def _admin_valid_login(req, realm, username, password, log=True): users = get_uvm_settings_item('admin', 'users') if users == None: return False if users['list'] == None: return False for user in users['list']: if user['username'] != username: continue pw_hash_shadow = user.get('passwordHashShadow') if pw_hash_shadow: if pw_hash_shadow == crypt.crypt(password, pw_hash_shadow): if log: uvm_login.log_login(req, username, True, None) return True else: if log: uvm_login.log_login(req, username, False, 'P') return False else: pw_hash_base64 = user['passwordHashBase64'] pw_hash = base64.b64decode(pw_hash_base64) raw_pw = pw_hash[0:len(pw_hash) - 8] salt = pw_hash[len(pw_hash) - 8:] if raw_pw == md5.new(password + salt).digest(): if log: uvm_login.log_login(req, username, True, None) return True else: if log: uvm_login.log_login(req, username, False, 'P') return False if log: uvm_login.log_login(req, username, False, 'U') return False
def headerparserhandler(req): options = req.get_options() if options.has_key('Realm'): realm = options['Realm'] else: apache.log_error('no realm specified') return apache.DECLINED sess = Session.Session(req, lock=0) sess.set_timeout(SESSION_TIMEOUT) sess.lock() username = session_user(sess, realm) if None == username and realm == 'Reports': username = session_user(sess, 'Administrator') if None == username and realm == 'SetupWizard': username = session_user(sess, 'Administrator') if None == username and realm == 'SetupWizard' and not is_wizard_complete( ): username = '******' save_session_user(sess, realm, username) if None == username and is_local_process_uid_authorized(req): username = '******' log_login(req, username, True, True, None) save_session_user(sess, realm, username) sess.save() sess.unlock() if None != username: pw = base64.encodestring('%s' % username).strip() req.headers_in['Authorization'] = "BASIC % s" % pw req.notes['authorized'] = 'true' return apache.OK else: # we only do this as to not present a login screen when access # is restricted. a tomcat valve enforces this setting. if options.get('UseRemoteAccessSettings', 'no') == 'yes': http_enabled = get_uvm_settings_item('system', 'httpAdministrationAllowed') connection = req.connection (addr, port) = connection.local_addr apache.log_error('rjt: addr=%s port=%s' % (str(addr), str(port))) apache.log_error('rjt: connection.remote_ip = %s' % (str(connection.remote_ip))) if not re.match('127\.|\:\:1', connection.remote_ip): if port == 80 and not http_enabled: return apache.HTTP_FORBIDDEN apache.log_error( 'Auth failure [Username not specified]. Redirecting to auth page. (realm: %s)' % realm) login_redirect(req, realm)
def get_uvm_language(): lang = 'us' setval = get_uvm_settings_item('language','language') if (setval != None): lang = setval return lang
def get_uvm_language(): lang = 'us' setval = get_uvm_settings_item('language', 'language') if (setval != None): lang = setval return lang
def headerparserhandler(req): options = req.get_options() if options.has_key('Realm'): realm = options['Realm'] else: apache.log_error('no realm specified') return apache.DECLINED sess = Session.Session(req, lock=0) sess.set_timeout(SESSION_TIMEOUT) sess.lock() username = session_user(sess, realm) if None == username and realm == 'Reports': username = session_user(sess, 'Administrator') if None == username and realm == 'SetupWizard': username = session_user(sess, 'Administrator') if None == username and realm == 'SetupWizard' and not is_wizard_complete(): username = '******' save_session_user(sess, realm, username) if None == username and is_local_process_uid_authorized(req): username = '******' log_login(req, username, True, True, None) save_session_user(sess, realm, username) sess.save() sess.unlock() if None != username: pw = base64.encodestring('%s' % username).strip() req.headers_in['Authorization'] = "BASIC % s" % pw req.notes['authorized'] = 'true' return apache.OK else: # we only do this as to not present a login screen when access # is restricted. a tomcat valve enforces this setting. if options.get('UseRemoteAccessSettings', 'no') == 'yes': http_enabled = get_uvm_settings_item('system','httpAdministrationAllowed') connection = req.connection (addr, port) = connection.local_addr apache.log_error('rjt: addr=%s port=%s' % (str(addr), str(port))) apache.log_error('rjt: connection.remote_ip = %s' % (str(connection.remote_ip))) if not re.match('127\.|\:\:1', connection.remote_ip): if port == 80 and not http_enabled: return apache.HTTP_FORBIDDEN apache.log_error('Auth failure [Username not specified]. Redirecting to auth page. (realm: %s)' % realm) login_redirect(req, realm)
def _admin_valid_login(req, realm, username, password, log=True): users = get_uvm_settings_item('admin','users') if users == None: return False; if users['list'] == None: return False; for user in users['list']: if user['username'] != username: continue; pw_hash_base64 = user['passwordHashBase64'] pw_hash = base64.b64decode(pw_hash_base64) raw_pw = pw_hash[0:len(pw_hash) - 8] salt = pw_hash[len(pw_hash) - 8:] if raw_pw == md5.new(password + salt).digest(): if log: uvm_login.log_login(req, username, False, True, None) return True else: if log: uvm_login.log_login(req, username, False, False, 'P') return False if log: uvm_login.log_login(req, username, False, False, 'U') return False
def login(req, url=None, realm='Administrator', token=None): uvm_login.setup_gettext() options = req.get_options() args = util.parse_qs(req.args or '') error_msg = None if req.form.has_key('username') or req.form.has_key('password'): error_msg = '%s' % cgi.escape( _('Error: Username and Password do not match')) connection = req.connection (addr, port) = connection.local_addr is_local = re.match('127\.', connection.remote_ip) if connection.remote_ip == '::1': is_local = True if port == 80 and not get_uvm_settings_item( 'system', 'httpAdministrationAllowed') and not is_local: write_error_page(req, "Permission denied") return if token != None and get_uvm_settings_item('system', 'cloudEnabled'): if _valid_token(req, token): sess = Session.Session(req, lock=0) sess.lock() sess.set_timeout(uvm_login.SESSION_TIMEOUT) uvm_login.save_session_user(sess, realm, "token") sess.save() sess.unlock() if url == None: return apache.OK else: url = re.sub('[^A-Za-z0-9-_/.#?=]', '', url) # sanitize input if req.form.has_key('fragment') and req.form['fragment'] != '': url = url + req.form['fragment'] util.redirect(req, url) return if req.form.has_key('username') and req.form.has_key('password'): username = req.form['username'] password = req.form['password'] # debug # req.log_error("User:Pass = %s %s" % (username,password)) if _valid_login(req, realm, username, password): sess = Session.Session(req, lock=0) sess.lock() sess.set_timeout(uvm_login.SESSION_TIMEOUT) uvm_login.save_session_user(sess, realm, username) sess.save() sess.unlock() if url == None: return apache.OK else: url = re.sub('[^A-Za-z0-9-_/.#?=]', '', url) # sanitize input if req.form.has_key('fragment') and req.form['fragment'] != '': url = url + req.form['fragment'] util.redirect(req, url) return company_name = uvm_login.get_company_name() title = _("Administrator Login") # some i18n company_names cause exception here, so wrap to handle this # revert to "Administrator Login" if exception occurs try: title = cgi.escape(_("%s Administrator Login") % company_name) except: pass host = cgi.escape(req.hostname) _write_login_form(req, title, host, error_msg)
def _write_login_form(req, title, host, error_msg): login_url = cgi.escape(req.unparsed_uri) req.content_type = "text/html; charset=utf-8" req.send_http_header() if error_msg == None: error_msg = '' server_str = cgi.escape(_("Server:")) username_str = cgi.escape(_("Username:"******"Password:"******"Login")) if not type(title) is str: title = cgi.escape(title).encode("utf-8") if not type(host) is str: host = cgi.escape(host).encode("utf-8") try: default_username = get_uvm_settings_item('admin', 'defaultUsername') if default_username == None: default_username = "******" else: default_username = str(default_username) except: default_username = "" focus_field_id = "password" if default_username == "": focus_field_id = "username" banner_msg = get_app_settings_item('branding-manager', 'bannerMessage') if banner_msg != None and banner_msg != "": banner_msg = banner_msg.replace("\n", "<br/>") banner_msg = "<p>" + banner_msg.encode('utf-8') + "</p>" else: banner_msg = "" html = """\ <!DOCTYPE html> <html> <head> <meta name="viewport" content="initial-scale=1.0, width=device-width"> <meta name="description" content="loginPage"> <title>%s</title> <script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script> <style type="text/css"> /* <![CDATA[ */ @import url(/images/base.css); /* ]]> */ </style> </head> <body> <header> <img src="/images/BrandingLogo.png" style="max-width: 150px; max-height: 140px;"> </header> <div class="form-login"> <form method="post" action="%s"> <h2>%s</h2> <p class="server">%s</p> <div class="banner">%s</div> <p class="error">%s</p> <input id="fragment" type="hidden" name="fragment" value=""/> <input id="username" type="text" name="username" value="%s" placeholder="%s"/> <input id="password" type="password" name="password" placeholder="%s"/> <button type="submit">%s</button> </form> </div> <script type="text/javascript">document.getElementById('%s').focus();</script> <script type="text/javascript">document.getElementById('fragment').value=window.location.hash;</script> </body> </html>""" % (title, login_url, title, host, banner_msg, error_msg, default_username, username_str, password_str, login_str, focus_field_id) req.write(html)
location = args[0] base = args[1] name = args[2] option_to_lower = False default_value = None for opt in opts: k, v = opt if k == '-l' or k == '--lower': option_to_lower = True elif k == '-d' or k == '--default': default_value = str(v) if location == "uvm": setting = get_uvm_settings_item(base, name) elif location == "app": setting = get_app_settings_item(base, name) else: print "usage: %s [uvm|app] [basename|app] settings_name" % sys.argv[0] sys.exit(1) if setting == None: setting = default_value if option_to_lower: setting = str(setting).lower(); print setting
location = args[0] base = args[1] name = args[2] option_to_lower = False default_value = None for opt in opts: k, v = opt if k == '-l' or k == '--lower': option_to_lower = True elif k == '-d' or k == '--default': default_value = str(v) if location == "uvm": setting = get_uvm_settings_item(base, name) elif location == "app": setting = get_app_settings_item(base, name) else: print("usage: %s [uvm|app] [basename|app] settings_name" % sys.argv[0]) sys.exit(1) if setting == None: setting = default_value if option_to_lower: setting = str(setting).lower(); print(setting)
def login(req, url=None, realm='Administrator', token=None): uvm_login.setup_gettext() options = req.get_options() args = util.parse_qs(req.args or '') error_msg = None if req.form.has_key('username') or req.form.has_key('password'): error_msg = '%s' % cgi.escape(_('Error: Username and Password do not match')) connection = req.connection (addr, port) = connection.local_addr is_local = re.match('127\.', connection.remote_ip) if connection.remote_ip == '::1': is_local = True if port == 80 and not get_uvm_settings_item('system','httpAdministrationAllowed') and not is_local: write_error_page(req, "Permission denied") return if token != None and get_uvm_settings_item('system','cloudEnabled'): if _valid_token(req, token): sess = Session.Session(req, lock=0) sess.lock() sess.set_timeout(uvm_login.SESSION_TIMEOUT) uvm_login.save_session_user(sess, realm, "token") sess.save() sess.unlock() if url == None: return apache.OK else: url = re.sub('[^A-Za-z0-9-_/.#?=]','',url) # sanitize input if req.form.has_key('fragment') and req.form['fragment'] != '': url = url + req.form['fragment'] util.redirect(req, url) return if req.form.has_key('username') and req.form.has_key('password'): username = req.form['username'] password = req.form['password'] # debug # req.log_error("User:Pass = %s %s" % (username,password)) if _valid_login(req, realm, username, password): sess = Session.Session(req, lock=0) sess.lock() sess.set_timeout(uvm_login.SESSION_TIMEOUT) uvm_login.save_session_user(sess, realm, username) sess.save() sess.unlock() if url == None: return apache.OK else: url = re.sub('[^A-Za-z0-9-_/.#?=]','',url) # sanitize input if req.form.has_key('fragment') and req.form['fragment'] != '': url = url + req.form['fragment'] util.redirect(req, url) return company_name = uvm_login.get_company_name() title = _("Administrator Login") # some i18n company_names cause exception here, so wrap to handle this # revert to "Administrator Login" if exception occurs try: title = cgi.escape(_("%s Administrator Login") % company_name) except: pass host = cgi.escape(req.hostname) _write_login_form(req, title, host, error_msg)
def _write_login_form(req, title, host, error_msg): login_url = cgi.escape(req.unparsed_uri) req.content_type = "text/html; charset=utf-8" req.send_http_header() if error_msg == None: error_msg = '' server_str = cgi.escape(_("Server:")) username_str = cgi.escape(_("Username:"******"Password:"******"Login")) if not type(title) is str: title = cgi.escape(title).encode("utf-8") if not type(host) is str: host = cgi.escape(host).encode("utf-8") try: default_username = get_uvm_settings_item('admin','defaultUsername') if default_username == None: default_username = "******" else: default_username = str(default_username) except: default_username = "" focus_field_id = "password" if default_username == "": focus_field_id = "username" banner_msg = get_app_settings_item('branding-manager','bannerMessage') if banner_msg != None and banner_msg != "": banner_msg = banner_msg.replace("\n", "<br/>") banner_msg = "<p>" + banner_msg.encode('utf-8') + "</p>" else: banner_msg = "" html = """\ <!DOCTYPE html> <html> <head> <meta name="viewport" content="initial-scale=1.0, width=device-width"> <meta name="description" content="loginPage"> <title>%s</title> <script type="text/javascript">if (top.location!=location) top.location.href=document.location.href;</script> <style type="text/css"> /* <![CDATA[ */ @import url(/images/base.css); /* ]]> */ </style> </head> <body> <header> <img src="/images/BrandingLogo.png" style="max-width: 150px; max-height: 140px;"> </header> <div class="form-login"> <form method="post" action="%s"> <h2>%s</h2> <p class="server">%s</p> <div class="banner">%s</div> <p class="error">%s</p> <input id="fragment" type="hidden" name="fragment" value=""/> <input id="username" type="text" name="username" value="%s" placeholder="%s"/> <input id="password" type="password" name="password" placeholder="%s"/> <button type="submit">%s</button> </form> </div> <script type="text/javascript">document.getElementById('%s').focus();</script> <script type="text/javascript">document.getElementById('fragment').value=window.location.hash;</script> </body> </html>""" % (title, login_url, title, host, banner_msg, error_msg, default_username, username_str, password_str, login_str, focus_field_id) req.write(html)