From 6dc7473ab05d14d8c3e7a62a1d2b60600c7f7cc7 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Sun, 8 May 2016 16:12:50 +0200 Subject: [PATCH 1/5] Use JSON Web Signature and Encryption (JWS & JWE) between webvirtcloud and gstfsd --- computes/forms.py | 11 ++++ .../migrations/0002_compute_gstfsd_key.py | 19 +++++++ computes/models.py | 1 + computes/templates/computes.html | 24 ++++++++ computes/templates/create_comp_block.html | 24 ++++++++ computes/views.py | 16 ++++-- conf/daemon/gstfsd | 45 ++++++++++++--- conf/requirements.txt | 1 + instances/views.py | 55 +++++++++++++------ 9 files changed, 166 insertions(+), 30 deletions(-) create mode 100644 computes/migrations/0002_compute_gstfsd_key.py diff --git a/computes/forms.py b/computes/forms.py index a626106c..e08210fc 100644 --- a/computes/forms.py +++ b/computes/forms.py @@ -13,6 +13,8 @@ class ComputeAddTcpForm(forms.Form): max_length=100) password = forms.CharField(error_messages={'required': _('No password has been entered')}, max_length=100) + gstfsd_key = forms.CharField(max_length=256, required=False) + def clean_name(self): name = self.cleaned_data['name'] @@ -49,6 +51,8 @@ class ComputeAddSshForm(forms.Form): max_length=100) login = forms.CharField(error_messages={'required': _('No login has been entered')}, max_length=20) + gstfsd_key = forms.CharField(max_length=256, required=False) + def clean_name(self): name = self.cleaned_data['name'] @@ -87,6 +91,8 @@ class ComputeAddTlsForm(forms.Form): max_length=100) password = forms.CharField(error_messages={'required': _('No password has been entered')}, max_length=100) + gstfsd_key = forms.CharField(max_length=256, required=False) + def clean_name(self): name = self.cleaned_data['name'] @@ -126,6 +132,8 @@ class ComputeEditHostForm(forms.Form): max_length=100) password = forms.CharField(max_length=100) + gstfsd_key = forms.CharField(max_length=256, required=False) + def clean_name(self): name = self.cleaned_data['name'] have_symbol = re.match('[^a-zA-Z0-9._-]+', name) @@ -150,6 +158,9 @@ class ComputeAddSocketForm(forms.Form): name = forms.CharField(error_messages={'required': _('No hostname has been entered')}, max_length=20) + gstfsd_key = forms.CharField(max_length=256, required=False) + + def clean_name(self): name = self.cleaned_data['name'] have_symbol = re.match('[^a-zA-Z0-9._-]+', name) diff --git a/computes/migrations/0002_compute_gstfsd_key.py b/computes/migrations/0002_compute_gstfsd_key.py new file mode 100644 index 00000000..f1c4debe --- /dev/null +++ b/computes/migrations/0002_compute_gstfsd_key.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('computes', '0001_initial'), + ] + + operations = [ + migrations.AddField( + model_name='compute', + name='gstfsd_key', + field=models.CharField(max_length=256, null=True, blank=True), + ), + ] diff --git a/computes/models.py b/computes/models.py index 6ee7de8a..553f0370 100644 --- a/computes/models.py +++ b/computes/models.py @@ -7,6 +7,7 @@ class Compute(models.Model): login = models.CharField(max_length=20) password = models.CharField(max_length=14, blank=True, null=True) type = models.IntegerField() + gstfsd_key = models.CharField(max_length=256, blank=True, null=True) def __unicode__(self): return self.hostname diff --git a/computes/templates/computes.html b/computes/templates/computes.html index 7c1c28f5..70fec700 100644 --- a/computes/templates/computes.html +++ b/computes/templates/computes.html @@ -84,6 +84,12 @@

{% trans "Edit connection" %}

+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+
+
+ +
+ +
+

{% trans "You need shut down your instance and enter a new root password." %}

-
{% csrf_token %} + {% csrf_token %}
- +
{% ifequal status 5 %} From 9db1b060a62c226ef665674f537b347254b608b8 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Tue, 10 May 2016 13:42:11 +0200 Subject: [PATCH 4/5] An empty root password disable the root password --- instances/templates/instance.html | 1 + instances/views.py | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/instances/templates/instance.html b/instances/templates/instance.html index 38b4c334..5c3b73d8 100644 --- a/instances/templates/instance.html +++ b/instances/templates/instance.html @@ -257,6 +257,7 @@

{{ disk.size|filesizeformat }} {% trans "Disk" %}

{% endifequal %} +

{% trans "An empty password disable the root password." %}

diff --git a/instances/views.py b/instances/views.py index d0b47739..fbd8b34b 100644 --- a/instances/views.py +++ b/instances/views.py @@ -288,7 +288,11 @@ def show_clone_disk(disks): if 'rootpasswd' in request.POST: passwd = request.POST.get('passwd', '') - passwd_hash = crypt.crypt(passwd, '$6$kgPoiREy') + if passwd: + passwd_hash = crypt.crypt(passwd, '$6$kgPoiREy') + # if password is empty, disable the root password + else: + passwd_hash = "*" data = {'action': 'password', 'passwd': passwd_hash, 'vname': vname} if conn.get_status() == 5: From 748c167def19eb7c623d41317ab612d4ebd5e9cf Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Tue, 10 May 2016 13:42:48 +0200 Subject: [PATCH 5/5] Genrate random salts fort the root password --- instances/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instances/views.py b/instances/views.py index fbd8b34b..a119fb51 100644 --- a/instances/views.py +++ b/instances/views.py @@ -289,7 +289,7 @@ def show_clone_disk(disks): if 'rootpasswd' in request.POST: passwd = request.POST.get('passwd', '') if passwd: - passwd_hash = crypt.crypt(passwd, '$6$kgPoiREy') + passwd_hash = crypt.crypt(passwd, '$6$%s' % ''.join([choice(letters + digits) for i in xrange(8)])) # if password is empty, disable the root password else: passwd_hash = "*"