def get_token(): try: body = request.body.getvalue().decode('utf-8') login_pass = json.loads(body) login = login_pass['login'] password_from_user = login_pass['password'] except Exception as e: return 'error getting credentials: '+str(e) try: group_name = login_pass['group'] group_id = sql.get_group_id_by_name(group_name) except Exception as e: return 'error getting group: '+str(e) try: users = sql.select_users(user=login) password = funct.get_hash(password_from_user) except Exception as e: return 'error one more: '+str(e) for user in users: if user.activeuser == 0: return False if login in user.username and password == user.password: import uuid user_token = str(uuid.uuid4()) sql.write_api_token(user_token, group_id, user.role, user.username) return user_token else: return False
def check_login(): try: login = request.headers.get('login') password_from_user = request.headers.get('password') USERS = sql.select_users(user=login) password = funct.get_hash(password_from_user) except: return False for users in USERS: if users[7] == 0: return False if login in users[1] and password == users[3]: return True else: return False
#!/usr/bin/env python3 import funct, sql import os, http.cookies from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/')) template = env.get_template('hapservers.html') print('Content-type: text/html\n') funct.check_login() try: cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_id = cookie.get('uuid') user = sql.get_user_name_by_uuid(user_id.value) users = sql.select_users() groups = sql.select_groups() token = sql.get_token(user_id.value) servers = sql.get_dick_permit() cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l" keep_alive, stderr = funct.subprocess_execute(cmd) except: pass haproxy_sock_port = sql.get_setting('haproxy_sock_port') haproxy_config_path = sql.get_setting('haproxy_config_path') commands = ["ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % haproxy_config_path] servers_with_status1 = [] out1 = "" for s in servers: servers_with_status = list() cmd = 'echo "show info" |nc %s %s -w 1 |grep -e "Ver\|Uptime:\|Process_num"' % (
template = env.get_template('ovw.html') print('Content-type: text/html\n') if create_db.check_db(): if create_db.create_table(): create_db.update_all() create_db.update_all_silent() funct.check_login() try: user, user_id, role, token, servers = funct.get_users_params() groups = sql.select_groups() user_group = funct.get_user_group(id=1) if (role == 2 or role == 3) and int(user_group) != 1: users = sql.select_users(group=user_group) servers_for_grep = '' i = 0 servers_len = len(servers) for s in servers: i += 1 if i != servers_len: servers_for_grep += s[2] + '\|' else: servers_for_grep += s[2] cmd = "ps ax |grep -e 'metrics_worker\|metrics_waf_worker.py'|grep -E %s|grep -v grep |wc -l" % servers_for_grep metrics_worker, stderr = funct.subprocess_execute(cmd) cmd = "ps ax |grep checker_worker|grep -E %s |grep -v grep |wc -l" % servers_for_grep checker_worker, stderr = funct.subprocess_execute(cmd)
pass if form.getvalue('logout'): try: sql.delete_uuid(user_id.value) except: pass print( "Set-cookie: uuid=; expires=Wed, May 18 03:33:20 2003; path=/app; httponly" ) print("Content-type: text/html\n") print('<meta http-equiv="refresh" content="0; url=/app/login.py">') sys.exit() if login is not None and password is not None: USERS = sql.select_users(user=login) for users in USERS: if users[7] == 0: print("Content-type: text/html\n") print('Your login is disabled') sys.exit() if users[6] == 1: if login in users[1]: check_in_ldap(login, password) else: passwordHashed = funct.get_hash(password) if login in users[1] and passwordHashed == users[3]: send_cookie(login) break else:
role = "" user = "" pass if form.getvalue('logout'): try: sql.delete_uuid(user_id.value) except: pass print("Set-cookie: uuid=; expires=Wed May 18 03:33:20 2003; path=/app/; httponly") print("Content-type: text/html\n") print('<meta http-equiv="refresh" content="0; url=/app/login.py">') if login is not None and password is not None: USERS = sql.select_users() session_ttl = int() session_ttl = sql.get_setting('session_ttl') session_ttl = int(session_ttl) expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl) user_uuid = str(uuid.uuid4()) user_token = str(uuid.uuid4()) for users in USERS: if login in users[1] and password == users[3]: c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) c["uuid"] = user_uuid c["uuid"]["path"] = "/app/" c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") print(c)
def get_overview(): USERS = sql.select_users() print('<table class="overview">') if funct.is_admin(): print('<tr class="overviewHead">' '<td class="padding10 first-collumn">Login</td>' '<td class="padding10">Email</td>' '<td class="padding10">Group</td>' '<td class="padding10">Role</td>' '<td style="width: 200px;">' '<span class="add-button">' '<a href="#" title="Show all users" id="show-all-users" style="color: #fff">' 'Show all' '</a>' '</span>' '</td>' '</tr>') i = 0 style = "" for users in USERS: i = i + 1 if i is 4: style = 'style="display: none;" class="show-users"' print('<tr ' + style + '><td class="padding10 first-collumn">' + users[1] +'</td><td class="second-collumn">') print(users[2]+'</td><td>') GROUPS = sql.select_user_name_group(users[5]) for group in GROUPS: print(group) print('</td><td>') print(users[4]) print('</td><td></td></tr>') print('</table>') print('<table class="overview">' '<tr class="overviewHead">' '<td class="padding10 first-collumn"">Server</td>' '<td class="padding10">' 'HAproxy status' '</td>' '<td class="padding10">' 'Action' '</td>' '<td class="padding10">' 'Last edit' '</td>' '<td></td>' '</tr>') listhap = sql.get_dick_permit() commands = [ "ps -Af |grep [h]aproxy |wc -l" ] commands1 = [ "ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % haproxy_config_path ] for server in listhap: print('<tr><td class="padding10 first-collumn"><a href="#%s" title="Go to %s status" style="color: #000">%s</a></td><td class="second-collumn">' % (server[1], server[1], server[1])) funct.ssh_command(server[2], commands, server_status="1") print('</td><td>') if funct.is_admin(): print('<a id="%s" class="start" title="Start HAproxy service" onclick = "if (! confirm(\'Start service?\')) return false;"><img src=/image/pic/start.png alt="start" class="icon"></a>' % server[2]) print('<a id="%s" class="stop" title="Stop HAproxy service" onclick = "return confirm(\'Stop service?\')"><img src=/image/pic/stop.png alt="start" class="icon"></a>' % server[2]) print('<a id="%s" class="restart" title="Restart HAproxy service" onclick = "if (! confirm(\'Restart service?\')) return false;"><img src=/image/pic/update.png alt="restart" class="icon"></a>' % server[2]) print('<a href="/app/configshow.py?serv=%s&open=open#conf" title="Show config"><img src=/image/pic/show.png alt="show" class="icon"></a>' % server[2]) print('<a href="/app/config.py?serv=%s&open=open#conf" title="Edit config"><img src=/image/pic/edit.png alt="edit" class="icon"></a>' % server[2]) print('<a href="/app/diff.py?serv=%s&open=open#diff" title="Compare config"><img src=/image/pic/compare.png alt="compare" class="icon"></a>' % server[2]) print('<a href="/app/map.py?serv=%s&open=open#map" title="Map listen/frontend/backend"><img src=/image/pic/map.png alt="map" class="icon"></a>' % server[2]) print('</td><td>') funct.ssh_command(server[2], commands1) print('</td><td></td></tr>') print('</table><table class="overview"><tr class="overviewHead">' '<td class="padding10 first-collumn" style="width: 15%;">Server</td>' '<td>' 'HAproxy info' '</td>' '<td>' 'Server status' '</td>' '</tr>') print('</td></tr>') commands = [ "cat " + haproxy_config_path + " |grep -E '^listen|^backend|^frontend' |grep -v stats |wc -l", "uname -smor", "haproxy -v |head -1", status_command + "|grep Active | sed 's/^[ \t]*//'" ] commands1 = [ "top -u haproxy -b -n 1" ] for server in sorted(listhap): print('<tr><td class="overviewTr first-collumn"><a name="'+server[1]+'"></a><h3 title="IP ' + server[2] + '">' + server[1] + ':</h3></td>') print('<td class="overviewTd"><span>Total listen/frontend/backend:</span><pre>') funct.ssh_command(server[2], commands) print('</pre></td><td class="overviewTd"><pre>') funct.ssh_command(server[2], commands1) print('</pre></td></tr>') print('<tr></table>')
password = form.getvalue('newpassword') role = form.getvalue('newrole') group = form.getvalue('newgroupuser') new_user = form.getvalue('newusername') page = form.getvalue('page') activeuser = form.getvalue('activeuser') role_id = sql.get_role_id_by_name(role) if sql.check_group(group, role_id): if funct.is_admin(level=role_id): if sql.add_user(new_user, email, password, role, group, activeuser): from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/')) template = env.get_template('ajax/new_user.html') template = template.render(users=sql.select_users(user=new_user), groups=sql.select_groups(), page=page, roles=sql.select_roles()) print(template) funct.logging('a new user '+new_user, ' has created ', haproxywi=1, login=1) else: funct.logging(new_user, ' tried to privilege escalation', haproxywi=1, login=1) if form.getvalue('userdel') is not None: userdel = form.getvalue('userdel') user = sql.select_users(id=userdel) for u in user: username = u[1] if sql.delete_user(userdel):