def __init__(self):
self.processes = TimeExpiredDict(600)
with open("pvt.key", "r") as key_file:
self.key = key_file.read()
class Impersonator(Resource):
def __init__(self):
self.processes = TimeExpiredDict(600)
with open("pvt.key", "r") as key_file:
self.key = key_file.read()
def authenticate(self, username, password, venv=None):
process = self.processes.get(username)
if process == None:
process = subprocess.Popen(
'su %s -c " ../venv/bin/python login.py %s %s"' %
(username, username, password),
shell=True,
stdout=subprocess.PIPE)
output, error = process.communicate()
print output, error
if output.endswith('0\n'):
self.processes.add(username, password)
else:
return False
elif process != password:
self.process.expire(username)
return False
return True
def render_POST(self, request):
try:
print "### Received request ###"
data = request.content.read()
data_lines = data.split("\n")
#get credentials
decoded = base64.b64decode(data_lines[0])
decrypted = PubPvtKey.decrypt(self.key, decoded)
credentials = decrypted.split(":")
command = data_lines[1]
prompt = "prompt"
sudo = False
if len(data_lines) > 2:
prompt = data_lines[2]
if len(data_lines) > 3:
sudo = data_lines[3].lower() == "true"
#if command should be run as sudo
if sudo:
command = 'sudo -S %s' % command
command = 'source /srv/Webinal/venv/bin/activate;%s;deactivate' % command
if self.authenticate(credentials[0], credentials[1]):
print "Permission granted."
print "Running '%s' as '%s'" % (command, credentials[0])
cmd = "su - %s -c '%s'" % (credentials[0], command)
process = subprocess.Popen(cmd,
shell=True,
stdin=subprocess.PIPE,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
universal_newlines=True)
if sudo:
#handle sudo prompt
output, error = process.communicate(credentials[1] + "\n")
else:
output, error = process.communicate()
output = str(output).strip("None")
print output
return output
else:
print "Permission denied\n"
request.setResponseCode(403)
return "Permission denied"
except Exception, err:
with open("/tmp/webinal.err", "w") as f:
print >> f, str(err)
request.setResponseCode(400)
return "Bad Request"
class Impersonator(Resource):
def __init__(self):
self.processes = TimeExpiredDict(600)
with open("pvt.key", "r") as key_file:
self.key = key_file.read()
def authenticate(self, username, password, venv=None):
process = self.processes.get(username)
if process == None:
process = subprocess.Popen('su %s -c " python login.py %s %s"' % (username, username, password), shell=True, stdout=subprocess.PIPE)
output, error = process.communicate()
if output.startswith("0"):
self.processes.add(username, "")
else:
return False
return True
def render_POST(self, request):
try:
print "### Received request ###"
data = request.content.read()
data_lines = data.split("\n")
#get credentials
decoded = base64.b64decode(data_lines[0])
decrypted = PubPvtKey.decrypt(self.key, decoded)
credentials = decrypted.split(":")
command = data_lines[1]
prompt = "prompt"
sudo = False
if len(data_lines) > 2:
prompt = data_lines[2]
if len(data_lines) > 3:
sudo = data_lines[3].lower() == "true"
#if command should be run as sudo
if sudo:
command = 'sudo -S %s' % command
if self.authenticate(credentials[0], credentials[1]):
print "Permission granted."
print "Running '%s' as '%s'" % (command, credentials[0])
cmd = "su - %s -c '%s'" % (credentials[0], command)
process = subprocess.Popen(cmd, shell=True,
stdin=subprocess.PIPE, stderr=subprocess.PIPE,
stdout=subprocess.PIPE, universal_newlines=True)
if sudo:
#handle sudo prompt
output, error = process.communicate(credentials[1] + "\n")
else:
output, error = process.communicate()
output = str(output).strip("None")
return output
else:
print "Permission denied\n"
request.setResponseCode(403)
return "Permission denied"
except Exception, err:
print(err)
request.setResponseCode(400)
return "Bad Request"
def __init__(self):
self.processes = TimeExpiredDict(600)
with open("pvt.key", "r") as key_file:
self.key = key_file.read()
class Impersonator(Resource):
def __init__(self):
self.processes = TimeExpiredDict(600)
with open("pvt.key", "r") as key_file:
self.key = key_file.read()
def authenticate(self, username, password, venv=None):
process = self.processes.get(username)
if process == None:
process = subprocess.Popen('su %s -c " ../venv/bin/python login.py %s %s"' % (username, username, password), shell=True, stdout=subprocess.PIPE)
output, error = process.communicate()
print output, error
if output.endswith('0\n'):
self.processes.add(username, password)
else:
return False
elif process != password:
self.process.expire(username)
return False
return True
def render_POST(self, request):
try:
data = request.content.read()
data_lines = data.split("\n")
#get credentials
decoded = base64.b64decode(data_lines[0])
decrypted = PubPvtKey.decrypt(self.key, decoded)
credentials = decrypted.split(":")
command = data_lines[1]
prompt = "prompt" #legacy - should be phased out
sudo = False
if len(data_lines) > 2:
prompt = data_lines[2] #legacy - should be phased out
if len(data_lines) > 3:
sudo = data_lines[3].lower() == "true"
#if command should be run as sudo
if sudo:
command = 'sudo -S %s' % command
#activate python virtual environment
command = 'source ../venv/bin/activate;%s;deactivate' % command
if self.authenticate(credentials[0], credentials[1]):
cmd = "su - %s -c '%s'" % (credentials[0], command)
process = subprocess.Popen(cmd, shell=True,
stdin=subprocess.PIPE, stderr=subprocess.PIPE,
stdout=subprocess.PIPE, universal_newlines=True)
if sudo:
#handle sudo prompt
output, error = process.communicate(credentials[1] + "\n")
else:
output, error = process.communicate()
output = str(output).strip("None")
return output
else:
request.setResponseCode(403)
return "Permission denied"
except Exception, err:
print str(err)
request.setResponseCode(400)
return "Bad Request"
