2016-02-15 05:30:43 -05:00
|
|
|
# -*- coding: utf-8
|
|
|
|
#
|
|
|
|
# manage clientsdb.json
|
|
|
|
|
|
|
|
#import site packages
|
|
|
|
import json
|
2016-03-03 20:51:54 -05:00
|
|
|
import hmac
|
|
|
|
import bcrypt
|
2016-02-15 05:30:43 -05:00
|
|
|
|
|
|
|
#import local packages
|
|
|
|
import ioconfig
|
|
|
|
import utils
|
|
|
|
|
2016-03-03 20:51:54 -05:00
|
|
|
def addclient(vmid, vmname, clientid, clientname, srvpass):
|
2016-02-15 05:30:43 -05:00
|
|
|
""" add new client to the clientsdb.json """
|
|
|
|
clientsdb = readclientsdb()
|
2016-03-01 22:01:33 -05:00
|
|
|
|
2016-02-15 05:30:43 -05:00
|
|
|
if str(clientid) in clientsdb:
|
|
|
|
ioconfig.logger.info('clients> client ' + clientid + ' already exists. merging.')
|
|
|
|
else:
|
|
|
|
ioconfig.logger.info('clients> client ' + clientid + ' does not exist. creating.')
|
|
|
|
vcard = { 'name':str(clientname) }
|
|
|
|
newclient = { str(clientid):vcard }
|
|
|
|
clientsdb.update(newclient)
|
|
|
|
ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')')
|
2016-03-03 20:51:54 -05:00
|
|
|
vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
|
2016-02-15 05:30:43 -05:00
|
|
|
clientsdb[str(clientid)][str(vmid)] = vmdata
|
2016-03-01 22:01:33 -05:00
|
|
|
|
2016-02-15 05:30:43 -05:00
|
|
|
writeclientsdb(clientsdb)
|
|
|
|
|
|
|
|
|
2016-03-03 20:51:54 -05:00
|
|
|
def validate(vmname, srvpass):
|
2016-03-07 12:25:13 -05:00
|
|
|
""" return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """
|
2016-03-03 20:51:54 -05:00
|
|
|
try:
|
|
|
|
clientsdb = readclientsdb()
|
|
|
|
path = utils.find_key(clientsdb, vmname)
|
|
|
|
c_id = str(path[0])
|
|
|
|
v_id = str(path[1])
|
|
|
|
#check the returned path with forward query
|
|
|
|
query = clientsdb[c_id][v_id]['hostname']
|
|
|
|
except:
|
|
|
|
return False
|
|
|
|
|
|
|
|
#double check
|
|
|
|
if query != vmname:
|
2016-03-07 12:25:13 -05:00
|
|
|
return None
|
2016-03-03 20:51:54 -05:00
|
|
|
else:
|
|
|
|
#try to capture the encrypted password
|
|
|
|
try:
|
|
|
|
encpass = clientsdb[c_id][v_id]['encpasswd']
|
|
|
|
except:
|
2016-03-07 12:25:13 -05:00
|
|
|
#cant query password
|
|
|
|
return None
|
2016-03-03 20:51:54 -05:00
|
|
|
|
|
|
|
#compare it with the requested password
|
|
|
|
b_srvpass = srvpass.encode('utf-8')
|
|
|
|
b_encpass = encpass.encode('utf-8')
|
|
|
|
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
|
|
|
|
#login successful
|
|
|
|
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
|
2016-03-07 12:25:13 -05:00
|
|
|
#TODO: generate ticket for double check
|
|
|
|
generated_ticket = 'TODO'
|
|
|
|
response = { 'vpsid':v_id, 'ticket':generated_ticket }
|
|
|
|
return response
|
|
|
|
else:
|
|
|
|
ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id)
|
|
|
|
#cant compare password
|
|
|
|
return None
|
|
|
|
return None
|
2016-03-03 20:51:54 -05:00
|
|
|
|
|
|
|
|
|
|
|
def setencpasswd(vmname, newpass):
|
|
|
|
""" setup a new management password """
|
|
|
|
salt = bcrypt.gensalt()
|
|
|
|
b_newpass = newpass.encode('utf-8')
|
|
|
|
encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')
|
|
|
|
|
|
|
|
try:
|
|
|
|
clientsdb = readclientsdb()
|
2016-03-07 12:25:13 -05:00
|
|
|
#print(clientsdb)
|
2016-03-03 20:51:54 -05:00
|
|
|
path = utils.find_key(clientsdb, vmname)
|
2016-03-07 12:25:13 -05:00
|
|
|
#print(path)
|
2016-03-03 20:51:54 -05:00
|
|
|
c_id = str(path[0])
|
|
|
|
v_id = str(path[1])
|
|
|
|
#check the returned path with forward query
|
|
|
|
query = clientsdb[c_id][v_id]['hostname']
|
|
|
|
except:
|
|
|
|
raise
|
|
|
|
|
|
|
|
if query != vmname:
|
|
|
|
raise
|
|
|
|
else:
|
|
|
|
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
|
2016-03-07 12:25:13 -05:00
|
|
|
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id))
|
2016-03-03 20:51:54 -05:00
|
|
|
writeclientsdb(clientsdb)
|
2016-03-07 12:25:13 -05:00
|
|
|
#TODO: change lxc container password
|
2016-03-03 20:51:54 -05:00
|
|
|
|
|
|
|
|
2016-02-15 05:30:43 -05:00
|
|
|
def vmowner(vmid, vmname, verbose):
|
|
|
|
""" find the owner of the vm """
|
|
|
|
clientsdb = readclientsdb()
|
|
|
|
try:
|
|
|
|
clientid = utils.get_rec(clientsdb, str(vmid))[0]['ownerid']
|
|
|
|
clientname = clientsdb[str(clientid)]['name']
|
|
|
|
except:
|
|
|
|
raise
|
|
|
|
clientid = '0' #unknown owner
|
|
|
|
clientname = 'unknown'
|
|
|
|
if verbose:
|
|
|
|
ioconfig.logger.info('clients> the owner of ' + str(vmid) + ' (' + vmname + ') is ' + str(clientid) + ' (' + clientname + ')')
|
|
|
|
return clientid
|
|
|
|
|
|
|
|
|
|
|
|
def readclientsdb():
|
|
|
|
""" read client db """
|
|
|
|
try:
|
|
|
|
with open('clients.json') as dbr:
|
|
|
|
clientsdb = json.load(dbr)
|
|
|
|
dbr.close()
|
|
|
|
except:
|
|
|
|
clientsdb = {}
|
|
|
|
ioconfig.logger.warning('clients> initializing...')
|
|
|
|
#writeclientsdb(clientsdb)
|
|
|
|
return clientsdb
|
|
|
|
|
|
|
|
|
|
|
|
def writeclientsdb(clientsdb):
|
|
|
|
""" write db """
|
|
|
|
with open('clients.json', 'w') as dbw:
|
|
|
|
json.dump(clientsdb, dbw)
|
|
|
|
dbw.close()
|
|
|
|
|
2016-03-03 20:51:54 -05:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
setencpasswd('srv.test1.com', 'todos')
|
|
|
|
validate('srv.test1.com', 'todos')
|