def update_credential_file(username, client_id, credential_data, request_clientname):
"""
Updates the credential file.
"""
proxy_dir = glideFactoryLib.factoryConfig.get_client_proxies_dir(username)
fname_short = 'credential_%s_%s' % (request_clientname, glideFactoryLib.escapeParam(client_id))
fname = os.path.join(proxy_dir, fname_short)
fname_compressed = "%s_compressed" % fname
msg = "updating credential file %s" % fname
logSupport.log.debug(msg)
if username != MY_USERNAME:
msg = "updating using privsep"
logSupport.log.debug(msg)
# use privsep
# all args go through the environment, so they are protected
update_credential_env = ['HEXDATA=%s' % binascii.b2a_hex(credential_data),
'FNAME=%s' % fname,
'FNAME_COMPRESSED=%s' % fname_compressed]
for var in ('PATH', 'LD_LIBRARY_PATH', 'PYTHON_PATH'):
if os.environ.has_key(var):
update_credential_env.append('%s=%s' % (var, os.environ[var]))
try:
condorPrivsep.execute(username, glideFactoryLib.factoryConfig.submit_dir, os.path.join(glideFactoryLib.factoryConfig.submit_dir, 'update_proxy.py'), ['update_proxy.py'], update_credential_env)
except condorPrivsep.ExeError, e:
raise RuntimeError, "Failed to update credential %s in %s (user %s): %s" % (client_id, proxy_dir, username, e)
except:
def delete_dir(self):
base_dir = os.path.dirname(self.dir)
if not os.path.isdir(base_dir):
raise RuntimeError("Missing base %s directory %s!" %
(self.dir_name, base_dir))
if self.user == MY_USERNAME:
# keep it simple, if possible
shutil.rmtree(self.dir)
elif self.privsep_mkdir:
try:
# use privsep rmtree, as requested
condorPrivsep.rmtree(base_dir, os.path.basename(self.dir))
except condorPrivsep.ExeError as e:
raise RuntimeError("Failed to remove %s dir (user %s): %s" %
(self.dir_name, self.user, e))
except:
raise RuntimeError(
"Failed to remove %s dir (user %s): Unknown privsep error"
% (self.dir_name, self.user))
else:
try:
# use the execute command
# do not use the rmtree one, as we do not need root privileges
condorPrivsep.execute(self.user,
base_dir,
'/bin/rm', ['rm', '-fr', self.dir],
stdout_fname=None)
except condorPrivsep.ExeError as e:
raise RuntimeError("Failed to remove %s dir (user %s): %s" %
(self.dir_name, self.user, e))
except:
raise RuntimeError(
"Failed to remove %s dir (user %s): Unknown privsep error"
% (self.dir_name, self.user))
def create_dir(self,fail_if_exists=True):
base_dir=os.path.dirname(self.dir)
if not os.path.isdir(base_dir):
raise RuntimeError("Missing base %s directory %s."%(self.dir_name, base_dir))
if os.path.isdir(self.dir):
if fail_if_exists:
raise RuntimeError("Cannot create %s dir %s, already exists."%(self.dir_name, self.dir))
else:
return False # already exists, nothing to do
if self.user==MY_USERNAME:
# keep it simple, if possible
try:
os.mkdir(self.dir, self.chmod)
except OSError as e:
raise RuntimeError("Failed to create %s dir: %s"%(self.dir_name, e))
else:
try:
# use the execute command
# do not use the mkdir one, as we do not need root privileges
condorPrivsep.execute(self.user, base_dir, '/bin/mkdir', ['mkdir', self.dir], stdout_fname=None)
# with condor 7.9.4 a permissions change is required
condorPrivsep.execute(self.user, base_dir, '/bin/chmod', ['chmod', "0%o"%self.chmod, self.dir], stdout_fname=None)
except condorPrivsep.ExeError as e:
raise RuntimeError("Failed to create %s dir (user %s): %s"%(self.dir_name, self.user, e))
except:
raise RuntimeError("Failed to create %s dir (user %s): Unknown privsep error"%(self.dir_name, self.user))
return True
def update_credential_file(username, client_id, credential_data,
request_clientname):
"""
Updates the credential file.
"""
proxy_dir = glideFactoryLib.factoryConfig.get_client_proxies_dir(username)
fname_short = 'credential_%s_%s' % (request_clientname,
glideFactoryLib.escapeParam(client_id))
fname = os.path.join(proxy_dir, fname_short)
fname_compressed = "%s_compressed" % fname
msg = "updating credential file %s" % fname
logSupport.log.debug(msg)
if username != MY_USERNAME:
msg = "updating using privsep"
logSupport.log.debug(msg)
# use privsep
# all args go through the environment, so they are protected
update_credential_env = [
'HEXDATA=%s' % binascii.b2a_hex(credential_data),
'FNAME=%s' % fname,
'FNAME_COMPRESSED=%s' % fname_compressed
]
for var in ('PATH', 'LD_LIBRARY_PATH', 'PYTHON_PATH'):
if var in os.environ:
update_credential_env.append('%s=%s' % (var, os.environ[var]))
try:
condorPrivsep.execute(
username, glideFactoryLib.factoryConfig.submit_dir,
os.path.join(glideFactoryLib.factoryConfig.submit_dir,
'update_proxy.py'), ['update_proxy.py'],
update_credential_env)
except condorPrivsep.ExeError as e:
raise RuntimeError(
"Failed to update credential %s in %s (user %s): %s" %
(client_id, proxy_dir, username, e))
except:
raise RuntimeError(
"Failed to update credential %s in %s (user %s): Unknown privsep error"
% (client_id, proxy_dir, username))
else:
msg = "no privsep, updating directly"
logSupport.log.debug(msg)
safe_update(fname, credential_data)
compressed_credential = compress_credential(credential_data)
safe_update(fname_compressed, compressed_credential)
return fname, fname_compressed
raise RuntimeError,"Failed to create %s dir: %s"%(self.dir_name,e)
elif self.privsep_mkdir:
try:
# use privsep mkdir, as requested
condorPrivsep.mkdir(base_dir,os.path.basename(self.dir),self.user)
# with condor 7.9.4 a permissions change is required
condorPrivsep.execute(self.user,base_dir,'/bin/chmod',['chmod','0755',self.dir],stdout_fname=None)
except condorPrivsep.ExeError, e:
raise RuntimeError,"Failed to create %s dir (user %s): %s"%(self.dir_name,self.user,e)
except:
raise RuntimeError,"Failed to create %s dir (user %s): Unknown privsep error"%(self.dir_name,self.user)
else:
try:
# use the execute command
# do not use the mkdir one, as we do not need root privileges
condorPrivsep.execute(self.user,base_dir,'/bin/mkdir',['mkdir',self.dir],stdout_fname=None)
# with condor 7.9.4 a permissions change is required
condorPrivsep.execute(self.user,base_dir,'/bin/chmod',['chmod','0755',self.dir],stdout_fname=None)
except condorPrivsep.ExeError, e:
raise RuntimeError,"Failed to create %s dir (user %s): %s"%(self.dir_name,self.user,e)
except:
raise RuntimeError,"Failed to create %s dir (user %s): Unknown privsep error"%(self.dir_name,self.user)
return True
def delete_dir(self):
base_dir=os.path.dirname(self.dir)
if not os.path.isdir(base_dir):
raise RuntimeError,"Missing base %s directory %s!"%(self.dir_name,base_dir)
if self.user==MY_USERNAME:
# keep it simple, if possible
