# -*- coding: utf-8 # # manage clientsdb.json #import site packages import json import hmac import bcrypt #import local packages import ioconfig import utils def addclient(vmid, vmname, clientid, clientname, clientemail, srvpass): """ add new client to the clientsdb.json """ clientsdb = readclientsdb() if str(clientid) in clientsdb: ioconfig.logger.info('clients> client ' + clientid + ' already exists. merging.') else: ioconfig.logger.info('clients> client ' + clientid + ' does not exist. creating.') vcard = { 'name':str(clientname), 'email':str(clientemail) } newclient = { str(clientid):vcard } clientsdb.update(newclient) ioconfig.logger.info('clients> vmid {} owner set to {} (id: {}, email: {})'.format(vmid, clientname, clientid, clientemail)) vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) } clientsdb[str(clientid)][str(vmid)] = vmdata writeclientsdb(clientsdb) def validate(vmname, srvpass): """ return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """ try: clientsdb = readclientsdb() path = utils.get_path(clientsdb, vmname) c_id = str(path[0]) v_id = str(path[1]) #check the returned path with forward query query = clientsdb[c_id][v_id]['hostname'] except: return False #double check if query != vmname: return None else: #try to capture the encrypted password try: encpass = clientsdb[c_id][v_id]['encpasswd'] except: #cant query password return None #compare it with the requested password b_srvpass = srvpass.encode('utf-8') b_encpass = encpass.encode('utf-8') if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)): #login successful ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id)) #TODO: generate ticket for double check generated_ticket = 'TODO' response = { 'vpsid':v_id, 'ticket':generated_ticket } return response else: ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id)) #cant compare password return None return None def setencpasswd(vmname, newpass): """ setup a new management password """ salt = bcrypt.gensalt() b_newpass = newpass.encode('utf-8') encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8') try: clientsdb = readclientsdb() #print(clientsdb) path = utils.get_path(clientsdb, vmname) #print(path) c_id = str(path[0]) v_id = str(path[1]) #check the returned path with forward query query = clientsdb[c_id][v_id]['hostname'] except: raise if query != vmname: raise else: clientsdb[c_id][v_id]['encpasswd'] = encpasswd ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id)) writeclientsdb(clientsdb) #TODO: change lxc container password def vmowner(vmid, vmname, verbose): """ find the owner of the vm """ clientsdb = readclientsdb() try: clientid = utils.find_rec(clientsdb, str(vmid))[0]['ownerid'] clientname = clientsdb[str(clientid)]['name'] except: raise clientid = '0' #unknown owner clientname = 'unknown' if verbose: ioconfig.logger.info('clients> the owner of ' + str(vmid) + ' (' + vmname + ') is ' + str(clientid) + ' (' + clientname + ')') return clientid def readclientsdb(): """ read client db """ try: with open('clients.json') as dbr: clientsdb = json.load(dbr) dbr.close() except: clientsdb = {} ioconfig.logger.warning('clients> initializing...') #writeclientsdb(clientsdb) return clientsdb def writeclientsdb(clientsdb): """ write db """ with open('clients.json', 'w') as dbw: json.dump(clientsdb, dbw) dbw.close() if __name__ == '__main__': setencpasswd('srv.test1.com', 'todos') validate('srv.test1.com', 'todos')