github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v3.3 

Ldap support
pull/98/head
Aidaho12 2018-11-08 14:49:03 +06:00
parent 76bbd64161
commit baf2494732
12 changed files with 207 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
app/create_db.py
View File

@ -269,12 +269,61 @@ def update_db_v_3_2_8(**kwargs):
cur.close() cur.close()
con.close() con.close()
def update_db_v_3_3(**kwargs):
con, cur = get_cur()
sql = [ "INSERT INTO settings (param, value, section, `desc`) values('ldap_enable', '0', 'ldap', 'If 1 ldap enabled');",
"INSERT INTO settings (param, value, section, `desc`) values('ldap_server', '', 'ldap', 'IP address ldap server');",
"INSERT INTO settings (param, value, section, `desc`) values('ldap_port', '389', 'ldap', 'Default port is 389 or 636');",
"INSERT INTO settings (param, value, section, `desc`) values('ldap_user', '', 'ldap', 'Login for connect to LDAP server. Enter: user@domain.com');",
"INSERT INTO settings (param, value, section, `desc`) values('ldap_password', '', 'ldap', 'Password for connect to LDAP server');",
"INSERT INTO settings (param, value, section, `desc`) values('ldap_base', '', 'ldap', 'Base domain. Example: dc=domain, dc=com');"]
try:
for i in sql:
cur.execute(i)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
if e.args[0] == 'duplicate column name: desc' or e == "1060 (42S21): Duplicate column name 'desc' ":
print('Updating... go to version 3.2')
else:
print("An error occurred:", e)
return False
else:
pass
return True
cur.close()
con.close()
def update_db_v_3_31(**kwargs):
con, cur = get_cur()
sql = """
ALTER TABLE `user` ADD COLUMN ldap_user INTEGER NOT NULL DEFAULT 0;
"""
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
if e.args[0] == 'duplicate column name: ldap_user' or e == " 1060 (42S21): Duplicate column name 'ldap_user' ":
print('Updating... go to version 3.3')
else:
print("An error occurred:", e)
return False
else:
print("DB was update to 3.3<br />")
return True
cur.close()
con.close()
def update_all(): def update_all():
update_db_v_31() update_db_v_31()
update_db_v_3_2() update_db_v_3_2()
update_db_v_3_21() update_db_v_3_21()
update_db_v_3_2_3() update_db_v_3_2_3()
update_db_v_3_2_8() update_db_v_3_2_8()
update_db_v_3_3()
update_db_v_3_31()
def update_all_silent(): def update_all_silent():
update_db_v_31(silent=1) update_db_v_31(silent=1)
@ -282,6 +331,8 @@ def update_all_silent():
update_db_v_3_21(silent=1) update_db_v_3_21(silent=1)
update_db_v_3_2_3(silent=1) update_db_v_3_2_3(silent=1)
update_db_v_3_2_8(silent=1) update_db_v_3_2_8(silent=1)
update_db_v_3_3(silent=1)
update_db_v_3_31(silent=1)
if __name__ == "__main__": if __name__ == "__main__":
create_table() create_table()

88
app/login.py
View File

@ -25,6 +25,60 @@ db_create = ""
error_log = "" error_log = ""
error = "" error = ""
def send_cookie(login):
session_ttl = int()
session_ttl = sql.get_setting('session_ttl')
session_ttl = int(session_ttl)
expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl)
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
c["uuid"] = user_uuid
c["uuid"]["path"] = "/app/"
c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
print(c)
sql.write_user_uuid(login, user_uuid)
sql.write_user_token(login, user_token)
funct.logging('locahost', sql.get_user_name_by_uuid(user_uuid)+' log in')
print("Content-type: text/html\n")
print('ok')
sys.exit()
def check_in_ldap(user, password):
import ldap
server = sql.get_setting('ldap_server')
port = sql.get_setting('ldap_port')
l = ldap.initialize("ldap://"+server+':'+port)
try:
l.protocol_version = ldap.VERSION3
l.set_option(ldap.OPT_REFERRALS, 0)
bind = l.simple_bind_s(user, password)
except ldap.INVALID_CREDENTIALS:
print("Content-type: text/html\n")
print('<center><div class="alert alert-danger">Invalid credentials</div><br /><br />')
sys.exit()
except ldap.SERVER_DOWN:
print("Content-type: text/html\n")
print('<center><div class="alert alert-danger">Server down')
sys.exit()
except ldap.LDAPError as e:
if type(e.message) == dict and e.message.has_key('desc'):
print("Content-type: text/html\n")
print('<center><div class="alert alert-danger">Other LDAP error: %s</div><br /><br />' % e.message['desc'])
sys.exit()
else:
print("Content-type: text/html\n")
print('<center><div class="alert alert-danger">Other LDAP error: %s</div><br /><br />' % e)
sys.exit()
send_cookie(user)
if ref is None: if ref is None:
ref = "/index.html" ref = "/index.html"
@ -57,32 +111,20 @@ if form.getvalue('logout'):
if login is not None and password is not None: if login is not None and password is not None:
USERS = sql.select_users() USERS = sql.select_users(user=login)
session_ttl = int()
session_ttl = sql.get_setting('session_ttl')
session_ttl = int(session_ttl)
expires = datetime.datetime.utcnow() + datetime.timedelta(days=session_ttl)
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
for users in USERS: for users in USERS:
if login in users[1] and password == users[3]: if users[6] == 1:
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) if login in users[1]:
c["uuid"] = user_uuid check_in_ldap(login, password)
c["uuid"]["path"] = "/app/" else:
c["uuid"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") if login in users[1] and password == users[3]:
print(c) send_cookie(login)
sql.write_user_uuid(login, user_uuid) else:
sql.write_user_token(login, user_token) print("Content-type: text/html\n")
funct.logging('locahost', sql.get_user_name_by_uuid(user_uuid)+' log in') print('<center><div class="alert alert-danger">Somthing wrong :( I\'m sad about this, but try again!</div><br /><br />')
print("Content-type: text/html\n") sys.exit()
print('ok')
sys.exit()
print("Content-type: text/html\n") print("Content-type: text/html\n")
print('<center><div class="alert alert-danger">Somthing wrong :( I\'m sad about this, but try again!</div><br /><br />')
sys.exit()
if login is None: if login is None:
print("Content-type: text/html\n") print("Content-type: text/html\n")

29
app/options.py
View File

@ -615,3 +615,32 @@ if form.getvalue('get_lists'):
lists = funct.get_files(dir=list, format="lst") lists = funct.get_files(dir=list, format="lst")
for list in lists: for list in lists:
print(list) print(list)
if form.getvalue('get_ldap_email'):
username = form.getvalue('get_ldap_email')
import ldap
server = sql.get_setting('ldap_server')
port = sql.get_setting('ldap_port')
user = sql.get_setting('ldap_user')
password = sql.get_setting('ldap_password')
l = ldap.initialize("ldap://"+server+':'+port)
try:
l.protocol_version = ldap.VERSION3
l.set_option(ldap.OPT_REFERRALS, 0)
bind = l.simple_bind_s(user, password)
base = "dc=kar-tel, dc=local"
criteria = "(&(objectClass=user)(sAMAccountName="+username+"))"
attributes = ['mail']
result = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes)
results = [entry for dn, entry in result if isinstance(entry, dict)]
try:
print('["'+results[0]['mail'][0].decode("utf-8")+'","'+user.split('@')[1]+'"]')
except:
print('error: user not found')
finally:
l.unbind()

5
app/sql.py
View File

@ -22,7 +22,10 @@ def out_error(e):
def add_user(user, email, password, role, group): def add_user(user, email, password, role, group):
con, cur = create_db.get_cur() con, cur = create_db.get_cur()
sql = """INSERT INTO user (username, email, password, role, groups) VALUES ('%s', '%s', '%s', '%s', '%s')""" % (user, email, password, role, group) if password != 'aduser':
sql = """INSERT INTO user (username, email, password, role, groups) VALUES ('%s', '%s', '%s', '%s', '%s')""" % (user, email, password, role, group)
else:
sql = """INSERT INTO user (username, email, role, groups, ldap_user) VALUES ('%s', '%s', '%s', '%s', '1')""" % (user, email, role, group)
try: try:
cur.execute(sql) cur.execute(sql)
con.commit() con.commit()

3
app/templates/admin.html
View File

@ -447,6 +447,9 @@
</td> </td>
<td> <td>
<input type="text" name="new-username" id="new-username" class="form-control"> <input type="text" name="new-username" id="new-username" class="form-control">
{% if ldap_enable == '1' %}
<a href="#" title="Search user in AD" id="search_ldap_user">Search user in AD</a>
{% endif %}
</td> </td>
</tr> </tr>
<tr> <tr>

2
app/templates/base.html
View File

@ -99,7 +99,7 @@
</ul> </ul>
</nav> </nav>
<div class="copyright-menu"> <div class="copyright-menu">
HAproxy-WI v3.2.13 HAproxy-WI v3.3
<br> <br>
<a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 30px; color: red;" class="patreon"> Patreon</a> <a href="https://www.patreon.com/haproxy_wi" title="Donate" target="_blank" style="color: #fff; margin-left: 30px; color: red;" class="patreon"> Patreon</a>
</div> </div>

3
app/templates/servers.html
View File

@ -340,6 +340,9 @@
</td> </td>
<td> <td>
<input type="text" name="new-username" id="new-username" class="form-control"> <input type="text" name="new-username" id="new-username" class="form-control">
{% if ldap_enable == '1' %}
<a href="#" title="Search user in AD" id="search_ldap_user">Search user in AD</a>
{% endif %}
</td> </td>
</tr> </tr>
<tr> <tr>

9
app/users.py
View File

@ -1,7 +1,7 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import html, http import http
import cgi import cgi
import sys import sys
import os import os
@ -20,20 +20,23 @@ try:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid') user_id = cookie.get('uuid')
user = sql.get_user_name_by_uuid(user_id.value) user = sql.get_user_name_by_uuid(user_id.value)
users = sql.select_users()
servers = sql.get_dick_permit() servers = sql.get_dick_permit()
token = sql.get_token(user_id.value) token = sql.get_token(user_id.value)
ldap_enable = sql.get_setting('ldap_enable')
except: except:
pass pass
output_from_parsed_template = template.render(title = "Admin area: users manage", output_from_parsed_template = template.render(title = "Admin area: users manage",
role = sql.get_user_role_by_uuid(user_id.value), role = sql.get_user_role_by_uuid(user_id.value),
user = user, user = user,
users = sql.select_users(), users = users,
groups = sql.select_groups(), groups = sql.select_groups(),
servers = sql.select_servers(full=1), servers = sql.select_servers(full=1),
roles = sql.select_roles(), roles = sql.select_roles(),
masters = sql.select_servers(get_master_servers=1), masters = sql.select_servers(get_master_servers=1),
sshs = sql.select_ssh(), sshs = sql.select_ssh(),
telegrams = sql.select_telegram(), telegrams = sql.select_telegram(),
token = token) token = token,
ldap_enable = ldap_enable)
print(output_from_parsed_template) print(output_from_parsed_template)

35
inc/users.js
View File

@ -362,6 +362,41 @@ $( function() {
var id = $(this).attr('id').split('-'); var id = $(this).attr('id').split('-');
updateTelegram(id[1]) updateTelegram(id[1])
}); });
$('#search_ldap_user').click(function() {
var valid = true;
$('#error').remove();
allFields = $( [] ).add( $('#new-username') )
allFields.removeClass( "ui-state-error" );
valid = valid && checkLength( $('#new-username'), "user name", 1 );
user = $('#new-username').val()
if (valid) {
$.ajax( {
url: "options.py",
data: {
get_ldap_email: $('#new-username').val(),
token: $('#token').val()
},
type: "GET",
success: function( data ) {
data = data.replace(/\s+/g,' ');
if (data.indexOf('error') != '-1') {
alert(data)
$('#new-email').val('');
$('#new-password').attr('readonly', false);
$('#new-password').val('');
} else {
var json = $.parseJSON(data);
$('.alert-danger').remove();
$('#new-email').val(json[0]);
$('#new-username').val(user+'@'+json[1]);
$('#new-password').val('aduser');
$('#new-password').attr('readonly', true);
}
}
} );
clearTips();
}
});
} ); } );

4
install.sh
View File

@ -40,7 +40,7 @@ echo ""
echo "################################" echo "################################"
if hash apt-get 2>/dev/null; then if hash apt-get 2>/dev/null; then
apt-get install git net-tools lshw dos2unix apache2 gcc netcat python3.5 python3-pip g++ freetype2-demos libatlas-base-dev -y apt-get install git net-tools lshw dos2unix apache2 gcc netcat python3.5 python3-pip g++ freetype2-demos libatlas-base-dev openldap-dev -y
HTTPD_CONFIG="/etc/apache2/apache2.conf" HTTPD_CONFIG="/etc/apache2/apache2.conf"
HAPROXY_WI_VHOST_CONF="/etc/apache2/sites-enabled/haproxy-wi.conf" HAPROXY_WI_VHOST_CONF="/etc/apache2/sites-enabled/haproxy-wi.conf"
HTTPD_NAME="apache2" HTTPD_NAME="apache2"
@ -57,7 +57,7 @@ else
yum -y install epel-release yum -y install epel-release
fi fi
yum -y install https://centos7.iuscommunity.org/ius-release.rpm yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip httpd python35u-devel gcc-c++ yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip httpd python35u-devel gcc-c++ openldap-devel
HTTPD_CONFIG="/etc/httpd/conf/httpd.conf" HTTPD_CONFIG="/etc/httpd/conf/httpd.conf"
HAPROXY_WI_VHOST_CONF="/etc/httpd/conf.d/haproxy-wi.conf" HAPROXY_WI_VHOST_CONF="/etc/httpd/conf.d/haproxy-wi.conf"
HTTPD_NAME="httpd" HTTPD_NAME="httpd"

1
requirements.txt
View File

@ -14,3 +14,4 @@ mysql-connector-python==8.0.11
Jinja2==2.10 Jinja2==2.10
pandas==0.22.0 pandas==0.22.0
bokeh==0.13.0 bokeh==0.13.0
python-ldap>=3.1.0

4
update.sh
View File

@ -15,10 +15,10 @@ chmod +x app/*py
chmod +x app/tools/*py chmod +x app/tools/*py
if hash apt-get 2>/dev/null; then if hash apt-get 2>/dev/null; then
apt-get install git net-tools lshw dos2unix apache2 gcc netcat python3-pip gcc-c++ -y apt-get install git net-tools lshw dos2unix apache2 gcc netcat python3-pip gcc-c++ openldap-devel -y
else else
yum -y install https://centos7.iuscommunity.org/ius-release.rpm yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip httpd python35u-devel gcc-c++ yum -y install git nmap-ncat net-tools python35u dos2unix python35u-pip httpd python35u-devel gcc-c++ openldap-devel
fi fi
cd app/ cd app/