Exemplo n.º 1
0
def setup_module():
    global xc, sc
    xc = xcauth(domain_db={
            'xdomain': '99999\thttps://remotehost\tydomain\t',
            'udomain': '8888\thttps://oldhost\t',
        },
        default_url='https://localhost', default_secret='01234')
    sc = sigcloud(xc, 'user1', 'domain1')
Exemplo n.º 2
0
def setup_module():
    global xc, sc
    xc = xcauth(default_url='https://localhost', default_secret='01234',
        #sql_db='/tmp/auth.sqlite3', cache_storage='db',
        #sql_db='/tmp/auth.sqlite3', cache_storage='db',
        #sql_db=':memory:', cache_storage='db',
        sql_db=':memory:', cache_storage='memory',
        bcrypt_rounds=(6, 6))
    sc = sigcloud(xc, 'user2', 'domain2', 'pass2')
Exemplo n.º 3
0
def setup_module():
    global xc, sc
    xc = xcauth(domain_db={
        b'xdomain': b'99999\thttps://remotehost\tydomain\t',
        b'udomain': b'8888\thttps://oldhost\t',
    },
                sql_db=':memory:',
                cache_storage='db',
                default_url='https://localhost',
                default_secret='01234')
    sc = sigcloud(xc, 'user1', 'domain1')
Exemplo n.º 4
0
def setup_module():
    global xc, sc
    xc = xcauth(domain_db={
        'xdomain': '99999\thttps://remotehost\tydomain\t',
        'udomain': '8888\thttps://oldhost\t',
    },
                default_url='https://localhost',
                default_secret='01234',
                ejabberdctl='/no/bin/ejabberdctl',
                shared_roster_db={})
    xc.ejabberd_controller = ejabberdctl(xc)
    sc = sigcloud(xc, 'user1', 'domain1')
Exemplo n.º 5
0
def perform(args):
    global errfile

    # Set up logging
    logfile = args.log + '/xcauth.log'
    signal.signal(signal.SIGUSR1, log_info)
    if (args.interactive or args.auth_test or args.isuser_test or args.roster_test):
        signal.signal(signal.SIGHUP, signal.SIG_IGN)
        logging.basicConfig(stream=sys.stderr,
            level=logging.DEBUG,
            format='%(asctime)s %(levelname)s: %(message)s')
    else:
        errfile = args.log + '/xcauth.err'
        rebind_stderr(0, None)
        signal.signal(signal.SIGHUP, rebind_stderr)
        try:
            from logging.handlers import WatchedFileHandler
            logging.basicConfig(handlers=(WatchedFileHandler(logfile),),
                level=logging.DEBUG if args.debug else logging.INFO,
                format='%(asctime)s %(levelname)s: %(message)s')
        except OSError as e:
            logging.basicConfig(stream=sys.stderr)
            logging.warning('Cannot log to %s: %s' % (logfile, str(e)))

    logging.debug('Start external auth script %s for %s with endpoint: %s', VERSION, args.type, args.url)

    # Set up global environment (incl. cache, db)
    if args.cache_storage != 'none':
        try:
            import bcrypt
        except ImportError as e:
            logging.warn('Cannot import bcrypt (%s); caching disabled' % e)
            args.cache_storage = 'none'
    ttls = {'query': args.cache_query_ttl,
            'verify': args.cache_verification_ttl,
            'unreach': args.cache_unreachable_ttl}
    xc = xcauth(default_url = args.url, default_secret = args.secret,
            ejabberdctl = args.ejabberdctl if 'ejabberdctl' in args else None,
            sql_db = args.db, cache_storage = args.cache_storage,
            domain_db = args.domain_db, cache_db = args.cache_db,
            shared_roster_db = args.shared_roster_db,
            timeout = args.timeout, ttls = ttls,
            bcrypt_rounds = args.cache_bcrypt_rounds)

    # Check for one-shot commands
    if args.isuser_test:
        sc = sigcloud(xc, args.isuser_test[0], args.isuser_test[1])
        success = sc.isuser()
        print(success)
        return
    if args.roster_test:
        sc = sigcloud(xc, args.roster_test[0], args.roster_test[1])
        success, response = sc.roster_cloud()
        print(str(response))
        if args.ejabberdctl:
            sc.try_roster(async=False)
        return
    elif args.auth_test:
        sc = sigcloud(xc, args.auth_test[0], args.auth_test[1], args.auth_test[2])
        success = sc.auth()
        print(success)
        return

    # Read commands from file descriptors
    # Acceptor socket?
    listeners = listen_fds_with_names()
    if listeners is None:
        # Single socket; unclear whether it is connected or an acceptor
        try:
            stdinfd = sys.stdin.fileno()
        except io.UnsupportedOperation:
            stdinfd = None
        if stdinfd is None:
            # Not a real socket, assume stdio communication
            perform_from_fd(sys.stdin, sys.stdout, xc, args.type)
        else:
            s = socket.socket(fileno=stdinfd)
            try:
                # Is it an acceptor socket?
                s.listen()
                # Yes, accept connections (fake systemd context)
                perform_from_listeners({0: args.type}, xc, args.type)
            except OSError:
                # Not an acceptor socket, use for stdio
                perform_from_fd(sys.stdin, sys.stdout, xc, args.type, closefds=(sys.stdin,sys.stdout,s))
    else:
        # Uses systemd socket activation
        perform_from_listeners(listeners, xc, args.type)
Exemplo n.º 6
0
def perform(args):
    logfile = args.log + '/xcauth.log'
    if (args.interactive or args.auth_test or args.isuser_test
            or args.roster_test):
        logging.basicConfig(stream=sys.stderr,
                            level=logging.DEBUG,
                            format='%(asctime)s %(levelname)s: %(message)s')
    else:
        logging.basicConfig(
            filename=logfile,
            level=logging.DEBUG if args.debug else logging.INFO,
            format='%(asctime)s %(levelname)s: %(message)s')

        # redirect stderr
        errfile = args.log + '/xcauth.err'
        sys.stderr = open(errfile, 'a+')

    logging.debug('Start external auth script %s for %s with endpoint: %s',
                  VERSION, args.type, args.url)

    if args.domain_db:
        domain_db = anydbm.open(args.domain_db, 'c', 0600)
        atexit.register(domain_db.close)
    else:
        domain_db = {}
    if args.cache_db:
        import bcrypt
        cache_db = anydbm.open(args.cache_db, 'c', 0600)
        atexit.register(cache_db.close)
    else:
        cache_db = {'': ''}  # "Do not use" marker
    if args.shared_roster_db:
        shared_roster_db = anydbm.open(args.shared_roster_db, 'c', 0600)
        atexit.register(shared_roster_db.close)
    else:
        # Will never be accessed, as `ejabberdctl` will not be set
        shared_roster_db = None

    ttls = {
        'query': args.cache_query_ttl,
        'verify': args.cache_verification_ttl,
        'unreach': args.cache_unreachable_ttl
    }
    xc = xcauth(
        default_url=args.url,
        default_secret=args.secret,
        ejabberdctl=args.ejabberdctl if 'ejabberdctl' in args else None,
        shared_roster_db=shared_roster_db,
        domain_db=domain_db,
        cache_db=cache_db,
        timeout=args.timeout,
        ttls=ttls,
        bcrypt_rounds=args.cache_bcrypt_rounds)

    if args.isuser_test:
        sc = sigcloud(xc, args.isuser_test[0], args.isuser_test[1])
        success = sc.isuser()
        print success
        return
    if args.roster_test:
        sc = sigcloud(xc, args.roster_test[0], args.roster_test[1])
        success, response = sc.roster_cloud()
        print str(response)
        if args.update_roster:
            sc.try_roster(async=False)
        return
    elif args.auth_test:
        sc = sigcloud(xc, args.auth_test[0], args.auth_test[1],
                      args.auth_test[2])
        success = sc.auth()
        print success
        return

    if args.type == 'ejabberd':
        from xclib.ejabberd_io import ejabberd_io
        xmpp = ejabberd_io
    elif args.type == 'saslauthd':
        from xclib.saslauthd_io import saslauthd_io
        xmpp = saslauthd_io
    else:  # 'generic' or 'prosody'
        from xclib.prosody_io import prosody_io
        xmpp = prosody_io

    for data in xmpp.read_request():
        logging.debug('Receive operation ' + data[0])

        success = False
        if data[0] == "auth" and len(data) == 4:
            sc = sigcloud(xc, data[1], data[2], data[3])
            success = sc.auth()
        elif data[0] == "isuser" and len(data) == 3:
            sc = sigcloud(xc, data[1], data[2])
            success = sc.isuser()
        elif data[0] == "roster" and len(data) == 3:
            # Nonstandard extension, only useful with -t generic
            sc = sigcloud(xc, data[1], data[2])
            success, response = sc.roster_cloud()
            success = str(response)  # Convert from unicode
        elif data[0] == "quit" or data[0] == "exit":
            break

        xmpp.write_response(success)

    logging.debug('Shutting down...')
Exemplo n.º 7
0
def test_echo():
    xc = xcauth(ejabberdctl='/bin/echo')
    e = ejabberdctl(xc)
    assertEqual(e.execute(['Hello', 'world']), 'Hello world\n')
Exemplo n.º 8
0
def test_false():
    xc = xcauth(ejabberdctl='/bin/false')
    e = ejabberdctl(xc)
    assertEqual(e.execute(['Hello', 'world']), None)
Exemplo n.º 9
0
def test_true():
    xc = xcauth(ejabberdctl='/bin/true')
    e = ejabberdctl(xc)
    assertEqual(e.execute(['Hello', 'world']), '')
Exemplo n.º 10
0
def setup_module():
    global xc, sc
    xc = xcauth(default_url='https://localhost',
                default_secret='01234',
                bcrypt_rounds=6)
    sc = sigcloud(xc, 'user2', 'domain2', 'pass2')