undersys/proxmaster
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
proxmaster/clientsdb.py
deflax d1cd131250 write vmpass and email
2016-03-31 01:12:38 +03:00

138 lines
4.3 KiB
Python
Raw Blame History

# -*- coding: utf-8
#
# manage clientsdb.json
#import site packages
import json
import hmac
import bcrypt
#import local packages
import ioconfig
import utils
def addclient(vmid, vmname, clientid, clientname, clientemail, srvpass):
""" add new client to the clientsdb.json """
clientsdb = readclientsdb()
if str(clientid) in clientsdb:
ioconfig.logger.info('clients> client ' + clientid + ' already exists. merging.')
else:
ioconfig.logger.info('clients> client ' + clientid + ' does not exist. creating.')
vcard = { 'name':str(clientname), 'email':str(clientemail) }
newclient = { str(clientid):vcard }
clientsdb.update(newclient)
ioconfig.logger.info('clients> vmid {} owner set to {} (id: {}, email: {})'.format(vmid, clientname, clientid, clientemail))
vmdata = { 'hostname':str(vmname), 'vmid':str(vmid), 'ownerid':str(clientid), 'username':str(srvuser), 'password': str(srvpass) }
clientsdb[str(clientid)][str(vmid)] = vmdata
writeclientsdb(clientsdb)
def validate(vmname, srvpass):
""" return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """
try:
clientsdb = readclientsdb()
path = utils.get_path(clientsdb, vmname)
c_id = str(path[0])
v_id = str(path[1])
#check the returned path with forward query
query = clientsdb[c_id][v_id]['hostname']
except:
return False
#double check
if query != vmname:
return None
else:
#try to capture the encrypted password
try:
encpass = clientsdb[c_id][v_id]['encpasswd']
except:
#cant query password
return None
#compare it with the requested password
b_srvpass = srvpass.encode('utf-8')
b_encpass = encpass.encode('utf-8')
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
#login successful
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
#TODO: generate ticket for double check
generated_ticket = 'TODO'
response = { 'vpsid':v_id, 'ticket':generated_ticket }
return response
else:
ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id))
#cant compare password
return None
return None
def setencpasswd(vmname, newpass):
""" setup a new management password """
salt = bcrypt.gensalt()
b_newpass = newpass.encode('utf-8')
encpasswd = bcrypt.hashpw(b_newpass, salt).decode('utf-8')
try:
clientsdb = readclientsdb()
#print(clientsdb)
path = utils.get_path(clientsdb, vmname)
#print(path)
c_id = str(path[0])
v_id = str(path[1])
#check the returned path with forward query
query = clientsdb[c_id][v_id]['hostname']
except:
raise
if query != vmname:
raise
else:
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id))
writeclientsdb(clientsdb)
#TODO: change lxc container password
def vmowner(vmid, vmname, verbose):
""" find the owner of the vm """
clientsdb = readclientsdb()
try:
clientid = utils.find_rec(clientsdb, str(vmid))[0]['ownerid']
clientname = clientsdb[str(clientid)]['name']
except:
raise
clientid = '0' #unknown owner
clientname = 'unknown'
if verbose:
ioconfig.logger.info('clients> the owner of ' + str(vmid) + ' (' + vmname + ') is ' + str(clientid) + ' (' + clientname + ')')
return clientid
def readclientsdb():
""" read client db """
try:
with open('clients.json') as dbr:
clientsdb = json.load(dbr)
dbr.close()
except:
clientsdb = {}
ioconfig.logger.warning('clients> initializing...')
#writeclientsdb(clientsdb)
return clientsdb
def writeclientsdb(clientsdb):
""" write db """
with open('clients.json', 'w') as dbw:
json.dump(clientsdb, dbw)
dbw.close()
if __name__ == '__main__':
setencpasswd('srv.test1.com', 'todos')
validate('srv.test1.com', 'todos')
Reference in a new issue View git blame Copy permalink