X-Git-Url: https://git.ucc.asn.au/?p=uccvend-vendserver.git;a=blobdiff_plain;f=VendServer%2FOpenDispense.py;h=6b93058b19e0dac3bf1b9a921f8e5229ed736f05;hp=a802e78277ec8091df4aa820a937c92798b7722f;hb=HEAD;hpb=1290fcdd454618a5b61f27d81d3312d95d933206 diff --git a/VendServer/OpenDispense.py b/VendServer/OpenDispense.py index a802e78..6b93058 100644 --- a/VendServer/OpenDispense.py +++ b/VendServer/OpenDispense.py @@ -20,6 +20,13 @@ from LDAPConnector import get_uid,get_uname, set_card_id DISPENSE_ENDPOINT = ("localhost", 11020) DISPSRV_MIFARE = True +# A list of cards that should never be registered, and should never log in +# - Some of these might have been registered before we knew they were duplicates +CARD_BLACKLIST = [ + 'AAAAAA==', # All zeroes, don't allow that. + 'ISIjJA==', # CommBank credit cards + ] + class OpenDispense(DispenseInterface): _username = "" _disabled = True @@ -30,6 +37,41 @@ class OpenDispense(DispenseInterface): pass def authUserIdPin(self, userId, pin): + return self.authUserIdPin_db(userId, pin) + #return self.authUserIdPin_file(userId, pin) + + def authUserIdPin_db(self, userId, pin): + userId = int(userId) + + try: + # Get username (TODO: Store the user ID in the dispense database too) + info = pwd.getpwuid(userId) + except KeyError: + logging.info('getting pin for uid %d: user not in password file'%userId) + return False + + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) + sock.connect(DISPENSE_ENDPOINT) + logging.debug('connected to dispsrv') + sockf = sock.makefile() + sockf.write("AUTHIDENT\n"); sockf.flush() + rsp = sockf.readline() + assert "200" in rsp + logging.debug('authenticated') + sockf.write("PIN_CHECK %s %s\n" % (info.pw_name, pin)); sockf.flush() + rsp = sockf.readline() + if not "200" in rsp: + logging.info('checking pin for uid %d: Server said no - %r' % (userId, rsp)) + return False + #Login Successful + logging.info('accepted pin for uid %d \'%s\'' % (userId, info.pw_name)) + self._userid = userId + self._loggedIn = True + self._disabled = False + self._username = info.pw_name + return True + + def authUserIdPin_file(self, userId, pin): userId = int(userId) try: @@ -76,6 +118,10 @@ class OpenDispense(DispenseInterface): self._username = None if DISPSRV_MIFARE: card_base64 = base64.b64encode(cardId) + + if card_base64 in CARD_BLACKLIST: + logging.info("Blacklisted card base64:%s" % (card_base64,)) + return False sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) sock.connect(DISPENSE_ENDPOINT) @@ -88,16 +134,21 @@ class OpenDispense(DispenseInterface): sockf.write("AUTHCARD %s\n" % (card_base64,)); sockf.flush() rsp = sockf.readline() if not "200" in rsp: - return False + logging.info("Rejected card base64:%s" % (card_base64,)) + return False username = rsp.split('=')[1].strip() + logging.info("Accepted card base64:%s for %s" % (card_base64,username,)) - # Check for thier username - try: - # Get info from the system (by username) - info = pwd.getpwnam(username) - except KeyError: - logging.info('getting info for user \'%s\': user not in password file' % (username,)) - return False + ## Check for thier username + #try: + # # Get info from the system (by username) + # info = pwd.getpwnam(username) + #except KeyError: + # logging.info('getting info for user \'%s\': user not in password file' % (username,)) + # return False + #self._userid = info.pw_uid + self._userid = None + self._username = username else: # Get the users ID self._userid = get_uid(cardId) @@ -109,13 +160,13 @@ class OpenDispense(DispenseInterface): except KeyError: logging.info('getting info for uid %d: user not in password file' % (self._userid,)) return False + self._username = info.pw_name # If we get this far all is good self._loggedIn = True self._disabled = False - self._userid = info.pw_uid - self._username = info.pw_name return True + def logOut(self): self._loggedIn = False self._disabled = False @@ -127,7 +178,10 @@ class OpenDispense(DispenseInterface): return False if DISPSRV_MIFARE: card_base64 = base64.b64encode(cardId) - logging.info('Enrolling card %s to uid %s (%s)' % (cardId, self._userId, self._username)) + if card_base64 in CARD_BLACKLIST: + logging.info("Blacklisted card base64:%s" % (card_base64,)) + return False + logging.info('Enrolling card base64:%s to uid %s (%s)' % (card_base64, self._userId, self._username)) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) sock.connect(DISPENSE_ENDPOINT) sockf = sock.makefile() @@ -226,3 +280,5 @@ class OpenDispenseMapping(): print(map) return map + +# vim: noexpandtab ts=4 sw=4