def parseConfigurationFile(self):
try:
# Parse configuration file
self.doc = amara.parse("file:" + C.YENCAP_CONF_HOME +
"/netconfd.xml")
# Read IP version (4 or 6)
ipVersion = int(str(self.doc.yencap.ipversion))
if ipVersion not in [4, 6]:
raise Exception(
"Ip version must be 4 or 6 in %s/netconfd.xml file." %
(C.YENCAP_CONF_HOME))
# Read application protocol (only ssh is implemented.)
appProtocol = str(self.doc.yencap.protocol.active)
if appProtocol == "ssh":
sshData = {}
sshData["hostKeyType"] = str(
self.doc.yencap.protocol.ssh.privatekeyfile.keytype)
sshData["hostKeyFile"] = str(
self.doc.yencap.protocol.ssh.privatekeyfile)
self.monserver = ServerSSH(ipVersion, sshData)
LogManager.getInstance().logInfo("Netconf over SSH started.")
else:
raise Exception(
"Only ssh is supported as a transport protocol.")
# Read options
for elem in self.doc.yencap.options.option:
name = str(elem.name)
value = str(elem.value)
if (name == "accesscontrol"):
if (value == "active"):
rbacManager.getInstance().setActive(True)
elif (value == "unactive"):
rbacManager.getInstance().setActive(False)
else:
raise Exception(
"accesscontrol option value must be one of active or unactive."
)
else:
raise Exception("Unknown option in %s/netconfd.xml." %
(C.YENCAP_CONF_HOME))
except Exception, exp:
LogManager.getInstance().logError(
'Error while reading %s/netconfd.xml: %s' %
(C.YENCAP_CONF_HOME, str(exp)))
def execute(self): """ Execute the close-session operation. """ if self.operationReply.isError(): return self.operationReply if self.action == C.ACTIVATE: nodeReply = rbacManager.getInstance().activate(self.session, self.roles) if self.action == C.DEACTIVATE: nodeReply = rbacManager.getInstance().deactivate(self.session, self.roles) self.operationReply.setNode(nodeReply) return self.operationReply
def check_auth_publickey(self, username, key):
"""
PKI-based Authentication.
"""
# Get the singleton instance of the RBAC manager
rm = rbacManager.getInstance()
# Use RBAC manager to retrieve the User object from its login
u = rm.getUserFromLogin(username)
if u == None:
# If user does not exist, authentication must fail:
return paramiko.AUTH_FAILED
else:
# If user public key does not exist in the RBAC manager, authentication must fail:
if u.publickey == "":
return paramiko.AUTH_FAILED
else:
# Build the known manager public key object from the RBAC manager.
if u.publickeytype == "rsa":
manager_public_key = paramiko.RSAKey(
data=base64.decodestring(u.publickey))
elif u.publickeytype == "dss":
manager_public_key = paramiko.DSSKey(
data=base64.decodestring(u.publickey))
else:
return paramiko.AUTH_FAILED
# Compare the known public key with the received one:
if (key == manager_public_key):
self.user = username
return paramiko.AUTH_SUCCESSFUL
else:
return paramiko.AUTH_FAILED
def check_auth_publickey(self, username, key): """ PKI-based Authentication. """ # Get the singleton instance of the RBAC manager rm = rbacManager.getInstance() # Use RBAC manager to retrieve the User object from its login u = rm.getUserFromLogin(username) if u == None: # If user does not exist, authentication must fail: return paramiko.AUTH_FAILED else: # If user public key does not exist in the RBAC manager, authentication must fail: if u.publickey == "": return paramiko.AUTH_FAILED else: # Build the known manager public key object from the RBAC manager. if u.publickeytype == "rsa": manager_public_key = paramiko.RSAKey(data=base64.decodestring(u.publickey)) elif u.publickeytype == "dss": manager_public_key = paramiko.DSSKey(data=base64.decodestring(u.publickey)) else: return paramiko.AUTH_FAILED # Compare the known public key with the received one: if (key == manager_public_key): self.user = username return paramiko.AUTH_SUCCESSFUL else: return paramiko.AUTH_FAILED
def execute(self):
"""
Execute the close-session operation.
"""
if self.operationReply.isError():
return self.operationReply
if self.action == C.ACTIVATE:
nodeReply = rbacManager.getInstance().activate(
self.session, self.roles)
if self.action == C.DEACTIVATE:
nodeReply = rbacManager.getInstance().deactivate(
self.session, self.roles)
self.operationReply.setNode(nodeReply)
return self.operationReply
def filterResponse(self): # Creating the XML response filter moduleReply = None abstractFilter = None if self.filterType == C.SUBTREE: if self.subtree != None: abstractFilter = SubtreeFilter(self.operationReply.getNode(), self.subtree) moduleReply = abstractFilter.applyFilter() else: moduleReply = ModuleReply(replynode=self.operationReply.getNode()) elif self.filterType == C.XPATH: abstractFilter = XpathFilter(self.operationReply.getNode(), [self.xpathrequest], self.prefixes) moduleReply = abstractFilter.applyFilter() if moduleReply.isError(): self.operationReply.setError() self.operationReply.setNode(moduleReply.getXMLNodeReply()) return else: self.operationReply.setNode(moduleReply.getXMLNodeReply()) rm = rbacManager.getInstance() if rm.isActive(): moduleReply = rm.filterNode(self.operationReply.getNode(), self.session) if moduleReply.isError(): self.operationReply.setError() self.operationReply.setNode(moduleReply.getXMLNodeReply()) return else: self.operationReply.setNode(moduleReply.getXMLNodeReply())
def __init__(self):
"""
Instanciates the validate operation
"""
self.datastoreManager = DatastoreManager.getInstance()
self.moduleManager = ModuleManager.getInstance()
self.rbacManager = rbacManager.getInstance()
self.config = None
def __init__(self): """ Instanciates the validate operation """ self.datastoreManager = DatastoreManager.getInstance() self.moduleManager = ModuleManager.getInstance() self.rbacManager = rbacManager.getInstance() self.config = None
def parseConfigurationFile(self):
try:
# Parse configuration file
self.doc = amara.parse("file:" + C.YENCAP_CONF_HOME + "/netconfd.xml")
# Read IP version (4 or 6)
ipVersion = int(str(self.doc.yencap.ipversion))
if ipVersion not in [4, 6]:
raise Exception("Ip version must be 4 or 6 in %s/netconfd.xml file." % (C.YENCAP_CONF_HOME))
# Read application protocol (only ssh is implemented.)
appProtocol = str(self.doc.yencap.protocol.active)
if appProtocol == "ssh":
sshData = {}
sshData["hostKeyType"] = str(self.doc.yencap.protocol.ssh.privatekeyfile.keytype)
sshData["hostKeyFile"] = str(self.doc.yencap.protocol.ssh.privatekeyfile)
self.monserver = ServerSSH(ipVersion, sshData)
LogManager.getInstance().logInfo("Netconf over SSH started.")
else:
raise Exception("Only ssh is supported as a transport protocol.")
# Read options
for elem in self.doc.yencap.options.option:
name = str(elem.name)
value = str(elem.value)
if (name == "accesscontrol"):
if (value == "active"):
rbacManager.getInstance().setActive(True)
elif (value == "unactive"):
rbacManager.getInstance().setActive(False)
else:
raise Exception("accesscontrol option value must be one of active or unactive.")
else:
raise Exception("Unknown option in %s/netconfd.xml." % (C.YENCAP_CONF_HOME))
except Exception, exp:
LogManager.getInstance().logError('Error while reading %s/netconfd.xml: %s' % (C.YENCAP_CONF_HOME, str(exp)))
def __init__(self):
"""
Constructor of a Lock_operation command.
"""
# Get the unique instance of DatastoreManager class
self.datastoreManager = DatastoreManager.getInstance()
self.rbacManager = rbacManager.getInstance()
# "running", "startup", "candidate", "url"
self.target = None
# target url text value (e.g.: ftp://madynes.loria.fr/config.txt)
self.urlTarget = None
def __init__(self):
"""
Instanciates the edit-config operation
"""
self.datastoreManager = DatastoreManager.getInstance()
self.moduleManager = ModuleManager.getInstance()
self.rbacManager = rbacManager.getInstance()
# Set default values
self.defaultOperation = C.MERGE
self.testOption = C.SET
self.errorOption = C.STOP_ON_ERROR
def __init__(self):
"""
Constructor of a Lock_operation command.
"""
# Get the unique instance of DatastoreManager class
self.datastoreManager = DatastoreManager.getInstance()
self.rbacManager = rbacManager.getInstance()
# "running", "startup", "candidate", "url"
self.target = None
# target url text value (e.g.: ftp://madynes.loria.fr/config.txt)
self.urlTarget = None
def __init__(self): """ Instanciates the edit-config operation """ self.datastoreManager = DatastoreManager.getInstance() self.moduleManager = ModuleManager.getInstance() self.rbacManager = rbacManager.getInstance() # Set default values self.defaultOperation = C.MERGE self.testOption = C.SET self.errorOption = C.STOP_ON_ERROR
def __init__(self): """ Constructor of a Copy_config_operation command. """ self.datastoreManager = DatastoreManager.getInstance() self.moduleManager = ModuleManager.getInstance() self.rbacManager = rbacManager.getInstance() # "running", "startup", "candidate", "url" self.source = None # "running", "startup", "candidate", "url" self.target = None # source url text value (e.g.: ftp://madynes.loria.fr/config.txt) self.urlSource = None # target url text value (e.g.: ftp://madynes.loria.fr/config.txt) self.urlTarget = None
def __init__(self): """ Constructor of a Copy_config_operation command. """ self.datastoreManager = DatastoreManager.getInstance() self.moduleManager = ModuleManager.getInstance() self.rbacManager = rbacManager.getInstance() # "running", "startup", "candidate", "url" self.source = None # "running", "startup", "candidate", "url" self.target = None # source url text value (e.g.: ftp://madynes.loria.fr/config.txt) self.urlSource = None # target url text value (e.g.: ftp://madynes.loria.fr/config.txt) self.urlTarget = None self.sourceInbound = None
def check_auth_password(self, username, password):
"""
Password-based Authentication.
"""
# Get the singleton instance of the RBAC manager
rm = rbacManager.getInstance()
# Use RBAC manager to retrieve the User object from its login
u = rm.getUserFromLogin(username)
if u == None:
# If user does not exist, authentication must fail:
return paramiko.AUTH_FAILED
else:
# Else compare the known password with the received one:
if (password == u.password):
self.user = username
return paramiko.AUTH_SUCCESSFUL
else:
return paramiko.AUTH_FAILED
def check_auth_password(self, username, password): """ Password-based Authentication. """ # Get the singleton instance of the RBAC manager rm = rbacManager.getInstance() # Use RBAC manager to retrieve the User object from its login u = rm.getUserFromLogin(username) if u == None: # If user does not exist, authentication must fail: return paramiko.AUTH_FAILED else: # Else compare the known password with the received one: if (password == u.password): self.user = username return paramiko.AUTH_SUCCESSFUL else: return paramiko.AUTH_FAILED
def setParameters(self, operation, NSS=None):
"""
Set the target parameter
@type operation: Node
@param operation: The operation node of the current Netconf request.
"""
for child in operation.childNodes:
if child.nodeType == Node.ELEMENT_NODE:
if child.tagName in [C.ACTIVATE, C.DEACTIVATE]:
self.action = child.tagName
for node in child.childNodes:
if node.nodeType == Node.ELEMENT_NODE:
if node.tagName in C.ROLES:
for nodeee in node.childNodes:
if nodeee.nodeType == Node.ELEMENT_NODE:
if nodeee.tagName in C.ROLE:
tmpval = nodeee.childNodes[
0].nodeValue
roleName = string.strip(
str(tmpval))
role = rbacManager.getInstance(
).getRoleFromName(roleName)
if role == None:
moduleReply = ModuleReply(
error_type=ModuleReply.
PROTOCOL,
error_tag=ModuleReply.
UNKNOWN_ELEMENT,
error_severity=ModuleReply.
ERROR,
error_message="Role " +
roleName +
" does not exist.")
moduleReply.addErrorInfo(
"bad-element", roleName)
self.operationReply.setError()
self.operationReply.setNode(
moduleReply.
getXMLNodeReply())
return
else:
self.roles.append(role)
else:
moduleReply = ModuleReply(
error_type=ModuleReply.
PROTOCOL,
error_tag=ModuleReply.
UNKNOWN_ELEMENT,
error_severity=ModuleReply.
ERROR,
error_message=
"An element is not known.")
moduleReply.addErrorInfo(
"bad-element", nodeee.tagName)
self.operationReply.setError()
self.operationReply.setNode(
moduleReply.getXMLNodeReply())
return
else:
moduleReply = ModuleReply(
error_type=ModuleReply.PROTOCOL,
error_tag=ModuleReply.UNKNOWN_ELEMENT,
error_severity=ModuleReply.ERROR,
error_message="An element is not known.")
moduleReply.addErrorInfo(
"bad-element", node.tagName)
self.operationReply.setError()
self.operationReply.setNode(
moduleReply.getXMLNodeReply())
return
else:
moduleReply = ModuleReply(
error_type=ModuleReply.PROTOCOL,
error_tag=ModuleReply.UNKNOWN_ELEMENT,
error_severity=ModuleReply.ERROR,
error_message="An element is not known.")
moduleReply.addErrorInfo("bad-element", child.tagName)
self.operationReply.setError()
self.operationReply.setNode(moduleReply.getXMLNodeReply())
return
def __init__(self, name, path, namespace, cacheLifetime, arguments):
EasyModule.__init__(self, name, path, namespace, cacheLifetime)
self.rbacManager = rbacManager.getInstance()
def __init__(self, name, path, namespace, cacheLifetime, arguments): EasyModule.__init__(self, name, path, namespace, cacheLifetime) self.rbacManager = rbacManager.getInstance()
def setParameters(self, operation, NSS = None):
"""
Set the target parameter
@type operation: Node
@param operation: The operation node of the current Netconf request.
"""
for child in operation.childNodes:
if child.nodeType==Node.ELEMENT_NODE:
if child.tagName in [C.ACTIVATE,C.DEACTIVATE]:
self.action = child.tagName
for node in child.childNodes:
if node.nodeType==Node.ELEMENT_NODE:
if node.tagName in C.ROLES:
for nodeee in node.childNodes:
if nodeee.nodeType==Node.ELEMENT_NODE:
if nodeee.tagName in C.ROLE:
tmpval = nodeee.childNodes[0].nodeValue
roleName = string.strip(str(tmpval))
role = rbacManager.getInstance().getRoleFromName(roleName)
if role == None:
moduleReply = ModuleReply(
error_type = ModuleReply.PROTOCOL,
error_tag = ModuleReply.UNKNOWN_ELEMENT,
error_severity = ModuleReply.ERROR,
error_message = "Role " + roleName + " does not exist.")
moduleReply.addErrorInfo("bad-element", roleName)
self.operationReply.setError()
self.operationReply.setNode(moduleReply.getXMLNodeReply())
return
else:
self.roles.append(role)
else:
moduleReply = ModuleReply(
error_type = ModuleReply.PROTOCOL,
error_tag = ModuleReply.UNKNOWN_ELEMENT,
error_severity = ModuleReply.ERROR,
error_message = "An element is not known.")
moduleReply.addErrorInfo("bad-element",nodeee.tagName)
self.operationReply.setError()
self.operationReply.setNode(moduleReply.getXMLNodeReply())
return
else:
moduleReply = ModuleReply(
error_type = ModuleReply.PROTOCOL,
error_tag = ModuleReply.UNKNOWN_ELEMENT,
error_severity = ModuleReply.ERROR,
error_message = "An element is not known.")
moduleReply.addErrorInfo("bad-element",node.tagName)
self.operationReply.setError()
self.operationReply.setNode(moduleReply.getXMLNodeReply())
return
else:
moduleReply = ModuleReply(
error_type = ModuleReply.PROTOCOL,
error_tag = ModuleReply.UNKNOWN_ELEMENT,
error_severity = ModuleReply.ERROR,
error_message = "An element is not known.")
moduleReply.addErrorInfo("bad-element",child.tagName)
self.operationReply.setError()
self.operationReply.setNode(moduleReply.getXMLNodeReply())
return