1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# kpov_random_helpers should be imported by add_assignment.py
# Poveži se na strežnik LDAP prek spletnega vmesnika. Ustvari uporabnika z danim imenom in geslom.
# Napiši skripto, ki izpiše podatke o tem uporabniku z ldapsearch.
#
# TODO: finish this!
instructions = {
'si':u"""
Ustvari dva navidezna računalnika - SimpleArbiter z diskom simpleArbiterDhcp ter LDAPServer.
Za povezavo na strežnik LDAP lahko uporabiš Jxplorer, kjer tudi ustvariš novega uporabnika z danim imenom in geslom.
Na LDAPServer namesti strežnik LDAP in sicer slapd z apt-get install slapd. Na SimpleArbiter preberi ime domene DOMAIN, uporabniško ime LDAP_USERNAME, geslo LDAP_PASSWORD,
uporabniško ime BIND_USERNAME ter geslo BIND_PASSWORD. Poskrbi, da se bo lahko klient s simpleArbiterDhcp povezal na LDAP strežnik na LDAPServer.
V primeru, da se klient poveže kot BIND_USERNAME z geslom BIND_PASSWORD, naj strežnik omogoči spreminjanje podatkov za objekt
CN=LDAP_USERNAME,ou=Users,DC=DOMAIN,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si ter ustvarjanje novih objektov v DC=DOMAIN,DC=kpov,DC=lusy,DC=fri,DC=uni-lj,DC=si
CN = Common Name
OU = Organizational Unit
DC = Domain Component
Na SimpleArbiter ustvari program, ki bo s pomočjo ldapsearch izpisal seznam lastnosti (otrok), ki jih ima poljuben objekt v domeni DOMAIN.kpov.lusy.fri.uni-lj.si. Ime objekta (CN) naj program sprejme kot prvi argument.
"""
}
computers = {
'LDAPServer': {
'disks': [
{ 'name': 'LDAPServer',
},
#{ 'name': 'CDROM',
# 'options':{'readonly': True},
# 'parts': [],# no parts, no mounting.
#}
],
'network_interfaces': [{'network': 'net1'}],
'flavor': 'm1.tiny',
'config_drive': False
},
'SimpleArbiter': {
'disks': [
{ 'name': 'simpleArbiterDhcp',
# attempt automount
},
#{ 'name': 'CDROM',
# 'options': {'readonly': True},
# 'parts': [{'dev': 'b1', 'path': '/cdrom'}],
#},
],
'network_interfaces': [{'network': 'net1'}, {'network': 'test-net'}],
'flavor': 'm1.tiny',
'config_drive': False
}
}
networks = { 'net1': {'public': False}, 'test-net': {'public': True} }
params_meta = {
'LDAP_IP': {'descriptions': {'si': 'IP strežnika'}, 'w': True, 'public':True, 'type': 'IP', 'generated': False},
'DOMAIN': {'descriptions': {'si': 'Domena (poddomena kpov.lusy.fri.uni-lj.si)'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
'LDAP_USERNAME': {'descriptions': {'si': 'Uporabnisko ime v LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
'LDAP_PASSWORD': {'descriptions': {'si': 'Geslo v LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True},
'BIND_USERNAME': {'descriptions': {'si': 'Uporabnisko ime za dostop do LDAP'}, 'w': False, 'public':True, 'type': 'username', 'generated': True},
'BIND_PASSWORD': {'descriptions': {'si': 'Geslo za dostop do LDAP'}, 'w': False, 'public':True, 'type': 'password', 'generated': True},
}
def task(LDAP_IP, DOMAIN, LDAP_USERNAME, LDAP_PASSWORD, BIND_USERNAME, BIND_PASSWORD):
import pxssh
import pexpect
results = dict()
FULLDOMAIN = "dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".format(
**locals())
BIND_DN = "uid={BIND_USERNAME},ou=Users,{FULLDOMAIN}".format(**locals())
s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\
-h {LDAP_IP}".format(
**locals())
results['ldapsearch_before'] = pexpect.run(s)
s = "ldapmodify -D {BIND_DN} -w {BIND_PASSWORD} -h {LDAP_IP}".format(
**locals())
modify = pexpect.spawn(s)
FORTUNE = kpov_random_helpers.fortune(random.Random(), 20)
results['FORTUNE'] = FORTUNE
s1 = """
dn: uid={LDAP_USERNAME},ou=Users,{FULLDOMAIN}
changetype: modify
replace: description
description: {FORTUNE}
""".format(**locals())
modify.write(s1)
modify.sendeof()
modify.expect(pexpect.EOF)
results['modify'] = modify.before
s = "ldapsearch -D {BIND_DN} -b {FULLDOMAIN} -w {BIND_PASSWORD}\
-h {LDAP_IP}".format(**locals())
results['ldapsearch_after'] = pexpect.run(s)
return results
def gen_params(user_id, params_meta):
params = dict()
r = random.Random(user_id)
params['DOMAIN'] = kpov_random_helpers.hostname_gen(r)
params['LDAP_USERNAME'] = kpov_random_helpers.username_gen(r)
params['LDAP_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6)
params['BIND_USERNAME'] = kpov_random_helpers.username_gen(r)
params['BIND_PASSWORD'] = kpov_random_helpers.alnum_gen(r, 6)
return params
def task_check(results, params):
import re
score = 0
s = """.*dn: dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si\r
objectClass: top\r
objectClass: dcObject\r
objectClass: organization\r
.*""".format(**params)
#dc: {DOMAIN}\r
fortune = results['FORTUNE']
if re.match(s, results['ldapsearch_before'], re.DOTALL):
score += 2
else:
print (s, results['ldapsearch_before'])
s = ".*uid: {}.*".format(re.escape(params['LDAP_USERNAME']))
if re.search(s, results['ldapsearch_before']):
score += 2
else:
print (s, results['ldapsearch_before'])
s = ".*uid: {0}.*description: {1}.*".format(
re.escape(params['LDAP_USERNAME']), re.escape(fortune[:40]))
if re.match(s, results['ldapsearch_after'], re.DOTALL):
score += 2
else:
print (s, results['ldapsearch_after'])
if results['ldapsearch_before'][:100] == results['ldapsearch_after'][:100]:
score += 2
s = '.*\r\nmodifying entry "uid={LDAP_USERNAME},ou=Users,dc={DOMAIN},dc=kpov,dc=lusy,dc=fri,dc=uni-lj,dc=si".*'.format(
**params)
if re.match(s, results['modify'], re.DOTALL):
score += 2
else:
print (s, results['modify'])
return score
def prepare_disks(templates, params):
# d = templates['simpleArbiterDhcp']
pass
|
