summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--kpov_judge/tasks/ldap_search/task.py112
1 files changed, 68 insertions, 44 deletions
diff --git a/kpov_judge/tasks/ldap_search/task.py b/kpov_judge/tasks/ldap_search/task.py
index 637c3dc..4953694 100644
--- a/kpov_judge/tasks/ldap_search/task.py
+++ b/kpov_judge/tasks/ldap_search/task.py
@@ -10,19 +10,18 @@ instructions = {
'si':u"""
Ustvari dva navidezna računalnika - SimpleArbiter z diskom simpleArbiterDhcp ter LDAPServer.
-Za povezavo na strežnik LDAP uporabi Jxplorer, kjer tudi ustvariš novega uporabnika z danim imenom in geslom.
+Za povezavo na strežnik LDAP lahko uporabiš Jxplorer, kjer tudi ustvariš novega uporabnika z danim imenom in geslom.
-Na LDAPServer namesti strežnik LDAP in sicer slapd z apt-get install slapd. Na SimpleArbiter preberi ime domene DOMENA, uporabniško ime USER_A, geslo PASS_A,
-uporabniško ime BIND_DN ter geslo BIND_PASS. Poskrbi, da se bo lahko klient s simpleArbiterDhcp povezal na LDAP strežnik na LDAPServer.
-V primeru, da se klient poveže kot BIND_DN z geslom BIND_PASS, naj strežnik omogoči spreminjanje podatkov za objekt
-CN=USER_A,DC=DOMENA,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si ter ustvarjanje novih objektov v DC=DOMENA,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+Na LDAPServer namesti strežnik LDAP in sicer slapd z apt-get install slapd. Na SimpleArbiter preberi ime domene DOMAIN, uporabniško ime LDAP_USERNAME, geslo LDAP_PASSWORD,
+uporabniško ime BIND_USERNAME ter geslo BIND_PASSWORD. Poskrbi, da se bo lahko klient s simpleArbiterDhcp povezal na LDAP strežnik na LDAPServer.
+V primeru, da se klient poveže kot BIND_USERNAME z geslom BIND_PASSWORD, naj strežnik omogoči spreminjanje podatkov za objekt
+CN=LDAP_USERNAME,ou=Users,DC=DOMAIN,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si ter ustvarjanje novih objektov v DC=DOMAIN,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
CN = Common Name
OU = Organizational Unit
DC = Domain Component
-Na SimpleArbiter ustvari program, ki bo s pomočjo ldapsearch izpisala seznam lastnosti (otrok), ki jih ima poljuben objekt v domeni DOMENA.kpov.lusy.fri.uni-lj.si. Ime objekta (CN) naj program sprejme kot prvi argument.
-
+Na SimpleArbiter ustvari program, ki bo s pomočjo ldapsearch izpisal seznam lastnosti (otrok), ki jih ima poljuben objekt v domeni DOMAIN.kpov.lusy.fri.uni-lj.si. Ime objekta (CN) naj program sprejme kot prvi argument.
"""
}
@@ -60,63 +59,88 @@ computers = {
networks = { 'net1': {'public': False}, 'test-net': {'public': True} }
params_meta = {
+ 'LDAP_IP': {'descriptions': {'si': 'IP strežnika'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False},
+ 'DOMAIN': {'descriptions': {'si': 'Domena (poddomena kpov.lusy.fri.uni-lj.si)'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
'LDAP_USERNAME': {'descriptions': {'si': 'Uporabnisko ime v LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
'LDAP_PASSWORD': {'descriptions': {'si': 'Geslo v LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True},
'BIND_USERNAME': {'descriptions': {'si': 'Uporabnisko ime za dostop do LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
'BIND_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True},
}
-def task(LDAP_USERNAME, LDAP_PASSWORD, IP_static, DNS_static):
+def task(LDAP_IP, DOMAIN, LDAP_USERNAME, LDAP_PASSWORD, BIND_USERNAME, BIND_PASSWORD):
import pxssh
import pexpect
results = dict()
- peer_user = 'student'
- peer_passwd = 'vaje'
- sA = pxssh.pxssh()
- sB = pxssh.pxssh()
- sA.login(IP_NM, peer_user, peer_passwd)
- sB.login(IP_static, peer_user, peer_passwd)
- # sA
- # make sure NM is not handling eth0
- results['NM_nmcli'] = sA.run('nmcli d')
- results['NM_nslookup'] = sA.run('nslookup www.arnes.si')
- # sB
- # check whether NM is handling eth0
- results['static_nmcli'] = sB.run('nmcli d')
- results['static_nslookup'] = sB.run('nslookup www.arnes.si')
- sA.logout()
- sB.logout()
+ FULLDOMAIN = "dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".format(
+ **locals())
+ BIND_DN = "uid={BIND_USERNAME},ou=Users,{FULLDOMAIN}".format(**locals())
+ s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\
+ -h {LDAP_IP}".format(
+ **locals())
+ results['ldapsearch_before'] = pexpect.run(s)
+ s = "ldapmodify -D {BIND_DN} -w {BIND_PASSWORD} -h {LDAP_IP}".format(
+ **locals())
+ modify = pexpect.spawn(s)
+ FORTUNE = kpov_random_helpers.fortune(random.Random(), 20)
+ results['FORTUNE'] = FORTUNE
+ s1 = """
+dn: uid={LDAP_USERNAME},ou=Users,{FULLDOMAIN}
+changetype: modify
+replace: description
+description: {FORTUNE}
+""".format(**locals())
+ modify.write(s1)
+ modify.sendeof()
+ modify.expect(pexpect.EOF)
+ results['modify'] = modify.before
+ s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\
+ -h {LDAP_IP}".format(**locals())
+ results['ldapsearch_after'] = pexpect.run(s)
return results
def gen_params(user_id, params_meta):
params = dict()
r = random.Random(user_id)
- # IP_NM, DNS_NM, IP_static, DNS_static)
- dns_servers = ['193.2.1.66', '193.2.1.72', '8.8.8.8', '8.8.4.4', '208.67.222.222', '208.67.220.220']
- # net = kpov_random_helpers.IPv4_subnet_gen(r, '172.23.128.0/18', 24)
- # params['DNS_NM'] = r.choice(dns_servers)
- params['IP_static'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2)
- params['DNS_static'] = r.choice(dns_servers)
-
- #generiranje LDAP_USERNAME in LDAP_PASSWORD
- params['LDAP_USERNAME'] = kpov_random_helpers.username_gen(r)
- params['LDAP_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6)
-
-
+ params['DOMAIN'] = kpov_random_helpers.hostname_gen(r)
+ params['LDAP_USERNAME'] = kpov_random_helpers.username_gen(r)
+ params['LDAP_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6)
+ params['BIND_USERNAME'] = kpov_random_helpers.username_gen(r)
+ params['BIND_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6)
return params
def task_check(results, params):
import re
- score = -9
- if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1:
- score += 3
- if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1:
- score += 3
- if re.search(r'eth0 +802-.*connected', results['NM_nmcli']):
+ score = 0
+ s = """.*dn: dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si\r
+objectClass: top\r
+objectClass: dcObject\r
+objectClass: organization\r
+.*""".format(**params)
+#dc: {DOMAIN}\r
+ fortune = results['FORTUNE']
+ if re.match(s, results['ldapsearch_before'], re.DOTALL):
score += 2
- if not re.search(r'eth0 +802-.*connected', results['static_nmcli']):
+ else:
+ print (s, results['ldapsearch_before'])
+ s = ".*uid: {}.*".format(re.escape(params['LDAP_USERNAME']))
+ if re.search(s, results['ldapsearch_before']):
score += 2
- score = 0
+ else:
+ print (s, results['ldapsearch_before'])
+ s = ".*uid: {0}.*description: {1}.*".format(
+ re.escape(params['LDAP_USERNAME']), re.escape(fortune[:40]))
+ if re.match(s, results['ldapsearch_after'], re.DOTALL):
+ score += 2
+ else:
+ print (s, results['ldapsearch_after'])
+ if results['ldapsearch_before'][:100] == results['ldapsearch_after'][:100]:
+ score += 2
+ s = '.*\r\nmodifying entry "uid={LDAP_USERNAME},ou=Users,dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".*'.format(
+ **params)
+ if re.match(s, results['modify'], re.DOTALL):
+ score += 2
+ else:
+ print (s, results['modify'])
return score
def prepare_disks(templates, params):