class AuthenticationHandler(Daemon): def __init__(self, useSSL=True): Daemon.__init__(self, useSSL) self.__MIN_ID = 100000 self.__MAX_ID = 100000000 self.__SESSION_TIMEOUT_HOURS = 48 self.__loggedInUsers = {} self.__reverseLoggedInUsers = {} self.__userProtocols = {} self.__systemProtocol = Protocol(None) self.__controlProtocol = Protocol(None) try: self.__systemProtocol.open(DaemonLocations.systemDaemon[0], DaemonLocations.systemDaemon[1]) except: print "warning, could not connect to system daemon" try: self.__controlProtocol.open(DaemonLocations.controlDaemon[0], DaemonLocations.controlDaemon[1]) except: print "warning, could not connect to control daemon" self.registerMethodHandler("login", self.login) self.registerMethodHandler("logout", self.logout) self.registerMethodHandler("system", self.systemOperation) self.registerMethodHandler("control", self.controlOperation) self.__consoleOperationReply = None self.__controlOperationReply = None self.__systemOperationReply = None self.__ldapClient = LDAPClient("ldap://henldap:389") def login(self, prot, seq, ln, payload): (username, password) = pickle.loads(payload) validLogin = self.__ldapClient.authenticate(username, password) groups = None if (validLogin): ldapInfo = self.__ldapClient.getUserInfoByLogin(username) groups = ldapInfo.getGroups() email = ldapInfo.getEmail() loggedInID = random.randint(self.__MIN_ID, self.__MAX_ID) loginDate = datetime.datetime.now() loggedInUser = LoggedInUser(username, loggedInID, email, \ loginDate, groups) self.__loggedInUsers[loggedInID] = loggedInUser self.__reverseLoggedInUsers[username] = loggedInID prot.sendReply(200, seq, str(loggedInID)) else: prot.sendReply(421, seq, "") def logout(self, prot, seq, ln, payload): loggedInID = int(pickle.loads(payload)) if (self.__loggedInUsers.has_key(loggedInID)): del self.__loggedInUsers[loggedInID] if (self.__reverseLoggedInUsers.has_key(loggedInID)): del self.__reverseLoggedInUsers[loggedInID] if (self.__userProtocols.has_key(loggedInID)): del self.__userProtocols[loggedInID] prot.sendReply(200, seq, "") def systemOperation(self, prot, seq, ln, payload): (loggedInID, operation, parameters) = pickle.loads(payload) if (not self.__isLoggedIn(loggedInID, prot, seq)): return username = self.__loggedInUsers[loggedInID].getUsername() groups = self.__loggedInUsers[loggedInID].getGroups() result = self.__systemProtocol.doSynchronousCall(operation, \ pickle.dumps((username, groups, parameters))) resID = len(result) - 1 if resID < 0: prot.sendReply(500, seq, "Got 0 result from systemdaemon!") return else: prot.sendReply(result[resID][0], seq, result[resID][2]) def controlOperation(self, prot, seq, ln, payload): (loggedInID, operation, parameters) = pickle.loads(payload) print loggedInID, operation, parameters # Special console case if ((operation == "console") or (operation == "console_output")): self.__console(prot, seq, ln, payload) return if (not self.__isLoggedIn(loggedInID, prot, seq)): return username = self.__loggedInUsers[loggedInID].getUsername() groups = self.__loggedInUsers[loggedInID].getGroups() result = self.__controlProtocol.doSynchronousCall(operation, \ pickle.dumps((username, groups, parameters))) resID = len(result) - 1 #print "got result",result if resID < 0: prot.sendReply(500, seq, "Got 0 result from controldaemon!") return else: prot.sendReply(result[resID][0], seq, result[resID][2]) def __console(self, prot, seq, ln, payload): (loggedInID, operation, parameters) = pickle.loads(payload) # Request from hm client if (operation == "console"): if (not self.__isLoggedIn(loggedInID, prot, seq)): return username = self.__loggedInUsers[loggedInID].getUsername() groups = self.__loggedInUsers[loggedInID].getGroups() action = parameters[0] # Record client protocol so we can later reply to it if (not self.__userProtocols.has_key(loggedInID)): self.__userProtocols[loggedInID] = prot self.__controlProtocol.sendRequest("console", \ pickle.dumps((username, groups, parameters)), \ self.__consoleOperationReplyHandler) if (action == "open" or action == "close"): self.__controlProtocol.readAndProcess() prot.sendReply(self.__consoleOperationReply[0], seq, self.__consoleOperationReply[3]) # Request from control daemon, forward to console client elif (operation == "console_output"): (username, operation, parameters) = pickle.loads(payload) consoleOutput = parameters[0] loggedInID = self.__reverseLoggedInUsers[username] payload = pickle.dumps((200, consoleOutput)) self.__userProtocols[loggedInID].sendRequest( "console", payload, self.__consoleOperationReplyHandler) else: print "unknown console operation received" return prot.sendRequest("console", self.__consoleOperationReply[3], self.__consoleOperationReplyHandler) def __consoleOperationReplyHandler(self, code, seq, sz, payload): self.__consoleOperationReply = (code, seq, sz, payload) def __isLoggedIn(self, loggedInID, prot, seq): if ((not self.__loggedInUsers.has_key(loggedInID)) or \ self.__hasSessionExpired(loggedInID)): print "not logged in" prot.sendReply(400, seq, "") return False return True def __hasSessionExpired(self, loggedInID): loginDate = self.__loggedInUsers[loggedInID].getLoginDate() now = datetime.datetime.now() difference = now - loginDate minutes, seconds = divmod(difference.seconds, 60) hours, minutes = divmod(minutes, 60) sessionTime = hours + (24 * difference.days) if (sessionTime > self.__SESSION_TIMEOUT_HOURS): return True return False
from auxiliary.ldapclient import LDAPClient serverURL = "ldap://henldap:389" #login = "******" login = "******" password = "******" ldapClient = LDAPClient(serverURL) print ldapClient.authenticate(login, password) #ldapInfo = ldapClient.getUserInfoByLogin("fhuici") #print str(ldapInfo) #print ldapInfo.getMD5Object().digest() #ldapInfo = ldapClient.getUserInfoByLogin("fhuici") #print ldapInfo.getGroups()
print "Content-Type: text/xml" print "" print "" # read data from standard in data = sys.stdin.read() form = cgi.parse_qs(data) # Make sure that the necessary cgi parameters are given and retrieve them if ( (not form.has_key("username")) or (not form.has_key("password")) ): sys.exit() username = form['username'][0] password = form['password'][0] ldapClient = LDAPClient("ldap://henldap:389") validLogin = ldapClient.authenticate(username, password) groups = None if (validLogin): groups = ldapClient.getUserInfoByLogin(username).getGroups() # Print the results string = '<ldapresponse validlogin="******">\n' if (groups): for group in groups: string += '\t<group id="' + str(group) + '" />\n' string += '</ldapresponse>' print string
class AuthenticationHandler(Daemon): def __init__(self, useSSL=True): Daemon.__init__(self, useSSL) self.__MIN_ID = 100000 self.__MAX_ID = 100000000 self.__SESSION_TIMEOUT_HOURS = 48 self.__loggedInUsers = {} self.__reverseLoggedInUsers = {} self.__userProtocols = {} self.__systemProtocol = Protocol(None) self.__controlProtocol = Protocol(None) try: self.__systemProtocol.open(DaemonLocations.systemDaemon[0], DaemonLocations.systemDaemon[1]) except: print "warning, could not connect to system daemon" try: self.__controlProtocol.open(DaemonLocations.controlDaemon[0], DaemonLocations.controlDaemon[1]) except: print "warning, could not connect to control daemon" self.registerMethodHandler("login", self.login) self.registerMethodHandler("logout", self.logout) self.registerMethodHandler("system", self.systemOperation) self.registerMethodHandler("control", self.controlOperation) self.__consoleOperationReply = None self.__controlOperationReply = None self.__systemOperationReply = None self.__ldapClient = LDAPClient("ldap://henldap:389") def login(self,prot,seq,ln,payload): (username, password) = pickle.loads(payload) validLogin = self.__ldapClient.authenticate(username, password) groups = None if (validLogin): ldapInfo = self.__ldapClient.getUserInfoByLogin(username) groups = ldapInfo.getGroups() email = ldapInfo.getEmail() loggedInID = random.randint(self.__MIN_ID, self.__MAX_ID) loginDate = datetime.datetime.now() loggedInUser = LoggedInUser(username, loggedInID, email, \ loginDate, groups) self.__loggedInUsers[loggedInID] = loggedInUser self.__reverseLoggedInUsers[username] = loggedInID prot.sendReply(200, seq, str(loggedInID)) else: prot.sendReply(421, seq, "") def logout(self,prot,seq,ln,payload): loggedInID = int(pickle.loads(payload)) if (self.__loggedInUsers.has_key(loggedInID)): del self.__loggedInUsers[loggedInID] if (self.__reverseLoggedInUsers.has_key(loggedInID)): del self.__reverseLoggedInUsers[loggedInID] if (self.__userProtocols.has_key(loggedInID)): del self.__userProtocols[loggedInID] prot.sendReply(200,seq,"") def systemOperation(self,prot,seq,ln,payload): (loggedInID, operation, parameters) = pickle.loads(payload) if (not self.__isLoggedIn(loggedInID, prot, seq)): return username = self.__loggedInUsers[loggedInID].getUsername() groups = self.__loggedInUsers[loggedInID].getGroups() result = self.__systemProtocol.doSynchronousCall(operation, \ pickle.dumps((username, groups, parameters))) resID = len(result)-1 if resID<0: prot.sendReply(500,seq,"Got 0 result from systemdaemon!") return else: prot.sendReply(result[resID][0],seq,result[resID][2]) def controlOperation(self,prot,seq,ln,payload): (loggedInID, operation, parameters) = pickle.loads(payload) print loggedInID, operation, parameters # Special console case if ((operation == "console") or (operation == "console_output")): self.__console(prot,seq,ln,payload) return if (not self.__isLoggedIn(loggedInID, prot, seq)): return username = self.__loggedInUsers[loggedInID].getUsername() groups = self.__loggedInUsers[loggedInID].getGroups() result = self.__controlProtocol.doSynchronousCall(operation, \ pickle.dumps((username, groups, parameters))) resID = len(result)-1 #print "got result",result if resID<0: prot.sendReply(500,seq,"Got 0 result from controldaemon!") return else: prot.sendReply(result[resID][0],seq,result[resID][2]) def __console(self,prot,seq,ln,payload): (loggedInID, operation, parameters) = pickle.loads(payload) # Request from hm client if (operation == "console"): if (not self.__isLoggedIn(loggedInID, prot, seq)): return username = self.__loggedInUsers[loggedInID].getUsername() groups = self.__loggedInUsers[loggedInID].getGroups() action = parameters[0] # Record client protocol so we can later reply to it if (not self.__userProtocols.has_key(loggedInID)): self.__userProtocols[loggedInID] = prot self.__controlProtocol.sendRequest("console", \ pickle.dumps((username, groups, parameters)), \ self.__consoleOperationReplyHandler) if (action == "open" or action == "close"): self.__controlProtocol.readAndProcess() prot.sendReply(self.__consoleOperationReply[0], seq, self.__consoleOperationReply[3]) # Request from control daemon, forward to console client elif (operation == "console_output"): (username, operation, parameters) = pickle.loads(payload) consoleOutput = parameters[0] loggedInID = self.__reverseLoggedInUsers[username] payload = pickle.dumps((200, consoleOutput)) self.__userProtocols[loggedInID].sendRequest("console", payload, self.__consoleOperationReplyHandler) else: print "unknown console operation received" return prot.sendRequest("console", self.__consoleOperationReply[3], self.__consoleOperationReplyHandler) def __consoleOperationReplyHandler(self, code, seq, sz, payload): self.__consoleOperationReply = (code, seq, sz, payload) def __isLoggedIn(self, loggedInID, prot, seq): if ((not self.__loggedInUsers.has_key(loggedInID)) or \ self.__hasSessionExpired(loggedInID)): print "not logged in" prot.sendReply(400,seq,"") return False return True def __hasSessionExpired(self, loggedInID): loginDate = self.__loggedInUsers[loggedInID].getLoginDate() now = datetime.datetime.now() difference = now - loginDate minutes, seconds = divmod(difference.seconds, 60) hours, minutes = divmod(minutes, 60) sessionTime = hours + (24 * difference.days) if (sessionTime > self.__SESSION_TIMEOUT_HOURS): return True return False
from auxiliary.ldapclient import LDAPClient serverURL = "ldap://henldap:389" # login = "******" login = "******" password = "******" ldapClient = LDAPClient(serverURL) print ldapClient.authenticate(login, password) # ldapInfo = ldapClient.getUserInfoByLogin("fhuici") # print str(ldapInfo) # print ldapInfo.getMD5Object().digest() # ldapInfo = ldapClient.getUserInfoByLogin("fhuici") # print ldapInfo.getGroups()