geändert: README.md

geändert: client/client.py gelöscht: lib/__pycache__/crypto_utils.cpython-313.pyc gelöscht: lib/__pycache__/jebp_utils.cpython-313.pyc gelöscht: lib/__pycache__/terminal_table.cpython-313.pyc geändert: lib/jebp_utils.py gelöscht: server/clients_management/chclient.py gelöscht: server/clients_management/rmclient.py neue Datei: server/data/conf/client_admin_rights umbenannt: server/config/clients/fingerprints -> server/data/conf/client_fingerprints neue Datei: server/data/conf/topics geändert: server/server.py neue Datei: server/utils/clients_management/chclient.py neue Datei: server/utils/clients_management/lsclients.py umbenannt: server/clients_management/mkclient.py -> server/utils/clients_management/mkclient.py neue Datei: server/utils/clients_management/rmclient.py umbenannt: server/clients_management/lsclients.py -> server/utils/topics_management/lstopics.py
2026-01-11 12:54:26 +01:00
parent bfec87dde6
commit b1ac351ad1
17 changed files with 341 additions and 73 deletions
@@ -1,19 +0,0 @@
-#!/usr/bin/env python3
-
-import dbm
-import sys
-from cryptography import x509
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-import hashlib
-
-if len(sys.argv) < 2:
-    print(f'{sys.argv[0]}: missing key hash')
-    sys.exit(1)
-
-with dbm.open('server/config/clients/fingerprints', 'c') as db:
-    if bytes.fromhex(sys.argv[1]) not in db.keys():
-        print(f'{sys.argv[0]}: hash not registered')
-        sys.exit(1) 
-    db[bytes.fromhex(sys.argv[1])] = input('New common name: ')
-    db.close()
@@ -1,19 +0,0 @@
-#!/usr/bin/env python3
-
-import sys
-import os
-sys.path.append(os.getcwd())
-import dbm
-from lib.terminal_table import ascii_table
-
-if len(sys.argv) < 2:
-    print(f'{sys.argv[0]}: missing key hash')
-    sys.exit(1)
-
-with dbm.open('server/config/clients/fingerprints', 'c') as db:
-    try:
-        del db[bytes.fromhex(sys.argv[1])]
-    except:
-        print(f'{sys.argv[0]}: hash not registered')
-        sys.exit(1)
-    db.close()
@@ -0,0 +1 @@
+947586a2a725bb7568fe221c9e8b443056df6213979a04ce2f38b82eeb2bd5a6
@@ -26,6 +26,34 @@ VERSION = 'jebp 1.0'
 CERT_FILE = 'server/sec/server.crt.pem'
 CLIENT_CERT_ISSUER_NAME = 'jCloudCA-Root-CA'

+class Client:
+    def __init__(self, fingerprint: bytes, common_name: str, admin: bool = False):
+        self.fingerprint = fingerprint
+        self.common_name = common_name
+        self.admin = admin
+
+def get_client_info(client_fingerprint: bytes):
+    with dbm.open('server/data/conf/client_fingerprints') as db:
+        if client_fingerprint not in db.keys():
+            raise KeyError('Client not registered')
+        common_name = db[client_fingerprint].decode()
+        db.close()
+    with open('server/data/conf/client_admin_rights') as carf:
+        admins = carf.read().split('\n')
+        carf.close()
+    return Client(fingerprint = client_fingerprint, common_name = common_name, admin = client_fingerprint.hex() in admins)
+
+
+def process_command(command, client: Client):
+    print(client.fingerprint, client.common_name, client.admin)
+    response = b''
+    if command[0] == 0x11:
+        if not client.admin:
+            response = b'\xb7'
+    return response
+
+
+
 async def handle_client(reader: asyncio.StreamReader, writer: asyncio.StreamWriter):
    addr = writer.get_extra_info('peername')
    print(f'Connected to {addr}')
@@ -68,16 +96,27 @@ async def handle_client(reader: asyncio.StreamReader, writer: asyncio.StreamWrit

    cert = x509.load_der_x509_certificate(await readmsg(reader, aesgcm, client_nonce))
    key_hash = hashlib.sha256(cert.public_key().public_bytes(encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)).digest()
-    with dbm.open('server/config/clients/fingerprints', 'c') as db:
+    with dbm.open('server/data/conf/client_fingerprints', 'c') as db:
        if key_hash not in db.keys():
+            await sendmsg('ERR', writer, aesgcm, server_nonce)
            raise InvalidCertificateError('client not known')
        if not validate_cert(cert, db[key_hash].decode(), CLIENT_CERT_ISSUER_NAME):
+            await sendmsg('ERR', writer, aesgcm, server_nonce)
            raise InvalidCertificateError('client certificate not trusted')

-    print('Client authenticated')
+    await sendmsg('SCD', writer, aesgcm, server_nonce)
+    print('CLIENT AUTHENTICATED')
+
+    while True:
+        try:
+            await sendmsg(process_command(await readmsg(reader, aesgcm, client_nonce), get_client_info(hashlib.sha256(cert.public_key().public_bytes(encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)).digest())), writer, aesgcm, server_nonce)
+        except Exception as e:
+            print(f'{str(type(e))[8:-2]}: {e}')
+            break

    writer.close()
    await writer.wait_closed()
+    print(f'Connection to {addr} closed')


 async def main():
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+
+import dbm
+import sys
+from cryptography import x509
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization
+import hashlib
+import os
+
+if len(sys.argv) < 2:
+    print(f'{sys.argv[0]}: missing key hash')
+    sys.exit(1)
+
+with dbm.open('server/data/conf/client_fingerprints', 'c') as db:
+    if bytes.fromhex(sys.argv[1]) not in db.keys():
+        print(f'{sys.argv[0]}: hash not registered')
+        sys.exit(1) 
+    db[bytes.fromhex(sys.argv[1])] = input(f'New common name [{db[bytes.fromhex(sys.argv[1])].decode()}]: ') or db[bytes.fromhex(sys.argv[1])]
+    db.close()
+
+if os.path.exists('server/data/conf/locks/client_admin_rights.lock'):
+    with open('server/data/conf/locks/client_admin_rights.lock', 'r') as lockf:
+        print(f'{sys.argv[0]}: admin rights file is locked by process {lockf.read()}')
+        lockf.close()
+        sys.exit(1)
+
+try:
+    with open('server/data/conf/locks/client_admin_rights.lock', 'w') as lockf:
+        lockf.write(str(os.getpid()))
+        lockf.close()
+
+    with open('server/data/conf/client_admin_rights', 'r') as carf:
+        admins = {kh for kh in carf.read().split('\n') if kh}
+        carf.close()
+
+    admin = input(f'Is admin (y/n) [{'y' if sys.argv[1] in admins else 'n'}]: ') or ('y' if sys.argv[1] in admins else 'n')
+    if admin == 'y':
+        admin = True
+    else:
+        admin = False
+    if admin:
+        if sys.argv[1] not in admins:
+            print(f'Added {sys.argv[1]} to the admins')
+        admins.add(sys.argv[1])
+    else:
+        try:
+            admins.remove(sys.argv[1])
+        except KeyError:
+            pass
+    with open('server/data/conf/client_admin_rights', 'w') as carf:
+        carf.write('\n'.join(admins))
+        carf.close()
+
+finally:
+    os.remove('server/data/conf/locks/client_admin_rights.lock')
@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+
+import sys
+import os
+sys.path.append(os.getcwd())
+import dbm
+from lib.terminal_table import ascii_table
+
+with open('server/data/conf/client_admin_rights', 'r') as carf:
+    admins = {kh for kh in carf.read().split('\n') if kh}
+    carf.close()
+
+with dbm.open('server/data/conf/client_fingerprints', 'c') as db:
+    print(ascii_table([{
+        'Key Hash': k.hex(),
+        'Common name': v.decode(),
+        'Is admin': 'yes' if k.hex() in admins else 'no'
+    } for k, v in db.items()], ))
+    db.close()
@@ -17,6 +17,6 @@ except:
    print(f'{sys.argv[0]}: invalid certificate')
    sys.exit(1)

-with dbm.open('server/config/clients/fingerprints', 'c') as db:
+with dbm.open('server/data/conf/client_fingerprints', 'c') as db:
    db[hashlib.sha256(cert.public_key().public_bytes(encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo)).digest()] = sys.argv[1]
    db.close()
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+
+import sys
+import os
+sys.path.append(os.getcwd())
+import dbm
+from lib.terminal_table import ascii_table
+
+if len(sys.argv) < 2:
+    print(f'{sys.argv[0]}: missing key hash')
+    sys.exit(1)
+
+with dbm.open('server/data/conf/client_fingerprints', 'c') as db:
+    try:
+        del db[bytes.fromhex(sys.argv[1])]
+    except:
+        print(f'{sys.argv[0]}: hash not registered')
+        sys.exit(1)
+    db.close()
+
+if os.path.exists('server/data/conf/locks/client_admin_rights.lock'):
+    with open('server/data/conf/locks/client_admin_rights.lock', 'r') as lockf:
+        print(f'{sys.argv[0]}: admin rights file is locked by process {lockf.read()}')
+        lockf.close()
+        sys.exit(1)
+
+try:
+    with open('server/data/conf/locks/client_admin_rights.lock', 'w') as lockf:
+        lockf.write(str(os.getpid()))
+        lockf.close()
+
+    with open('server/data/conf/client_admin_rights', 'r') as carf:
+        admins = {kh for kh in carf.read().split('\n') if kh}
+        carf.close()
+
+    if sys.argv[1] in admins:
+        admins.remove(sys.argv[1])
+        with open('server/data/conf/client_admin_rights', 'w') as carf:
+            carf.write('\n'.join(admins))
+            carf.close()
+
+finally:
+    os.remove('server/data/conf/locks/client_admin_rights.lock')
@@ -5,10 +5,11 @@ import os
 sys.path.append(os.getcwd())
 import dbm
 from lib.terminal_table import ascii_table
+import pickle

-with dbm.open('server/config/clients/fingerprints', 'c') as db:
+with dbm.open('server/data/conf/topics', 'c') as db:
    print(ascii_table([{
-        'Key Hash': k.hex(),
-        'Common name': v.decode()
+        'Name': k.decode(),
+        'Partitions': str(pickle.loads(v['partitions'])),
    } for k, v in db.items()], ))
    db.close()
				`@@ -0,0 +1 @@`
				`947586a2a725bb7568fe221c9e8b443056df6213979a04ce2f38b82eeb2bd5a6`