def bofhd_login(self, uname, password): """ Authenticate and create session. :param string uname: The username :param string password: The password, preferably in latin-1 :return string: If authentication is successful, a session_id registered in BofhdSession is returned. This session_id can be used to run commands that requires authentication. :raise CerebrumError: If the user is not allowed to log in. """ account = Factory.get('Account')(self.db) try: account.find_by_name(uname) except Errors.NotFoundError: if isinstance(uname, unicode): uname = uname.encode('utf-8') self.logger.info( u'Failed login for %s from %s: unknown username', uname, format_addr(self.client_address)) raise CerebrumError("Unknown username or password") if isinstance(password, unicode): # crypt.crypt don't like unicode # TODO: ideally we should not hardcode charset here. password = password.encode('iso8859-1') if not account.verify_auth(password): self.logger.info( u'Failed login for %s from %s: password mismatch', uname, format_addr(self.client_address)) raise CerebrumError("Unknown username or password") # Check quarantines quarantines = self._get_quarantines(account) if quarantines: self.logger.info( 'Failed login for %s from %s: quarantines %s', uname, format_addr(self.client_address), ', '.join(quarantines)) raise CerebrumError( 'User has active quarantines, login denied: %s' % ', '.join(quarantines)) # Check expire_date if account.is_expired(): self.logger.info(u'Failed login for %s from %s: account expired', uname, format_addr(self.client_address)) raise CerebrumError('User is expired, login denied') try: self.logger.info(u'Successful login for %s from %s', uname, format_addr(self.client_address)) session = BofhdSession(self.db, self.logger) session_id = session.set_authenticated_entity( account.entity_id, self.client_address[0]) self.db_commit() self.server.sessions[session_id] = str(account.entity_id) return session_id except Exception: self.db_rollback() raise
def bofhd_login(self, uname, password): """ Authenticate and create session. :param string uname: The username :param string password: The password, preferably in latin-1 :return string: If authentication is successful, a session_id registered in BofhdSession is returned. This session_id can be used to run commands that requires authentication. :raise CerebrumError: If the user is not allowed to log in. """ stats_client = statsd.make_client(self.server.stats_config, prefix="bofhd.login") account = Factory.get('Account')(self.db) with stats_client.pipeline() as stats: try: account.find_by_name(uname) except Errors.NotFoundError: stats.incr('deny-creds') self.logger.info( 'Failed login for %r from %r: unknown username', uname, format_addr(self.client_address)) raise CerebrumError("Unknown username or password") if not account.verify_auth(password): stats.incr('deny-creds') self.logger.info( 'Failed login for %r from %r: password mismatch', uname, format_addr(self.client_address)) raise CerebrumError("Unknown username or password") # Check quarantines quarantines = self._get_quarantines(account) if quarantines: stats.incr('deny-quarantine') self.logger.info('Failed login for %r from %r: quarantines %s', uname, format_addr(self.client_address), quarantines) raise CerebrumError( 'User has active quarantines, login denied: %s' % ', '.join(quarantines)) # Check expire_date if account.is_expired(): stats.incr('deny-expire') self.logger.info( 'Failed login for %r from %r: account expired', uname, format_addr(self.client_address)) raise CerebrumError('User is expired, login denied') try: self.logger.info('Successful login for %r from %r', uname, format_addr(self.client_address)) session = BofhdSession(self.db, self.logger) session_id = session.set_authenticated_entity( account.entity_id, self.client_address[0]) self.db_commit() self.server.sessions[session_id] = str(account.entity_id) stats.incr('allow') return session_id except Exception: stats.incr('deny-error') self.db_rollback() raise