Commit 2c1b4bb7 authored by Ziirish's avatar Ziirish

Merge branch 'conventions' into 'master'

rename authentication backends sections

See merge request !98
parents 7b2dc921 c2802e48
Pipeline #1529 failed with stages
in 2 minutes and 12 seconds
......@@ -6,6 +6,7 @@ burpui/RELEASE
devel.sh
*.egg*
.tox
.reports
.coverage
.coveragerc
.ropeproject
......
......@@ -6,6 +6,7 @@ Current
- **BREAKING**: the *single* and *version* options within the ``[Global]`` section have been removed in favor of a new unified *backend* option
- **BREAKING**: a change introduced by `#284 <https://git.ziirish.me/ziirish/burp-ui/issues/284>`_ may return wrong timestamps for backups made with burp-server <= 2.1.10 if your current burp-server is >= 2.1.10
- **BREAKING**: the authentication backends section have been renamed with the ``:AUTH`` suffix
- Add: new `audit logging <https://git.ziirish.me/ziirish/burp-ui/issues/260>`_ system
- Add: new ``bui-monitor`` processes pool + ``async`` backend to parallelize some requests `#278 <https://git.ziirish.me/ziirish/burp-ui/issues/278>`_
- Add: new `listen` and `listen_status` options in burp-2.2.10 `#279 <https://git.ziirish.me/ziirish/burp-ui/issues/279>`_
......
......@@ -11,7 +11,7 @@ class BasicLoader(BUIloader):
"""The :class:`burpui.misc.auth.basic.BasicLoader` class loads the *Basic*
users.
"""
section = name = 'BASIC'
section = name = 'BASIC:AUTH'
def __init__(self, app=None, handler=None):
""":func:`burpui.misc.auth.basic.BasicLoader.__init__` loads users from
......
......@@ -12,25 +12,11 @@ except ImportError:
raise ImportError('Unable to load \'ldap3\' module')
def get_ssl_version(version):
SSL_SUPPORTED = ['SSLv2', 'SSLv3', 'SSLv23', 'TLSv1', 'TLSv1_1', 'TLSv1_2']
if version and version in SSL_SUPPORTED:
try:
return getattr(ssl, 'PROTOCOL_{}'.format(version))
except AttributeError:
idx = SSL_SUPPORTED.index(version) + 1
if idx == len(SSL_SUPPORTED):
return None
return get_ssl_version(SSL_SUPPORTED[idx])
else:
return None
class LdapLoader(BUIloader):
"""The :class:`burpui.misc.auth.ldap.LdapLoader` handles searching for and
binding as a :class:`burpui.misc.auth.ldap.LdapUser` user.
"""
section = name = 'LDAP'
section = name = 'LDAP:AUTH'
def __init__(self, app=None, handler=None):
""":func:`burpui.misc.auth.ldap.LdapLoader.__init__` establishes a
......@@ -53,7 +39,6 @@ class LdapLoader(BUIloader):
'base': None,
'searchattr': 'uid',
'validate': 'none',
'version': None,
'cafile': None,
}
}
......@@ -67,7 +52,6 @@ class LdapLoader(BUIloader):
'binddn': 'binddn',
'bindpw': 'bindpw',
'validate': 'validate',
'version': 'version',
'cafile': 'cafile'
}
conf.update_defaults(defaults)
......@@ -88,9 +72,7 @@ class LdapLoader(BUIloader):
self.validate = getattr(ssl, 'CERT_{}'.format(self.validate.upper()))
else:
self.validate = None
self.version = get_ssl_version(self.version)
if not self.version:
self.logger.warning('No SSL version chosen')
self.version = ssl.OP_NO_SSLv3
self.users = []
self.tls = None
self.ssl = False
......@@ -170,7 +152,7 @@ class LdapLoader(BUIloader):
self.ldap.search(self.base, query, attributes=['cn', self.attr])
r = self.ldap.response
if not r:
raise Exception('no results')
raise ValueError('no results')
except Exception as e:
self.logger.error('Ooops, LDAP lookup failed: {0}'.format(str(e)))
return None
......
......@@ -12,7 +12,7 @@ class LocalLoader(BUIloader):
"""The :class:`burpui.misc.auth.local.LocalLoader` class loads the *Local*
users.
"""
section = name = 'LOCAL'
section = name = 'LOCAL:AUTH'
def __init__(self, app=None, handler=None):
""":func:`burpui.misc.auth.Local.localLoader.__init__` loads users from
......
......@@ -509,7 +509,7 @@ Now you can add *ldap* specific options:
::
# ldapauth specific options
[LDAP]
[LDAP:AUTH]
# Backend priority. Higher is first
priority = 50
# LDAP host
......@@ -524,13 +524,6 @@ Now you can add *ldap* specific options:
# - optional (not required, but validated if provided)
# - required (required and validated)
validate = none
# SSL or TLS version to use, can be one of the following:
# - SSLv2
# - SSLv3
# - SSLv23
# - TLSv1
# - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
version = TLSv1
# the file containing the certificates of the certification authorities
cafile = none
# Attribute to use when searching the LDAP repository
......@@ -573,7 +566,7 @@ Now you can add *basic* specific options:
# basicauth specific options
# Note: in case you leave this section commented, the default login/password
# is admin/admin
[BASIC]
[BASIC:AUTH]
# Backend priority. Higher is first
priority = 100
admin = pbkdf2:sha1:1000$12345678$password
......@@ -608,7 +601,7 @@ Now you can add *local* specific options:
# localauth specific options
# Note: if not running as root, then burp-ui must be run as group 'shadow' to
# allow PAM to work
[LOCAL]
[LOCAL:AUTH]
# Backend priority. Higher is first
priority = 0
# List of local users allowed to login. If you don't set this setting, users
......
......@@ -27,6 +27,10 @@ v0.7.0
`Backend options <advanced_usage.html#options>`__ for details).
The drawback of enabling the ``deep_inspection`` is this requires some extra
work that may slow down burp-ui.
- **Breaking** - the authentication backends section have been renamed with the
``:AUTH`` suffix (so ``BASIC`` becomes ``BASIC:AUTH``, etc.).
Please make sure you rename those sections accordingly so you won't be locked
out.
v0.6.0
------
......
......@@ -223,7 +223,7 @@ max_bytes = 30 * 1024 * 1024
rotate = 5
## ldapauth specific options
#[LDAP]
#[LDAP:AUTH]
## Backend priority. Higher is first
#priority = 50
## LDAP host
......@@ -238,13 +238,6 @@ rotate = 5
## - optional (not required, but validated if provided)
## - required (required and validated)
#validate = none
## SSL or TLS version to use, can be one of the following:
## - SSLv2
## - SSLv3
## - SSLv23
## - TLSv1
## - TLSv1_1 (Available only with openssl version 1.0.1+, requires python 2.7.9 or higher)
#version = TLSv1
## the file containing the certificates of the certification authorities
#cafile = none
## Attribute to use when searching the LDAP repository
......@@ -265,7 +258,7 @@ rotate = 5
## basicauth specific options
## Note: in case you leave this section commented, the default login/password
## is admin/admin
#[BASIC]
#[BASIC:AUTH]
## Backend priority. Higher is first
#priority = 100
#admin = password
......@@ -274,7 +267,7 @@ rotate = 5
## localauth specific options
## Note: if not running as root, then burp-ui must be run as group 'shadow' to
## allow PAM to work
#[LOCAL]
#[LOCAL:AUTH]
## Backend priority. Higher is first
#priority = 0
## List of local users allowed to login. If you don't set this setting, users
......
......@@ -42,7 +42,7 @@ bconfsrv = /dev/null
# Please DO NOT touch the following line
# @salted@
[BASIC]
[BASIC:AUTH]
priority = toto
toto = pbkdf2:sha1:1000$HT0gMoYz$7540515e58f4ba54305664275a14ca5281c5d465
admin = pbkdf2:sha1:1000$Dgq3Nimi$5befb4cf4c3a7da2549679732908df5f0298b016
......@@ -42,6 +42,6 @@ bconfsrv = /dev/null
## Please DO NOT touch the following line
## @salted@
#[BASIC]
#[BASIC:AUTH]
#priority = 100
#admin = pbkdf2:sha1:1000$CgUFdUCs$294cbaaba63ba59eb28e1a9a52263957478cd0e7
......@@ -46,7 +46,7 @@ bconfsrv = this-file-should-not-exist
# Please DO NOT touch the following line
# @salted@
[BASIC]
[BASIC:AUTH]
admin = pbkdf2:sha1:1000$6pirc0vT$f9a6fb8b190d1c511aa9495dc18abb3dbd990d8f
user1 = pbkdf2:sha1:1000$Qz7VdEqR$ecb2025e90516cb379c26d2e0a6b6e74cc6f8b9a
......
......@@ -46,7 +46,7 @@ bconfsrv = this-file-should-not-exist
# Please DO NOT touch the following line
# @salted@
[BASIC]
[BASIC:AUTH]
admin = pbkdf2:sha1:1000$x0FYnJ8G$9a060c5939492f92a1889aa1a87a9647c3ec7a58
user1 = pbkdf2:sha1:1000$Iq2TSyBv$a6c22de68d387946195323f9130029085b9a3707
......
......@@ -46,7 +46,7 @@ bconfsrv = this-file-should-not-exist
# Please DO NOT touch the following line
# @salted@
[BASIC]
[BASIC:AUTH]
admin = pbkdf2:sha1:1000$NQcrMl1z$5687697aa1e2b4febe52741d50bd3265f3c7c99c
user1 = pbkdf2:sha1:1000$vGGwkyTV$7fb645b398a160eb860add362b3e79ae00ab5c86
......
......@@ -44,7 +44,7 @@ bconfcli = this-file-should-not-exist
# burp server configuration file used for the setting page
bconfsrv = this-file-should-not-exist
[BASIC]
[BASIC:AUTH]
admin = admin
user1 = password
......
......@@ -77,7 +77,7 @@ bconfcli = this-file-should-not-exist
# burp server configuration file used for the setting page
bconfsrv = this-file-should-not-exist
[BASIC]
[BASIC:AUTH]
admin = pbkdf2:sha1:1000$07Q0FeKW$eab0bc54b0d2e779081fe85c91ea84a50203d0bf
user1 = pbkdf2:sha1:1000$hWYnkYoh$ba7521104d262bb8cca3095c33ae1a3f19dbb3c7
......
......@@ -77,7 +77,7 @@ bconfcli = this-file-should-not-exist
# burp server configuration file used for the setting page
bconfsrv = this-file-should-not-exist
[BASIC]
[BASIC:AUTH]
admin = pbkdf2:sha1:1000$07Q0FeKW$eab0bc54b0d2e779081fe85c91ea84a50203d0bf
user1 = pbkdf2:sha1:1000$hWYnkYoh$ba7521104d262bb8cca3095c33ae1a3f19dbb3c7
......
......@@ -77,7 +77,7 @@ bconfcli = this-file-should-not-exist
# burp server configuration file used for the setting page
bconfsrv = this-file-should-not-exist
[BASIC]
[BASIC:AUTH]
admin = pbkdf2:sha1:1000$mv0bS5rd$f653a54f2edc321e8c320cf0b201ca36e3229349
user1 = pbkdf2:sha1:1000$hsljcrD3$10b8ea6bf0c9129ec56fbe94bdc8811fb2399c3f
......
......@@ -46,7 +46,7 @@ bconfsrv = /dev/null
## Please DO NOT touch the following line
## @salted@
#[BASIC]
#[BASIC:AUTH]
#priority = toto
#toto = pbkdf2:sha1:1000$HT0gMoYz$7540515e58f4ba54305664275a14ca5281c5d465
#admin = pbkdf2:sha1:1000$Dgq3Nimi$5befb4cf4c3a7da2549679732908df5f0298b016
......@@ -366,13 +366,13 @@ class BurpuiACLTestCase(TestCase):
rv = self.login('admin', 'admin')
response = self.client.get(url_for('api.auth_users'))
response2 = self.client.get(url_for('api.auth_backends'))
self.assertEqual(sorted(response.json, key=lambda k: k['name']), sorted([{'id': 'admin', 'name': 'admin', 'backend': 'BASIC'}, {'id': 'user1', 'name': 'user1', 'backend': 'BASIC'}], key=lambda k: k['name']))
self.assertEqual(sorted(response2.json, key=lambda k: k['name']), sorted([{'add': True, 'del': True, 'name': 'BASIC', 'description': 'Uses the Burp-UI configuration file to load its rules.', 'priority': 100, 'type': 'authentication', 'mod': True}], key=lambda k: k['name']))
self.assertEqual(sorted(response.json, key=lambda k: k['name']), sorted([{'id': 'admin', 'name': 'admin', 'backend': 'BASIC:AUTH'}, {'id': 'user1', 'name': 'user1', 'backend': 'BASIC:AUTH'}], key=lambda k: k['name']))
self.assertEqual(sorted(response2.json, key=lambda k: k['name']), sorted([{'add': True, 'del': True, 'name': 'BASIC:AUTH', 'description': 'Uses the Burp-UI configuration file to load its rules.', 'priority': 100, 'type': 'authentication', 'mod': True}], key=lambda k: k['name']))
def test_change_password(self):
with self.client:
rv = self.login('user1', 'password')
response = self.client.post(url_for('api.auth_users', name='user1'), data={'backend': 'BASIC', 'old_password': 'plop', 'password': 'toto'}, headers={'X-Language': 'en'})
response = self.client.post(url_for('api.auth_users', name='user1'), data={'backend': 'BASIC:AUTH', 'old_password': 'plop', 'password': 'toto'}, headers={'X-Language': 'en'})
self.assert_status(response, 200)
def test_config_render_ko(self):
......@@ -484,7 +484,7 @@ class BurpuiRedisTestCase(TestCase):
# create a second session
rv = self.login('admin', 'admin')
response = self.client.get(url_for('api.admin_me'))
self.assertEqual(response.json, {'id': 'admin', 'name': 'admin', 'backend': 'BASIC'})
self.assertEqual(response.json, {'id': 'admin', 'name': 'admin', 'backend': 'BASIC:AUTH'})
sess = self.client.get(url_for('api.user_sessions'))
self.assertGreater(len(sess.json), 0)
self.assertIn('uuid', sess.json[0])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment