From 30b6118d188230890b1d7093fa93d1a0bd7e3b32 Mon Sep 17 00:00:00 2001 From: "gasperfele@fri1.uni-lj.si" Date: Sat, 28 Feb 2015 21:18:08 +0000 Subject: task ldap_search done. git-svn-id: https://svn.lusy.fri.uni-lj.si/kpov-public-svn/kpov-public@282 5cf9fbd1-b2bc-434c-b4b7-e852f4f63414 --- kpov_judge/tasks/ldap_search/task.py | 112 +++++++++++++++++++++-------------- 1 file changed, 68 insertions(+), 44 deletions(-) (limited to 'kpov_judge') diff --git a/kpov_judge/tasks/ldap_search/task.py b/kpov_judge/tasks/ldap_search/task.py index 637c3dc..4953694 100644 --- a/kpov_judge/tasks/ldap_search/task.py +++ b/kpov_judge/tasks/ldap_search/task.py @@ -10,19 +10,18 @@ instructions = { 'si':u""" Ustvari dva navidezna računalnika - SimpleArbiter z diskom simpleArbiterDhcp ter LDAPServer. -Za povezavo na strežnik LDAP uporabi Jxplorer, kjer tudi ustvariš novega uporabnika z danim imenom in geslom. +Za povezavo na strežnik LDAP lahko uporabiš Jxplorer, kjer tudi ustvariš novega uporabnika z danim imenom in geslom. -Na LDAPServer namesti strežnik LDAP in sicer slapd z apt-get install slapd. Na SimpleArbiter preberi ime domene DOMENA, uporabniško ime USER_A, geslo PASS_A, -uporabniško ime BIND_DN ter geslo BIND_PASS. Poskrbi, da se bo lahko klient s simpleArbiterDhcp povezal na LDAP strežnik na LDAPServer. -V primeru, da se klient poveže kot BIND_DN z geslom BIND_PASS, naj strežnik omogoči spreminjanje podatkov za objekt -CN=USER_A,DC=DOMENA,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si ter ustvarjanje novih objektov v DC=DOMENA,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si +Na LDAPServer namesti strežnik LDAP in sicer slapd z apt-get install slapd. Na SimpleArbiter preberi ime domene DOMAIN, uporabniško ime LDAP_USERNAME, geslo LDAP_PASSWORD, +uporabniško ime BIND_USERNAME ter geslo BIND_PASSWORD. Poskrbi, da se bo lahko klient s simpleArbiterDhcp povezal na LDAP strežnik na LDAPServer. +V primeru, da se klient poveže kot BIND_USERNAME z geslom BIND_PASSWORD, naj strežnik omogoči spreminjanje podatkov za objekt +CN=LDAP_USERNAME,ou=Users,DC=DOMAIN,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si ter ustvarjanje novih objektov v DC=DOMAIN,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si CN = Common Name OU = Organizational Unit DC = Domain Component -Na SimpleArbiter ustvari program, ki bo s pomočjo ldapsearch izpisala seznam lastnosti (otrok), ki jih ima poljuben objekt v domeni DOMENA.kpov.lusy.fri.uni-lj.si. Ime objekta (CN) naj program sprejme kot prvi argument. - +Na SimpleArbiter ustvari program, ki bo s pomočjo ldapsearch izpisal seznam lastnosti (otrok), ki jih ima poljuben objekt v domeni DOMAIN.kpov.lusy.fri.uni-lj.si. Ime objekta (CN) naj program sprejme kot prvi argument. """ } @@ -60,63 +59,88 @@ computers = { networks = { 'net1': {'public': False}, 'test-net': {'public': True} } params_meta = { + 'LDAP_IP': {'descriptions': {'si': 'IP strežnika'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False}, + 'DOMAIN': {'descriptions': {'si': 'Domena (poddomena kpov.lusy.fri.uni-lj.si)'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, 'LDAP_USERNAME': {'descriptions': {'si': 'Uporabnisko ime v LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, 'LDAP_PASSWORD': {'descriptions': {'si': 'Geslo v LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, 'BIND_USERNAME': {'descriptions': {'si': 'Uporabnisko ime za dostop do LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, 'BIND_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, } -def task(LDAP_USERNAME, LDAP_PASSWORD, IP_static, DNS_static): +def task(LDAP_IP, DOMAIN, LDAP_USERNAME, LDAP_PASSWORD, BIND_USERNAME, BIND_PASSWORD): import pxssh import pexpect results = dict() - peer_user = 'student' - peer_passwd = 'vaje' - sA = pxssh.pxssh() - sB = pxssh.pxssh() - sA.login(IP_NM, peer_user, peer_passwd) - sB.login(IP_static, peer_user, peer_passwd) - # sA - # make sure NM is not handling eth0 - results['NM_nmcli'] = sA.run('nmcli d') - results['NM_nslookup'] = sA.run('nslookup www.arnes.si') - # sB - # check whether NM is handling eth0 - results['static_nmcli'] = sB.run('nmcli d') - results['static_nslookup'] = sB.run('nslookup www.arnes.si') - sA.logout() - sB.logout() + FULLDOMAIN = "dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".format( + **locals()) + BIND_DN = "uid={BIND_USERNAME},ou=Users,{FULLDOMAIN}".format(**locals()) + s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\ + -h {LDAP_IP}".format( + **locals()) + results['ldapsearch_before'] = pexpect.run(s) + s = "ldapmodify -D {BIND_DN} -w {BIND_PASSWORD} -h {LDAP_IP}".format( + **locals()) + modify = pexpect.spawn(s) + FORTUNE = kpov_random_helpers.fortune(random.Random(), 20) + results['FORTUNE'] = FORTUNE + s1 = """ +dn: uid={LDAP_USERNAME},ou=Users,{FULLDOMAIN} +changetype: modify +replace: description +description: {FORTUNE} +""".format(**locals()) + modify.write(s1) + modify.sendeof() + modify.expect(pexpect.EOF) + results['modify'] = modify.before + s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\ + -h {LDAP_IP}".format(**locals()) + results['ldapsearch_after'] = pexpect.run(s) return results def gen_params(user_id, params_meta): params = dict() r = random.Random(user_id) - # IP_NM, DNS_NM, IP_static, DNS_static) - dns_servers = ['193.2.1.66', '193.2.1.72', '8.8.8.8', '8.8.4.4', '208.67.222.222', '208.67.220.220'] - # net = kpov_random_helpers.IPv4_subnet_gen(r, '172.23.128.0/18', 24) - # params['DNS_NM'] = r.choice(dns_servers) - params['IP_static'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) - params['DNS_static'] = r.choice(dns_servers) - - #generiranje LDAP_USERNAME in LDAP_PASSWORD - params['LDAP_USERNAME'] = kpov_random_helpers.username_gen(r) - params['LDAP_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6) - - + params['DOMAIN'] = kpov_random_helpers.hostname_gen(r) + params['LDAP_USERNAME'] = kpov_random_helpers.username_gen(r) + params['LDAP_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6) + params['BIND_USERNAME'] = kpov_random_helpers.username_gen(r) + params['BIND_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6) return params def task_check(results, params): import re - score = -9 - if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1: - score += 3 - if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1: - score += 3 - if re.search(r'eth0 +802-.*connected', results['NM_nmcli']): + score = 0 + s = """.*dn: dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si\r +objectClass: top\r +objectClass: dcObject\r +objectClass: organization\r +.*""".format(**params) +#dc: {DOMAIN}\r + fortune = results['FORTUNE'] + if re.match(s, results['ldapsearch_before'], re.DOTALL): score += 2 - if not re.search(r'eth0 +802-.*connected', results['static_nmcli']): + else: + print (s, results['ldapsearch_before']) + s = ".*uid: {}.*".format(re.escape(params['LDAP_USERNAME'])) + if re.search(s, results['ldapsearch_before']): score += 2 - score = 0 + else: + print (s, results['ldapsearch_before']) + s = ".*uid: {0}.*description: {1}.*".format( + re.escape(params['LDAP_USERNAME']), re.escape(fortune[:40])) + if re.match(s, results['ldapsearch_after'], re.DOTALL): + score += 2 + else: + print (s, results['ldapsearch_after']) + if results['ldapsearch_before'][:100] == results['ldapsearch_after'][:100]: + score += 2 + s = '.*\r\nmodifying entry "uid={LDAP_USERNAME},ou=Users,dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".*'.format( + **params) + if re.match(s, results['modify'], re.DOTALL): + score += 2 + else: + print (s, results['modify']) return score def prepare_disks(templates, params): -- cgit v1.2.1