예제 #1
0
파일: auth.py 프로젝트: MalloZup/salt-2
def mk_token(**load):
    r'''
    Create an eauth token using provided credentials

    Non-root users may specify an expiration date -- if allowed via the
    :conf_master:`token_expire_user_override` setting -- by passing an
    additional ``token_expire`` param. This overrides the
    :conf_master:`token_expire` setting of the same name in the Master config
    and is how long a token should live in seconds.

    CLI Example:

    .. code-block:: shell

        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto

        # Create a token valid for three years.
        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto \
            token_expire=94670856

        # Calculate the number of seconds using expr.
        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto \
            token_expire=$(expr \( 365 \* 24 \* 60 \* 60 \) \* 3)
    '''
    # This will hang if the master daemon is not running.
    netapi = salt.netapi.NetapiClient(__opts__)
    if not netapi._is_master_running():
        raise salt.exceptions.SaltDaemonNotRunning(
            'Salt Master must be running.')

    auth = salt.auth.Resolver(__opts__)
    return auth.mk_token(load)
예제 #2
0
def test_token(client, client_config, auth_creds, salt_auto_account):
    """
    Test executing master_call with lowdata

    The choice of using key.list_all for this is arbitrary and should be
    changed to some mocked function that is more testing friendly.
    """
    auth = salt.auth.LoadAuth(client_config)
    token = auth.mk_token(auth_creds)

    ret = client.master_call(
        **{
            "client": "wheel",
            "fun": "key.list_all",
            "token": token["token"],
            "print_event": False,
        })
    assert ret
    assert "data" in ret
    data = ret["data"]
    assert data["success"] is True
    assert data["user"] == salt_auto_account.username
    assert data["fun"] == "wheel.key.list_all"
    assert data["return"]
    assert data["return"]["local"] == ["master.pem", "master.pub"]
예제 #3
0
def test_cve_2021_3244(tmp_path):
    token_dir = tmp_path / "tokens"
    token_dir.mkdir()
    opts = {
        "extension_modules": "",
        "optimization_order": [0, 1, 2],
        "token_expire": 1,
        "keep_acl_in_token": False,
        "eauth_tokens": "localfs",
        "token_dir": str(token_dir),
        "token_expire_user_override": True,
        "external_auth": {
            "auto": {
                "foo": []
            }
        },
    }
    auth = salt.auth.LoadAuth(opts)
    load = {
        "eauth": "auto",
        "username": "******",
        "password": "******",
        "token_expire": -1,
    }
    t_data = auth.mk_token(load)
    assert t_data["expire"] < time.time()
    token_file = token_dir / t_data["token"]
    assert token_file.exists()
    t_data = auth.get_tok(t_data["token"])
    assert not t_data
    assert not token_file.exists()
예제 #4
0
파일: client.py 프로젝트: DaveQB/salt
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using key.list_all for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        auth = salt.auth.LoadAuth(self.get_config('client_config'))
        token = auth.mk_token(self.eauth_creds)

        token = auth.mk_token({
            'username': '******',
            'password': '******',
            'eauth': 'auto',
        })

        self.wheel.master_call(**{
            'client': 'wheel',
            'fun': 'key.list_all',
            'token': token['token'],
        })
예제 #5
0
    def POST(self, **kwargs):
        '''
        Authenticate against Salt's eauth system. Returns a session id and
        redirects on success.

        .. http:post:: /login

            **Example request**::

                % curl -si localhost:8000/login \\
                        -H "Accept: application/json" \\
                        -d username='******' \\
                        -d password='******' \\
                        -d eauth='pam'

            .. code-block:: http

                POST / HTTP/1.1
                Host: localhost:8000
                Content-Length: 97
                Content-Type: application/x-www-form-urlencoded

                username=saltuser&password=saltpass&eauth=pam

            **Example response**:

            .. code-block:: http

                HTTP/1.1 302 Found
                Content-Length: 97
                Location: http://localhost:8000/
                X-Auth-Token: 6d1b722e
                Set-Cookie: session_id=6d1b722e; expires=Sat, 17 Nov 2012 03:23:52 GMT; Path=/

        :form eauth: the eauth backend configured in your master config
        :form username: username
        :form password: password
        :status 302: success
        :status 406: requested Content-Type not available
        '''
        auth = salt.auth.LoadAuth(self.opts)

        # the urlencoded_processor will wrap this in a list
        if isinstance(cherrypy.serving.request.lowstate, list):
            creds = cherrypy.serving.request.lowstate[0]
        else:
            creds = cherrypy.serving.request.lowstate

        token = auth.mk_token(creds)
        cherrypy.response.headers['X-Auth-Token'] = cherrypy.session.id
        cherrypy.session['token'] = token['token']
        cherrypy.session['timeout'] = (token['expire'] - token['start']) / 60
        raise cherrypy.HTTPRedirect('/', 302)
예제 #6
0
파일: client.py 프로젝트: lvg01/salt.old
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using key.list_all for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        auth = salt.auth.LoadAuth(dict(self.get_config('client_config')))
        token = auth.mk_token(self.eauth_creds)

        token = auth.mk_token({
            'username': '******',
            'password': '******',
            'eauth': 'auto',
        })

        self.wheel.master_call(**{
            'client': 'wheel',
            'fun': 'key.list_all',
            'token': token['token'],
        })
예제 #7
0
파일: test_client.py 프로젝트: zxstar/salt
    def test_token(self):
        """
        Test executing master_call with lowdata

        The choice of using key.list_all for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        """
        auth = salt.auth.LoadAuth(dict(self.get_config("client_config")))
        token = auth.mk_token(self.eauth_creds)

        token = auth.mk_token({
            "username": "******",
            "password": "******",
            "eauth": "auto"
        })

        self.wheel.master_call(
            **{
                "client": "wheel",
                "fun": "key.list_all",
                "token": token["token"],
                "print_event": False,
            })
예제 #8
0
    def test_token(self):
        """
        Test executing master_call with lowdata

        The choice of using error.error for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        """
        import salt.auth

        auth = salt.auth.LoadAuth(self.get_config("client_config"))
        token = auth.mk_token(self.eauth_creds)

        self.runner.master_call(
            **{"client": "runner", "fun": "error.error", "token": token["token"]}
        )
예제 #9
0
파일: runner.py 프로젝트: kiall/salt-1
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using error.error for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        import salt.auth

        auth = salt.auth.LoadAuth(self.get_config('client_config'))
        token = auth.mk_token(self.eauth_creds)

        self.runner.master_call(**{
            'client': 'runner',
            'fun': 'error.error',
            'token': token['token'],
        })
예제 #10
0
파일: runner.py 프로젝트: DaveQB/salt
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using error.error for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        import salt.auth

        auth = salt.auth.LoadAuth(self.get_config('client_config'))
        token = auth.mk_token(self.eauth_creds)

        self.runner.master_call(**{
            'client': 'runner',
            'fun': 'error.error',
            'token': token['token'],
        })
예제 #11
0
파일: __init__.py 프로젝트: yeyuexia/salt
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using error.error for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        import salt.auth

        opts = self.get_opts()
        self.mkdir_p(os.path.join(opts['root_dir'], 'cache', 'tokens'))

        auth = salt.auth.LoadAuth(opts)
        token = auth.mk_token(self.eauth_creds)

        self.runner.master_call(**{
            'client': 'runner',
            'fun': 'error.error',
            'token': token['token'],
        })
예제 #12
0
파일: auth.py 프로젝트: bryson/salt
def mk_token(**load):
    '''
    Create an eauth token using provided credentials

    CLI Example:

    .. code-block:: shell

        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto
        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto \\
            token_expire=94670856
    '''
    # This will hang if the master daemon is not running.
    netapi = salt.netapi.NetapiClient(__opts__)
    if not netapi._is_master_running():
        raise salt.exceptions.SaltDaemonNotRunning(
                'Salt Master must be running.')

    auth = salt.auth.Resolver(__opts__)
    return auth.mk_token(load)
예제 #13
0
def test_token(client, client_config, auth_creds):
    """
    Test executing master_call with lowdata

    The choice of using error.error for this is arbitrary and should be
    changed to some mocked function that is more testing friendly.
    """
    auth = salt.auth.LoadAuth(client_config)
    token = auth.mk_token(auth_creds)

    low = {
        "client": "runner",
        "fun": "error.error",
        "token": token["token"],
    }
    ret = client.master_call(**low)
    assert ret
    assert "jid" in ret
    assert "tag" in ret
    assert ret["tag"] == "salt/run/{}".format(ret["jid"])
예제 #14
0
파일: auth.py 프로젝트: cldeluna/salt
def mk_token(**load):
    '''
    Create an eauth token using provided credentials

    CLI Example:

    .. code-block:: shell

        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto
        salt-run auth.mk_token username=saltdev password=saltdev eauth=auto \\
            token_expire=94670856
    '''
    # This will hang if the master daemon is not running.
    netapi = salt.netapi.NetapiClient(__opts__)
    if not netapi._is_master_running():
        raise salt.exceptions.SaltDaemonNotRunning(
            'Salt Master must be running.')

    auth = salt.auth.Resolver(__opts__)
    return auth.mk_token(load)
예제 #15
0
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using key.list_all for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        import salt.auth

        opts = self.get_opts()
        self.mkdir_p(os.path.join(opts['root_dir'], 'cache', 'tokens'))

        auth = salt.auth.LoadAuth(opts)
        token = auth.mk_token({
            'username': '******',
            'password': '******',
            'eauth': 'auto',
        })

        self.wheel.master_call(**{
            'client': 'wheel',
            'fun': 'key.list_all',
            'token': token['token'],
        })
예제 #16
0
    def test_token(self):
        '''
        Test executing master_call with lowdata

        The choice of using key.list_all for this is arbitrary and should be
        changed to some mocked function that is more testing friendly.
        '''
        import salt.auth

        opts = self.get_opts()
        self.mkdir_p(os.path.join(opts['root_dir'], 'cache', 'tokens'))

        auth = salt.auth.LoadAuth(opts)
        token = auth.mk_token({
            'username': '******',
            'password': '******',
            'eauth': 'auto',
        })

        self.wheel.master_call(**{
            'client': 'wheel',
            'fun': 'key.list_all',
            'token': token['token'],
        })