def edit_permission(req, id):
ctx = Context()
found = False
p = ctx.get_permission(id)
if p is None:
raise Http404
p.description = req.POST['description']
p.type = req.POST['type']
constraint_types = req.POST["constraint_types"].strip() and \
req.POST['constraint_types'].split("\n") or []
constraints = req.POST["constraints"].strip() and \
req.POST['constraints'].split("\n") or []
p.constraints = []
for i, t in enumerate(constraint_types):
p.add_constraint(t, constraints[i])
for i in xrange(len(ctx.permissions)):
if ctx.permissions[i].id == id:
ctx.permissions[i] = p
break
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def get_user(req, id):
ctx = Context()
user = ctx.get_user(id=id)
if not user:
raise Http404
resp = []
resp.append("'name': '%s'" % user.name.replace("'", "\\'"))
resp.append("'login': '******'" % user.login.replace("'", "\\'"))
resp.append("'superuser': %s" % str(user.superuser).lower())
resp.append("'roles': ['%s']" % "','".join([r.id for r in user.roles]))
return HttpResponse("{%s}" % ",".join(resp))
def get_user(req, id):
ctx = Context()
user = ctx.get_user(id=id)
if not user:
raise Http404
resp = []
resp.append("'name': '%s'" % user.name.replace("'", "\\'"))
resp.append("'login': '******'" % user.login.replace("'", "\\'"))
resp.append("'superuser': %s" % str(user.superuser).lower())
resp.append("'roles': ['%s']" % "','".join([r.id for r in user.roles]))
return HttpResponse("{%s}" % ",".join(resp))
def delete_user(req, id):
ctx = Context()
found = False
for i in xrange(len(ctx.users)):
if ctx.users[i].login == id:
del ctx.users[i]
found = True
break
if not found:
raise Http404
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def delete_user(req, id):
ctx = Context()
found = False
for i in xrange(len(ctx.users)):
if ctx.users[i].login == id:
del ctx.users[i]
found = True
break
if not found:
raise Http404
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def get_role(req, id):
ctx = Context()
role = ctx.get_role(id)
if role is None:
raise Http404
data = []
data.append("'id': '%s'" % role.id)
data.append("'description': '%s'" % role.description)
data.append("'permissions': ['%s']" % "','".join([p.id.replace("'", "\\'")
for p in role.permissions]))
return HttpResponse("{%s}" % ",".join(data), "text/plain")
def add_role(req):
ctx = Context()
if not req.POST:
raise HttpError(400, "Invalid Request")
id = req.POST['id']
description = req.POST['description']
permissions = req.POST['permissions'].strip() and req.POST['permissions'].split(",") or []
if id in [p.id for p in ctx.roles]:
return HttpResponse("{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}")
ctx.add_role(id, description, permissions)
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def get_role(req, id):
ctx = Context()
role = ctx.get_role(id)
if role is None:
raise Http404
data = []
data.append("'id': '%s'" % role.id)
data.append("'description': '%s'" % role.description)
data.append(
"'permissions': ['%s']" %
"','".join([p.id.replace("'", "\\'") for p in role.permissions]))
return HttpResponse("{%s}" % ",".join(data), "text/plain")
def roles_get_all(req):
ctx = Context()
return HttpResponse("[%s]" % ",".join([
"{'value': '%s', 'description': '%s'}" %
(r.id.replace("'", "\\'"), r.description.replace("'", "\\'"))
for r in ctx.roles
]))
def login(req):
logger.debug("aeeeeeeeee")
response = HttpResponse()
error = ""
errorclass = "hide"
if req.POST:
ctx = Context()
user = ctx.get_user(req.POST['login'], req.POST['password'])
if user:
req.session['umit_user'] = user
return HttpResponseRedirect("/html/")
else:
error = "Incorrect username or password"
errorclass = ""
response.loadTemplate("html/login.html")
return response % {"error": error, "errorclass": errorclass}
class SecurityContextTestCase(unittest.TestCase):
logger = getLogger("SecurityContextTestCase")
file = "security.xml.sample"
def setUp(self):
self.context = Context()
self.logger.debug(str(len(self.context.roles)))
def tearDown(self):
del self.context
def testPermissions(self):
self.assertTrue(len(self.context.permissions) == 5)
self.assertEqual(self.context.permissions[0].id, "allow-all")
self.assertEqual(self.context.permissions[2].id, "deny-localhost")
self.assertEqual(len(self.context.permissions[2].constraints), 2)
def testRoles(self):
self.assertTrue(len(self.context.roles) == 2)
self.assertEqual(self.context.roles[1].id, "administrator")
def testUsers(self):
self.assertTrue(len(self.context.users) == 2)
u = self.context.get_user("user1", "123")
self.assertTrue(u is not None)
command = "nmap -v localhost"
self.assertFalse(u.is_permitted(command))
def delete_permission(req, id):
ctx = Context()
found = False
for i in xrange(len(ctx.permissions)):
if ctx.permissions[i].id == id:
del ctx.permissions[i]
found = True
break
if not found:
raise Http404
for i in xrange(len(ctx.roles)):
for j in xrange(len(ctx.roles[i].permissions)):
if ctx.roles[i].permissions[j].id == id:
del ctx.roles[i].permissions[j]
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def permissions_search(req):
if not req.POST:
raise HttpError(400, "Invalid Request")
search = req.POST.get("search", "")
ctx = Context()
permissions = [
p for p in ctx.permissions if search.lower() in p.id.lower()
]
data = []
for p in permissions:
pdata = []
pdata.append("'id': '%s'" % p.id.replace("'", "\\'"))
pdata.append("'description': '%s'" % p.description.replace("'", "\\'"))
pdata.append("'type': '%s'" % p.type.replace("'", "\\'"))
cdata = []
for c in p.constraints:
ccdata = []
ccdata.append("'type': '%s'" % c.type.replace("'", "\\'"))
ccdata.append("'content': '%s'" %
c.content.replace("'", "\\'").replace("\\", "\\\\"))
cdata.append("{%s}" % ",".join(ccdata))
pdata.append("'constraints': [%s]" % ",".join(cdata))
data.append("{%s}" % ",".join(pdata))
return HttpResponse("[%s]" % ",".join(data), "text/plain")
def delete_permission(req, id):
ctx = Context()
found = False
for i in xrange(len(ctx.permissions)):
if ctx.permissions[i].id == id:
del ctx.permissions[i]
found = True
break
if not found:
raise Http404
for i in xrange(len(ctx.roles)):
for j in xrange(len(ctx.roles[i].permissions)):
if ctx.roles[i].permissions[j].id == id:
del ctx.roles[i].permissions[j]
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def login(req):
logger.debug("aeeeeeeeee")
response = HttpResponse()
error = ""
errorclass = "hide"
if req.POST:
ctx = Context()
user = ctx.get_user(req.POST['login'], req.POST['password'])
if user:
req.session['umit_user'] = user
return HttpResponseRedirect("/html/")
else:
error = "Incorrect username or password"
errorclass = ""
response.loadTemplate("html/login.html")
return response % {"error": error, "errorclass": errorclass}
class SecurityContextTestCase(unittest.TestCase):
logger = getLogger("SecurityContextTestCase")
file = "security.xml.sample"
def setUp(self):
self.context = Context()
self.logger.debug(str(len(self.context.roles)))
def tearDown(self):
del self.context
def testPermissions(self):
self.assertTrue(len(self.context.permissions) == 5)
self.assertEqual(self.context.permissions[0].id, "allow-all")
self.assertEqual(self.context.permissions[2].id, "deny-localhost")
self.assertEqual(len(self.context.permissions[2].constraints), 2)
def testRoles(self):
self.assertTrue(len(self.context.roles) == 2)
self.assertEqual(self.context.roles[1].id, "administrator")
def testUsers(self):
self.assertTrue(len(self.context.users) == 2)
u = self.context.get_user("user1", "123")
self.assertTrue(u is not None)
command = "nmap -v localhost"
self.assertFalse(u.is_permitted(command))
def add_user(req):
ctx = Context()
if not req.POST:
raise HttpError(400, "Invalid Request")
login = req.POST['login']
name = req.POST['name']
roles = req.POST['roles'].strip() and req.POST['roles'].split(",") or []
superuser = (req.POST['superuser'] == "yes")
password = req.POST['password']
if login in [u.login for u in ctx.users]:
return HttpResponse("{'result': 'FAIL', 'error': 'This login name already exists. Please, choose other.'}")
ctx.add_user(name, login, password, superuser, roles)
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def users_search(req):
ctx = Context()
users = []
search = req.POST['search']
for u in ctx.users:
if (search.lower() in u.login.lower()) or (search.lower()
in u.name.lower()):
users.append(u)
return HttpResponse(__users_to_json(users))
def get_permission(req, id):
ctx = Context()
perm = ctx.get_permission(id)
if perm is None:
raise Http404
data = []
data.append("'id': '%s'" % perm.id.replace("'", "\\'"))
data.append("'description': '%s'" % perm.description.replace("'", "\\'").replace("\n", "\\n'+\n'"))
data.append("'type': '%s'" % perm.type.replace("'", "\\'"))
ccdata = []
for c in perm.constraints:
cdata = []
cdata.append("'type': '%s'" % c.type)
cdata.append("'content': '%s'" % c.content.replace("'", "\\'").replace("\\", "\\\\").replace("\n", "\\n'+\n'"))
ccdata.append("{%s}" % ",".join(cdata))
data.append("'constraints': [%s]" % ",".join(ccdata))
return HttpResponse("{%s}" % ",".join(data))
def add_permission(req):
ctx = Context()
id = req.POST["id"]
description = req.POST["description"]
type = req.POST["type"]
constraint_types = req.POST["constraint_types"].strip() and \
req.POST['constraint_types'].split("\n") or []
constraints = req.POST["constraints"].strip() and \
req.POST['constraints'].split("\n") or []
if id in [p.id for p in ctx.permissions]:
return HttpResponse("{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}")
p = Permission(id, type)
p.description = description
for i, t in enumerate(constraint_types):
p.add_constraint(t, constraints[i])
ctx.permissions.append(p)
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def login(req):
resp = HttpResponse()
ctx = Context()
if req.POST:
resp['Content-type'] = "text/plain"
user = ctx.get_user(req.POST['login'], req.POST['password'])
if req.GET.has_key("json"):
if user:
req.session['umit_user'] = user
resp.write('OK')
else:
resp.write('FAIL')
return resp
else:
if user:
req.session['umit_user'] = user
return HttpResponseRedirect("/")
else:
resp.loadTemplate("login.html")
return resp
def edit_permission(req, id):
ctx = Context()
found = False
p = ctx.get_permission(id)
if p is None:
raise Http404
p.description = req.POST['description']
p.type = req.POST['type']
constraint_types = req.POST["constraint_types"].strip() and \
req.POST['constraint_types'].split("\n") or []
constraints = req.POST["constraints"].strip() and \
req.POST['constraints'].split("\n") or []
p.constraints = []
for i, t in enumerate(constraint_types):
p.add_constraint(t, constraints[i])
for i in xrange(len(ctx.permissions)):
if ctx.permissions[i].id == id:
ctx.permissions[i] = p
break
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def get_permission(req, id):
ctx = Context()
perm = ctx.get_permission(id)
if perm is None:
raise Http404
data = []
data.append("'id': '%s'" % perm.id.replace("'", "\\'"))
data.append("'description': '%s'" %
perm.description.replace("'", "\\'").replace("\n", "\\n'+\n'"))
data.append("'type': '%s'" % perm.type.replace("'", "\\'"))
ccdata = []
for c in perm.constraints:
cdata = []
cdata.append("'type': '%s'" % c.type)
cdata.append("'content': '%s'" % c.content.replace("'", "\\'").replace(
"\\", "\\\\").replace("\n", "\\n'+\n'"))
ccdata.append("{%s}" % ",".join(cdata))
data.append("'constraints': [%s]" % ",".join(ccdata))
return HttpResponse("{%s}" % ",".join(data))
def add_permission(req):
ctx = Context()
id = req.POST["id"]
description = req.POST["description"]
type = req.POST["type"]
constraint_types = req.POST["constraint_types"].strip() and \
req.POST['constraint_types'].split("\n") or []
constraints = req.POST["constraints"].strip() and \
req.POST['constraints'].split("\n") or []
if id in [p.id for p in ctx.permissions]:
return HttpResponse(
"{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}"
)
p = Permission(id, type)
p.description = description
for i, t in enumerate(constraint_types):
p.add_constraint(t, constraints[i])
ctx.permissions.append(p)
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def roles_search(req):
if not req.POST:
raise HttpError(400, "Invalid Request")
search = req.POST.get("search", "")
ctx = Context()
roles = [r for r in ctx.roles if search.lower() in r.id.lower()]
data = []
for r in roles:
rdata = []
rdata.append("'id': '%s'" % r.id.replace("'", "\\'"))
rdata.append("'description': '%s'" % r.description.replace("'", "\\'"))
rdata.append(
"'permissions': ['%s']" %
"','".join([p.id.replace("'", "\\'") for p in r.permissions]))
data.append("{%s}" % ",".join(rdata))
return HttpResponse("[%s]" % ",".join(data), "text/plain")
def edit_role(req, id):
ctx = Context()
role = ctx.get_role(id=id)
if not role:
raise Http404
role.description = req.POST['description']
role.permissions = []
for id in (req.POST['permissions'].strip()
and req.POST['permissions'].split(",") or []):
role.permissions.append(ctx.get_permission(id))
for i in xrange(len(ctx.roles)):
if ctx.roles[i].id == id:
ctx.roles[i] = role
break
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def add_role(req):
ctx = Context()
if not req.POST:
raise HttpError(400, "Invalid Request")
id = req.POST['id']
description = req.POST['description']
permissions = req.POST['permissions'].strip(
) and req.POST['permissions'].split(",") or []
if id in [p.id for p in ctx.roles]:
return HttpResponse(
"{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}"
)
ctx.add_role(id, description, permissions)
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def edit_role(req, id):
ctx = Context()
role = ctx.get_role(id=id)
if not role:
raise Http404
role.description = req.POST['description']
role.permissions = []
for id in (req.POST['permissions'].strip() and req.POST['permissions'].split(",") or []):
role.permissions.append(ctx.get_permission(id))
for i in xrange(len(ctx.roles)):
if ctx.roles[i].id == id:
ctx.roles[i] = role
break
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def add_user(req):
ctx = Context()
if not req.POST:
raise HttpError(400, "Invalid Request")
login = req.POST['login']
name = req.POST['name']
roles = req.POST['roles'].strip() and req.POST['roles'].split(",") or []
superuser = (req.POST['superuser'] == "yes")
password = req.POST['password']
if login in [u.login for u in ctx.users]:
return HttpResponse(
"{'result': 'FAIL', 'error': 'This login name already exists. Please, choose other.'}"
)
ctx.add_user(name, login, password, superuser, roles)
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def edit_user(req, id):
ctx = Context()
user = ctx.get_user(id=id)
if not user:
raise Http404
user.name = req.POST['name']
user.roles = []
for id in (req.POST['roles'].strip() and req.POST['roles'].split(",")
or []):
user.roles.append(ctx.get_role(id))
user.superuser = (req.POST['superuser'] == "yes")
if req.POST['password'].strip():
password = req.POST['password']
for i in xrange(len(ctx.users)):
if ctx.users[i].login == id:
ctx.users[i] = user
break
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def edit_user(req, id):
ctx = Context()
user = ctx.get_user(id=id)
if not user:
raise Http404
user.name = req.POST['name']
user.roles = []
for id in (req.POST['roles'].strip() and req.POST['roles'].split(",") or []):
user.roles.append(ctx.get_role(id))
user.superuser = (req.POST['superuser'] == "yes")
if req.POST['password'].strip():
password = req.POST['password']
for i in xrange(len(ctx.users)):
if ctx.users[i].login == id:
ctx.users[i] = user
break
ctx.write_xml()
return HttpResponse("{'result': 'OK'}")
def permissions_get_all(req):
ctx = Context()
return HttpResponse(
"['%s']" %
"','".join([p.id.replace("'", "\\'") for p in ctx.permissions]))
def setUp(self):
self.context = Context()
self.logger.debug(str(len(self.context.roles)))
def users_get_all(req):
ctx = Context()
return HttpResponse(__users_to_json(ctx.users))
def setUp(self):
self.context = Context()
self.logger.debug(str(len(self.context.roles)))
