def get_token():
try:
body = request.body.getvalue().decode('utf-8')
login_pass = json.loads(body)
login = login_pass['login']
password_from_user = login_pass['password']
except Exception as e:
return 'error getting credentials: '+str(e)
try:
group_name = login_pass['group']
group_id = sql.get_group_id_by_name(group_name)
except Exception as e:
return 'error getting group: '+str(e)
try:
users = sql.select_users(user=login)
password = funct.get_hash(password_from_user)
except Exception as e:
return 'error one more: '+str(e)
for user in users:
if user.activeuser == 0:
return False
if login in user.username and password == user.password:
import uuid
user_token = str(uuid.uuid4())
sql.write_api_token(user_token, group_id, user.role, user.username)
return user_token
else:
return False
def check_login():
try:
login = request.headers.get('login')
password_from_user = request.headers.get('password')
USERS = sql.select_users(user=login)
password = funct.get_hash(password_from_user)
except:
return False
for users in USERS:
if users[7] == 0:
return False
if login in users[1] and password == users[3]:
return True
else:
return False
#!/usr/bin/env python3
import funct, sql
import os, http.cookies
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'))
template = env.get_template('hapservers.html')
print('Content-type: text/html\n')
funct.check_login()
try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
user = sql.get_user_name_by_uuid(user_id.value)
users = sql.select_users()
groups = sql.select_groups()
token = sql.get_token(user_id.value)
servers = sql.get_dick_permit()
cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l"
keep_alive, stderr = funct.subprocess_execute(cmd)
except:
pass
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
haproxy_config_path = sql.get_setting('haproxy_config_path')
commands = ["ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % haproxy_config_path]
servers_with_status1 = []
out1 = ""
for s in servers:
servers_with_status = list()
cmd = 'echo "show info" |nc %s %s -w 1 |grep -e "Ver\|Uptime:\|Process_num"' % (
template = env.get_template('ovw.html')
print('Content-type: text/html\n')
if create_db.check_db():
if create_db.create_table():
create_db.update_all()
create_db.update_all_silent()
funct.check_login()
try:
user, user_id, role, token, servers = funct.get_users_params()
groups = sql.select_groups()
user_group = funct.get_user_group(id=1)
if (role == 2 or role == 3) and int(user_group) != 1:
users = sql.select_users(group=user_group)
servers_for_grep = ''
i = 0
servers_len = len(servers)
for s in servers:
i += 1
if i != servers_len:
servers_for_grep += s[2] + '\|'
else:
servers_for_grep += s[2]
cmd = "ps ax |grep -e 'metrics_worker\|metrics_waf_worker.py'|grep -E %s|grep -v grep |wc -l" % servers_for_grep
metrics_worker, stderr = funct.subprocess_execute(cmd)
cmd = "ps ax |grep checker_worker|grep -E %s |grep -v grep |wc -l" % servers_for_grep
checker_worker, stderr = funct.subprocess_execute(cmd)
pass
if form.getvalue('logout'):
try:
sql.delete_uuid(user_id.value)
except:
pass
print(
"Set-cookie: uuid=; expires=Wed, May 18 03:33:20 2003; path=/app; httponly"
)
print("Content-type: text/html\n")
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
sys.exit()
if login is not None and password is not None:
USERS = sql.select_users(user=login)
for users in USERS:
if users[7] == 0:
print("Content-type: text/html\n")
print('Your login is disabled')
sys.exit()
if users[6] == 1:
if login in users[1]:
check_in_ldap(login, password)
else:
passwordHashed = funct.get_hash(password)
if login in users[1] and passwordHashed == users[3]:
send_cookie(login)
break
else:
role = ""
user = ""
pass
if form.getvalue('logout'):
try:
sql.delete_uuid(user_id.value)
except:
pass
print("Set-cookie: uuid=; expires=Wed May 18 03:33:20 2003; path=/app/; httponly")
print("Content-type: text/html\n")
print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
if login is not None and password is not None:
USERS = sql.select_users()
session_ttl = int()
session_ttl = sql.get_setting('session_ttl')
session_ttl = int(session_ttl)
expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl)
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
for users in USERS:
if login in users[1] and password == users[3]:
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
c["uuid"] = user_uuid
c["uuid"]["path"] = "/app/"
c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
print(c)
def get_overview():
USERS = sql.select_users()
print('<table class="overview">')
if funct.is_admin():
print('<tr class="overviewHead">'
'<td class="padding10 first-collumn">Login</td>'
'<td class="padding10">Email</td>'
'<td class="padding10">Group</td>'
'<td class="padding10">Role</td>'
'<td style="width: 200px;">'
'<span class="add-button">'
'<a href="#" title="Show all users" id="show-all-users" style="color: #fff">'
'Show all'
'</a>'
'</span>'
'</td>'
'</tr>')
i = 0
style = ""
for users in USERS:
i = i + 1
if i is 4:
style = 'style="display: none;" class="show-users"'
print('<tr ' + style + '><td class="padding10 first-collumn">' + users[1] +'</td><td class="second-collumn">')
print(users[2]+'</td><td>')
GROUPS = sql.select_user_name_group(users[5])
for group in GROUPS:
print(group)
print('</td><td>')
print(users[4])
print('</td><td></td></tr>')
print('</table>')
print('<table class="overview">'
'<tr class="overviewHead">'
'<td class="padding10 first-collumn"">Server</td>'
'<td class="padding10">'
'HAproxy status'
'</td>'
'<td class="padding10">'
'Action'
'</td>'
'<td class="padding10">'
'Last edit'
'</td>'
'<td></td>'
'</tr>')
listhap = sql.get_dick_permit()
commands = [ "ps -Af |grep [h]aproxy |wc -l" ]
commands1 = [ "ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % haproxy_config_path ]
for server in listhap:
print('<tr><td class="padding10 first-collumn"><a href="#%s" title="Go to %s status" style="color: #000">%s</a></td><td class="second-collumn">' % (server[1], server[1], server[1]))
funct.ssh_command(server[2], commands, server_status="1")
print('</td><td>')
if funct.is_admin():
print('<a id="%s" class="start" title="Start HAproxy service" onclick = "if (! confirm(\'Start service?\')) return false;"><img src=/image/pic/start.png alt="start" class="icon"></a>' % server[2])
print('<a id="%s" class="stop" title="Stop HAproxy service" onclick = "return confirm(\'Stop service?\')"><img src=/image/pic/stop.png alt="start" class="icon"></a>' % server[2])
print('<a id="%s" class="restart" title="Restart HAproxy service" onclick = "if (! confirm(\'Restart service?\')) return false;"><img src=/image/pic/update.png alt="restart" class="icon"></a>' % server[2])
print('<a href="/app/configshow.py?serv=%s&open=open#conf" title="Show config"><img src=/image/pic/show.png alt="show" class="icon"></a>' % server[2])
print('<a href="/app/config.py?serv=%s&open=open#conf" title="Edit config"><img src=/image/pic/edit.png alt="edit" class="icon"></a>' % server[2])
print('<a href="/app/diff.py?serv=%s&open=open#diff" title="Compare config"><img src=/image/pic/compare.png alt="compare" class="icon"></a>' % server[2])
print('<a href="/app/map.py?serv=%s&open=open#map" title="Map listen/frontend/backend"><img src=/image/pic/map.png alt="map" class="icon"></a>' % server[2])
print('</td><td>')
funct.ssh_command(server[2], commands1)
print('</td><td></td></tr>')
print('</table><table class="overview"><tr class="overviewHead">'
'<td class="padding10 first-collumn" style="width: 15%;">Server</td>'
'<td>'
'HAproxy info'
'</td>'
'<td>'
'Server status'
'</td>'
'</tr>')
print('</td></tr>')
commands = [ "cat " + haproxy_config_path + " |grep -E '^listen|^backend|^frontend' |grep -v stats |wc -l",
"uname -smor",
"haproxy -v |head -1",
status_command + "|grep Active | sed 's/^[ \t]*//'" ]
commands1 = [ "top -u haproxy -b -n 1" ]
for server in sorted(listhap):
print('<tr><td class="overviewTr first-collumn"><a name="'+server[1]+'"></a><h3 title="IP ' + server[2] + '">' + server[1] + ':</h3></td>')
print('<td class="overviewTd"><span>Total listen/frontend/backend:</span><pre>')
funct.ssh_command(server[2], commands)
print('</pre></td><td class="overviewTd"><pre>')
funct.ssh_command(server[2], commands1)
print('</pre></td></tr>')
print('<tr></table>')
password = form.getvalue('newpassword')
role = form.getvalue('newrole')
group = form.getvalue('newgroupuser')
new_user = form.getvalue('newusername')
page = form.getvalue('page')
activeuser = form.getvalue('activeuser')
role_id = sql.get_role_id_by_name(role)
if sql.check_group(group, role_id):
if funct.is_admin(level=role_id):
if sql.add_user(new_user, email, password, role, group, activeuser):
from jinja2 import Environment, FileSystemLoader
env = Environment(loader=FileSystemLoader('templates/'))
template = env.get_template('ajax/new_user.html')
template = template.render(users=sql.select_users(user=new_user),
groups=sql.select_groups(),
page=page,
roles=sql.select_roles())
print(template)
funct.logging('a new user '+new_user, ' has created ', haproxywi=1, login=1)
else:
funct.logging(new_user, ' tried to privilege escalation', haproxywi=1, login=1)
if form.getvalue('userdel') is not None:
userdel = form.getvalue('userdel')
user = sql.select_users(id=userdel)
for u in user:
username = u[1]
if sql.delete_user(userdel):
