Пример #1
0
def authenticated(request, groups):
    """ helper function to check if user is authenticated and in a given group.
    """
    if not request.META.get("verified") == "SUCCESS" or (
        groups and todn(request.META.get("dn")).get("O") not in settings.TLS_ADMINGROUPS
    ):
        return HttpResponse("Forbidden", status=403)
Пример #2
0
def authorized(env, users=None):
    email=todn(env.get('dn')).get('emailAddress')
    if env.get('verified') == 'SUCCESS':
        #print self.users
        if users and email not in users:
            return False
        return email
    return False
Пример #3
0
def authorized(env, users=None):
    email = todn(env.get('dn')).get('emailAddress')
    if env.get('verified') == 'SUCCESS':
        #print self.users
        if users and email not in users:
            return False
        return email
    return False
Пример #4
0
 def showcsrs(self):
     email=authorized(self.environ, CONFIG['admins'])
     if not email:
         return _404(self.environ, self.resp)
     return send_template(self.resp,
                            'csrs.html',
                            isadmin=authorized(self.environ, CONFIG['admins']),
                            certs=[(todn(cert.get_subject()),
                                    datetime.datetime.fromtimestamp(os.stat(path).st_mtime),
                                    os.path.basename(path))
                                   for cert, path
                                   in self.ca.incoming()])
Пример #5
0
 def wrapped():
     try:
         err=authenticated(groups)
         if err: return err
         return render_template('csrs.html',
                                certs=[(todn(cert.get_subject()),
                                        datetime.datetime.fromtimestamp(os.stat(path).st_mtime),
                                        os.path.basename(path))
                                       for cert, path
                                       in ca.incoming()])
     except:
         import traceback
         print traceback.format_exc()
Пример #6
0
 def wrapped():
     try:
         err = authenticated(groups)
         if err: return err
         return render_template('csrs.html',
                                certs=[(todn(cert.get_subject()),
                                        datetime.datetime.fromtimestamp(
                                            os.stat(path).st_mtime),
                                        os.path.basename(path))
                                       for cert, path in ca.incoming()])
     except:
         import traceback
         print traceback.format_exc()
Пример #7
0
 def showcsrs(self):
     email = authorized(self.environ, CONFIG['admins'])
     if not email:
         return _404(self.environ, self.resp)
     return send_template(self.resp,
                          'csrs.html',
                          isadmin=authorized(self.environ,
                                             CONFIG['admins']),
                          certs=[(todn(cert.get_subject()),
                                  datetime.datetime.fromtimestamp(
                                      os.stat(path).st_mtime),
                                  os.path.basename(path))
                                 for cert, path in self.ca.incoming()])
Пример #8
0
def showcsrs(request):
    """ authenticated view list of submitted CSRs
    """
    err = authenticated(request, settings.TLS_ADMINGROUPS)
    if err:
        return err
    return render_to_response(
        "csrs.html",
        {
            "certs": [
                (
                    todn(cert.get_subject()),
                    datetime.datetime.fromtimestamp(os.stat(path).st_mtime),
                    os.path.basename(path),
                )
                for cert, path in settings.TLS_CA.incoming()
            ]
        },
    )
Пример #9
0
 def wrapped(*args,**kwargs):
     if request.environ['verified']=="SUCCESS" and (not groups or todn(request.environ['dn']).get('O') in groups):
         return func(*args,**kwargs)
     return unauth(*args,**kwargs)
Пример #10
0
def authenticated(groups):
    """ (FLASK) helper function to check if user is authenticated and in a given group.
    """
    if not request.environ['verified']=="SUCCESS" or (groups and todn(request.environ['dn']).get('O') not in groups):
        return Response("Forbidden",403)
Пример #11
0
 def wrapped(*args, **kwargs):
     if request.environ['verified'] == "SUCCESS" and (
             not groups
             or todn(request.environ['dn']).get('O') in groups):
         return func(*args, **kwargs)
     return unauth(*args, **kwargs)
Пример #12
0
def authenticated(groups):
    """ (FLASK) helper function to check if user is authenticated and in a given group.
    """
    if not request.environ['verified'] == "SUCCESS" or (groups and todn(
            request.environ['dn']).get('O') not in groups):
        return Response("Forbidden", 403)
Пример #13
0
 def wrapped(request, *args, **kwargs):
     if request.META.get("verified") == "SUCCESS" and (
         not groups or todn(request.META.get("dn")).get("O") in groups
     ):
         return func(request, *args, **kwargs)
     return unauth(request, *args, **kwargs)
Пример #14
0
    def filterfile(self, line):
        """ parsing and handling the mime part of a POST file upload
            param.
            param line: is the first line of the mime part.
        """
        name=line[len(startfile):-1]
        line=self.fd.readline().strip()
        if not line.startswith(contenttxt):
            raise Exception("y u no content_type?!?")
        content_type=line[len(contenttxt):]
        line=self.fd.readline() # drop separating empty line

        dropDir = CONFIG['root'] + '/drop/'+ self.dropper.stashid
        fd, fname = mkstemp(dir=dropDir + '/')
        if self.crypto:
            os.close(fd)
            self.gpg.encrypt_file(self,
                                  self.dropper.recipients,
                                  output=fname,
                                  always_trust=True)
        else:
            fd=os.fdopen(fd, 'w')
            while True:
                buf=self.read(1024)
                if buf=='': break
                fd.write(buf)
        meta="%s\n%s\n%s\n%s" % (
            name,
            content_type,
            self.dropper.environ.get('dn'),
            self.hash.hexdigest())
        if self.crypto:
            meta=self.gpg.encrypt(meta,
                                  self.dropper.recipients,
                                  always_trust=True,
                                  armor=False).data
        with open(fname+'.meta','w') as fd:
            fd.write(meta)
        url=urlunparse((self.dropper.environ.get('wsgi.url_scheme'),
                        self.dropper.environ.get('HTTP_HOST') + \
                               (':'+self.dropper.environ.get('HTTP_HOST')
                                if (self.dropper.environ['wsgi.url_scheme']=='https' and
                                    self.dropper.environ['SERVER_PORT'] != '443') or
                                (self.dropper.environ['wsgi.url_scheme']=='http' and
                                 self.dropper.environ['SERVER_PORT'] != '80')
                                else ''),
                        "/%s/%s" % (self.dropper.stashid, fname.split('/')[-1]),
                        '',
                        '',
                        ''))
        if CONFIG.get('notify'):
            sender=(todn(self.dropper.environ.get('dn',''))['emailAddress']
                    if todn(self.dropper.environ.get('dn','')).get('emailAddress')
                    else "anon@localhost")
            txt = render_template('notification.txt',
                                  path=fname,
                                  name=name,
                                  type=content_type,
                                  url=url,
                                  size=sizeof_fmt(self.size),
                                  sender=sender,
                                  hash=self.hash.hexdigest())
            txt=self.gpg.encrypt(txt,
                                 self.dropper.recipients,
                                 always_trust=True).data
            res=mail(txt,
                     [x['uids'][0]
                      for x in self.gpg.list_keys()
                      if x['keyid'] in self.dropper.recipients])
Пример #15
0
    def filterfile(self, line):
        """ parsing and handling the mime part of a POST file upload
            param.
            param line: is the first line of the mime part.
        """
        name = line[len(startfile):-1]
        line = self.fd.readline().strip()
        if not line.startswith(contenttxt):
            raise Exception("y u no content_type?!?")
        content_type = line[len(contenttxt):]
        line = self.fd.readline()  # drop separating empty line

        dropDir = CONFIG['root'] + '/drop/' + self.dropper.stashid
        fd, fname = mkstemp(dir=dropDir + '/')
        if self.crypto:
            os.close(fd)
            self.gpg.encrypt_file(self,
                                  self.dropper.recipients,
                                  output=fname,
                                  always_trust=True)
        else:
            fd = os.fdopen(fd, 'w')
            while True:
                buf = self.read(1024)
                if buf == '': break
                fd.write(buf)
        meta = "%s\n%s\n%s\n%s" % (name, content_type,
                                   self.dropper.environ.get('dn'),
                                   self.hash.hexdigest())
        if self.crypto:
            meta = self.gpg.encrypt(meta,
                                    self.dropper.recipients,
                                    always_trust=True,
                                    armor=False).data
        with open(fname + '.meta', 'w') as fd:
            fd.write(meta)
        url=urlunparse((self.dropper.environ.get('wsgi.url_scheme'),
                        self.dropper.environ.get('HTTP_HOST') + \
                               (':'+self.dropper.environ.get('HTTP_HOST')
                                if (self.dropper.environ['wsgi.url_scheme']=='https' and
                                    self.dropper.environ['SERVER_PORT'] != '443') or
                                (self.dropper.environ['wsgi.url_scheme']=='http' and
                                 self.dropper.environ['SERVER_PORT'] != '80')
                                else ''),
                        "/%s/%s" % (self.dropper.stashid, fname.split('/')[-1]),
                        '',
                        '',
                        ''))
        if CONFIG.get('notify'):
            sender = (todn(self.dropper.environ.get('dn', ''))['emailAddress']
                      if todn(self.dropper.environ.get(
                          'dn', '')).get('emailAddress') else "anon@localhost")
            txt = render_template('notification.txt',
                                  path=fname,
                                  name=name,
                                  type=content_type,
                                  url=url,
                                  size=sizeof_fmt(self.size),
                                  sender=sender,
                                  hash=self.hash.hexdigest())
            txt = self.gpg.encrypt(txt,
                                   self.dropper.recipients,
                                   always_trust=True).data
            res = mail(txt, [
                x['uids'][0] for x in self.gpg.list_keys()
                if x['keyid'] in self.dropper.recipients
            ])