webui: webui: cookieauth.py Source File

00001 #! /usr/bin/env python
00002 
00003 """
00004 usage: %(progname)s [args]
00005 """
00006 
00007 
00008 import os, sys, string, time, getopt
00009 from pyclearsilver.log import *
00010 
00011 #import fcrypt as crypt
00012 import crypt
00013 
00014 import config
00015 
00016 import browserauth
00017 
00018 def _createCheckVal(username, issued_at, pw_hash, vcode):
00019   now = int(time.time())
00020   checkval = "%s:%s" % (username, now)
00021   realcheckval = "%s:%s:%s" % (checkval, pw_hash, vcode)
00022   checkval_hash = crypt.crypt(realcheckval,config.gAuthSalt)
00023   checkval_hash = checkval_hash[2:]
00024   return checkval, checkval_hash
00025 
00026 
00027 # -------------------------------
00028 # issueLoginCookie
00029 #
00030 # format: "login:issued_at_time_t:hash(pw_hash+issued_at_time_t)"
00031 # ex: "V1/jeske:2123123:AS132dd12"
00032 
00033 def generateCookie(username, pw_hash):
00034   now = int(time.time())
00035   checkval, checkval_hash = _createCheckVal(username, now, pw_hash, config.gAuthVCode)
00036   cookie = "V1/%s=%s" % (checkval,checkval_hash)
00037 
00038   return cookie
00039 
00040 def getDomain(hdf):
00041   hostname = hdf.getValue("HTTP.Host", "")
00042   parts = hostname.split(":", 1)
00043   hostname = parts[0]
00044   if hostname[-1] in string.digits:  ## if this is an IP address
00045     return hostname 
00046   parts = string.split(hostname, ".")
00047   domain = string.join(parts[1:], ".")
00048   return domain
00049 
00050 def getPersistCookie(hdf):
00051   try:
00052     persist = hdf.getIntValue("Cookie.MB_persist", 0)
00053   except:
00054     persist = 0
00055   return persist
00056 
00057 def setPersistCookie(ncgi, persist):
00058   ncgi.cookieSet("MB_persist", persist, persist=1, domain=config.gDomain)  
00059 
00060 
00061 def issueLoginCookie(ncgi, authdb, username, pw_hash, persist=None):
00062   if persist == None:
00063     persist = getPersistCookie(ncgi.hdf)
00064 
00065   domain = getDomain(ncgi.hdf)
00066 
00067   browserid = browserauth.checkBrowserCookie(authdb, ncgi)
00068   if browserid is None:
00069     # set the browser cookie
00070     browserid = browserauth.issueBrowserCookie(ncgi, authdb, domain)
00071 
00072   debug("cookieauth.py", "BrowserID", browserid)
00073   debug("cookieauth.py", "domain", domain)
00074 
00075   if persist == 1:
00076     t = time.time()
00077     t = t + (86400*14)
00078     timestr = time.strftime("%A, %d-%b-%Y %H:%M:%S GMT", time.localtime(t))
00079   else:
00080     timestr = ""
00081 
00082   cookie = generateCookie(username, pw_hash)
00083 #  ncgi.cookieSet("MB_L1", cookie, persist=persist, path=config.gBaseURL, domain=domain, time_str=timestr)
00084   ncgi.cookieSet("MB_L1", cookie, persist=persist, path=config.gBaseURL, time_str=timestr)
00085 
00086   #warn("cookieauth.py", "Issued login cookie", username,cookie, domain, timestr, persist)
00087 
00088 
00089 def clearLoginCookie(ncgi, username, domain=None):
00090   domain = getDomain(ncgi.hdf)
00091   ncgi.cookieClear("MB_L1", "", config.gBaseURL)
00092   ncgi.cookieClear("MB_L1", "", "/")
00093   if domain:
00094     ncgi.cookieClear("MB_L1", domain, config.gBaseURL)
00095     ncgi.cookieClear("MB_L1", domain, "/")
00096     
00097 
00098 class LoginCookie:
00099   def __init__(self):
00100     self.username = None
00101     self.issued_at = None
00102     self.checkval_hash = None
00103     self.cookie = None
00104 
00105 def parseLoginCookie(ncgi):
00106   cookie = ncgi.hdf.getValue("Cookie.MB_L1","")
00107   if not cookie:
00108     #warn("cookieauth.py", "no cookie!")
00109     return 0
00110 
00111   version, restCookie = string.split(cookie, "/", 1)
00112   if version != "V1":
00113     warn("cookieauth.py", "invalid cookie, version", version, cookie)
00114     return 0
00115   checkval,checkval_hash = string.split(restCookie,"=", 1)
00116   username,issued_at = string.split(checkval,":")
00117 
00118   cookie = LoginCookie()
00119   cookie.cookie = cookie
00120   cookie.username = username
00121   cookie.issued_at = int(issued_at)
00122   cookie.checkval_hash = checkval_hash
00123 
00124   return cookie
00125 
00126 
00127 
00128 def checkLoginCookie(ncgi, logincookie, authdb, username, userRec):
00129 
00130   if username != logincookie.username:
00131     warn("cookieauth.py", "invalid cookie, username mismatch", username, logincookie.username)
00132     return 0
00133 
00134   persist = getPersistCookie(ncgi.hdf)
00135 
00136   # check for timeout
00137   if persist == 0:
00138     if (time.time() - logincookie.issued_at) > config.LOGIN_TIMEOUT:
00139       warn("cookieauth.py", "invalid cookie, timeout", logincookie.issued_at)
00140       return 0
00141 
00142   pw_hash = userRec.pw_hash
00143 
00144   #warn("cookieauth.py", "cookie", username, logincookie.issued_at, pw_hash, logincookie.checkval_hash)
00145 
00146   v_checkval, v_checkval_hash = _createCheckVal(username, logincookie.issued_at, pw_hash, config.gAuthVCode)
00147 
00148   if logincookie.checkval_hash != v_checkval_hash:
00149     warn("cookieauth.py", "checkval mismatch", logincookie.checkval_hash, v_checkval_hash)
00150 
00151   return 1
00152 
00153 
00154 
00155 
00156 
00157 
00158 def test():
00159   pass
00160 
00161 def usage(progname):
00162   print __doc__ % vars()
00163 
00164 def main(argv, stdout, environ):
00165   progname = argv[0]
00166   optlist, args = getopt.getopt(argv[1:], "", ["help", "test", "debug"])
00167 
00168   testflag = 0
00169   if len(args) == 0:
00170     usage(progname)
00171     return
00172   for (field, val) in optlist:
00173     if field == "--help":
00174       usage(progname)
00175       return
00176     elif field == "--debug":
00177       debugfull()
00178     elif field == "--test":
00179       testflag = 1
00180 
00181   if testflag:
00182     test()
00183     return
00184 
00185 
00186 if __name__ == "__main__":
00187   main(sys.argv, sys.stdout, os.environ)