mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-22 13:34:04 +03:00
merged from 2.2
This commit is contained in:
commit
e37b929adc
@ -219,7 +219,7 @@ class UDSClient(QtGui.QMainWindow):
|
||||
QtCore.QTimer.singleShot(10000, self.getTransportData)
|
||||
|
||||
except Exception as e:
|
||||
logger.exception('Got exception executing script:')
|
||||
#logger.exception('Got exception executing script:')
|
||||
self.showError(e)
|
||||
|
||||
def endScript(self):
|
||||
|
@ -46,7 +46,7 @@ logging.basicConfig(
|
||||
filename=logFile,
|
||||
filemode='a',
|
||||
format='%(levelname)s %(asctime)s %(message)s',
|
||||
level=logging.DEBUG
|
||||
level=logging.INFO
|
||||
)
|
||||
|
||||
logger = logging.getLogger('udsclient')
|
||||
|
@ -38,6 +38,7 @@ from uds.models import Authenticator
|
||||
from uds.models import DeployedService
|
||||
from uds.models import Transport
|
||||
from uds.models import TicketStore
|
||||
from uds.core.managers import cryptoManager
|
||||
from uds.core.util.model import processUuid
|
||||
from uds.core.util import tools
|
||||
|
||||
@ -207,7 +208,7 @@ class Tickets(Handler):
|
||||
|
||||
data = {
|
||||
'username': username,
|
||||
'password': password,
|
||||
'password': cryptoManager().encrypt(password),
|
||||
'realname': realname,
|
||||
'groups': groups,
|
||||
'auth': auth.uuid,
|
||||
|
@ -59,7 +59,7 @@ class CacheCleaner(Job):
|
||||
|
||||
class TicketStoreCleaner(Job):
|
||||
|
||||
frecuency = 3600 * 12 # every twelve hours
|
||||
frecuency = 60 # every minute (60 seconds)
|
||||
friendly_name = 'Ticket Storage Cleaner'
|
||||
|
||||
def __init__(self, environment):
|
||||
|
@ -35,6 +35,7 @@ from __future__ import unicode_literals
|
||||
from django.http import HttpResponse
|
||||
from uds.models import TicketStore
|
||||
from uds.core.auths import auth
|
||||
from uds.core.managers import cryptoManager
|
||||
|
||||
import six
|
||||
import logging
|
||||
@ -55,8 +56,11 @@ def dict2resp(dct):
|
||||
def guacamole(request, tunnelId):
|
||||
logger.debug('Received credentials request for tunnel id {0}'.format(tunnelId))
|
||||
|
||||
tunnelId, scrambler = tunnelId.split('.')
|
||||
|
||||
try:
|
||||
val = TicketStore.get(tunnelId, invalidate=False)
|
||||
val['password'] = cryptoManager().xor(val['password'], scrambler)
|
||||
|
||||
response = dict2resp(val)
|
||||
except Exception:
|
||||
|
@ -25,9 +25,9 @@
|
||||
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
"""
|
||||
'''
|
||||
.. moduleauthor:: Adolfo Gómez, dkmaster at dkmon dot com
|
||||
"""
|
||||
'''
|
||||
|
||||
from __future__ import unicode_literals
|
||||
|
||||
@ -45,7 +45,7 @@ import logging
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
__updated__ = '2016-09-16'
|
||||
__updated__ = '2018-07-19'
|
||||
|
||||
|
||||
class TicketStore(UUIDModel):
|
||||
@ -78,7 +78,7 @@ class TicketStore(UUIDModel):
|
||||
|
||||
@staticmethod
|
||||
def generateUuid():
|
||||
# more owner is this:
|
||||
# more secure is this:
|
||||
# ''.join(random.SystemRandom().choice(string.ascii_lowercase + string.digits) for _ in range(40))
|
||||
return cryptoManager().randomString(40)
|
||||
|
||||
@ -91,7 +91,7 @@ class TicketStore(UUIDModel):
|
||||
validator = pickle.dumps(validator)
|
||||
data = pickle.dumps(data)
|
||||
if secure:
|
||||
data = cryptoManager().encrypt(data)
|
||||
pass
|
||||
|
||||
return TicketStore.objects.create(stamp=getSqlDatetime(), data=data, validator=validator, validity=validity, owner=owner).uuid
|
||||
|
||||
@ -106,16 +106,16 @@ class TicketStore(UUIDModel):
|
||||
|
||||
data = pickle.dumps(data)
|
||||
if secure:
|
||||
data = cryptoManager().encrypt()
|
||||
pass
|
||||
|
||||
try:
|
||||
t = TicketStore.objects.get(uuid=uuid, owner=owner)
|
||||
t.data = data
|
||||
t = TicketStore.objects.get(uuid=uuid)
|
||||
t.data = pickle.dumps(data)
|
||||
t.stamp = getSqlDatetime()
|
||||
t.validity = validity
|
||||
t.save()
|
||||
except TicketStore.DoesNotExist:
|
||||
t = TicketStore.objects.create(uuid=uuid, stamp=getSqlDatetime(), data=data, validator=validator, validity=validity, owner=owner)
|
||||
t = TicketStore.objects.create(uuid=uuid, stamp=getSqlDatetime(), data=pickle.dumps(data), validator=validator, validity=validity)
|
||||
|
||||
@staticmethod
|
||||
def get(uuid, invalidate=True, owner=None, secure=False):
|
||||
@ -128,10 +128,8 @@ class TicketStore(UUIDModel):
|
||||
if t.stamp + validity < now:
|
||||
raise TicketStore.InvalidTicket('Not valid anymore')
|
||||
|
||||
if secure is True:
|
||||
data = pickle.loads(cryptoManager().decrypt(t.data))
|
||||
else:
|
||||
data = pickle.loads(t.data)
|
||||
# if secure: TODO
|
||||
data = pickle.loads(t.data)
|
||||
|
||||
# If has validator, execute it
|
||||
if t.validator is not None:
|
||||
@ -161,10 +159,13 @@ class TicketStore(UUIDModel):
|
||||
|
||||
@staticmethod
|
||||
def cleanup():
|
||||
from datetime import timedelta
|
||||
now = getSqlDatetime()
|
||||
cleanSince = now - datetime.timedelta(seconds=TicketStore.MAX_VALIDITY)
|
||||
for v in TicketStore.objects.all():
|
||||
if now > v.stamp + timedelta(seconds=v.validity):
|
||||
v.delete()
|
||||
cleanSince = now - datetime.timedelta(seconds=TicketStore.MAX_VALIDITY)
|
||||
number = TicketStore.objects.filter(stamp__lt=cleanSince).delete()
|
||||
logger.debug('Cleaned {} tickets'.format(number))
|
||||
|
||||
def __unicode__(self):
|
||||
if self.validator is not None:
|
||||
|
@ -44,6 +44,7 @@ from uds.core.transports.BaseTransport import TUNNELED_GROUP
|
||||
from uds.core.transports import protocols
|
||||
from uds.core.util import connection
|
||||
from uds.core.util import OsDetector
|
||||
from uds.core.managers import cryptoManager
|
||||
from uds.models import TicketStore
|
||||
|
||||
import logging
|
||||
@ -192,12 +193,15 @@ class HTML5RDPTransport(Transport):
|
||||
if domain != '':
|
||||
username = domain + '\\' + username
|
||||
|
||||
scrambler = cryptoManager().randomString(32)
|
||||
passwordCrypted = cryptoManager().xor(password, scrambler)
|
||||
|
||||
# Build params dict
|
||||
params = {
|
||||
'protocol': 'rdp',
|
||||
'hostname': ip,
|
||||
'username': username,
|
||||
'password': password,
|
||||
'password': passwordCrypted,
|
||||
'ignore-cert': 'true',
|
||||
'security': self.security.value,
|
||||
'drive-path': '/share/{}'.format(user.uuid),
|
||||
@ -229,4 +233,5 @@ class HTML5RDPTransport(Transport):
|
||||
|
||||
ticket = TicketStore.create(params, validity=self.ticketValidity.num())
|
||||
|
||||
return HttpResponseRedirect("{}/transport/?{}&{}".format(self.guacamoleServer.value, ticket, request.build_absolute_uri(reverse('Index'))))
|
||||
return HttpResponseRedirect("{}/transport/?{}.{}&{}".format(self.guacamoleServer.value, ticket, scrambler, request.build_absolute_uri(reverse('Index'))))
|
||||
|
||||
|
@ -27,9 +27,9 @@
|
||||
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
"""
|
||||
'''
|
||||
@author: Adolfo Gómez, dkmaster at dkmon dot com
|
||||
"""
|
||||
'''
|
||||
from __future__ import unicode_literals
|
||||
from django.utils.translation import ugettext_noop as _
|
||||
from uds.core.managers.UserPrefsManager import CommonPrefs
|
||||
@ -44,14 +44,14 @@ logger = logging.getLogger(__name__)
|
||||
|
||||
READY_CACHE_TIMEOUT = 30
|
||||
|
||||
__updated__ = '2018-05-18'
|
||||
__updated__ = '2018-07-19'
|
||||
|
||||
|
||||
class RDPTransport(BaseRDPTransport):
|
||||
"""
|
||||
'''
|
||||
Provides access via RDP to service.
|
||||
This transport can use an domain. If username processed by authenticator contains '@', it will split it and left-@-part will be username, and right password
|
||||
"""
|
||||
'''
|
||||
typeName = _('RDP')
|
||||
typeType = 'RDPTransport'
|
||||
typeDescription = _('RDP Protocol. Direct connection.')
|
||||
@ -104,7 +104,7 @@ class RDPTransport(BaseRDPTransport):
|
||||
r.domain = domain
|
||||
r.redirectPrinters = self.allowPrinters.isTrue()
|
||||
r.redirectSmartcards = self.allowSmartcards.isTrue()
|
||||
r.redirectDrives = self.allowDrives.isTrue()
|
||||
r.redirectDrives = self.allowDrives.value
|
||||
r.redirectHome = self.redirectHome.isTrue()
|
||||
r.redirectSerials = self.allowSerials.isTrue()
|
||||
r.enableClipboard = self.allowClipboard.isTrue()
|
||||
|
@ -27,9 +27,9 @@
|
||||
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
"""
|
||||
'''
|
||||
@author: Adolfo Gómez, dkmaster at dkmon dot com
|
||||
"""
|
||||
'''
|
||||
from __future__ import unicode_literals
|
||||
from django.utils.translation import ugettext_noop as _
|
||||
from uds.core.managers.UserPrefsManager import CommonPrefs
|
||||
@ -48,7 +48,7 @@ import logging
|
||||
import random
|
||||
import string
|
||||
|
||||
__updated__ = '2018-05-18'
|
||||
__updated__ = '2018-07-19'
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@ -56,10 +56,10 @@ READY_CACHE_TIMEOUT = 30
|
||||
|
||||
|
||||
class TRDPTransport(BaseRDPTransport):
|
||||
"""
|
||||
'''
|
||||
Provides access via RDP to service.
|
||||
This transport can use an domain. If username processed by authenticator contains '@', it will split it and left-@-part will be username, and right password
|
||||
"""
|
||||
'''
|
||||
typeName = _('RDP')
|
||||
typeType = 'TSRDPTransport'
|
||||
typeDescription = _('RDP Protocol. Tunneled connection.')
|
||||
@ -132,7 +132,7 @@ class TRDPTransport(BaseRDPTransport):
|
||||
r.domain = domain
|
||||
r.redirectPrinters = self.allowPrinters.isTrue()
|
||||
r.redirectSmartcards = self.allowSmartcards.isTrue()
|
||||
r.redirectDrives = self.allowDrives.isTrue()
|
||||
r.redirectDrives = self.allowDrives.value
|
||||
r.redirectHome = self.redirectHome.isTrue()
|
||||
r.redirectSerials = self.allowSerials.isTrue()
|
||||
r.enableClipboard = self.allowClipboard.isTrue()
|
||||
|
@ -10,8 +10,8 @@ from uds import tools # @UnresolvedImport
|
||||
|
||||
import six
|
||||
|
||||
thePass = six.binary_type('{m.password}'.encode('UTF-16LE'))
|
||||
try:
|
||||
thePass = six.binary_type("""{m.password}""".encode('UTF-16LE'))
|
||||
password = win32crypt.CryptProtectData(thePass, None, None, None, None, 0x01).encode('hex')
|
||||
except Exception:
|
||||
# Cannot encrypt for user, trying for machine
|
||||
|
@ -21,8 +21,8 @@ if forwardThread.status == 2:
|
||||
|
||||
tools.addTaskToWait(forwardThread)
|
||||
|
||||
thePass = six.binary_type('{m.password}'.encode('UTF-16LE'))
|
||||
try:
|
||||
thePass = six.binary_type(sp['password'].encode('UTF-16LE'))
|
||||
password = win32crypt.CryptProtectData(thePass, None, None, None, None, 0x01).encode('hex')
|
||||
except Exception:
|
||||
# Cannot encrypt for user, trying for machine
|
||||
|
@ -152,7 +152,7 @@ def ticketAuth(request, ticketId):
|
||||
auth = data['auth']
|
||||
realname = data['realname']
|
||||
servicePool = data['servicePool']
|
||||
password = data['password']
|
||||
password = cryptoManager().decrypt(data['password'])
|
||||
transport = data['transport']
|
||||
except Exception:
|
||||
logger.error('Ticket stored is not valid')
|
||||
|
Loading…
Reference in New Issue
Block a user