Modification for database management on enterprise version

LibrIT · Feb 5, 2020 · 6d7c2a8 · 6d7c2a8
1 parent 43c3465
commit 6d7c2a8
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 1 deletion.
diff --git a/passhportd/app/models_mod/exttargetaccess.py b/passhportd/app/models_mod/exttargetaccess.py
@@ -10,6 +10,7 @@ class Exttargetaccess(db.Model):
     stopdate  = db.Column(db.String(50), index=True)
     userip    = db.Column(db.String(20), index=True)
     proxy_ip  = db.Column(db.String(20), index=True)
+    proxy_pid = db.Column(db.Integer, index=True, default=0) #0 means closed
     proxy_port= db.Column(db.Integer, index=True)
 
     # Relations
@@ -25,6 +26,7 @@ def __repr__(self):
         output.append("User IP : {}".format(self.userip))
         output.append("User   : {}".format(self.user[0].show_name()))
         output.append("Target : {}".format(self.target[0].show_name()))
+        output.append("PID : {}".format(self.proxy_pid))
         return "\n".join(output)
 
 
@@ -62,3 +64,8 @@ def show_targetname(self):
         if self.target:
             return self.target[0].show_name()
         return "None"
+
+
+    def set_proxy_pid(self, pid):
+        self.proxy_pid = pid
+        return self
diff --git a/passhportd/app/views_mod/target/api.py b/passhportd/app/views_mod/target/api.py
@@ -48,7 +48,8 @@ def listexttargetaccess(username):
     query  = db.session.query(exttargetaccess.Exttargetaccess) \
              .filter(exttargetaccess.Exttargetaccess.stopdate > str(now)).all()
 
-    result = [taccess for taccess in query if taccess.show_username() == username]
+    result = [taccess for taccess in query 
+            if taccess.show_username() == username and taccess.proxy_pid != 0 ]
 
     return result
 

diff --git a/passhportd/app/views_mod/target/target.py b/passhportd/app/views_mod/target/target.py
@@ -633,11 +633,13 @@ def extgetaccess(ip, targetname, username):
             return utils.response('ERROR: No user "' + username + \
                               '" in the database ', 417)
 
+        print(output)
         ta = exttargetaccess.Exttargetaccess(
             startdate = startdate,
             stopdate = stopdate,
             userip = ip,
             proxy_ip = output["proxy_ip"],
+            proxy_pid = output["pid"],
             proxy_port = output["proxy_port"])
         ta.addtarget(t)
         ta.adduser(u)
@@ -663,6 +665,63 @@ def extgetaccess(ip, targetname, username):
     return utils.response(response, 200)
 
 
+@app.route("/exttargetaccess/close/<targetname>/<username>")
+def extcloseaccessbyname(targetname, username):
+    """Close a connection determined by target name and user name"""
+    # Determine associated pid
+    et = exttargetaccess.Exttargetaccess
+    pidlist = et.query.filter(and_(et.target.any(name = targetname), 
+                                   et.user.any(name = username),
+                                   et.proxy_pid != 0))
+
+    if not pidlist:
+        return utils.response("Error: this connection is not registered", 400)
+    return extcloseaccess(pidlist[0].proxy_pid, pidlist[0])
+
+
+@app.route("/exttargetaccess/close/<pid>/<extaccess>")
+def extcloseaccess(pid, extaccess):
+    """Close a connection determined by the PID"""
+    #Call the external script
+    process = Popen([config.OPEN_ACCESS_PATH, 
+                    "db-close",
+                    str(pid)], stdout=PIPE)
+
+    (output, err) = process.communicate()
+    exit_code = process.wait()
+
+    if exit_code != 0:
+        app.logger.error('External script return ' + str(exit_code))
+        app.logger.error('Output message was' + str(output))
+        return utils.response('ERROR: external script return ' + \
+                               str(exit_code), 500)
+
+    if output:
+        # Transform the ouput on Dict
+        try:
+            output = eval(output)
+        except:
+            app.logger.error("Error on openaccess return: " + str(output))
+            return utils.response('Openaccess script is broken', 400)
+
+        if output["execution_status"] != "OK":
+            app.logger.error("Error on openaccess return: " + str(output))
+            return utils.response('ERROR: connection can not be closed.',
+                                   200)
+
+    # Set the exttargetaccess proxy_pid to 0
+    extaccess.set_proxy_pid(0)
+
+    try:
+        db.session.commit()
+    except exc.SQLAlchemyError as e:
+        return utils.response('ERROR:  impossible to change the pid ' + \
+                    'on extarget with pid: "' + pid + '" -> ' + e.message, 409)
+
+    response = "Connection closed. Click to reopen."
+    return utils.response(response, 200)
+
+
 @app.route("/target/getpassword/<targetname>/<number>")
 @app.route("/target/getpassword/<targetname>")
 def getpassword(targetname, number = 20):