validating password functions

This commit is contained in:
deflax 2016-03-04 03:51:54 +02:00
parent e64f9806bb
commit 0360d6c739
3 changed files with 79 additions and 16 deletions

View file

@ -4,12 +4,14 @@
#import site packages #import site packages
import json import json
import hmac
import bcrypt
#import local packages #import local packages
import ioconfig import ioconfig
import utils import utils
def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass): def addclient(vmid, vmname, clientid, clientname, srvpass):
""" add new client to the clientsdb.json """ """ add new client to the clientsdb.json """
clientsdb = readclientsdb() clientsdb = readclientsdb()
@ -21,12 +23,73 @@ def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
newclient = { str(clientid):vcard } newclient = { str(clientid):vcard }
clientsdb.update(newclient) clientsdb.update(newclient)
ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')') ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')')
vmdata = { 'name':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) } vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
clientsdb[str(clientid)][str(vmid)] = vmdata clientsdb[str(clientid)][str(vmid)] = vmdata
writeclientsdb(clientsdb) writeclientsdb(clientsdb)
def validate(vmname, srvpass):
""" return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
try:
clientsdb = readclientsdb()
path = utils.find_key(clientsdb, vmname)
c_id = str(path[0])
v_id = str(path[1])
#check the returned path with forward query
query = clientsdb[c_id][v_id]['hostname']
except:
return False
#double check
if query != vmname:
return False
else:
#try to capture the encrypted password
try:
encpass = clientsdb[c_id][v_id]['encpasswd']
except:
return False
#compare it with the requested password
b_srvpass = srvpass.encode('utf-8')
b_encpass = encpass.encode('utf-8')
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
#login successful
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
print('the gates are open!')
return True
print('boo.')
return False
def setencpasswd(vmname, newpass):
""" setup a new management password """
salt = bcrypt.gensalt()
b_newpass = newpass.encode('utf-8')
encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')
try:
clientsdb = readclientsdb()
print(clientsdb)
path = utils.find_key(clientsdb, vmname)
print(path)
c_id = str(path[0])
v_id = str(path[1])
#check the returned path with forward query
query = clientsdb[c_id][v_id]['hostname']
except:
raise
if query != vmname:
raise
else:
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
writeclientsdb(clientsdb)
def vmowner(vmid, vmname, verbose): def vmowner(vmid, vmname, verbose):
""" find the owner of the vm """ """ find the owner of the vm """
clientsdb = readclientsdb() clientsdb = readclientsdb()
@ -61,3 +124,7 @@ def writeclientsdb(clientsdb):
json.dump(clientsdb, dbw) json.dump(clientsdb, dbw)
dbw.close() dbw.close()
if __name__ == '__main__':
setencpasswd('srv.test1.com', 'todos')
validate('srv.test1.com', 'todos')

View file

@ -119,9 +119,8 @@ def vmcreate(req):
#populate the client db and vm journal #populate the client db and vm journal
client_id = req['clientid'] client_id = req['clientid']
client_name = req['clientname'] client_name = req['clientname']
srv_user = req['username']
srv_pass = req['password'] srv_pass = req['password']
clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_user, srv_pass) clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_pass)
journaldb.createjnode(vm_id, region_id, slave_id) journaldb.createjnode(vm_id, region_id, slave_id)
#start the machihe #start the machihe

View file

@ -51,18 +51,15 @@ def get_rec(search_dict, field):
return fields_found return fields_found
def gen_dict_extract(key, var): def find_key(search_dict, key):
if hasattr(var,'iteritems'): """ takes a nested dict and returns the path for the searched value """
for k, v in var.iteritems(): for k,v in search_dict.items():
if k == key: if isinstance(v,dict):
yield v p = find_key(v,key)
if isinstance(v, dict): if p:
for result in gen_dict_extract(key, v): return [k] + p
yield result elif v == key:
elif isinstance(v, list): return [k]
for d in v:
for result in gen_dict_extract(key, d):
yield result
def chained_get(dct, *keys): def chained_get(dct, *keys):