def bofhd_login(self, uname, password):
""" Authenticate and create session.
:param string uname: The username
:param string password: The password, preferably in latin-1
:return string:
If authentication is successful, a session_id registered in
BofhdSession is returned. This session_id can be used to run
commands that requires authentication.
:raise CerebrumError: If the user is not allowed to log in.
"""
account = Factory.get('Account')(self.db)
try:
account.find_by_name(uname)
except Errors.NotFoundError:
if isinstance(uname, unicode):
uname = uname.encode('utf-8')
self.logger.info(
u'Failed login for %s from %s: unknown username',
uname, format_addr(self.client_address))
raise CerebrumError("Unknown username or password")
if isinstance(password, unicode): # crypt.crypt don't like unicode
# TODO: ideally we should not hardcode charset here.
password = password.encode('iso8859-1')
if not account.verify_auth(password):
self.logger.info(
u'Failed login for %s from %s: password mismatch',
uname, format_addr(self.client_address))
raise CerebrumError("Unknown username or password")
# Check quarantines
quarantines = self._get_quarantines(account)
if quarantines:
self.logger.info(
'Failed login for %s from %s: quarantines %s',
uname, format_addr(self.client_address),
', '.join(quarantines))
raise CerebrumError(
'User has active quarantines, login denied: %s' %
', '.join(quarantines))
# Check expire_date
if account.is_expired():
self.logger.info(u'Failed login for %s from %s: account expired',
uname, format_addr(self.client_address))
raise CerebrumError('User is expired, login denied')
try:
self.logger.info(u'Successful login for %s from %s',
uname, format_addr(self.client_address))
session = BofhdSession(self.db, self.logger)
session_id = session.set_authenticated_entity(
account.entity_id, self.client_address[0])
self.db_commit()
self.server.sessions[session_id] = str(account.entity_id)
return session_id
except Exception:
self.db_rollback()
raise
def bofhd_login(self, uname, password):
""" Authenticate and create session.
:param string uname: The username
:param string password: The password, preferably in latin-1
:return string:
If authentication is successful, a session_id registered in
BofhdSession is returned. This session_id can be used to run
commands that requires authentication.
:raise CerebrumError: If the user is not allowed to log in.
"""
stats_client = statsd.make_client(self.server.stats_config,
prefix="bofhd.login")
account = Factory.get('Account')(self.db)
with stats_client.pipeline() as stats:
try:
account.find_by_name(uname)
except Errors.NotFoundError:
stats.incr('deny-creds')
self.logger.info(
'Failed login for %r from %r: unknown username', uname,
format_addr(self.client_address))
raise CerebrumError("Unknown username or password")
if not account.verify_auth(password):
stats.incr('deny-creds')
self.logger.info(
'Failed login for %r from %r: password mismatch', uname,
format_addr(self.client_address))
raise CerebrumError("Unknown username or password")
# Check quarantines
quarantines = self._get_quarantines(account)
if quarantines:
stats.incr('deny-quarantine')
self.logger.info('Failed login for %r from %r: quarantines %s',
uname, format_addr(self.client_address),
quarantines)
raise CerebrumError(
'User has active quarantines, login denied: %s' %
', '.join(quarantines))
# Check expire_date
if account.is_expired():
stats.incr('deny-expire')
self.logger.info(
'Failed login for %r from %r: account expired', uname,
format_addr(self.client_address))
raise CerebrumError('User is expired, login denied')
try:
self.logger.info('Successful login for %r from %r', uname,
format_addr(self.client_address))
session = BofhdSession(self.db, self.logger)
session_id = session.set_authenticated_entity(
account.entity_id, self.client_address[0])
self.db_commit()
self.server.sessions[session_id] = str(account.entity_id)
stats.incr('allow')
return session_id
except Exception:
stats.incr('deny-error')
self.db_rollback()
raise
