diff options
Diffstat (limited to 'kpov_judge/tasks/ldap_search/task.py')
| -rw-r--r-- | kpov_judge/tasks/ldap_search/task.py | 210 |
1 files changed, 0 insertions, 210 deletions
diff --git a/kpov_judge/tasks/ldap_search/task.py b/kpov_judge/tasks/ldap_search/task.py deleted file mode 100644 index 29117db..0000000 --- a/kpov_judge/tasks/ldap_search/task.py +++ /dev/null @@ -1,210 +0,0 @@ -# kpov_util should be imported by add_assignment.py - -# Poveži se na strežnik LDAP prek spletnega vmesnika. Ustvari uporabnika z danim imenom in geslom. -# Napiši skripto, ki izpiše podatke o tem uporabniku z ldapsearch. - -# TODO: finish this! -instructions = { - 'si': '''\ -<p> -Ustvari dva navidezna računalnika: <em>SimpleArbiter</em> in <em>LDAPServer</em>. - -<p> -Na <em>LDAPServer</em> namesti strežnik LDAP. Strežnik naj skrbi za domeno - -<pre><code>DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -V imeniku ustvari uporabnika - -<pre><code>CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -z geslom <code>{{LDAP_PASSWORD}}</code> in uporabnika - -<pre><code>CN={{BIND_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -z geslom <code>{{BIND_PASSWORD}}</code>. - -<p> -Poskrbi, da se bo lahko klient s <em>SimpleArbiter</em> povezal na LDAP strežnik na <em>LDAPServer</em>. -V primeru, da se klient poveže kot <code>{{BIND_USERNAME}}</code> z geslom <code>{{BIND_PASSWORD}}</code>, -naj strežnik omogoči spreminjanje podatkov za objekt - -<pre><code>CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -ter ustvarjanje novih objektov v - -<pre><code>DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si - -CN = Common Name -O = Organization -OU = Organizational Unit -DC = Domain Component -</code></pre> -''', - 'en': '''\ -<p> -Create two virtual machines: <em>SimpleArbiter</em> and <em>LDAPServer</em>. - -<p> -Set up an LDAP server on <em>LDAPServer</em>. Make it responsible for - -<pre><code>DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -Create a user - -<pre><code>CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -with the password <code>{{LDAP_PASSWORD}}</code>, and a user - -<pre><code>CN={{BIND_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -with the password <code>{{LDAP_PASSWORD}}</code> . - -<p> -Make sure that a client from <em>SimpleArbiter</em> can connect to the LDAP server on <em>LDAPServer</em>. If the client identifies themself as <code>{{BIND_USERNAME}}</code> with the password <code>{{BIND_PASSWORD}}</code>, allow it to change data for the object - -<pre><code>CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si</code></pre> - -<p> -and to create objects in - -<pre><code>DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si - -CN = Common Name -O = Organization -OU = Organizational Unit -DC = Domain Component -</code></pre> -''', -} - -computers = { - 'LDAPServer': { - 'disks': [ - { 'name': 'student-LDAPServer', - }, - #{ 'name': 'CDROM', - # 'options':{'readonly': True}, - # 'parts': [],# no parts, no mounting. - #} - ], - 'network_interfaces': [{'network': 'net1'}], - 'flavor': 'm1.tiny', - 'config_drive': False - - }, - 'SimpleArbiter': { - 'disks': [ - { 'name': 'simpleArbiterDhcpGWLDAP', - # attempt automount - }, - #{ 'name': 'CDROM', - # 'options': {'readonly': True}, - # 'parts': [{'dev': 'b1', 'path': '/cdrom'}], - #}, - ], - 'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}], - 'flavor': 'm1.tiny', - 'config_drive': False - } -} - -networks = { 'net1': {'public': False}, 'test-net': {'public': True} } - -params_meta = { - 'LDAP_IP': {'descriptions': {'si': 'IP strežnika', 'en': 'Server IP'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False}, - 'DOMAIN': {'descriptions': {'si': 'Domena (poddomena kpov.lusy.fri.uni-lj.si)', 'en': 'Domain (subdomain of kpov.lusy.fri.uni-lj.si)'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, - 'LDAP_USERNAME': {'descriptions': {'si': 'Uporabniško ime v LDAP', 'en': 'Username in LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, - 'LDAP_PASSWORD': {'descriptions': {'si': 'Geslo v LDAP', 'en': 'LDAP password'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, - 'BIND_USERNAME': {'descriptions': {'si': 'Uporabniško ime za dostop do LDAP (bind)', 'en': 'Bind username in LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, - 'BIND_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do LDAP (bind)', 'en': 'Bind password in LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, -} - -def task(LDAP_IP, DOMAIN, LDAP_USERNAME, LDAP_PASSWORD, BIND_USERNAME, BIND_PASSWORD): - from pexpect import pxssh - import pexpect - results = dict() - FULLDOMAIN = "dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".format( - **locals()) - BIND_DN = "cn={BIND_USERNAME},ou=Users,{FULLDOMAIN}".format(**locals()) - s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\ - -h {LDAP_IP}".format( - **locals()) - results['ldapsearch_before'] = pexpect.run(s) - s = "ldapmodify -D {BIND_DN} -w {BIND_PASSWORD} -h {LDAP_IP}".format( - **locals()) - modify = pexpect.spawn(s) - FORTUNE = kpov_util.hostname_gen(random.Random(str(LDAP_USERNAME))) - results['fortune'] = FORTUNE - s1 = """ -dn: cn={LDAP_USERNAME},ou=Users,{FULLDOMAIN} -changetype: modify -replace: description -description: {FORTUNE} -""".format(**locals()) - modify.write(s1) - modify.sendeof() - modify.expect(pexpect.EOF) - results['modify'] = modify.before - s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\ - -h {LDAP_IP}".format(**locals()) - results['ldapsearch_after'] = pexpect.run(s) - return results - -def gen_params(user_id, params_meta): - params = dict() - r = random.Random(user_id) - params['DOMAIN'] = kpov_util.hostname_gen(r) - params['LDAP_USERNAME'] = kpov_util.username_gen(r) - params['LDAP_PASSWORD'] = kpov_util.alnum_gen(r, 6) - params['BIND_USERNAME'] = kpov_util.username_gen(r) - params['BIND_PASSWORD'] = kpov_util.alnum_gen(r, 6) - return params - -def task_check(results, params): - import re - score = 0 - hints = [] - s = """.*dn: dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si\r[^#]* -objectClass: top\r -objectClass: dcObject\r -objectClass: organization\r -.*""".format(**params) -#dc: {DOMAIN}\r - if re.match(s, results['ldapsearch_before'], re.DOTALL): - score += 2 - else: - hints += ["domain missing in ldapsearch result"] - s = ".*cn: {}.*".format(re.escape(params['LDAP_USERNAME'])) - if re.search(s, results['ldapsearch_before']): - score += 2 - else: - hints += ["LDAP_USERNAME missing in: " + s + str(results['ldapsearch_before'])] - fortune = kpov_util.hostname_gen(random.Random(str(params['LDAP_USERNAME']))) - s = ".*cn: {0}.*description: {1}.*".format( - re.escape(params['LDAP_USERNAME']), re.escape(fortune)) - if re.match(s, results['ldapsearch_after'], re.DOTALL): - score += 2 - else: - hints += ["description missing after update:" + fortune + "\n" + s + str(results['modify']) + str(results['ldapsearch_after'])] - if results['ldapsearch_before'][:100] == results['ldapsearch_after'][:100]: - score += 2 - else: - hints += ["ldapsearch before equals after. This should not happen."] - s = '.*\r\nmodifying entry "cn={LDAP_USERNAME},ou=Users,dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".*'.format( - **params) - if re.match(s, results['modify'], re.DOTALL): - score += 2 - else: - hints += ['Modify error' + s + str(results['modify'])] - return score, hints - -def prepare_disks(templates, task_params, global_params): - write_default_config(templates['simpleArbiterDhcpGWLDAP'], global_params) |