def SMDS_authentication( logfile="/tmp/SMDS_login.log" ):
"""
Authenticate with the Syndicate metadata service
"""
logger.init( open(logfile, "a") )
def SMDS_auth_aux(username, password):
api = MDAPI()
user = None
try:
user = auth_user_from_email( api, username )
except Exception, e:
logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) )
return False
rc = False
auth_struct = {'AuthMethod': 'password', 'Username': user['username'], 'AuthString': password}
try:
rc = auth_password_check( api, auth_struct, user, None )
except Exception, e:
logger.error( "User '%s' failed to authenticate" % username)
def bootstrap_node( self, ssh_pkey_path, slicename, host, clean=True ):
"""
Start/update the syndicate control daemon on a given host
"""
bootstrap_path = os.path.join( self.config.MD_SERVICE_PATH, "tools/bootstrap.sh" )
repository = "https://svn.princeton.edu/cdnfs"
install_dest = self.config.MD_SERVICE_PATH
scp_proc = subprocess.Popen( ["/usr/bin/scp", "-i", ssh_pkey_path, bootstrap_path, slicename + "@" + host + ":/tmp/bootstrap.sh"] )
rc = scp_proc.wait()
if rc:
logger.error("scp rc = " + str(rc) )
return False
bootstrap_args = ["/tmp/bootstrap.sh", "-d", self.config.MD_SERVICE_PATH, "-r", repository]
if clean:
bootstrap_args += ["-c"]
ssh_proc = subprocess.Popen( ["/usr/bin/ssh", "-i", ssh_pkey_path, slicename + "@" + host] + bootstrap_args )
rc = ssh_proc.wait()
if rc:
logger.error("ssh bootstrap command rc = " + str(rc) )
return False
return True
def SMDS_authentication(logfile="/tmp/SMDS_login.log"):
"""
Authenticate with the Syndicate metadata service
"""
logger.init(open(logfile, "a"))
def SMDS_auth_aux(username, password):
api = MDAPI()
user = None
try:
user = auth_user_from_email(api, username)
except Exception, e:
logger.error(
"User '%s' could not be authenticated (exception = %s)" %
(username, e))
return False
rc = False
auth_struct = {
'AuthMethod': 'password',
'Username': user['username'],
'AuthString': password
}
try:
rc = auth_password_check(api, auth_struct, user, None)
except Exception, e:
logger.error("User '%s' failed to authenticate" % username)
def SMDS_auth_aux(username, password):
api = MDAPI()
user = None
try:
user = auth_user_from_email( api, username )
except Exception, e:
logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) )
return False
def login_bare( self, username, password ):
"""
Bare essentials login.
"""
api = MDAPI()
user = None
try:
user = auth_user_from_email( api, username )
except Exception, e:
logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) )
return False
def SMDS_auth_aux(username, password):
api = MDAPI()
user = None
try:
user = auth_user_from_email(api, username)
except Exception, e:
logger.error(
"User '%s' could not be authenticated (exception = %s)" %
(username, e))
return False
def login_bare(self, username, password):
"""
Bare essentials login.
"""
api = MDAPI()
user = None
try:
user = auth_user_from_email(api, username)
except Exception, e:
logger.error(
"User '%s' could not be authenticated (exception = %s)" %
(username, e))
return False
def execute(self, query, params = None):
cursor = self.cursor()
try:
# psycopg2 requires %()s format for all parameters,
# regardless of type.
# this needs to be done carefully though as with pattern-based filters
# we might have percents embedded in the query
# so e.g. GetPersons({'email':'*fake*'}) was resulting in .. LIKE '%sake%'
if psycopg2:
query = re.sub(r'(%\([^)]*\)|%)[df]', r'\1s', query)
# rewrite wildcards set by Filter.py as '***' into '%'
query = query.replace ('***','%')
if not params:
if self.debug:
print >> log,'execute0',query
cursor.execute(query)
elif isinstance(params,dict):
if self.debug:
print >> log,'execute-dict: params',params,'query',query%params
cursor.execute(query,params)
elif isinstance(params,tuple) and len(params)==1:
if self.debug:
print >> log,'execute-tuple',query%params[0]
cursor.execute(query,params[0])
else:
param_seq=(params,)
if self.debug:
for params in param_seq:
print >> log,'executemany',query%params
cursor.executemany(query, param_seq)
(self.rowcount, self.description, self.lastrowid) = \
(cursor.rowcount, cursor.description, cursor.lastrowid)
except Exception, e:
try:
self.rollback()
except:
pass
uuid = commands.getoutput("uuidgen")
log.exception( e, "Database error %s:" % uuid )
log.error( "Failed Query:" )
log.error( query )
log.error( "Failed Params:" )
log.error( pformat(params) )
raise MDDBError("Please contact " + \
self.api.config.MD_NAME + " Support " + \
"<" + self.api.config.MD_MAIL_SUPPORT_ADDRESS + ">" + \
" and reference " + uuid)
def bootstrap_node(self, ssh_pkey_path, slicename, host, clean=True):
"""
Start/update the syndicate control daemon on a given host
"""
bootstrap_path = os.path.join(self.config.MD_SERVICE_PATH,
"tools/bootstrap.sh")
repository = "https://svn.princeton.edu/cdnfs"
install_dest = self.config.MD_SERVICE_PATH
scp_proc = subprocess.Popen([
"/usr/bin/scp", "-i", ssh_pkey_path, bootstrap_path,
slicename + "@" + host + ":/tmp/bootstrap.sh"
])
rc = scp_proc.wait()
if rc:
logger.error("scp rc = " + str(rc))
return False
bootstrap_args = [
"/tmp/bootstrap.sh", "-d", self.config.MD_SERVICE_PATH, "-r",
repository
]
if clean:
bootstrap_args += ["-c"]
ssh_proc = subprocess.Popen(
["/usr/bin/ssh", "-i", ssh_pkey_path, slicename + "@" + host] +
bootstrap_args)
rc = ssh_proc.wait()
if rc:
logger.error("ssh bootstrap command rc = " + str(rc))
return False
return True
logger.info("Destroying metadata server '%s'" % self['name'])
rc = 0
try:
as_dict = {}
as_dict.update(self)
rc = server.destroy_server(as_dict)
except Exception, e:
logger.exception(e, "Could not restart metadata server")
rc = -500
if rc == 1:
self.sync()
else:
logger.error("Could not destroy metadata server, rc = %s" % rc)
return rc
def stop_server(self):
# signal the controller on this metadata server's host to stop this metadata server
old_status = self['status']
self['status'] = 'stopped'
server = self.api.connect_mdctl(self['host'])
logger.info("Stopping metadata server '%s'" % self['name'])
rc = 0
try:
as_dict = {}
def login(self, next=DEFAULT, onvalidation=DEFAULT, onaccept=DEFAULT, log=DEFAULT):
"""
Handle a login request, and redirect.
"""
request = current.request
response = current.response
session = current.session
username_field = self.settings.login_userfield
password_field = self.settings.password_field
if next == DEFAULT:
next = request.get_vars._next \
or request.post_vars._next \
or self.settings.login_next
if onvalidation == DEFAULT:
onvalidation = self.settings.login_onvalidation
if onaccept == DEFAULT:
onaccept = self.settings.login_onaccept
if log == DEFAULT:
log = self.messages.login_log
user = None
accepted_form = False
if self.settings.login_form == self:
# this object was responsible for logging in
form =FORM( \
TABLE( \
TR(TD('Username:'******'Password:'******'login',
onvalidation=onvalidation,
hideerror=self.settings.hideerror):
# sanitize inputs
accepted_form = True
# check for username in db
username = form.vars[username_field]
user = None
try:
user = Users( self.api, {'username': username} )[0]
except:
pass
if user:
# user in db, check if registration pending or disabled
temp_user = user
if temp_user['enabled'] == False:
# user is not yet enabled
response.flash = self.messages.login_disabled
return form
# check password
try:
rc = auth_password_check( self.api, {'Username':user['username'], 'AuthMethod':'password', 'AuthString':form.vars[password_field]}, user, None )
except:
if log:
logger.error("SMDS_Auth: User '%s' authentication failed (invalid credentials)" % user['username'] )
logger.flush()
user = None # invalid credentials
if not user:
if log:
logger.error("SMDS_Auth: User could not be looked up" )
logger.flush()
# invalid login
session.flash = self.messages.invalid_login
redirect(self.url(args=request.args,vars=request.get_vars))
if user:
user_public = user.public()
user_stored = Storage(user_public)
if log:
logger.info("SMDS_Auth: User '%s' logged in" % user_public['username'])
# process authenticated users
# user wants to be logged in for longer
session.auth = Storage(
user = user_stored,
last_visit = request.now,
expiration = self.settings.long_expiration,
remember = request.vars.has_key("remember"),
hmac_key = web2py_uuid()
)
self.user = user_public
logger.info("SMDS_Auth: user_id = %s" % self.user_id)
logger.flush()
session.flash = self.messages.logged_in
# how to continue
if self.settings.login_form == self:
if accepted_form:
callback(onaccept,form)
if isinstance(next, (list, tuple)):
# fix issue with 2.6
next = next[0]
if next and not next[0] == '/' and next[:4] != 'http':
next = self.url(next.replace('[id]', str(form.vars.id)))
redirect(next)
return form
elif user:
callback(onaccept,None)
redirect(next)
logger.error(
"User '%s' could not be authenticated (exception = %s)" %
(username, e))
return False
rc = False
auth_struct = {
'AuthMethod': 'password',
'Username': user['username'],
'AuthString': password
}
try:
rc = auth_password_check(api, auth_struct, user, None)
except Exception, e:
logger.error("User '%s' failed to authenticate" % username)
if rc and user:
user_public = user.public()
user_stored = Storage(user_public)
if log:
logger.info("SMDS_Auth: User '%s' logged in" %
user_public['username'])
# process authenticated users
# user wants to be logged in for longer
session.auth = Storage(user=user_stored,
last_visit=request.now,
expiration=self.settings.expiration,
hmac_key=web2py_uuid())
def login(self,
next=DEFAULT,
onvalidation=DEFAULT,
onaccept=DEFAULT,
log=DEFAULT):
"""
Handle a login request, and redirect.
"""
request = current.request
response = current.response
session = current.session
username_field = self.settings.login_userfield
password_field = self.settings.password_field
if next == DEFAULT:
next = request.get_vars._next \
or request.post_vars._next \
or self.settings.login_next
if onvalidation == DEFAULT:
onvalidation = self.settings.login_onvalidation
if onaccept == DEFAULT:
onaccept = self.settings.login_onaccept
if log == DEFAULT:
log = self.messages.login_log
user = None
accepted_form = False
if self.settings.login_form == self:
# this object was responsible for logging in
form =FORM( \
TABLE( \
TR(TD('Username:'******'Password:'******'login',
onvalidation=onvalidation,
hideerror=self.settings.hideerror):
# sanitize inputs
accepted_form = True
# check for username in db
username = form.vars[username_field]
user = None
try:
user = Users(self.api, {'username': username})[0]
except:
pass
if user:
# user in db, check if registration pending or disabled
temp_user = user
if temp_user['enabled'] == False:
# user is not yet enabled
response.flash = self.messages.login_disabled
return form
# check password
try:
rc = auth_password_check(
self.api, {
'Username': user['username'],
'AuthMethod': 'password',
'AuthString': form.vars[password_field]
}, user, None)
except:
if log:
logger.error(
"SMDS_Auth: User '%s' authentication failed (invalid credentials)"
% user['username'])
logger.flush()
user = None # invalid credentials
if not user:
if log:
logger.error("SMDS_Auth: User could not be looked up")
logger.flush()
# invalid login
session.flash = self.messages.invalid_login
redirect(self.url(args=request.args,
vars=request.get_vars))
if user:
user_public = user.public()
user_stored = Storage(user_public)
if log:
logger.info("SMDS_Auth: User '%s' logged in" %
user_public['username'])
# process authenticated users
# user wants to be logged in for longer
session.auth = Storage(user=user_stored,
last_visit=request.now,
expiration=self.settings.long_expiration,
remember=request.vars.has_key("remember"),
hmac_key=web2py_uuid())
self.user = user_public
logger.info("SMDS_Auth: user_id = %s" % self.user_id)
logger.flush()
session.flash = self.messages.logged_in
# how to continue
if self.settings.login_form == self:
if accepted_form:
callback(onaccept, form)
if isinstance(next, (list, tuple)):
# fix issue with 2.6
next = next[0]
if next and not next[0] == '/' and next[:4] != 'http':
next = self.url(next.replace('[id]', str(form.vars.id)))
redirect(next)
return form
elif user:
callback(onaccept, None)
redirect(next)
def register(self,
next=DEFAULT,
onvalidation=DEFAULT,
onaccept=DEFAULT,
log=DEFAULT):
"""
Register a new user
"""
request = current.request
response = current.response
session = current.session
if self.is_logged_in():
# don't allow registration if we're already logged in
redirect(self.settings.logged_url)
# fill in defaults
if next == DEFAULT:
next = request.get_vars._next \
or request.post_vars._next \
or self.settings.register_next
if onvalidation == DEFAULT:
onvalidation = self.settings.register_onvalidation
if onaccept == DEFAULT:
onaccept = self.settings.register_onaccept
if log == DEFAULT:
log = self.messages.register_log
# create a form...
userfield = self.settings.login_userfield
passfield = self.settings.password_field
formstyle = self.settings.formstyle
form =FORM( \
TABLE( \
TR(TD('Username:'******'Email:'), TD(INPUT(_name="email", _type="text",requires=IS_EMAIL(error_message=self.messages.invalid_email)))), \
TR(TD('Password:'******'Re-type Password:'******'password',None))), \
error_message=self.settings.mismatched_password))) \
), \
INPUT(_type="Submit",_value="Register"), \
_name="register"
)
if form.accepts(request,
session,
formname='register',
onvalidation=onvalidation,
hideerror=self.settings.hideerror):
# verify that the password forms are the same
if form.vars['password'] != form.vars['password2']:
response.flash = messages.mismatched_password
# inform the admin
"""
if not self.settings.mailer or \
not self.settings.mailer.send(
to=self.maint_email,
subject=self.messages.verify_email_subject,
message=self.messages.verify_email % dict(username=form.vars['username'], email=form.vars['email'])):
response.flash = self.messages.unable_send_email
return form
session.flash = self.messages.email_sent
"""
# make sure this user does not exist
rc = 0
msg = ""
try:
user = Users(self.api, {'username': form.vars['username']})[0]
rc = -1 # already exists
msg = "User already exists"
except:
pass
# create the user
if rc == 0:
try:
user_fields = {
'username': form.vars['username'],
'password': form.vars['password'],
'email': form.vars['email']
}
rc = self.api.call(("127.0.0.1", "localhost"), "AddUser",
self.api.maint_auth, user_fields)
except Exception, e:
logger.exception(e, "register: exception")
logger.flush()
msg = "User could not be registered"
rc = -1
if rc < 0:
response.flash = msg
logger.error("Failed to add user '%s' (email '%s')" %
(user_fields['username'], user_fields['email']))
return form
session.flash = self.messages.registration_pending
if log:
logger.info("Added user '%s' (email '%s')" %
(user_fields['username'], user_fields['email']))
callback(onaccept, form)
if not next:
next = self.url(args=request.args)
elif isinstance(next, (list, tuple)): ### fix issue with 2.6
next = next[0]
elif next and not next[0] == '/' and next[:4] != 'http':
next = self.url(next.replace('[id]', str(form.vars.id)))
redirect(next)
class MDServer(Row):
table_name = 'mdservers'
primary_key = 'server_id'
join_tables = ['user_mdserver', 'mdserver_user']
fields = {
'server_id':
Parameter(long, "Server ID"),
'name':
Parameter(
str,
"Owner-given name of this metadata server (will be URL-encoded)"),
'host':
Parameter(str, "Name of the host that hosts this metadata server"),
'portnum':
Parameter(int,
"Port on which this metadata server listens",
min=1025,
max=65534),
'status':
Parameter(str, "Desired status of this metadata server"),
'auth_read':
Parameter(bool,
"Must a user authenticate with the server to read from it?"),
'auth_write':
Parameter(bool,
"Must a user authenticate with the server to write to it?"),
'owner':
Parameter(
int,
"User ID of the user who created and controls this metadata server"
),
'user_ids':
Parameter([int],
"User IDs of users subscribed to this metadata server")
}
related_fields = {'user_ids': [Parameter(int, "Subscribed user ID")]}
def __init__(self, api, fields={}):
super(MDServer, self).__init__(api, fields)
import SMDS.user
self._add_user = Row.add_object(SMDS.user.User, 'mdserver_user')
self._remove_user = Row.remove_object(SMDS.user.User, 'mdserver_user')
def add_user(self, obj, commit=True):
self._add_user(self, obj, commit=commit)
def remove_user(self, obj, commit=True):
self._remove_user(self, obj, commit=commit)
@classmethod
def refresh(api, m):
md = MDServers(api, [m['server_id']])[0]
m.update(md)
def remove_users(self, user_ids):
import SMDS.user
users = SMDS.user.Users(self.api, user_ids)
if users:
for user in users:
self.remove_user(user, commit=False)
self.commit()
def create_server(self):
# signal the controller on this metadata server's host to create this server
self['status'] = 'stopped'
server = self.api.connect_mdctl(self['host'])
import SMDS.user
# get our users
if self.get('user_ids') == None:
self['user_ids'] = []
user_ids = self['user_ids']
users = []
if user_ids:
users = SMDS.user.Users(self.api, user_ids)
logger.info("Creating metadata server '%s' with users '%s'" %
(self['name'], [user['username'] for user in users]))
rc = 0
try:
as_dict = {}
as_dict.update(self)
user_dicts = []
for user in users:
user_dict = {}
user_dict.update(user)
user_dicts.append(user_dict)
rc = server.create_server(as_dict, user_dicts)
except Exception, e:
logger.exception(e, "Could not restart metadata server")
rc = -500
if rc == 1:
self.sync()
else:
logger.error("Could not create metadata server, rc = %s" % rc)
return rc
user = None
try:
user = auth_user_from_email( api, username )
except Exception, e:
logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) )
return False
rc = False
auth_struct = {'AuthMethod': 'password', 'Username': user['username'], 'AuthString': password}
try:
rc = auth_password_check( api, auth_struct, user, None )
except Exception, e:
logger.error( "User '%s' failed to authenticate" % username)
if rc and user:
user_public = user.public()
user_stored = Storage(user_public)
if log:
logger.info("SMDS_Auth: User '%s' logged in" % user_public['username'])
# process authenticated users
# user wants to be logged in for longer
session.auth = Storage(
user = user_stored,
last_visit = request.now,
expiration = self.settings.expiration,
hmac_key = web2py_uuid()
while True:
line = fd.readline()
if len(line) == 0:
break
line = line.strip()
if len(line) == 0:
continue
if line[0] == '#':
continue
parts = line.split('=')
if len(parts) < 2:
logger.error( "Invalid config line %s" % config_file )
valid = False
if valid:
varname = parts[0].strip()
# collate values
values = []
for value in parts[1:]:
s = value.strip('"')
values.append( s )
if len(values) == 1:
values = values[0] # this is a scalar
# keep list of values if variable occurs multiple times
def register(self, next=DEFAULT, onvalidation=DEFAULT, onaccept=DEFAULT, log=DEFAULT):
"""
Register a new user
"""
request = current.request
response = current.response
session = current.session
if self.is_logged_in():
# don't allow registration if we're already logged in
redirect(self.settings.logged_url)
# fill in defaults
if next == DEFAULT:
next = request.get_vars._next \
or request.post_vars._next \
or self.settings.register_next
if onvalidation == DEFAULT:
onvalidation = self.settings.register_onvalidation
if onaccept == DEFAULT:
onaccept = self.settings.register_onaccept
if log == DEFAULT:
log = self.messages.register_log
# create a form...
userfield = self.settings.login_userfield
passfield = self.settings.password_field
formstyle = self.settings.formstyle
form =FORM( \
TABLE( \
TR(TD('Username:'******'Email:'), TD(INPUT(_name="email", _type="text",requires=IS_EMAIL(error_message=self.messages.invalid_email)))), \
TR(TD('Password:'******'Re-type Password:'******'password',None))), \
error_message=self.settings.mismatched_password))) \
), \
INPUT(_type="Submit",_value="Register"), \
_name="register"
)
if form.accepts(request, session, formname='register', onvalidation=onvalidation,hideerror=self.settings.hideerror):
# verify that the password forms are the same
if form.vars['password'] != form.vars['password2']:
response.flash = messages.mismatched_password
# inform the admin
"""
if not self.settings.mailer or \
not self.settings.mailer.send(
to=self.maint_email,
subject=self.messages.verify_email_subject,
message=self.messages.verify_email % dict(username=form.vars['username'], email=form.vars['email'])):
response.flash = self.messages.unable_send_email
return form
session.flash = self.messages.email_sent
"""
# make sure this user does not exist
rc = 0
msg = ""
try:
user = Users(self.api, {'username': form.vars['username']})[0]
rc = -1 # already exists
msg = "User already exists"
except:
pass
# create the user
if rc == 0:
try:
user_fields = {'username': form.vars['username'], 'password': form.vars['password'], 'email': form.vars['email']}
rc = self.api.call( ("127.0.0.1", "localhost"), "AddUser", self.api.maint_auth, user_fields )
except Exception, e:
logger.exception(e, "register: exception")
logger.flush()
msg = "User could not be registered"
rc = -1
if rc < 0:
response.flash = msg
logger.error("Failed to add user '%s' (email '%s')" % (user_fields['username'], user_fields['email']) )
return form
session.flash = self.messages.registration_pending
if log:
logger.info("Added user '%s' (email '%s')" % (user_fields['username'], user_fields['email']) )
callback(onaccept,form)
if not next:
next = self.url(args = request.args)
elif isinstance(next, (list, tuple)): ### fix issue with 2.6
next = next[0]
elif next and not next[0] == '/' and next[:4] != 'http':
next = self.url(next.replace('[id]', str(form.vars.id)))
redirect(next)
while True:
line = fd.readline()
if len(line) == 0:
break
line = line.strip()
if len(line) == 0:
continue
if line[0] == '#':
continue
parts = line.split('=')
if len(parts) < 2:
logger.error("Invalid config line %s" % config_file)
valid = False
if valid:
varname = parts[0].strip()
# collate values
values = []
for value in parts[1:]:
s = value.strip('"')
values.append(s)
if len(values) == 1:
values = values[0] # this is a scalar
# keep list of values if variable occurs multiple times
logger.info("Destroying metadata server '%s'" % self['name'])
rc = 0
try:
as_dict = {}
as_dict.update( self )
rc = server.destroy_server( as_dict )
except Exception, e:
logger.exception( e, "Could not restart metadata server")
rc = -500
if rc == 1:
self.sync()
else:
logger.error("Could not destroy metadata server, rc = %s" % rc)
return rc
def stop_server(self):
# signal the controller on this metadata server's host to stop this metadata server
old_status = self['status']
self['status'] = 'stopped'
server = self.api.connect_mdctl( self['host'] )
logger.info("Stopping metadata server '%s'" % self['name'])
rc = 0
try:
