def connect_to_master_db(user=None):
"Connect to 'user's master database"
if user is None:
user = getpass.getuser()
u = users.get_user_by_username(user)
dburi = u.get_master_db_url()
return connect(dburi)
def connect_to_master_db(user=None):
"Connect to 'user's master database"
if user is None:
user = getpass.getuser()
u = users.get_user_by_username(user)
dburi = u.get_master_db_url()
return connect(dburi)
def authorize_request():
cred = request.authorization
if not cred:
log.error("Auth required")
return basic_auth_response()
if not authenticate(cred.username, cred.password):
log.error("Invalid login: %s", cred.username)
return basic_auth_response()
try:
g.user = user.get_user_by_username(cred.username)
except user.NoSuchUser, e:
log.error("No such user: %s" % cred.username)
return basic_auth_response()
def authorize_request():
cred = request.authorization
if not cred:
log.error("Auth required")
return basic_auth_response()
if not authenticate(cred.username, cred.password):
log.error("Invalid login: %s", cred.username)
return basic_auth_response()
try:
g.user = user.get_user_by_username(cred.username)
except user.NoSuchUser, e:
log.error("No such user: %s" % cred.username)
return basic_auth_response()
def get_user(self):
return user.get_user_by_username(self.username)
def get_user(self):
# Just return info for the user running the service
if "username" in g:
return user.get_user_by_username(g.username)
else:
return user.get_user_by_uid(os.getuid())
def before():
# Static files do not need to be authenticated.
if (request.script_root + request.path).startswith(url_for("static", filename="")):
return
#
# Authentication
#
cred = request.authorization
username = cred.username if cred else None
password = cred.password if cred else None
authclass = app.config["AUTHENTICATION"]
if authclass not in globals():
log.error("Unknown authentication method: %s", authclass)
return make_response("Invalid server configuration", 500)
Authentication = globals()[authclass]
auth = Authentication(username, password)
if not auth.authenticate():
log.error("Invalid login: %s", username)
return basic_auth_response()
try:
g.user = auth.get_user()
except user.NoSuchUser as e:
log.error("No such user: %s" % username)
return basic_auth_response()
log.info("Authenticated user %s", g.user.username)
# If a username is not specified in the requested URI, then set username to the logged in user?
if "username" not in g:
g.username = g.user.username
#
# Authorization
#
# Root user is off limits.
if g.username == "root":
log.error("Accessing root user info. is not allowed")
# If the user has logged in as root, then ask user to login as a regular user.
# If the non-root logged in user is attempting to access root user's data, then return 403 FORBIDDEN
if g.user.username == "root":
return basic_auth_response()
else:
abort(403)
user_info = g.user
if g.username != g.user.username:
# Is user (g.user.username) allowed to view user (g.username) runs?
if not is_user_an_admin(g.user.username):
log.error(
"User %s is accessing user %s's runs" % (g.user.username, g.username)
)
abort(403)
# Is user a valid system user?
try:
user_info = user.get_user_by_username(g.username)
except user.NoSuchUser as e:
log.error("User %s is not a valid user" % g.username)
abort(400)
if app.config["PROCESS_SWITCHING"]:
# If required, set uid and gid of handler process
if os.getuid() != user_info.uid:
if os.getuid() != 0:
log.error(
"Pegasus service must run as root to enable process switching"
)
return make_response(
"Pegasus service must run as root to enable process switching", 500
)
os.setgid(user_info.gid)
os.setuid(user_info.uid)
# Does the user have a Pegasus home directory?
user_pegasus_dir = user_info.get_pegasus_dir()
if not os.path.isdir(user_pegasus_dir):
log.info("User's pegasus directory does not exist. Creating one...")
try:
os.makedirs(user_pegasus_dir, mode=0o744)
except OSError:
log.info("Invalid Permissions: Could not create user's pegasus directory.")
return make_response("Could not find user's Pegasus directory", 404)
# Set master DB URL for the dashboard
# For testing master_db_url would be pre-populated, so let's not overwrite it here.
if "master_db_url" not in g:
g.master_db_url = user_info.get_master_db_url()
def authorization():
# Static files do not need to be authorized.
if (request.script_root + request.path).startswith(url_for("static", filename="")):
return
# Root user is off limits.
if g.username == "root":
log.error("Accessing root user info. is not allowed")
# If the user has logged in as root, then ask user to login as a regular user.
# If the non-root logged in user is attempting to access root user's data,
# then return 403 FORBIDDEN
if g.user.username == "root":
return _basic_auth_response()
else:
abort(403)
user_info = g.user
if g.username != g.user.username:
# Is user (g.user.username) allowed to view user (g.username) runs?
if not _is_user_an_admin(g.user.username):
log.error(
"User {} is accessing user {}'s runs".format(
g.user.username, g.username
)
)
abort(403)
# Is user a valid system user?
try:
user_info = user.get_user_by_username(g.username)
except user.NoSuchUser:
log.error("User %s is not a valid user" % g.username)
abort(400)
if current_app.config["PROCESS_SWITCHING"]:
# If required, set uid and gid of handler process
if os.getuid() != user_info.uid:
if os.getuid() != 0:
log.error(
"Pegasus service must run as root to enable process switching"
)
return make_response(
"Pegasus service must run as root to enable process switching", 500
)
os.setgid(user_info.gid)
os.setuid(user_info.uid)
# Does the user have a Pegasus home directory?
user_pegasus_dir = user_info.get_pegasus_dir()
if not os.path.isdir(user_pegasus_dir):
log.info("User's pegasus directory does not exist. Creating one...")
try:
os.makedirs(user_pegasus_dir, mode=0o744)
except OSError:
log.info("Invalid Permissions: Could not create user's pegasus directory.")
return make_response("Could not find user's Pegasus directory", 404)
# Set master DB URL for the dashboard
# For testing master_db_url would be pre-populated, so let's not overwrite it here.
if "master_db_url" not in g:
g.master_db_url = user_info.get_master_db_url()
def get_localdir(self):
u = user.get_user_by_username(self.username)
edir = u.get_ensembles_dir()
return os.path.join(edir, self.name)
if g.user.username == 'root':
return basic_auth_response()
else:
abort(403)
user_info = g.user
if g.username != g.user.username:
# Is user (g.user.username) allowed to view user (g.username) runs?
if not is_user_an_admin(g.user.username):
log.error("User %s is accessing user %s's runs" % (g.user.username, g.username))
abort(403)
# Is user a valid system user?
try:
user_info = user.get_user_by_username(g.username)
except user.NoSuchUser, e:
log.error('User %s is not a valid user' % g.username)
abort(400)
if app.config["PROCESS_SWITCHING"]:
# If required, set uid and gid of handler process
if os.getuid() != user_info.uid:
if os.getuid() != 0:
log.error("Pegasus service must run as root to enable process switching")
return make_response("Pegasus service must run as root to enable process switching", 500)
os.setgid(user_info.gid)
os.setuid(user_info.uid)
# Does the user have a Pegasus home directory?
def get_localdir(self):
u = user.get_user_by_username(self.username)
edir = u.get_ensembles_dir()
return os.path.join(edir, self.name)
