download burnlist on start
This commit is contained in:
parent
f94d68ae81
commit
c16036b58d
@ -42,7 +42,7 @@ from twisted.protocols.basic import NetstringReceiver
|
||||
from twisted.internet import reactor, task
|
||||
|
||||
# Things we import from the main hblink module
|
||||
from hblink import HBSYSTEM, OPENBRIDGE, systems, hblink_handler, reportFactory, REPORT_OPCODES, mk_aliases
|
||||
from hblink import HBSYSTEM, OPENBRIDGE, systems, hblink_handler, reportFactory, REPORT_OPCODES, mk_aliases, download_burnlist
|
||||
from dmr_utils3.utils import bytes_3, int_id, get_alias
|
||||
from dmr_utils3 import decode, bptc, const
|
||||
import config
|
||||
@ -1170,4 +1170,9 @@ if __name__ == '__main__':
|
||||
stream_trimmer = stream_trimmer_task.start(5)
|
||||
stream_trimmer.addErrback(loopingErrHandle)
|
||||
|
||||
# Download burn list
|
||||
with open(CONFIG['USER_MANAGER']['BURN_FILE'], 'w') as f:
|
||||
f.write(str(download_burnlist(CONFIG)))
|
||||
|
||||
|
||||
reactor.run()
|
||||
|
@ -150,6 +150,8 @@ APPEND_INT: 1
|
||||
SHARED_SECRET: test
|
||||
# Shorten passphrases to 8 characters
|
||||
SHORTEN_PASSPHRASE: False
|
||||
BURN_FILE: ./burn_ids.txt
|
||||
BURN_INT: 5
|
||||
|
||||
|
||||
# MASTER INSTANCES - DUPLICATE SECTION FOR MULTIPLE MASTERS
|
||||
|
40
hblink.py
40
hblink.py
@ -106,6 +106,23 @@ def acl_check(_id, _acl):
|
||||
return _acl[0]
|
||||
return not _acl[0]
|
||||
|
||||
|
||||
def download_burnlist(_CONFIG):
|
||||
user_man_url = _CONFIG['USER_MANAGER']['URL']
|
||||
shared_secret = _CONFIG['USER_MANAGER']['SHARED_SECRET']
|
||||
burn_check = {
|
||||
'burn_list':True,
|
||||
'secret':shared_secret
|
||||
}
|
||||
json_object = json.dumps(burn_check, indent = 4)
|
||||
try:
|
||||
req = requests.post(user_man_url, data=json_object, headers={'Content-Type': 'application/json'})
|
||||
resp = json.loads(req.text)
|
||||
return resp['burn_list']
|
||||
# For exception, write blank dict
|
||||
except requests.ConnectionError:
|
||||
return {}
|
||||
|
||||
|
||||
#************************************************
|
||||
# OPENBRIDGE CLASS
|
||||
@ -243,7 +260,7 @@ class HBSYSTEM(DatagramProtocol):
|
||||
shared_secret = self._CONFIG['USER_MANAGER']['SHARED_SECRET']
|
||||
#print(int(str(int_id(_id))[:7]))
|
||||
auth_check = {
|
||||
'id':int(str(int_id(_id))[:7]),
|
||||
'login_id':int(str(int_id(_id))[:7]),
|
||||
'secret':shared_secret
|
||||
}
|
||||
json_object = json.dumps(auth_check, indent = 4)
|
||||
@ -257,18 +274,20 @@ class HBSYSTEM(DatagramProtocol):
|
||||
def calc_passphrase(self, peer_id, _salt_str):
|
||||
burn_id = ast.literal_eval(os.popen('cat ' + self._CONFIG['USER_MANAGER']['BURN_FILE']).read())
|
||||
peer_id_trimmed = int(str(int_id(peer_id))[:7])
|
||||
#print(self._CONFIG)
|
||||
try:
|
||||
#print(self.ums_response)
|
||||
if self.ums_response['mode'] == 'legacy':
|
||||
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
|
||||
if self.ums_response['mode'] == 'override':
|
||||
_calc_hash = bhex(sha256(_salt_str+str.encode(self.ums_response['value'])).hexdigest())
|
||||
if self.ums_response['mode'] == 'normal':
|
||||
_new_peer_id = bytes_4(int(str(int_id(peer_id))[:7]))
|
||||
if peer_id_trimmed in burn_id:
|
||||
logger.info('User ID has been burned. Requiring passphrase version: ' + str(burn_id[peer_id_trimmed]))
|
||||
calc_passphrase = base64.b64encode(bytes.fromhex(str(hex(libscrc.ccitt((_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))))[2:].zfill(4)) + (_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))
|
||||
else:
|
||||
peer_id_trimmed = str(peer_id_trimmed)
|
||||
try:
|
||||
if burn_id[peer_id_trimmed]:
|
||||
logger.info('User ID has been burned. Requiring passphrase version: ' + str(burn_id[peer_id_trimmed]))
|
||||
calc_passphrase = base64.b64encode(bytes.fromhex(str(hex(libscrc.ccitt((_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))))[2:].zfill(4)) + (_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + burn_id[peer_id_trimmed].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['BURN_INT'].to_bytes(2, 'big') + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))
|
||||
except:
|
||||
calc_passphrase = base64.b64encode(bytes.fromhex(str(hex(libscrc.ccitt((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))))[2:].zfill(4)) + (_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))
|
||||
if self._CONFIG['USER_MANAGER']['SHORTEN_PASSPHRASE'] == True:
|
||||
calc_passphrase = calc_passphrase[-8:]
|
||||
@ -484,7 +503,7 @@ class HBSYSTEM(DatagramProtocol):
|
||||
user_auth = False
|
||||
print(user_auth)
|
||||
if self._config['USE_USER_MAN'] == False:
|
||||
print('False')
|
||||
# print('False')
|
||||
if acl_check(_peer_id, self._CONFIG['GLOBAL']['REG_ACL']) and acl_check(_peer_id, self._config['REG_ACL']):
|
||||
user_auth = True
|
||||
if user_auth == True:
|
||||
@ -540,7 +559,7 @@ class HBSYSTEM(DatagramProtocol):
|
||||
|
||||
#print(self.ums_response)
|
||||
if self._config['USE_USER_MAN'] == True:
|
||||
print(self.calc_passphrase(_peer_id, _salt_str))
|
||||
# print(self.calc_passphrase(_peer_id, _salt_str))
|
||||
_calc_hash = self.calc_passphrase(_peer_id, _salt_str)
|
||||
if self._config['USE_USER_MAN'] == False:
|
||||
_calc_hash = bhex(sha256(_salt_str+self._config['PASSPHRASE']).hexdigest())
|
||||
@ -911,6 +930,7 @@ if __name__ == '__main__':
|
||||
|
||||
peer_ids, subscriber_ids, talkgroup_ids = mk_aliases(CONFIG)
|
||||
|
||||
|
||||
# INITIALIZE THE REPORTING LOOP
|
||||
if CONFIG['REPORTS']['REPORT']:
|
||||
report_server = config_reports(CONFIG, reportFactory)
|
||||
@ -929,4 +949,8 @@ if __name__ == '__main__':
|
||||
reactor.listenUDP(CONFIG['SYSTEMS'][system]['PORT'], systems[system], interface=CONFIG['SYSTEMS'][system]['IP'])
|
||||
logger.debug('(GLOBAL) %s instance created: %s, %s', CONFIG['SYSTEMS'][system]['MODE'], system, systems[system])
|
||||
|
||||
# Download burn list
|
||||
with open(CONFIG['USER_MANAGER']['BURN_FILE'], 'w') as f:
|
||||
f.write(str(download_burnlist(CONFIG)))
|
||||
|
||||
reactor.run()
|
||||
|
@ -154,6 +154,10 @@ def create_app():
|
||||
id = db.Column(db.Integer(), primary_key=True)
|
||||
user_id = db.Column(db.Integer(), db.ForeignKey('users.id', ondelete='CASCADE'))
|
||||
role_id = db.Column(db.Integer(), db.ForeignKey('roles.id', ondelete='CASCADE'))
|
||||
class BurnList(db.Model):
|
||||
__tablename__ = 'burn_list'
|
||||
dmr_id = db.Column(db.Integer(), unique=True, primary_key=True)
|
||||
version = db.Column(db.Integer(), primary_key=True)
|
||||
|
||||
# Customize Flask-User
|
||||
class CustomUserManager(UserManager):
|
||||
@ -590,6 +594,31 @@ def create_app():
|
||||
content = content + '''<p style="text-align: center;">Changed password for user: <strong>''' + str(user) + '''</strong></p>\n'''
|
||||
if request.form.get('dmr_ids') != edit_user.dmr_ids:
|
||||
edit_user.dmr_ids = request.form.get('dmr_ids')
|
||||
dmr_auth_dict = ast.literal_eval(request.form.get('dmr_ids'))
|
||||
for id_user in dmr_auth_dict:
|
||||
if isinstance(dmr_auth_dict[id_user], int) == True and dmr_auth_dict[id_user] != 0:
|
||||
#print('burn it')
|
||||
if id_user in get_burnlist():
|
||||
## print('burned')
|
||||
if get_burnlist()[id_user] != dmr_auth_dict[id_user]:
|
||||
## print('update vers')
|
||||
update_burnlist(id_user, dmr_auth_dict[id_user])
|
||||
else:
|
||||
pass
|
||||
## print('no update')
|
||||
else:
|
||||
add_burnlist(id_user, dmr_auth_dict[id_user])
|
||||
## print('not in list, adding')
|
||||
elif isinstance(dmr_auth_dict[id_user], int) == False and id_user in get_burnlist():
|
||||
delete_burnlist(id_user)
|
||||
## print('remove from burn list - string')
|
||||
elif dmr_auth_dict[id_user] == 0:
|
||||
## print('remove from burn list')
|
||||
if id_user in get_burnlist():
|
||||
delete_burnlist(id_user)
|
||||
|
||||
|
||||
|
||||
content = content + '''<p style="text-align: center;">Changed authentication settings for user: <strong>''' + str(user) + '''</strong></p>\n'''
|
||||
db.session.commit()
|
||||
#edit_user = User.query.filter(User.username == request.args.get('callsign')).first()
|
||||
@ -794,9 +823,9 @@ def create_app():
|
||||
u = User.query.filter(User.dmr_ids.contains(request.args.get('dmr_id'))).first()
|
||||
#print(u.dmr_ids)
|
||||
|
||||
if authorized_peer(dmr_id)[1] == '':
|
||||
if authorized_peer(dmr_id)[1] == 0:
|
||||
passphrase = gen_passphrase(dmr_id)
|
||||
elif authorized_peer(dmr_id)[1] == 0:
|
||||
elif authorized_peer(dmr_id)[1] == '':
|
||||
passphrase = legacy_passphrase
|
||||
elif authorized_peer(dmr_id)[1] != '' or authorized_peer(dmr_id)[1] != 0:
|
||||
passphrase = authorized_peer(dmr_id)[1]
|
||||
@ -900,11 +929,58 @@ def create_app():
|
||||
#u_role = UserRoles.query.filter_by(id=u.id).first().role_id
|
||||
#print(u_role)
|
||||
#return str(u)
|
||||
if not u.active:
|
||||
flash('We come in peace', 'success')
|
||||
content = 'hello'
|
||||
## if not u.active:
|
||||
## flash('We come in peace', 'success')
|
||||
## content = 'hello'
|
||||
#add
|
||||
## burn_list = BurnList(
|
||||
## dmr_id=3153595,
|
||||
## version=1,
|
||||
## )
|
||||
## db.session.add(burn_list)
|
||||
## db.session.commit()
|
||||
##
|
||||
#generate dict
|
||||
b = BurnList.query.all()
|
||||
print(b)
|
||||
burn_dict = {}
|
||||
for i in b:
|
||||
print(i.dmr_id)
|
||||
burn_dict[i.dmr_id] = i.version
|
||||
content = burn_dict
|
||||
# delete
|
||||
## delete_b = BurnList.query.filter_by(dmr_id=3153591).first()
|
||||
## db.session.delete(delete_b)
|
||||
## db.session.commit()
|
||||
|
||||
return render_template('flask_user_layout.html', markup_content = Markup(content))
|
||||
|
||||
|
||||
def get_burnlist():
|
||||
b = BurnList.query.all()
|
||||
print(b)
|
||||
burn_dict = {}
|
||||
for i in b:
|
||||
print(i.dmr_id)
|
||||
burn_dict[i.dmr_id] = i.version
|
||||
return burn_dict
|
||||
|
||||
def add_burnlist(_dmr_id, _version):
|
||||
burn_list = BurnList(
|
||||
dmr_id=_dmr_id,
|
||||
version=_version,
|
||||
)
|
||||
db.session.add(burn_list)
|
||||
db.session.commit()
|
||||
|
||||
def update_burnlist(_dmr_id, _version):
|
||||
update_b = BurnList.query.filter_by(dmr_id=_dmr_id).first()
|
||||
update_b.version=_version
|
||||
db.session.commit()
|
||||
def delete_burnlist(_dmr_id):
|
||||
delete_b = BurnList.query.filter_by(dmr_id=_dmr_id).first()
|
||||
db.session.delete(delete_b)
|
||||
db.session.commit()
|
||||
|
||||
|
||||
@app.route('/add_user', methods=['POST', 'GET'])
|
||||
@login_required
|
||||
@ -977,56 +1053,63 @@ def create_app():
|
||||
@app.route('/auth', methods=['POST'])
|
||||
def auth():
|
||||
hblink_req = request.json
|
||||
#print((hblink_req))
|
||||
print((hblink_req))
|
||||
if hblink_req['secret'] in shared_secrets:
|
||||
if type(hblink_req['id']) == int:
|
||||
if authorized_peer(hblink_req['id'])[0]:
|
||||
if authorized_peer(hblink_req['id'])[1] == 0:
|
||||
mmdvm_logins.append([hblink_req['id'], authorized_peer(hblink_req['id'])[2], authorized_peer(hblink_req['id'])[1], 'Legacy', time.time()])
|
||||
response = jsonify(
|
||||
allow=True,
|
||||
mode='legacy',
|
||||
)
|
||||
elif authorized_peer(hblink_req['id'])[1] == '':
|
||||
# normal
|
||||
mmdvm_logins.append([hblink_req['id'], authorized_peer(hblink_req['id'])[2], authorized_peer(hblink_req['id'])[1], 'Calculated', time.time()])
|
||||
response = jsonify(
|
||||
allow=True,
|
||||
mode='normal',
|
||||
)
|
||||
elif authorized_peer(hblink_req['id'])[1] != '' or authorized_peer(hblink_req['id'])[1] != 0:
|
||||
mmdvm_logins.append([hblink_req['id'], authorized_peer(hblink_req['id'])[2], authorized_peer(hblink_req['id'])[1], 'Custom', time.time()])
|
||||
print(authorized_peer(hblink_req['id']))
|
||||
response = jsonify(
|
||||
allow=True,
|
||||
mode='override',
|
||||
value=authorized_peer(hblink_req['id'])[1]
|
||||
if 'login_id' in hblink_req:
|
||||
if type(hblink_req['login_id']) == int:
|
||||
if authorized_peer(hblink_req['login_id'])[0]:
|
||||
if isinstance(authorized_peer(hblink_req['login_id'])[1], int) == True:
|
||||
mmdvm_logins.append([hblink_req['login_id'], authorized_peer(hblink_req['login_id'])[2], authorized_peer(hblink_req['login_id'])[1], 'Calculated', time.time()])
|
||||
response = jsonify(
|
||||
allow=True,
|
||||
mode='normal',
|
||||
)
|
||||
if authorized_peer(hblink_req['id'])[0] == False:
|
||||
mmdvm_logins.append([hblink_req['id'], 'Not registered', 'None', 'Not authorized', time.time()])
|
||||
response = jsonify(
|
||||
allow=False)
|
||||
if not type(hblink_req['id']) == int:
|
||||
user = hblink_req['id']
|
||||
u = User.query.filter_by(username=user).first()
|
||||
|
||||
if not u:
|
||||
msg = jsonify(auth=False,
|
||||
reason='User not found')
|
||||
response = make_response(msg, 401)
|
||||
if u:
|
||||
u_role = UserRoles.query.filter_by(user_id=u.id).first()
|
||||
password = user_manager.verify_password(hblink_req['password'], u.password)
|
||||
if u_role.role_id == 2:
|
||||
role = 'user'
|
||||
if u_role.role_id == 1:
|
||||
role = 'admin'
|
||||
if password:
|
||||
response = jsonify(auth=True, role=role)
|
||||
else:
|
||||
elif authorized_peer(hblink_req['login_id'])[1] == '':
|
||||
# normal
|
||||
mmdvm_logins.append([hblink_req['login_id'], authorized_peer(hblink_req['login_id'])[2], authorized_peer(hblink_req['login_id'])[1], 'Legacy', time.time()])
|
||||
response = jsonify(
|
||||
allow=True,
|
||||
mode='legacy',
|
||||
)
|
||||
elif authorized_peer(hblink_req['login_id'])[1] != '' or isinstance(authorized_peer(hblink_req['login_id'])[1], int) == False:
|
||||
mmdvm_logins.append([hblink_req['login_id'], authorized_peer(hblink_req['login_id'])[2], authorized_peer(hblink_req['login_id'])[1], 'Custom', time.time()])
|
||||
print(authorized_peer(hblink_req['login_id']))
|
||||
response = jsonify(
|
||||
allow=True,
|
||||
mode='override',
|
||||
value=authorized_peer(hblink_req['login_id'])[1]
|
||||
)
|
||||
if authorized_peer(hblink_req['login_id'])[0] == False:
|
||||
mmdvm_logins.append([hblink_req['login_id'], 'Not registered', 'None', 'Not authorized', time.time()])
|
||||
response = jsonify(
|
||||
allow=False)
|
||||
elif not type(hblink_req['login_id']) == int:
|
||||
user = hblink_req['login_id']
|
||||
u = User.query.filter_by(username=user).first()
|
||||
|
||||
if not u:
|
||||
msg = jsonify(auth=False,
|
||||
reason='Incorrect password')
|
||||
reason='User not found')
|
||||
response = make_response(msg, 401)
|
||||
if u:
|
||||
u_role = UserRoles.query.filter_by(user_id=u.id).first()
|
||||
password = user_manager.verify_password(hblink_req['password'], u.password)
|
||||
if u_role.role_id == 2:
|
||||
role = 'user'
|
||||
if u_role.role_id == 1:
|
||||
role = 'admin'
|
||||
if password:
|
||||
response = jsonify(auth=True, role=role)
|
||||
else:
|
||||
msg = jsonify(auth=False,
|
||||
reason='Incorrect password')
|
||||
response = make_response(msg, 401)
|
||||
elif hblink_req['burn_list']: # == 'burn_list':
|
||||
print('get burn')
|
||||
print(get_burnlist())
|
||||
response = jsonify(
|
||||
burn_list=get_burnlist()
|
||||
)
|
||||
|
||||
else:
|
||||
message = jsonify(message='Authentication error')
|
||||
|
Loading…
Reference in New Issue
Block a user