daemon.py

import paho.mqtt.client as mqtt
import ldap
import traceback
from peewee import *
from db_models import *
import config

class AuthStatus:
    SUCCESS       = 0
    LDAP_ERR      = -1
    NO_LDAP_ENTRY = -2
    NO_SUCH_USER  = -3
    ACCESS_DEINED = -4
    USER_DISABLED = -5
    EXCEPTION     = -1000

ADS_UF_ACCOUNTDISABLE=2 #https://docs.microsoft.com/en-us/windows/desktop/adschema/a-useraccountcontrol

client=mqtt.Client()

def verify_with_ldap(studnum):
    passed = False
    status = AuthStatus.LDAP_ERR
    conn = ldap.initialize(config.LDAP_URI)
    conn.protocol_version = 3
    conn.set_option(ldap.OPT_REFERRALS, 0)
    conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
    try:
        bind_result = conn.simple_bind_s(config.LDAP_USER, config.LDAP_PASS)
        # print("LDAP: Succesfully authenticated")
        search_results = conn.search_s(
                'DC=ad,DC=thu-skyworks,DC=org',
                ldap.SCOPE_SUBTREE,
                "(&(objectClass=person)(employeeNumber={}))".format(studnum),
            )
        search_results = filter(lambda s: s[0] is not None, search_results)
        cnt = 0;
        for dn,details in search_results:
            # print(details)
            if 'userAccountControl' in details: # MS AD
                print("userAccountControl =",int(details['userAccountControl'][0]))
                if int(details['userAccountControl'][0]) & ADS_UF_ACCOUNTDISABLE:
                    status = AuthStatus.USER_DISABLED
                    break
            cnt += 1
        else:
            if cnt>1:
                print("Warning: more than one user matched {}".format(studnum))
            if cnt>0:
                passed = True
                status = AuthStatus.SUCCESS
            else:
                status = AuthStatus.NO_SUCH_USER
    except ldap.INVALID_CREDENTIALS:
        print("LDAP: Invalid credentials")
    except ldap.SERVER_DOWN:
        print("LDAP: Server down")
    except ldap.LDAPError as e:
        print("LDAP: Other LDAP error: ", e)
    finally:
        conn.unbind_s()
    return passed, status

def log_handle(msg):
    print("[client]" + str(msg.payload))

def verify_card(msg):
    DB_connection_check()
    card_number = '{:010d}'.format(int(msg.payload))
    status = AuthStatus.EXCEPTION
    try:
        one = AccountInfo.select().where(AccountInfo.cardnum == card_number).get()

        print("Access Request by", one.studnum, one.realname)
        assert len(one.studnum) > 0 and int(one.studnum) > 0

        success, status = verify_with_ldap(one.studnum)
        if success:
            client.publish("/command", "open")
            print("Valid card, opening the door")
        else:
            print("Invalid card:", card_number)
        AccessRecords.create(
            realname = one.realname,
            studnum  = one.studnum,
            cardnum  = one.cardnum,
            status   = status,
            ).save()

    except AccountInfo.DoesNotExist:
        print("No Records Found for {}".format(msg.payload))
        AccessRecords.create(
            cardnum  = card_number,
            status   = AuthStatus.NO_SUCH_USER,
            ).save()
    except Exception as e:

        AccessRecords.create(
            cardnum  = card_number,
            status   = AuthStatus.EXCEPTION,
            ).save()

        raise e


topics = {
    "/log": log_handle,
    #"/rs485": log_handle,
    "/cardverify": verify_card}

def on_connect(client, userdata, flags, rc):
    print("Connected to MQTT broker with result code " + str(rc))
    client.subscribe("/cardverify")
    client.subscribe("/rs485")
    client.subscribe("/log")

def on_message(client, userdata, msg):
    # print("Received message " + str(msg.payload) + " from topic " + msg.topic)
    try:
        if msg.topic in topics:
            topics.get(msg.topic)(msg)
    except Exception as e:
        traceback.print_exc()

DB_Init()

client.on_connect = on_connect
client.on_message = on_message

client.username_pw_set(config.MQTT_USER, config.MQTT_PASSWORD)
client.connect(config.MQTT_BROKER, 1883)

client.loop_forever()