From f8d7b32d0fa75cdfd61aa6595c9618afa6ed90ac Mon Sep 17 00:00:00 2001 From: deflax Date: Mon, 7 Mar 2016 19:25:13 +0200 Subject: [PATCH] validating route functions --- clientsdb.py | 28 +++++++++++++++++----------- proxmaster.py | 22 ++++++++++++++++++++++ 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/clientsdb.py b/clientsdb.py index b7e6ecd..a812383 100644 --- a/clientsdb.py +++ b/clientsdb.py @@ -30,7 +30,7 @@ def addclient(vmid, vmname, clientid, clientname, srvpass): def validate(vmname, srvpass): - """ return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """ + """ return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """ try: clientsdb = readclientsdb() path = utils.find_key(clientsdb, vmname) @@ -43,13 +43,14 @@ def validate(vmname, srvpass): #double check if query != vmname: - return False + return None else: #try to capture the encrypted password try: encpass = clientsdb[c_id][v_id]['encpasswd'] except: - return False + #cant query password + return None #compare it with the requested password b_srvpass = srvpass.encode('utf-8') @@ -57,11 +58,15 @@ def validate(vmname, srvpass): if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)): #login successful ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id)) - print('the gates are open!') - return True - - print('boo.') - return False + #TODO: generate ticket for double check + generated_ticket = 'TODO' + response = { 'vpsid':v_id, 'ticket':generated_ticket } + return response + else: + ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id) + #cant compare password + return None + return None def setencpasswd(vmname, newpass): @@ -72,9 +77,9 @@ def setencpasswd(vmname, newpass): try: clientsdb = readclientsdb() - print(clientsdb) + #print(clientsdb) path = utils.find_key(clientsdb, vmname) - print(path) + #print(path) c_id = str(path[0]) v_id = str(path[1]) #check the returned path with forward query @@ -86,8 +91,9 @@ def setencpasswd(vmname, newpass): raise else: clientsdb[c_id][v_id]['encpasswd'] = encpasswd - ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id)) + ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id)) writeclientsdb(clientsdb) + #TODO: change lxc container password def vmowner(vmid, vmname, verbose): diff --git a/proxmaster.py b/proxmaster.py index 1642cef..5f88ca1 100644 --- a/proxmaster.py +++ b/proxmaster.py @@ -14,6 +14,7 @@ import urllib.parse import ioconfig import grid import plugin +import clientsdb config = ioconfig.parser logger = ioconfig.logger @@ -43,6 +44,23 @@ def apicheck(params): return (status, response) #API methods +class Validate(object): + def on_post(self, req, resp): + """ get domain name and mgmt pass and compare it with the client db and returns an authed object ID """ + domain = req.params['domain'] + passwd = req.params['password'] + logger.info('grid> access requested for {} with {}'.format(domain, passwd)) + #apicheck_stat, apicheck_resp = apicheck(req.params) + response = clientsdb.validate(domain, passwd) + if response is not None: + resp.status = falcon.HTTP_200 + resp.body = response + else: + resp.status = falcon.HTTP_403 + resp.body = 'ERR' + + + class ClusterResource(object): def on_get(self, req, resp): """TEST ONLY. List cluster nodes. TEST ONLY""" @@ -92,6 +110,7 @@ class StatusResource(object): resp.status = falcon.HTTP_403 resp.body = apicheck_resp + class DeleteResource(object): def on_post(self, req, resp, vmid): """ delete machine completely""" @@ -240,6 +259,9 @@ welcome() #grid.sync() # setup routes +res_validate = Validate() +api.add_route('/instance/auth', res_validate) + res_cluster = ClusterResource() api.add_route('/instance', res_cluster)