def __init__(self, interval='1s', io_loop=None, runner=None):
if isinstance(interval, basestring):
interval = convert_to_timedelta(interval)
interval = interval.total_seconds() * 1000
if not runner:
runner = ThreadedRunner()
self.runner = runner
self._running = False
self.interval = interval
self.io_loop = io_loop or IOLoop.current()
self._pc = PeriodicCallback(self._schedule_check, self.interval,
io_loop)
self._id_counter = count(start=1) # For generating unique IDs
self._schedules = {}
def __init__(self, **kwargs):
self.io_loop = IOLoop.current()
self.executor = None
self.shutdown_timeout = None
self.timeout = kwargs.pop('timeout', None)
if not self.timeout:
self.timeout = timedelta(seconds=30)
if not isinstance(self.timeout, timedelta):
self.timeout = convert_to_timedelta(self.timeout)
self.interval = kwargs.pop('interval', None)
if not self.interval:
self.interval = "30s"
global MEMO # Use a global so that instances can share the cache
if not MEMO:
MEMO = AutoExpireDict(timeout=self.timeout, interval=self.interval)
def get_current_user(self):
"""Tornado standard method--implemented our way."""
expiration = self.settings.get('auth_timeout', "14d")
# Need the expiration in days (which is a bit silly but whatever):
expiration = (float(total_seconds(convert_to_timedelta(expiration))) /
float(86400))
user_json = self.get_secure_cookie("gateone_user",
max_age_days=expiration)
if not user_json: return None
#print user_json
user = tornado.escape.json_decode(user_json)
# Add the IP attribute
#print user
user['ip_address'] = self.request.remote_ip
#print user
return user
def define_options():
"""
Calls `tornado.options.define` for all of Gate One's command-line options.
If *installed* is ``False`` the defaults will be set under the assumption
that the user is non-root and running Gate One out of a download/cloned
directory.
"""
# NOTE: To test this function interactively you must import tornado.options
# and call tornado.options.parse_config_file(*some_config_path*). After you
# do that the options will wind up in tornado.options.options
# Simplify the auth option help message
auths = "none, api, cas, google, ssl"
#from applications.auth.authentication import PAMAuthHandler, KerberosAuthHandler
#if KerberosAuthHandler:
#auths += ", kerberos"
#if PAMAuthHandler:
#auths += ", pam"
## Simplify the syslog_facility option help message
#facilities = list(FACILITIES.keys())
#facilities.sort()
# Figure out the default origins
default_origins = [
'localhost',
'127.0.0.1',
]
# Used both http and https above to demonstrate that both are acceptable
try:
additional_origins = socket.gethostbyname_ex(socket.gethostname())
except socket.gaierror:
# Couldn't get any IPs from the hostname
additional_origins = []
for host in additional_origins:
if isinstance(host, str):
default_origins.append('%s' % host)
else: # It's a list
for _host in host:
default_origins.append('%s' % _host)
default_origins = ";".join(default_origins)
settings_base = getsettings('BASE_DIR')
settings_default = os.path.join(settings_base, 'conf.d')
settings_dir = settings_default
if not os.path.isdir(settings_dir):
mkdir_p(settings_dir)
port_default = 8000
log_default = os.path.join(settings_base, 'logs', 'gateone.log')
user_dir_default = os.path.join(settings_base, 'users')
pid_default = os.path.join(settings_base, 'pid', 'gateone.pid')
session_dir_default = os.path.join(settings_base, 'sessions')
cache_dir_default = os.path.join(settings_base, 'cache')
ssl_dir = os.path.join(settings_base, 'ssl')
debug = False
cookie_secret = getsettings('SECRET_KEY')
address = ""
enable_unix_socket = False
unix_socket_path = "/tmp/gateone.sock"
unix_socket_mode = "0600"
disable_ssl = False
certificate = os.path.join(ssl_dir, "certificate.pem")
keyfile = os.path.join(ssl_dir, "keyfile.pem")
ca_certs = None
ssl_auth = 'none'
user_dir = user_dir_default
uid = str(os.getuid())
gid = str(os.getgid())
if not os.path.exists(user_dir):
mkdir_p(user_dir)
os.chmod(user_dir, 0o770)
#if uid == 0 and os.getuid() != 0:
#if not check_write_permissions(uid, user_dir):
#recursive_chown(user_dir, uid, gid)
user_logs_max_age = "30d"
session_dir = session_dir_default
if not os.path.exists(session_dir):
mkdir_p(session_dir)
os.chmod(session_dir, 0o770)
#if not check_write_permissions(uid, session_dir):
#recursive_chown(session_dir, uid, gid)
syslog_facility = "daemon"
session_timeout = "5d"
new_api_key = False
auth = "none"
api_timestamp_window ="30s"
sso_realm = None
sso_service = "HTTP"
pam_realm = os.uname()[1]
pam_service = "login"
embedded = False
js_init = ""
https_redirect = False
url_prefix = "/"
origins = default_origins
pid_file = pid_default
api_keys = ""
combine_js = ""
combine_css = ""
combine_css_container = "gateone"
multiprocessing_workers = None
configure = False
login_url ='/auth'
static_url_prefix = '/static/'
log_rotate_mode = 'size'
logging = 'info'
static_url = os.path.join(settings_base, 'static')
session_logging = True
log_file_num_backups = 10
log_file_prefix = os.path.join(settings_base, 'log')
if not os.path.exists(log_file_prefix):
mkdir_p(log_file_prefix)
os.chmod(log_file_prefix, 0o770)
#if not check_write_permissions(uid, log_file_prefix):
#recursive_chown(log_file_prefix, uid, gid)
if not url_prefix.endswith('/'):
url_prefix += '/'
global TIMEOUT
TIMEOUT = convert_to_timedelta(session_timeout)
api_timestamp_window = convert_to_timedelta(api_timestamp_window)
auth = none_fix(auth)
# Check to make sure we have a certificate and keyfile and generate fresh
# ones if not.
if not disable_ssl:
if not os.path.exists(keyfile):
ssl_base = os.path.dirname(keyfile)
if not os.path.exists(ssl_base):
mkdir_p(ssl_base)
gen_self_signed_ssl(path=ssl_base)
if not os.path.exists(certificate):
ssl_base = os.path.dirname(certificate)
gen_self_signed_ssl(path=ssl_base)
ssl_auth = ssl_auth.lower()
log_file_max_size = 100000000
global _
global PLUGINS
global APPLICATIONS
cli_commands = {'gateone': {}} # CLI commands provided by plugins/apps
settings = {}
global user_locale
# Default to using the shell's LANG variable as the locale
try:
default_locale = os.environ['LANG'].split('.')[0]
except KeyError: # $LANG isn't set
default_locale = "en_US"
#from django.utils.translation import ugettext as _
#from django.utils.translation import ugettext_lazy as _
#from django.utils.translation import activate, get_language_info
#from django.utils.translation import activate
#from django.utils import translation
#user_language = 'fr'
#translation.activate(user_language)
#activate('fr')
#i = get_language_info('de')
locales = default_locale
user_locale = getsettings('LANGUAGE_CODE', 'en_US')
# NOTE: The locale setting above is only for the --help messages.
# Re-do the locale in case the user supplied something as --locale
server_locale = locale.get(user_locale)
_ = server_locale.translate # Also replaces our wrapper so no more .encode()
# Set our global session timeout
https_redirect = False
syslog_session_logging = False
sso_keytab = None
configure = False
settings.update({
u'dtach': True,
'version': None,
u'locale': locales,
u'address': address,
u'pam_service': pam_service,
u'syslog_facility': syslog_facility,
'cookie_secret': cookie_secret,
u'enable_unix_socket': enable_unix_socket,
u'port': port_default,
u'uid': str(uid),
u'url_prefix': url_prefix,
u'user_dir': user_dir,
'settings_dir': settings_dir,
u'unix_socket_mode': unix_socket_mode,
u'multiprocessing_workers': multiprocessing_workers,
u'certificate': certificate,
u'log_rotate_interval': 1,
u'log_to_stderr': None,
u'log_rotate_when': u'midnight',
u'gid': str(gid),
u'pid_file': pid_file,
'command': None,
'gzip': True,
u'pam_realm': pam_realm,
'login_url': login_url,
'configure': configure,
u'sso_service': sso_service,
'cli_overrides': [],
u'https_redirect': https_redirect,
u'auth': auth,
'api_keys': api_keys,
u'disable_ssl': disable_ssl,
u'ca_certs': ca_certs,
u'cache_dir': cache_dir_default,
u'syslog_session_logging': syslog_session_logging,
u'user_logs_max_age': user_logs_max_age,
u'sso_keytab': sso_keytab,
u'api_timestamp_window': api_timestamp_window,
'static_url_prefix': static_url_prefix,
u'log_rotate_mode': log_rotate_mode,
u'log_file_num_backups': log_file_num_backups,
u'logging': logging,
u'embedded': embedded,
u'origins': default_origins,
u'session_logging': session_logging,
u'keyfile': keyfile,
u'session_dir': session_dir,
'static_url': static_url,
u'ssl_auth': ssl_auth,
u'log_file_max_size': log_file_max_size,
u'session_timeout': TIMEOUT,
u'sso_realm': sso_realm,
u'debug': debug,
u'js_init': js_init,
u'unix_socket_path': unix_socket_path,
u'log_file_prefix': os.path.join(log_file_prefix,'django-gateone.log'),
u'kill': False,#new variable
u'use_client_cache': True
})
return settings