diff --git a/app/funct.py b/app/funct.py index 41611cc0..154cbe45 100644 --- a/app/funct.py +++ b/app/funct.py @@ -241,7 +241,11 @@ def ssh_connect(serv, **kwargs): ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: if ssh_enable == 1: - k = paramiko.RSAKey.from_private_key_file(ssh_key_name) + cloud = sql.is_cloud() + if cloud != '': + k = paramiko.pkey.load_private_key_file(ssh_key_name, password=cloud) + else: + k = paramiko.pkey.load_private_key_file(ssh_key_name) ssh.connect(hostname=serv, port=ssh_port, username=ssh_user_name, pkey=k, timeout=11) else: ssh.connect(hostname=serv, port=ssh_port, username=ssh_user_name, password=ssh_user_password, timeout=11) @@ -252,6 +256,9 @@ def ssh_connect(serv, **kwargs): except paramiko.SSHException as sshException: return 'error: Unable to establish SSH connection: %s ' % sshException pass + except paramiko.PasswordRequiredException as e: + return 'error: %s ' % e + pass except paramiko.BadHostKeyException as badHostKeyException: return 'error: Unable to verify server\'s host key: %s ' % badHostKeyException pass diff --git a/app/login.py b/app/login.py index 10649f61..a5241a68 100644 --- a/app/login.py +++ b/app/login.py @@ -23,6 +23,7 @@ db_create = "" error_log = "" error = "" + def send_cookie(login): session_ttl = sql.get_setting('session_ttl') session_ttl = int(session_ttl) @@ -37,7 +38,7 @@ def send_cookie(login): cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_group_id = cookie.get('group') user_group_id = user_group_id.value - if sql.check_user_group(id,user_group_id): + if sql.check_user_group(id, user_group_id): user_groups = user_group_id else: user_groups = sql.select_user_groups(id, limit=1) @@ -66,7 +67,8 @@ def send_cookie(login): user_group = '' try: - funct.logging('locahost', ' user: '+sql.get_user_name_by_uuid(user_uuid)+', group: '+user_group+' log in', haproxywi=1) + user_name = sql.get_user_name_by_uuid(user_uuid) + funct.logging('localhost', ' user: ' + user_name + ', group: ' + user_group + ' log in', haproxywi=1) except: pass print("Content-type: text/html\n") @@ -77,15 +79,15 @@ def send_cookie(login): def ban(): c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=10) - c["ban"] = 1 + c["ban"] = "1" c["ban"]["path"] = "/" # c["ban"]["samesite"] = "Strict" c["ban"]["Secure"] = "True" c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") try: - funct.logging('locahost', login+' failed log in', haproxywi=1, login=1) + funct.logging('localhost', login+' failed log in', haproxywi=1, login=1) except: - funct.logging('locahost', ' Failed log in. Wrong username', haproxywi=1) + funct.logging('localhost', ' Failed log in. Wrong username', haproxywi=1) print(c.output()) print("Content-type: text/html\n") print('ban') @@ -106,7 +108,7 @@ def check_in_ldap(user, password): ldap_proto = 'ldap' if ldap_type == "0" else 'ldaps' - l = ldap.initialize('{}://{}:{}/'.format(ldap_proto,server, port)) + l = ldap.initialize('{}://{}:{}/'.format(ldap_proto, server, port)) try: l.protocol_version = ldap.VERSION3 l.set_option(ldap.OPT_REFERRALS, 0) @@ -127,7 +129,7 @@ def check_in_ldap(user, password): print('
Server down


') sys.exit() except ldap.LDAPError as e: - if type(e.message) == dict and e.message.has_key('desc'): + if type(e.message) == dict and 'desc' in e.message: print("Content-type: text/html\n") print('
Other LDAP error: %s


' % e.message['desc']) sys.exit() @@ -143,13 +145,14 @@ if ref is None: ref = "/index.html" if form.getvalue('error'): - error_log = '
Somthing wrong :( I\'m sad about this, but try again!


' + error_log = '
Something wrong. Try again


' try: if sql.get_setting('session_ttl'): session_ttl = sql.get_setting('session_ttl') except: - error = '
Can not find "session_ttl" parametr. Check into settings, "main" section
' + error = '
Cannot find "session_ttl" parameter. ' \ + 'Check it into settings, "main" section
' pass try: @@ -195,21 +198,14 @@ if login is not None and password is not None: sys.exit() print("Content-type: text/html\n") -if login is None: - print("Content-type: text/html\n") - if create_db.check_db(): - if create_db.create_table(): - create_db.update_all() - db_create = '
DB was created

Now you can login, default: admin/admin
' - create_db.update_all_silent() -output_from_parsed_template = template.render(h2 = 0, title = "Login page", - role = role, - user = user, - error_log = error_log, - error = error, - ref = ref, - versions = funct.versions(), - db_create = db_create) +output_from_parsed_template = template.render(h2=0, title="Login page", + role=role, + user=user, + error_log=error_log, + error=error, + ref=ref, + versions=funct.versions(), + db_create=db_create) print(output_from_parsed_template) diff --git a/app/options.py b/app/options.py index e58ac84f..ac7315ff 100644 --- a/app/options.py +++ b/app/options.py @@ -1839,8 +1839,11 @@ if form.getvalue('updatessh'): funct.logging('the SSH ' + name, ' has updated credentials ', haproxywi=1, login=1) if form.getvalue('ssh_cert'): + import paramiko + user_group = funct.get_user_group() name = form.getvalue('name') + key = paramiko.pkey.load_private_key(form.getvalue('ssh_cert')) ssh_keys = os.path.dirname(os.getcwd()) + '/keys/' + name + '.pem' if not os.path.isfile(ssh_keys): @@ -1852,8 +1855,11 @@ if form.getvalue('ssh_cert'): ssh_keys = os.path.dirname(os.getcwd()) + '/keys/' + name + '.pem' try: - with open(ssh_keys, "w") as conf: - conf.write(form.getvalue('ssh_cert')) + cloud = sql.is_cloud() + if cloud != '': + key.write_private_key_file(ssh_keys, password=cloud) + else: + key.write_private_key_file(ssh_keys) except IOError: print('error: Cannot save SSH key file. Check SSH keys path in config') else: diff --git a/app/sql.py b/app/sql.py index 3aca3598..48cda661 100644 --- a/app/sql.py +++ b/app/sql.py @@ -34,20 +34,24 @@ def get_cur(): def add_user(user, email, password, role, activeuser): con, cur = get_cur() if password != 'aduser': - sql = """INSERT INTO user (username, email, password, role, activeuser) VALUES ('%s', '%s', '%s', '%s', '%s')""" % (user, email, funct.get_hash(password), role, activeuser) + sql = """INSERT INTO user (username, email, password, role, activeuser) + VALUES ('%s', '%s', '%s', '%s', '%s')""" % (user, email, funct.get_hash(password), role, activeuser) else: - sql = """INSERT INTO user (username, email, role, ldap_user, activeuser) VALUES ('%s', '%s', '%s', '1', '%s')""" % (user, email, role, activeuser) + sql = """INSERT INTO user (username, email, role, ldap_user, activeuser) + VALUES ('%s', '%s', '%s', '1', '%s')""" % (user, email, role, activeuser) try: cur.execute(sql) con.commit() except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() def update_user(user, email, role, id, activeuser): @@ -63,11 +67,13 @@ def update_user(user, email, role, id, activeuser): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() def update_user_groups(groups, id): @@ -79,11 +85,13 @@ def update_user_groups(groups, id): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() def delete_user_groups(id): @@ -96,11 +104,13 @@ def delete_user_groups(id): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() def update_user_password(password, id): @@ -113,11 +123,13 @@ def update_user_password(password, id): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() def delete_user(id): @@ -129,11 +141,14 @@ def delete_user(id): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() + def add_group(name, description): con, cur = get_cur() @@ -158,11 +173,10 @@ def add_group(name, description): group_id = g[0] add_setting_for_new_group(group_id) + cur.close() + con.close() return True - cur.close() - con.close() - def add_setting_for_new_group(group_id): con, cur = get_cur() @@ -215,9 +229,9 @@ def add_setting_for_new_group(group_id): except sqltool.Error as e: funct.out_error(e) else: + cur.close() + con.close() return True - cur.close() - con.close() def delete_group_settings(group_id): @@ -230,6 +244,8 @@ def delete_group_settings(group_id): funct.out_error(e) con.rollback() else: + cur.close() + con.close() return True cur.close() con.close() @@ -244,11 +260,14 @@ def delete_group(id): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() + return False else: delete_group_settings(id) + cur.close() + con.close() return True - cur.close() - con.close() def update_group(name, descript, id): @@ -264,11 +283,13 @@ def update_group(name, descript, id): except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False else: + cur.close() + con.close() return True - cur.close() - con.close() def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx): @@ -279,13 +300,15 @@ def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, ha try: cur.execute(sql) con.commit() + cur.close() + con.close() return True except sqltool.Error as e: funct.out_error(e) con.rollback() + cur.close() + con.close() return False - cur.close() - con.close() def delete_server(id): @@ -371,7 +394,8 @@ def select_users(**kwargs): if kwargs.get("id") is not None: sql = """select * from user where id='%s' """ % kwargs.get("id") if kwargs.get("group") is not None: - sql = """ select user.* from user left join user_groups as groups on user.id = groups.user_id where groups.user_group_id = '%s' group by id; + sql = """ select user.* from user left + join user_groups as groups on user.id = groups.user_id where groups.user_group_id = '%s' group by id; """ % kwargs.get("group") try: cur.execute(sql) @@ -413,11 +437,9 @@ def check_user_group(user_id, group_id): print(str(e)) else: for g in cur.fetchall(): - #print(str(g[0])) if g[0] != '': return True else: - #print('Atata!') return False cur.close() @@ -512,6 +534,7 @@ def select_servers(**kwargs): cur.close() con.close() + def write_user_uuid(login, user_uuid): con, cur = get_cur() session_ttl = get_setting('session_ttl') @@ -535,6 +558,7 @@ def write_user_uuid(login, user_uuid): cur.close() con.close() + def write_user_token(login, user_token): con, cur = get_cur() token_ttl = get_setting('token_ttl') @@ -557,6 +581,7 @@ def write_user_token(login, user_token): cur.close() con.close() + def get_token(uuid): con, cur = get_cur() sql = """ select token.token from token left join uuid as uuid on uuid.user_id = token.user_id where uuid.uuid = '%s' """ % uuid @@ -1911,13 +1936,13 @@ def check_token_exists(token): return True else: try: - funct.logging('localhost', ' tried do action with wrong token', haproxywi=1, login=1) + funct.logging('localhost', ' Tried do action with wrong token', haproxywi=1, login=1) except: funct.logging('localhost', ' An action with wrong token', haproxywi=1) return False except: try: - funct.logging('localhost', ' cannot check token', haproxywi=1, login=1) + funct.logging('localhost', ' Cannot check token', haproxywi=1, login=1) except: funct.logging('localhost', ' Cannot check token', haproxywi=1) return False @@ -2222,6 +2247,23 @@ def select_alerts(user_group): return cur.fetchall() +def is_cloud(): + con, cur = get_cur() + sql = """ select * from cloud_uuid """ + try: + cur.execute(sql) + except sqltool.Error as e: + print("An error occurred:", e) + cur.close() + con.close() + return "" + else: + cur.close() + con.close() + for cloud_uuid in cur.fetchall(): + return cloud_uuid[0] + + form = funct.form error_mess = 'error: All fields must be completed' diff --git a/config_other/requirements_el7.txt b/config_other/requirements_el7.txt index a260b971..8289c612 100644 --- a/config_other/requirements_el7.txt +++ b/config_other/requirements_el7.txt @@ -2,4 +2,4 @@ pyTelegramBotAPI==3.6.3 networkx==2.1 matplotlib==2.1.2 mysql-connector-python==8.0.11 -paramiko>=2.5.0 \ No newline at end of file +paramiko-ng>=2.5.0 \ No newline at end of file diff --git a/config_other/requirements_el8.txt b/config_other/requirements_el8.txt index 26a9281a..5f2782c0 100644 --- a/config_other/requirements_el8.txt +++ b/config_other/requirements_el8.txt @@ -3,3 +3,4 @@ pyTelegramBotAPI==3.6.3 networkx==2.1 matplotlib==2.1.2 mysql-connector-python==8.0.11 +paramiko-ng>=2.5.0 diff --git a/requirements.txt b/requirements.txt index 0de4902b..c2ccc703 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ configparser>=3.5.0 -paramiko>=2.5.0 +paramiko-ng>=2.5.0 pytz>=2017.3 requests>=2.22.0 pyTelegramBotAPI>=3.6.3