(self, request): try: print "### Received request ###" data = request.content.read() data_lines = data.split("\n") #get credentials decoded = base64.b64decode(data_lines[0]) decrypted = PubPvtKey.decrypt(self.key, decoded) credentials = decrypted.split(":") command = data_lines[1] prompt = "prompt" sudo = False if len(data_lines) > 2: prompt = data_lines[2] if len(data_lines) > 3: sudo = data_lines[3].lower() == "true" #if command should be run as sudo if sudo: command = 'sudo -S %s' % command command = 'source /srv/Webinal/venv/bin/activate;%s;deactivate' % command if self.authenticate(credentials[0], credentials[1]): print "Permission granted." print "Running '%s' as '%s'" % (command, credentials[0]) cmd = "su - %s -c '%s'" % (credentials[0], command) process = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stderr=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines=True) if sudo: #handle sudo prompt output, error = process.communicate(credentials[1] + "\n") else: output, error = process.communicate() output = str(output).strip("None") print output return output else: print "Permission denied\n" request.setResponseCode(403) return "Permission denied" except Exception, err: with open("/tmp/webinal.err", "w") as f: print >> f, str(err) request.setResponseCode(400) return "Bad Request"
class Impersonator(Resource): def __init__(self): self.processes = TimeExpiredDict(600) with open("pvt.key", "r") as key_file: self.key = key_file.read() def authenticate(self, username, password, venv=None): process = self.processes.get(username) if process == None: process = subprocess.Popen('su %s -c " python login.py %s %s"' % (username, username, password), shell=True, stdout=subprocess.PIPE) output, error = process.communicate() if output.startswith("0"): self.processes.add(username, "") else: return False return True def render_POST(self, request): try: print "### Received request ###" data = request.content.read() data_lines = data.split("\n") #get credentials decoded = base64.b64decode(data_lines[0]) decrypted = PubPvtKey.decrypt(self.key, decoded) credentials = decrypted.split(":") command = data_lines[1] prompt = "prompt" sudo = False if len(data_lines) > 2: prompt = data_lines[2] if len(data_lines) > 3: sudo = data_lines[3].lower() == "true" #if command should be run as sudo if sudo: command = 'sudo -S %s' % command if self.authenticate(credentials[0], credentials[1]): print "Permission granted." print "Running '%s' as '%s'" % (command, credentials[0]) cmd = "su - %s -c '%s'" % (credentials[0], command) process = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stderr=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines=True) if sudo: #handle sudo prompt output, error = process.communicate(credentials[1] + "\n") else: output, error = process.communicate() output = str(output).strip("None") return output else: print "Permission denied\n" request.setResponseCode(403) return "Permission denied" except Exception, err: print(err) request.setResponseCode(400) return "Bad Request"
class Impersonator(Resource): def __init__(self): self.processes = TimeExpiredDict(600) with open("pvt.key", "r") as key_file: self.key = key_file.read() def authenticate(self, username, password, venv=None): process = self.processes.get(username) if process == None: process = subprocess.Popen('su %s -c " ../venv/bin/python login.py %s %s"' % (username, username, password), shell=True, stdout=subprocess.PIPE) output, error = process.communicate() print output, error if output.endswith('0\n'): self.processes.add(username, password) else: return False elif process != password: self.process.expire(username) return False return True def render_POST(self, request): try: data = request.content.read() data_lines = data.split("\n") #get credentials decoded = base64.b64decode(data_lines[0]) decrypted = PubPvtKey.decrypt(self.key, decoded) credentials = decrypted.split(":") command = data_lines[1] prompt = "prompt" #legacy - should be phased out sudo = False if len(data_lines) > 2: prompt = data_lines[2] #legacy - should be phased out if len(data_lines) > 3: sudo = data_lines[3].lower() == "true" #if command should be run as sudo if sudo: command = 'sudo -S %s' % command #activate python virtual environment command = 'source ../venv/bin/activate;%s;deactivate' % command if self.authenticate(credentials[0], credentials[1]): cmd = "su - %s -c '%s'" % (credentials[0], command) process = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stderr=subprocess.PIPE, stdout=subprocess.PIPE, universal_newlines=True) if sudo: #handle sudo prompt output, error = process.communicate(credentials[1] + "\n") else: output, error = process.communicate() output = str(output).strip("None") return output else: request.setResponseCode(403) return "Permission denied" except Exception, err: print str(err) request.setResponseCode(400) return "Bad Request"