validating password functions
This commit is contained in:
parent
e64f9806bb
commit
0360d6c739
3 changed files with 79 additions and 16 deletions
71
clientsdb.py
71
clientsdb.py
|
@ -4,12 +4,14 @@
|
|||
|
||||
#import site packages
|
||||
import json
|
||||
import hmac
|
||||
import bcrypt
|
||||
|
||||
#import local packages
|
||||
import ioconfig
|
||||
import utils
|
||||
|
||||
def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
|
||||
def addclient(vmid, vmname, clientid, clientname, srvpass):
|
||||
""" add new client to the clientsdb.json """
|
||||
clientsdb = readclientsdb()
|
||||
|
||||
|
@ -21,12 +23,73 @@ def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
|
|||
newclient = { str(clientid):vcard }
|
||||
clientsdb.update(newclient)
|
||||
ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')')
|
||||
vmdata = { 'name':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
|
||||
vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
|
||||
clientsdb[str(clientid)][str(vmid)] = vmdata
|
||||
|
||||
writeclientsdb(clientsdb)
|
||||
|
||||
|
||||
def validate(vmname, srvpass):
|
||||
""" return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
|
||||
try:
|
||||
clientsdb = readclientsdb()
|
||||
path = utils.find_key(clientsdb, vmname)
|
||||
c_id = str(path[0])
|
||||
v_id = str(path[1])
|
||||
#check the returned path with forward query
|
||||
query = clientsdb[c_id][v_id]['hostname']
|
||||
except:
|
||||
return False
|
||||
|
||||
#double check
|
||||
if query != vmname:
|
||||
return False
|
||||
else:
|
||||
#try to capture the encrypted password
|
||||
try:
|
||||
encpass = clientsdb[c_id][v_id]['encpasswd']
|
||||
except:
|
||||
return False
|
||||
|
||||
#compare it with the requested password
|
||||
b_srvpass = srvpass.encode('utf-8')
|
||||
b_encpass = encpass.encode('utf-8')
|
||||
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
|
||||
#login successful
|
||||
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
|
||||
print('the gates are open!')
|
||||
return True
|
||||
|
||||
print('boo.')
|
||||
return False
|
||||
|
||||
|
||||
def setencpasswd(vmname, newpass):
|
||||
""" setup a new management password """
|
||||
salt = bcrypt.gensalt()
|
||||
b_newpass = newpass.encode('utf-8')
|
||||
encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')
|
||||
|
||||
try:
|
||||
clientsdb = readclientsdb()
|
||||
print(clientsdb)
|
||||
path = utils.find_key(clientsdb, vmname)
|
||||
print(path)
|
||||
c_id = str(path[0])
|
||||
v_id = str(path[1])
|
||||
#check the returned path with forward query
|
||||
query = clientsdb[c_id][v_id]['hostname']
|
||||
except:
|
||||
raise
|
||||
|
||||
if query != vmname:
|
||||
raise
|
||||
else:
|
||||
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
|
||||
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
|
||||
writeclientsdb(clientsdb)
|
||||
|
||||
|
||||
def vmowner(vmid, vmname, verbose):
|
||||
""" find the owner of the vm """
|
||||
clientsdb = readclientsdb()
|
||||
|
@ -61,3 +124,7 @@ def writeclientsdb(clientsdb):
|
|||
json.dump(clientsdb, dbw)
|
||||
dbw.close()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
setencpasswd('srv.test1.com', 'todos')
|
||||
validate('srv.test1.com', 'todos')
|
||||
|
|
|
@ -119,9 +119,8 @@ def vmcreate(req):
|
|||
#populate the client db and vm journal
|
||||
client_id = req['clientid']
|
||||
client_name = req['clientname']
|
||||
srv_user = req['username']
|
||||
srv_pass = req['password']
|
||||
clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_user, srv_pass)
|
||||
clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_pass)
|
||||
journaldb.createjnode(vm_id, region_id, slave_id)
|
||||
|
||||
#start the machihe
|
||||
|
|
19
utils.py
19
utils.py
|
@ -51,18 +51,15 @@ def get_rec(search_dict, field):
|
|||
return fields_found
|
||||
|
||||
|
||||
def gen_dict_extract(key, var):
|
||||
if hasattr(var,'iteritems'):
|
||||
for k, v in var.iteritems():
|
||||
if k == key:
|
||||
yield v
|
||||
def find_key(search_dict, key):
|
||||
""" takes a nested dict and returns the path for the searched value """
|
||||
for k,v in search_dict.items():
|
||||
if isinstance(v,dict):
|
||||
for result in gen_dict_extract(key, v):
|
||||
yield result
|
||||
elif isinstance(v, list):
|
||||
for d in v:
|
||||
for result in gen_dict_extract(key, d):
|
||||
yield result
|
||||
p = find_key(v,key)
|
||||
if p:
|
||||
return [k] + p
|
||||
elif v == key:
|
||||
return [k]
|
||||
|
||||
|
||||
def chained_get(dct, *keys):
|
||||
|
|
Loading…
Reference in a new issue