|
1
|
# -*- coding: utf-8 -*-
|
|
2
|
#
|
|
3
|
# UnivNautes
|
|
4
|
# Copyright (C) 2014 Entr'ouvert
|
|
5
|
#
|
|
6
|
# This program is free software: you can redistribute it and/or modify it under
|
|
7
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
8
|
# Software Foundation, either version 3 of the License, or (at your option) any
|
|
9
|
# later version.
|
|
10
|
#
|
|
11
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
12
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
13
|
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
14
|
# details.
|
|
15
|
#
|
|
16
|
# You should have received a copy of the GNU Affero General Public License
|
|
17
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
18
|
|
|
19
|
import os
|
|
20
|
import sys
|
|
21
|
import re
|
|
22
|
import xml.etree.ElementTree as ET
|
|
23
|
from operator import itemgetter
|
|
24
|
|
|
25
|
from django.conf import settings
|
|
26
|
|
|
27
|
def root():
|
|
28
|
with open(settings.CONFIG_XML,'r') as f:
|
|
29
|
x = ET.fromstring(f.read())
|
|
30
|
return x
|
|
31
|
|
|
32
|
def laxint(s):
|
|
33
|
try:
|
|
34
|
return int(s)
|
|
35
|
except:
|
|
36
|
return 0
|
|
37
|
|
|
38
|
def get_ca(caref):
|
|
39
|
for ca in root().findall('ca'):
|
|
40
|
if ca.find('refid').text == caref:
|
|
41
|
crt = ca.find('crt')
|
|
42
|
if crt is not None:
|
|
43
|
crt = crt.text.decode('base64')
|
|
44
|
prv = ca.find('prv')
|
|
45
|
if prv is not None:
|
|
46
|
prv = prv.text.decode('base64')
|
|
47
|
return {
|
|
48
|
'caref': caref,
|
|
49
|
'crt': crt,
|
|
50
|
'prv': prv,
|
|
51
|
}
|
|
52
|
return None
|
|
53
|
|
|
54
|
def get_cert(certref):
|
|
55
|
for cert in root().findall('cert'):
|
|
56
|
if cert.find('refid').text == certref:
|
|
57
|
crt = cert.find('crt')
|
|
58
|
if crt is not None:
|
|
59
|
crt = crt.text.decode('base64')
|
|
60
|
prv = cert.find('prv')
|
|
61
|
if prv is not None:
|
|
62
|
prv = prv.text.decode('base64')
|
|
63
|
caref = cert.find('caref')
|
|
64
|
if caref is not None:
|
|
65
|
caref = caref.text
|
|
66
|
descr = cert.find('descr')
|
|
67
|
if descr is not None:
|
|
68
|
descr = descr.text
|
|
69
|
return {
|
|
70
|
'certref': caref,
|
|
71
|
'descr': descr,
|
|
72
|
'caref': caref,
|
|
73
|
'crt': crt,
|
|
74
|
'prv': prv,
|
|
75
|
}
|
|
76
|
return None
|
|
77
|
|
|
78
|
def get_saml_cps():
|
|
79
|
'''
|
|
80
|
returns a list of captive portal with SAML auth_method
|
|
81
|
'''
|
|
82
|
xml_cps = root().find('captiveportal')
|
|
83
|
if xml_cps is None:
|
|
84
|
return []
|
|
85
|
cps = []
|
|
86
|
for xml_cp in xml_cps:
|
|
87
|
name = xml_cp.tag
|
|
88
|
if xml_cp.find('enable') is None:
|
|
89
|
continue
|
|
90
|
auth = xml_cp.find('auth_method')
|
|
91
|
if auth is None or auth.text != 'saml':
|
|
92
|
continue
|
|
93
|
auth = auth.text
|
|
94
|
timeout = xml_cp.find('timeout')
|
|
95
|
if timeout is not None:
|
|
96
|
timeout = laxint(timeout.text)
|
|
97
|
else:
|
|
98
|
timeout = 0
|
|
99
|
idletimeout = xml_cp.find('idletimeout')
|
|
100
|
if idletimeout is not None:
|
|
101
|
idletimeout = laxint(idletimeout.text)
|
|
102
|
else:
|
|
103
|
idletimeout = 0
|
|
104
|
httpsname = xml_cp.find('httpsname')
|
|
105
|
if httpsname is not None:
|
|
106
|
httpsname = httpsname.text
|
|
107
|
cps.append({
|
|
108
|
'name': name,
|
|
109
|
'httpsname': httpsname,
|
|
110
|
'auth_method': auth,
|
|
111
|
'timeout': timeout,
|
|
112
|
'idletimeout': idletimeout,
|
|
113
|
})
|
|
114
|
cps.sort(cps, key=itemgetter('name'))
|
|
115
|
return cps
|
|
116
|
|
|
117
|
def get_sp():
|
|
118
|
sp = root().find('univnautes/sp')
|
|
119
|
if sp is None:
|
|
120
|
return None
|
|
121
|
|
|
122
|
certref = sp.find('certref')
|
|
123
|
if certref is not None:
|
|
124
|
saml_cert = get_cert(certref.text)
|
|
125
|
else:
|
|
126
|
saml_cert = None
|
|
127
|
|
|
128
|
defaultidps = sp.find('defaultidps')
|
|
129
|
if defaultidps is None:
|
|
130
|
defaultidps = []
|
|
131
|
else:
|
|
132
|
defaultidps = defaultidps.text or ''
|
|
133
|
defaultidps = defaultidps.decode('base64').decode('iso-8859-1').splitlines()
|
|
134
|
defaultidps = [ l for l in defaultidps if not re.match('^\s*$', l) ]
|
|
135
|
|
|
136
|
geolocations = sp.find('geolocations')
|
|
137
|
if geolocations is None:
|
|
138
|
geolocations = []
|
|
139
|
else:
|
|
140
|
geolocations = geolocations.text or ''
|
|
141
|
geolocations = geolocations.decode('base64').decode('iso-8859-1').splitlines()
|
|
142
|
geolocations = [ l for l in geolocations if not re.match('^\s*$', l) ]
|
|
143
|
geoinitialbounds = sp.find('geoinitialbounds')
|
|
144
|
if geoinitialbounds is not None:
|
|
145
|
geoinitialbounds = geoinitialbounds.text
|
|
146
|
|
|
147
|
cps = get_saml_cps()
|
|
148
|
if cps:
|
|
149
|
cp = cps[0]
|
|
150
|
else:
|
|
151
|
cp = {}
|
|
152
|
return { 'saml_cert': saml_cert,
|
|
153
|
'cp': cp,
|
|
154
|
'ui': {
|
|
155
|
'defaultidps': defaultidps,
|
|
156
|
'geolocations': geolocations,
|
|
157
|
'geoinitialbounds': geoinitialbounds,
|
|
158
|
},
|
|
159
|
}
|
|
160
|
|