Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adjust central auth policy for IO services a bit #209

Draft
wants to merge 1 commit into
base: edge
Choose a base branch
from
Draft

Adjust central auth policy for IO services a bit #209

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion mig/shared/griddaemons/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/python

Check warning on line 1 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

would reformat
# -*- coding: utf-8 -*-
#
# --- BEGIN_HEADER ---
Expand All @@ -20,12 +20,12 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Check warning on line 23 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

line too long (81 > 80 characters)
#
# -- END_HEADER ---
#

""" MiG daemon auth functions"""

Check warning on line 28 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

No whitespaces allowed surrounding docstring text

Check warning on line 28 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

First line should end with a period (not 's')

import re
import time
Expand All @@ -43,7 +43,7 @@


def valid_twofactor_session(configuration, client_id, addr=None):
"""Check if *client_id* has a valid 2FA session.

Check warning on line 46 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

1 blank line required between summary line and description (found 0)
NOTE:
1) In this first version 2FA sessions are solely activated
through HTTPS 2FA AUTH.
Expand All @@ -63,8 +63,8 @@
return True


def check_twofactor_session(configuration, username, addr, proto):

Check failure on line 66 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

unused function 'check_twofactor_session' (60% confidence)
"""Run any required 2-factor authentication checks for given username and

Check warning on line 67 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

1 blank line required between summary line and description (found 0)

Check warning on line 67 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

First line should end with a period (not 'd')
proto.
First check if site enables twofactor at all and in that case if the user
actually requires it for given proto. Finally check the validity of the
Expand Down Expand Up @@ -114,7 +114,7 @@
# logger.debug("user %s does not require twofactor for %s" \
# % (client_id, proto))
return True
# logger.debug("check required 2FA session in %s for %s" % (proto, username))

Check warning on line 117 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

line too long (81 > 80 characters)
return valid_twofactor_session(configuration, client_id, addr)


Expand All @@ -127,7 +127,7 @@
log_msg,
notify=True,
hint=None):
"""Log auth messages to auth logger.

Check warning on line 130 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

1 blank line required between summary line and description (found 0)

Check warning on line 130 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

Multi-line docstring closing quotes should be on a separate line
Notify user when log_lvl != 'DEBUG'"""
logger = configuration.logger
auth_logger = configuration.auth_logger
Expand Down Expand Up @@ -173,7 +173,7 @@
return status


def validate_auth_attempt(configuration,

Check failure on line 176 in mig/shared/griddaemons/auth.py

View workflow job for this annotation

GitHub Actions / Style Check Python with Lint 

unused function 'validate_auth_attempt' (60% confidence)
protocol,
authtype,
username,
Expand Down Expand Up @@ -316,6 +316,7 @@
username, ip_addr, auth_msg,
notify=notify, hint=session_hint)
elif invalid_username:
# Drop as this is publicly known to be an invalid user
disconnect = True
if re.match(CRACK_USERNAME_REGEX, username) is not None:
auth_msg = "Crack username detected"
Expand All @@ -332,7 +333,8 @@
authlog(configuration, authlog_lvl, protocol, authtype,
username, ip_addr, auth_msg, notify=notify)
elif invalid_user:
disconnect = True
# Do not indirectly give away information about user non-existence
disconnect = False
auth_msg = "Invalid user"
log_msg = auth_msg + " %s from %s" % (username, ip_addr)
if tcp_port > 0:
Expand Down
Loading