From 8081a5520a441b43a8a7a73f3a90c7aacfaa8e10 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Sun, 24 Feb 2019 21:05:27 +0100 Subject: Move everything one level up --- tasks/ldap_search/task.py | 210 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 210 insertions(+) create mode 100644 tasks/ldap_search/task.py (limited to 'tasks/ldap_search/task.py') diff --git a/tasks/ldap_search/task.py b/tasks/ldap_search/task.py new file mode 100644 index 0000000..29117db --- /dev/null +++ b/tasks/ldap_search/task.py @@ -0,0 +1,210 @@ +# kpov_util should be imported by add_assignment.py + +# Poveži se na strežnik LDAP prek spletnega vmesnika. Ustvari uporabnika z danim imenom in geslom. +# Napiši skripto, ki izpiše podatke o tem uporabniku z ldapsearch. + +# TODO: finish this! +instructions = { + 'si': '''\ +

+Ustvari dva navidezna računalnika: SimpleArbiter in LDAPServer. + +

+Na LDAPServer namesti strežnik LDAP. Strežnik naj skrbi za domeno + +

DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+V imeniku ustvari uporabnika + +

CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+z geslom {{LDAP_PASSWORD}} in uporabnika + +

CN={{BIND_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+z geslom {{BIND_PASSWORD}}. + +

+Poskrbi, da se bo lahko klient s SimpleArbiter povezal na LDAP strežnik na LDAPServer. +V primeru, da se klient poveže kot {{BIND_USERNAME}} z geslom {{BIND_PASSWORD}}, +naj strežnik omogoči spreminjanje podatkov za objekt + +

CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+ter ustvarjanje novih objektov v + +

DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+
+CN = Common Name
+O = Organization
+OU = Organizational Unit
+DC = Domain Component
+
+''', + 'en': '''\ +

+Create two virtual machines: SimpleArbiter and LDAPServer. + +

+Set up an LDAP server on LDAPServer. Make it responsible for + +

DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+Create a user + +

CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+with the password {{LDAP_PASSWORD}}, and a user + +

CN={{BIND_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+with the password {{LDAP_PASSWORD}} . + +

+Make sure that a client from SimpleArbiter can connect to the LDAP server on LDAPServer. If the client identifies themself as {{BIND_USERNAME}} with the password {{BIND_PASSWORD}}, allow it to change data for the object + +

CN={{LDAP_USERNAME}},ou=users,DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+ +

+and to create objects in + +

DC={{DOMAIN}},DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
+
+CN = Common Name
+O = Organization
+OU = Organizational Unit
+DC = Domain Component
+
+''', +} + +computers = { + 'LDAPServer': { + 'disks': [ + { 'name': 'student-LDAPServer', + }, + #{ 'name': 'CDROM', + # 'options':{'readonly': True}, + # 'parts': [],# no parts, no mounting. + #} + ], + 'network_interfaces': [{'network': 'net1'}], + 'flavor': 'm1.tiny', + 'config_drive': False + + }, + 'SimpleArbiter': { + 'disks': [ + { 'name': 'simpleArbiterDhcpGWLDAP', + # attempt automount + }, + #{ 'name': 'CDROM', + # 'options': {'readonly': True}, + # 'parts': [{'dev': 'b1', 'path': '/cdrom'}], + #}, + ], + 'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}], + 'flavor': 'm1.tiny', + 'config_drive': False + } +} + +networks = { 'net1': {'public': False}, 'test-net': {'public': True} } + +params_meta = { + 'LDAP_IP': {'descriptions': {'si': 'IP strežnika', 'en': 'Server IP'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False}, + 'DOMAIN': {'descriptions': {'si': 'Domena (poddomena kpov.lusy.fri.uni-lj.si)', 'en': 'Domain (subdomain of kpov.lusy.fri.uni-lj.si)'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, + 'LDAP_USERNAME': {'descriptions': {'si': 'Uporabniško ime v LDAP', 'en': 'Username in LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, + 'LDAP_PASSWORD': {'descriptions': {'si': 'Geslo v LDAP', 'en': 'LDAP password'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, + 'BIND_USERNAME': {'descriptions': {'si': 'Uporabniško ime za dostop do LDAP (bind)', 'en': 'Bind username in LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True}, + 'BIND_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do LDAP (bind)', 'en': 'Bind password in LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True}, +} + +def task(LDAP_IP, DOMAIN, LDAP_USERNAME, LDAP_PASSWORD, BIND_USERNAME, BIND_PASSWORD): + from pexpect import pxssh + import pexpect + results = dict() + FULLDOMAIN = "dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".format( + **locals()) + BIND_DN = "cn={BIND_USERNAME},ou=Users,{FULLDOMAIN}".format(**locals()) + s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\ + -h {LDAP_IP}".format( + **locals()) + results['ldapsearch_before'] = pexpect.run(s) + s = "ldapmodify -D {BIND_DN} -w {BIND_PASSWORD} -h {LDAP_IP}".format( + **locals()) + modify = pexpect.spawn(s) + FORTUNE = kpov_util.hostname_gen(random.Random(str(LDAP_USERNAME))) + results['fortune'] = FORTUNE + s1 = """ +dn: cn={LDAP_USERNAME},ou=Users,{FULLDOMAIN} +changetype: modify +replace: description +description: {FORTUNE} +""".format(**locals()) + modify.write(s1) + modify.sendeof() + modify.expect(pexpect.EOF) + results['modify'] = modify.before + s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\ + -h {LDAP_IP}".format(**locals()) + results['ldapsearch_after'] = pexpect.run(s) + return results + +def gen_params(user_id, params_meta): + params = dict() + r = random.Random(user_id) + params['DOMAIN'] = kpov_util.hostname_gen(r) + params['LDAP_USERNAME'] = kpov_util.username_gen(r) + params['LDAP_PASSWORD'] = kpov_util.alnum_gen(r, 6) + params['BIND_USERNAME'] = kpov_util.username_gen(r) + params['BIND_PASSWORD'] = kpov_util.alnum_gen(r, 6) + return params + +def task_check(results, params): + import re + score = 0 + hints = [] + s = """.*dn: dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si\r[^#]* +objectClass: top\r +objectClass: dcObject\r +objectClass: organization\r +.*""".format(**params) +#dc: {DOMAIN}\r + if re.match(s, results['ldapsearch_before'], re.DOTALL): + score += 2 + else: + hints += ["domain missing in ldapsearch result"] + s = ".*cn: {}.*".format(re.escape(params['LDAP_USERNAME'])) + if re.search(s, results['ldapsearch_before']): + score += 2 + else: + hints += ["LDAP_USERNAME missing in: " + s + str(results['ldapsearch_before'])] + fortune = kpov_util.hostname_gen(random.Random(str(params['LDAP_USERNAME']))) + s = ".*cn: {0}.*description: {1}.*".format( + re.escape(params['LDAP_USERNAME']), re.escape(fortune)) + if re.match(s, results['ldapsearch_after'], re.DOTALL): + score += 2 + else: + hints += ["description missing after update:" + fortune + "\n" + s + str(results['modify']) + str(results['ldapsearch_after'])] + if results['ldapsearch_before'][:100] == results['ldapsearch_after'][:100]: + score += 2 + else: + hints += ["ldapsearch before equals after. This should not happen."] + s = '.*\r\nmodifying entry "cn={LDAP_USERNAME},ou=Users,dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".*'.format( + **params) + if re.match(s, results['modify'], re.DOTALL): + score += 2 + else: + hints += ['Modify error' + s + str(results['modify'])] + return score, hints + +def prepare_disks(templates, task_params, global_params): + write_default_config(templates['simpleArbiterDhcpGWLDAP'], global_params) -- cgit v1.2.1