validating password functions

2016-03-04 03:51:54 +02:00 · 2016-03-04 03:51:54 +02:00 · 0360d6c739
commit 0360d6c739
parent e64f9806bb
3 changed files with 79 additions and 16 deletions
--- a/clientsdb.py
+++ b/clientsdb.py
@ -4,12 +4,14 @@

 #import site packages
 import json
+import hmac
+import bcrypt

 #import local packages
 import ioconfig
 import utils

-def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
+def addclient(vmid, vmname, clientid, clientname, srvpass):
    """ add new client to the clientsdb.json """
    clientsdb = readclientsdb()

@ -21,12 +23,73 @@ def addclient(vmid, vmname, clientid, clientname, srvuser, srvpass):
        newclient = { str(clientid):vcard }
        clientsdb.update(newclient)
    ioconfig.logger.info('clients> vmid ' + vmid + ' will be owned by ' + clientid + ' (' + clientname + ')')
-    vmdata = { 'name':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
+    vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
    clientsdb[str(clientid)][str(vmid)] = vmdata

    writeclientsdb(clientsdb)


+def validate(vmname, srvpass):
+    """ return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
+    try:
+        clientsdb = readclientsdb()
+        path = utils.find_key(clientsdb, vmname)
+        c_id = str(path[0])
+        v_id = str(path[1])
+        #check the returned path with forward query
+        query = clientsdb[c_id][v_id]['hostname']
+    except:
+        return False
+
+    #double check
+    if query != vmname:
+        return False
+    else:
+        #try to capture the encrypted password
+        try:
+            encpass = clientsdb[c_id][v_id]['encpasswd']
+        except:
+            return False
+
+        #compare it with the requested password
+        b_srvpass = srvpass.encode('utf-8')
+        b_encpass = encpass.encode('utf-8')
+        if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
+            #login successful
+            ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
+            print('the gates are open!')
+            return True
+
+    print('boo.')
+    return False
+
+
+def setencpasswd(vmname, newpass):
+    """ setup a new management password """
+    salt = bcrypt.gensalt()
+    b_newpass = newpass.encode('utf-8')
+    encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')
+
+    try:
+        clientsdb = readclientsdb()
+        print(clientsdb)
+        path = utils.find_key(clientsdb, vmname)
+        print(path)
+        c_id = str(path[0])
+        v_id = str(path[1])
+        #check the returned path with forward query
+        query = clientsdb[c_id][v_id]['hostname']
+    except:
+        raise
+
+    if query != vmname:
+        raise
+    else:
+        clientsdb[c_id][v_id]['encpasswd'] = encpasswd
+        ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
+        writeclientsdb(clientsdb)
+
+
 def vmowner(vmid, vmname, verbose):
    """ find the owner of the vm """
    clientsdb = readclientsdb()
@ -61,3 +124,7 @@ def writeclientsdb(clientsdb):
        json.dump(clientsdb, dbw)
    dbw.close()

+
+if __name__ == '__main__':
+    setencpasswd('srv.test1.com', 'todos')
+    validate('srv.test1.com', 'todos')
--- a/plugin.py
+++ b/plugin.py
@ -119,9 +119,8 @@ def vmcreate(req):
    #populate the client db and vm journal
    client_id = req['clientid']
    client_name = req['clientname']
-    srv_user = req['username']
    srv_pass = req['password']
-    clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_user, srv_pass)
+    clientsdb.addclient(vm_id, vm_name, client_id, client_name, srv_pass)
    journaldb.createjnode(vm_id, region_id, slave_id)

    #start the machihe
--- a/utils.py
+++ b/utils.py
@ -51,18 +51,15 @@ def get_rec(search_dict, field):
    return fields_found


-def gen_dict_extract(key, var):
-    if hasattr(var,'iteritems'):
-        for k, v in var.iteritems():
-            if k == key:
-                yield v
-            if isinstance(v, dict):
-                for result in gen_dict_extract(key, v):
-                    yield result
-            elif isinstance(v, list):
-                for d in v:
-                    for result in gen_dict_extract(key, d):
-                        yield result
+def find_key(search_dict, key):
+    """ takes a nested dict and returns the path for the searched value """
+    for k,v in search_dict.items():
+        if isinstance(v,dict):
+            p = find_key(v,key)
+            if p:
+                return [k] + p
+        elif v == key:
+            return [k]


 def chained_get(dct, *keys):