Merge remote-tracking branch 'refs/remotes/drebs/feature/add-scripts' into develop

author: Tomás Touceda <chiiph@leap.se> 2014-03-12 16:26:23 -0300
committer: Tomás Touceda <chiiph@leap.se> 2014-03-12 16:26:23 -0300
commit: 9c0020132980ed3608f3d662f2a0df43d44dc042 (patch)
tree: e6047243db5a1630d16849b0449994d0930091c5 /scripts/db_access
parent: a8d002714e4ce2ff487785357cc01d082ffad537 (diff)
parent: 3337f48c810df45aac7d3009b49b4b2a34ef019d (diff)
2 files changed, 187 insertions, 0 deletions
diff --git a/scripts/db_access/client_side_db.py b/scripts/db_access/client_side_db.py
new file mode 100644
index 00000000..15980f5d
--- /dev/null
+++ b/scripts/db_access/client_side_db.py
@@ -0,0 +1,145 @@
+#!/usr/bin/python
+
+# This script gives client-side access to one Soledad user database.
+
+
+import sys
+import os
+import argparse
+import re
+import tempfile
+import getpass
+import requests
+import json
+import srp._pysrp as srp
+import binascii
+
+from leap.common.config import get_path_prefix
+from leap.soledad.client import Soledad
+
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (
+    len(x) % 2 == 0) else binascii.unhexlify('0' + x)
+
+
+def fail(reason):
+    print 'Fail: ' + reason
+    exit(2)
+
+
+def get_api_info(provider):
+    info = requests.get(
+        'https://'+provider+'/provider.json', verify=False).json()
+    return info['api_uri'], info['api_version']
+
+
+def login(username, passphrase, provider, api_uri, api_version):
+    usr = srp.User(username, passphrase, srp.SHA256, srp.NG_1024)
+    auth = None
+    try:
+        auth = authenticate(api_uri, api_version, usr).json()
+    except requests.exceptions.ConnectionError:
+        fail('Could not connect to server.')
+    if 'errors' in auth:
+        fail(str(auth['errors']))
+    return api_uri, api_version, auth
+
+
+def authenticate(api_uri, api_version, usr):
+    api_url = "%s/%s" % (api_uri, api_version)
+    session = requests.session()
+    uname, A = usr.start_authentication()
+    params = {'login': uname, 'A': binascii.hexlify(A)}
+    init = session.post(
+        api_url + '/sessions', data=params, verify=False).json()
+    if 'errors' in init:
+        fail('test user not found')
+    M = usr.process_challenge(
+        safe_unhexlify(init['salt']), safe_unhexlify(init['B']))
+    return session.put(api_url + '/sessions/' + uname, verify=False,
+                       data={'client_auth': binascii.hexlify(M)})
+
+
+def get_soledad_info(username, provider, passphrase, basedir):
+    api_uri, api_version = get_api_info(provider)
+    auth = login(username, passphrase, provider, api_uri, api_version)
+    # get soledad server url
+    service_url = '%s/%s/config/soledad-service.json' % \
+                  (api_uri, api_version)
+    soledad_hosts = requests.get(service_url, verify=False).json()['hosts']
+    hostnames = soledad_hosts.keys()
+    # allow for choosing the host
+    host = hostnames[0]
+    if len(hostnames) > 1:
+        i = 1
+        print "There are many available hosts:"
+        for h in hostnames:
+            print "  (%d) %s.%s" % (i, h, provider)
+            i += 1
+        choice = raw_input("Choose a host to use (default: 1): ")
+        if choice != '':
+            host = hostnames[int(choice) - 1]
+    server_url = 'https://%s:%d/user-%s' % \
+              (soledad_hosts[host]['hostname'], soledad_hosts[host]['port'],
+               auth[2]['id'])
+    # get provider ca certificate
+    ca_cert = requests.get('https://%s/ca.crt' % provider, verify=False).text
+    cert_file = os.path.join(basedir, 'ca.crt')
+    with open(cert_file, 'w') as f:
+      f.write(ca_cert)
+    return auth[2]['id'], server_url, cert_file, auth[2]['token']
+
+
+def get_soledad_instance(username, provider, passphrase, basedir):
+    # setup soledad info
+    uuid, server_url, cert_file, token = \
+        get_soledad_info(username, provider, passphrase, basedir)
+    secrets_path = os.path.join(
+        basedir, '%s.secret' % uuid)
+    local_db_path = os.path.join(
+        basedir, '%s.db' % uuid)
+    # instantiate soledad
+    return Soledad(
+        uuid,
+        unicode(passphrase),
+        secrets_path=secrets_path,
+        local_db_path=local_db_path,
+        server_url=server_url,
+        cert_file=cert_file,
+        auth_token=token)
+
+
+# main program
+
+if __name__ == '__main__':
+
+    class ValidateUserHandle(argparse.Action):
+        def __call__(self, parser, namespace, values, option_string=None):
+            m = re.compile('^([^@]+)@([^@]+\.[^@]+)$')
+            res = m.match(values)
+            if res == None:
+                parser.error('User handle should have the form user@provider.')
+            setattr(namespace, 'username', res.groups()[0])
+            setattr(namespace, 'provider', res.groups()[1])
+
+    # parse command line
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        'user@provider', action=ValidateUserHandle, help='the user handle')
+    parser.add_argument(
+        '-b', dest='basedir', required=False, default=None, help='the user handle')
+    args = parser.parse_args()
+
+    # get the password
+    passphrase = getpass.getpass(
+        'Password for %s@%s: ' % (args.username, args.provider))
+
+    # get the basedir
+    basedir = args.basedir
+    if basedir is None:
+        basedir = tempfile.mkdtemp()
+    print 'Using %s as base directory.' % basedir
+
+    # get the soledad instance
+    s = get_soledad_instance(
+        args.username, args.provider, passphrase, basedir)
diff --git a/scripts/db_access/server_side_db.py b/scripts/db_access/server_side_db.py
new file mode 100644
index 00000000..18641a0f
--- /dev/null
+++ b/scripts/db_access/server_side_db.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python
+
+# This script gives server-side access to one Soledad user database by using
+# the configuration stored in /etc/leap/soledad-server.conf.
+#
+# Use it like this:
+# 
+#     python -i server-side-db.py <uuid>
+
+import sys
+from ConfigParser import ConfigParser
+
+from leap.soledad.common.couch import CouchDatabase
+
+if len(sys.argv) != 2:
+    print 'Usage: %s <uuid>' % sys.argv[0]
+    exit(1)
+
+uuid = sys.argv[1]
+
+# get couch url
+cp = ConfigParser()
+cp.read('/etc/leap/soledad-server.conf')
+url = cp.get('soledad-server', 'couch_url')
+
+# access user db
+dbname = 'user-%s' % uuid
+db = CouchDatabase(url, dbname)
+
+# get replica info
+replica_uid = db._replica_uid
+gen, docs = db.get_all_docs()
+print "dbname:      %s" % dbname
+print "replica_uid: %s" % replica_uid
+print "generation:  %d" % gen
+
+# get relevant docs
+schemes = map(lambda d: d.content['_enc_scheme'], docs)
+pubenc = filter(lambda d: d.content['_enc_scheme'] == 'pubkey', docs)
+
+print "total number of docs:  %d" % len(docs)
+print "pubkey encrypted docs: %d" % len(pubenc)
author	Tomás Touceda <chiiph@leap.se>	2014-03-12 16:26:23 -0300
committer	Tomás Touceda <chiiph@leap.se>	2014-03-12 16:26:23 -0300
commit	9c0020132980ed3608f3d662f2a0df43d44dc042 (patch)
tree	e6047243db5a1630d16849b0449994d0930091c5 /scripts/db_access
parent	a8d002714e4ce2ff487785357cc01d082ffad537 (diff)
parent	3337f48c810df45aac7d3009b49b4b2a34ef019d (diff)