webkpasswd.py

   1 """
   2 WebKpasswd
   3
   4 Changes kerberos password via web interface.
   5
   6 The application is supposed to run on cherrypy+genshi stack.
   7 """
   8
   9 # Import CherryPy global namespace
  10 import cherrypy
  11 from genshi.template import TemplateLoader
  12 import string
  13 import re
  14 import logging
  15 import subprocess
  16 from kadm import *
  17
  18 class WebKpasswd:
  19         """
  20         Root request handler class.
  21         """
  22
  23         def __init__(self):
  24                 self.prefix = "/"
  25                 # default realm
  26                 self.realm = "CDTEL.LOCAL"
  27                 self.page_title = "kpasswd form!"
  28
  29                 self.messages = {
  30                         'notchanged' : {
  31                                 'text' : "Error, password not chaged!",
  32                                 'type' : "redmessage"
  33                         },
  34                         'nomatch' : {
  35                                 'text' : "New passwords do not match!",
  36                                 'type' : "redmessage"
  37                         },
  38                         'princerror' : {
  39                                 'text' : "Principal invalid!",
  40                                 'type' : "redmessage"
  41                         },
  42                         'realmerror' : {
  43                                 'text' : "Realm invalid!",
  44                                 'type' : "redmessage"
  45                         },
  46                         'newpassshort' : {
  47                                 'text' : "New password is too short!",
  48                                 'type' : "redmessage"
  49                         },
  50                         'newpassinv' : {
  51                                 'text' : "New password is invalid!",
  52                                 'type' : "redmessage"
  53                         },
  54                         'success' : {
  55                                 'text' : "Password changed sucessfully.",
  56                                 'type' : "greenmessage"
  57                         },
  58                 }
  59
  60                 self.logger = logging.getLogger(self.__class__.__name__)
  61                 self.logger.setLevel(logging.INFO)
  62                 ch = logging.StreamHandler()
  63                 ch.setFormatter(logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s"))
  64                 self.logger.addHandler(ch)
  65
  66         def kpasswd(self, message="none", *another):
  67                 """
  68                 WebKpasswd form renderer
  69                 """
  70                 genshiparams = {
  71                         'title' : self.page_title,
  72                         'message' : self.messages.get(message,''),
  73                         'realm' : self.realm,
  74                 }
  75                 return loader.load('kpasswd.html').generate(genparams=genshiparams).render('html', doctype='html')
  76
  77         def kpasswdf(self,
  78                 principal="princ0",
  79                 password="pass0",
  80                 newpass="newpass", newpassv="notthesamepass",
  81                 *another):
  82
  83                 """
  84                 Main algorithm for changing password.
  85                 It also does some input checking.
  86                 """
  87                 if cherrypy.request.method == 'POST':
  88                         # check input
  89                         if len(principal) < 1:
  90                                 self.raise_message(principal, "princerror")
  91
  92                         if not newpass == newpassv:
  93                                 self.raise_message(principal, "nomatch")
  94                         if len(newpass) < 3:
  95                                 self.raise_message(principal, "newpassshort")
  96
  97                         if len(principal.split("@")) < 2:
  98                                 trealm = self.realm
  99                                 principal += "@"+trealm
 100                         else:
 101                                 trealm = principal.split("@")[1]
 102                         if  len(trealm) < 1:
 103                                 self.raise_message(principal, "realmerror", trealm)
 104
 105                         # call C binaries
 106                         kadm = Kadm5()
 107                         ret = kadm.krb5_chpass_principal(
 108                                 principal,
 109                                 password, newpass,
 110                                 trealm, "kadmin/cdtel00pceux509.uxkdc.cdtel.cz")
 111
 112                         # check the result
 113                         if ret > 0:
 114                                 self.raise_message(principal, "notchanged", trealm)
 115                         else:
 116                                 self.raise_message(principal, "success", trealm)
 117                 # if there is no POST, return to main page
 118                 raise cherrypy.HTTPRedirect(self.prefix+"kpasswd")
 119
 120         kpasswd.exposed = True
 121         kpasswdf.exposed = True
 122
 123         def default(self, *another):
 124                 """
 125                 This method redirects all the 'unknown' requests to the /kpasswd
 126                 """
 127                 raise cherrypy.HTTPRedirect(self.prefix+"kpasswd")
 128
 129         default.exposed = True
 130
 131         def raise_message(self, principal, message, realm=""):
 132                 """
 133                 Logs message to the console and redirects to the main page with message
 134                 """
 135                 if realm:
 136                         self.logger.info(self.messages.get(message)['text']+" principal:"+principal+", realm:"+realm)
 137                         raise cherrypy.HTTPRedirect(self.prefix+"kpasswd?message="+message)
 138                 else:
 139                         self.logger.info(self.messages.get(message)['text']+" principal:"+principal)
 140                         raise cherrypy.HTTPRedirect(self.prefix+"kpasswd?message="+message)
 141
 142
 143 import os.path
 144 current_dir = os.path.dirname(__file__)
 145 kdcconf = os.path.join(current_dir, 'webkpasswd.conf')
 146 loader = TemplateLoader('templates', auto_reload=True)
 147
 148 if __name__ == '__main__':
 149     cherrypy.quickstart(WebKpasswd(), config=kdcconf)
 150 else:
 151     # This branch is for the test suite; you can ignore it.
 152     cherrypy.tree.mount(WebKpasswd(), config=kdcconf)
 153