def authenticate(self, **tokens): resp = False for token in self.auth_token_order(): if token in tokens.keys() and tokens[token] is not None: if token == 'password': query = """select id from client where uid='%s' and '%s' = password""" % ( Q(self.username), Q(sha.new(tokens['password']).hexdigest())) if self.sql_get(query): resp = True break elif token == 'pubkey': pubkeys = self.get_token(token, '').split('\n') pubkeys = [pk.split()[0] for pk in pubkeys if len(pk)] for pk in pubkeys: if pk == tokens[token]: resp = True break ClientDB()._unauth_pubkey = tokens[token] elif self.get_token(token) == tokens[token]: resp = True break pubkey = getattr(ClientDB(), '_unauth_pubkey', None) if resp and pubkey and istrue(get_config('sshproxy')['auto_add_key']): tokens['pubkey'] = pubkey if self.add_pubkey(**tokens): Server().message_client("WARNING: Your public key" " has been added to the keyring\n") del ClientDB()._unauth_pubkey return resp
def save(self): sid = self._sid if sid is None: return if not self.login: tok = self.s_tokens self.sql_set( 'site', **{ 'id': sid, 'name': self.name, 'ip_address': tok.get('ip_address', ''), 'port': tok.get('port', '22'), }) for tag, value in self.s_tokens.items(): if tag in ('name', 'ip_address', 'port'): continue elif value and len(str(value)): self.sql_set( 'acltags', **{ 'object': 'site', 'id': sid, 'tag': tag, 'value': str(value) }) else: query = ("delete from acltags where object = 'site'" " and id = %d and tag = '%s'" % (sid, Q(tag))) self.sql_del(query) else: lid = self._lid if not lid: return tok = self.l_tokens self.sql_set( 'login', **{ 'id': lid, 'site_id': sid, 'login': self.login, 'password': tok.get('password', ''), 'pkey': tok.get('pkey', ''), 'priority': tok.get('priority', ''), }) for tag, value in self.l_tokens.items(): if tag in ('name', 'login', 'password', 'pkey', 'priority'): continue elif value and len(str(value)): self.sql_set( 'acltags', **{ 'object': 'login', 'id': lid, 'tag': tag, 'value': str(value) }) else: query = ("delete from acltags where object = 'login'" " and id = %d and tag = '%s'" % (lid, Q(tag))) self.sql_del(query)
def set_rule(self, acl, rule, index): if not ACLDB.set_rule(self, acl, rule, index): return False query = """update aclrules set rule = '%s' where name = '%s' and weight = %d""" self.sql_update(query % (Q(rule), Q(acl), index)) return True
def del_rule(self, acl, index): if index is not None: query = """delete from aclrules where name = '%s' and weight = %d""" self.sql_del(query % (Q(acl), index)) query = """update aclrules set weight = weight-1 where name = '%s' and weight >= %d""" self.sql_update(query % (Q(acl), index)) return ACLDB.del_rule(self, acl, index)
def add_client(self, username, **tokens): if self.exists(username, **tokens): return 'Client %s does already exist' % username query = "insert into client (uid, password) values ('%s', '%s')" id = self.sql_add(query % (Q(username), Q(tokens.get('password', '')))) if not id: return 'A problem occured when adding client %s' % username client = ClientInfo(username, **tokens) client.save() return 'Client %s added' % username
def add_rule(self, acl, rule=None, index=None, updatedb=True): index = ACLDB.add_rule(self, acl, rule, index) if not updatedb: return index if index < len(self.rules[acl]): query = """update aclrules set weight = weight+1 where name = '%s' and weight >= %d""" self.sql_update(query % (Q(acl), index)) query = """insert into aclrules (name, rule, weight) values ('%s', '%s', %d)""" self.sql_add(query % (Q(acl), Q(rule), index)) return index
def save(self): id = self._id if id is None: return for tag, value in self.tokens.items(): if tag == 'username': continue elif tag == 'password': self.sql_set( 'client', **{ 'id': id, 'uid': self.username, 'password': str(value) }) elif value and len(str(value)): self.sql_set( 'acltags', **{ 'object': 'client', 'id': id, 'tag': tag, 'value': str(value) }) else: query = ("delete from acltags where object = 'client'" " and id = %d and tag = '%s'" % (id, Q(tag))) self.sql_del(query)
def load(self): query = """select id, name, ip_address, port from site where name = '%s'""" % Q(self.name) site = self.sql_get(query) if not site: return self._sid, name, ip_address, port = site query = """select tag, value from acltags where object = 'site' and id = %d""" % self._sid tags = {} for tag, value in self.sql_list(query): tags[tag] = value self.s_tokens.update(tags) tags = {'name': name, 'ip_address': ip_address, 'port': port} self.s_tokens.update(tags) # TODO: handle the default case, see also in file backend query = """select id, login, password, pkey, priority from login where site_id = %d and ('%s' = 'None' or '%s' = login) order by priority desc""" % (self._sid, Q( self.login), Q(self.login)) login = self.sql_get(query) if login: self._lid, login, password, pkey, priority = login tags = { 'login': login, 'password': password, 'priority': priority, 'pkey': pkey } self.l_tokens.update(tags) query = """select tag, value from acltags where object = 'login' and id = %d""" % self._lid tags = {} for tag, value in self.sql_list(query): tags[tag] = value self.l_tokens.update(tags) self.loaded = True
def add_site(self, sitename, **tokens): login, site = self.split_user_site(sitename) if login == '*': return "'*' is not allowed, be more specific." if not login: if self.exists(site, **tokens): return 'Site %s does already exist' % site # create site port = tokens.get('port', 22) try: port = int(port) if not (0 < port < 65536): raise ValueError except ValueError: return ('Port must be numeric and have a strictly positive ' 'value inferior to 65536') query = ("insert into site (name, ip_address, port) " "values ('%s', '%s', '%s')") sid = self.sql_add( query % (Q(site), Q(tokens.get('ip_address', '')), port)) if not sid: return 'A problem occured when adding site %s' % sitename elif not self.exists(site, **tokens): # if site does not exist and a login was given, exit with an error return 'Please create site %s first' % site else: if self.exists(sitename, **tokens): return 'Site %s does already exist' % sitename sid = self.sql_get("select id from site where name = '%s'" % Q(site)) query = ("insert into login (site_id, login, password) " "values (%d, '%s', '%s')") lid = self.sql_add(query % (sid, Q(login), Q(tokens.get('password', '')))) if not lid: return 'A problem occured when adding site %s' % sitename site = SiteInfo(login, site, **tokens) site.save() return 'Site %s added' % sitename
def exists(self, sitename, **tokens): login, site = self.split_user_site(sitename) if login == '*': login = None query = "select id from site where name = '%s'" % Q(site) id = self.sql_get(query) if not id: return False if not login: return id query = "select id from login where login = '******' and site_id = %d" id = self.sql_get(query % (Q(login), id)) return id or False
def load(self): query = """select id, password from client where uid = '%s'""" % Q(self.username) result = self.sql_get(query) if not result: return self._id, password = result self.load_tags(self._id, password=password)
def load_tags(self, id=None, **tokens): if id is None: id = self._id if id is None: return query = """select tag, value from acltags where object = 'client' and id = %d""" % id tags = tokens for tag, value in self.sql_list(query): if len(value): tags[tag] = value else: query = ("delete from acltags where object = 'client'" " and id = %d and tag = '%s'" % (id, Q(tag))) self.sql_del(query) self.set_tokens(**tags)
def exists(self, username, **tokens): query = "select id from client where uid = '%s'" % Q(username) id = self.sql_get(query) if id: return id return False