def __isGroupAuthApp( self, appLoc ): handlerLoc = "/".join( List.fromChar( appLoc, "." )[1:] ) if not handlerLoc: return False if handlerLoc not in self.__handlers: gLogger.error( "Handler %s required by %s does not exist!" % ( handlerLoc, appLoc ) ) return False handler = self.__handlers[ handlerLoc ] auth = AuthManager( Conf.getAuthSectionForHandler( handlerLoc ) ) return auth.authQuery( "", dict( self.__credDict ), handler.AUTH_PROPS )
def __isGroupAuthApp(self, appLoc, credDict): handlerLoc = "/".join(List.fromChar(appLoc, ".")[1:]) if not handlerLoc: return False if handlerLoc not in self.__handlers: gLogger.error("Handler %s required by %s does not exist!" % (handlerLoc, appLoc)) return False handler = self.__handlers[handlerLoc] auth = AuthManager(Conf.getAuthSectionForHandler(handlerLoc)) return auth.authQuery("", credDict, handler.AUTH_PROPS)
def __auth(self, handlerRoute, group): """ Authenticate request """ userDN = self.getUserDN() if group: self.__credDict['group'] = group else: if userDN: result = Registry.findDefaultGroupForDN(userDN) if result['OK']: self.__credDict['group'] = result['Value'] auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute)) ok = auth.authQuery("", self.__credDict, self.AUTH_PROPS) if ok and userDN: self.__credDict['validGroup'] = True return ok
def __auth( self, handlerRoute, group ): """ Authenticate request """ userDN = self.getUserDN() if group: self.__credDict[ 'group' ] = group else: if userDN: result = Registry.findDefaultGroupForDN( userDN ) if result[ 'OK' ]: self.__credDict[ 'group' ] = result[ 'Value' ] auth = AuthManager( Conf.getAuthSectionForHandler( handlerRoute ) ) ok = auth.authQuery( "", self.__credDict, self.AUTH_PROPS ) if ok and userDN: self.__credDict[ 'validGroup' ] = True return ok
def __isGroupAuthApp( self, appLoc ): """ The method checks if the application is authorized for a certain user group :param str appLoc It is the application name for example: DIRAC.JobMonitor :return bool if the handler is authorized to the user returns True otherwise False """ handlerLoc = "/".join( List.fromChar( appLoc, "." )[1:] ) if not handlerLoc: gLogger.error( "Application handler does not exists:", appLoc ) return False if handlerLoc not in self.__handlers: gLogger.error( "Handler %s required by %s does not exist!" % ( handlerLoc, appLoc ) ) return False handler = self.__handlers[ handlerLoc ] auth = AuthManager( Conf.getAuthSectionForHandler( handlerLoc ) ) gLogger.info( "Authorization: %s -> %s" % ( dict( self.__credDict ), handler.AUTH_PROPS ) ) return auth.authQuery( "", dict( self.__credDict ), handler.AUTH_PROPS )
def __auth(self, handlerRoute, group): """ Authenticate request """ userDN = self.getUserDN() if group: self.__credDict['group'] = group else: if userDN: result = Registry.findDefaultGroupForDN(userDN) if result['OK']: self.__credDict['group'] = result['Value'] self.__credDict['validGroup'] = False if type(self.AUTH_PROPS) not in (types.ListType, types.TupleType): self.AUTH_PROPS = [ p.strip() for p in self.AUTH_PROPS.split(",") if p.strip() ] allAllowed = False for p in self.AUTH_PROPS: if p.lower() in ('all', 'any'): allAllowed = True auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute)) ok = auth.authQuery("", self.__credDict, self.AUTH_PROPS) if ok: if userDN: self.__credDict['validGroup'] = True self.log.info("AUTH OK: %s by %s@%s (%s)" % (handlerRoute, self.__credDict['username'], self.__credDict['group'], userDN)) else: self.__credDict['validDN'] = False self.log.info("AUTH OK: %s by visitor" % (handlerRoute)) elif allAllowed: self.log.info("AUTH ALL: %s by %s" % (handlerRoute, userDN)) ok = True else: self.log.info("AUTH KO: %s by %s@%s" % (handlerRoute, userDN, group)) return ok
def __auth(self, handlerRoute, group, method): """ Authenticate request :param str handlerRoute: the name of the handler :param str group: DIRAC group :param str method: the name of the method :return: bool """ userDN = self.getUserDN() if group: self.__credDict['group'] = group else: if userDN: result = Registry.findDefaultGroupForDN(userDN) if result['OK']: self.__credDict['group'] = result['Value'] self.__credDict['validGroup'] = False if type(self.AUTH_PROPS) not in (types.ListType, types.TupleType): self.AUTH_PROPS = [ p.strip() for p in self.AUTH_PROPS.split(",") if p.strip() ] auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute)) ok = auth.authQuery(method, self.__credDict, self.AUTH_PROPS) if ok: if userDN: self.__credDict['validGroup'] = True self.log.info("AUTH OK: %s by %s@%s (%s)" % (handlerRoute, self.__credDict['username'], self.__credDict['group'], userDN)) else: self.__credDict['validDN'] = False self.log.info("AUTH OK: %s by visitor" % (handlerRoute)) elif self.isTrustedHost(self.__credDict.get('DN')): self.log.info("Request is coming from Trusted host") return True else: self.log.info("AUTH KO: %s by %s@%s" % (handlerRoute, userDN, group)) return ok
def __isGroupAuthApp(self, appLoc): """ The method checks if the application is authorized for a certain user group :param str appLoc It is the application name for example: DIRAC.JobMonitor :return bool if the handler is authorized to the user returns True otherwise False """ handlerLoc = "/".join(List.fromChar(appLoc, ".")[1:]) if not handlerLoc: gLogger.error("Application handler does not exists:", appLoc) return False if handlerLoc not in self.__handlers: gLogger.error("Handler %s required by %s does not exist!" % (handlerLoc, appLoc)) return False handler = self.__handlers[handlerLoc] auth = AuthManager(Conf.getAuthSectionForHandler(handlerLoc)) gLogger.info("Authorization: %s -> %s" % (dict(self.__credDict), handler.AUTH_PROPS)) return auth.authQuery("", dict(self.__credDict), handler.AUTH_PROPS)
def __auth(self, handlerRoute, group, method): """ Authenticate request :param str handlerRoute: the name of the handler :param str group: DIRAC group :param str method: the name of the method :return: bool """ userDN = self.getUserDN() if group: self.__credDict['group'] = group else: if userDN: result = Registry.findDefaultGroupForDN(userDN) if result['OK']: self.__credDict['group'] = result['Value'] self.__credDict['validGroup'] = False if type(self.AUTH_PROPS) not in (types.ListType, types.TupleType): self.AUTH_PROPS = [p.strip() for p in self.AUTH_PROPS.split(",") if p.strip()] auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute)) ok = auth.authQuery(method, self.__credDict, self.AUTH_PROPS) if ok: if userDN: self.__credDict['validGroup'] = True self.log.info("AUTH OK: %s by %s@%s (%s)" % (handlerRoute, self.__credDict['username'], self.__credDict['group'], userDN)) else: self.__credDict['validDN'] = False self.log.info("AUTH OK: %s by visitor" % (handlerRoute)) elif self.isTrustedHost(self.__credDict.get('DN')): self.log.info("Request is coming from Trusted host") return True else: self.log.info("AUTH KO: %s by %s@%s" % (handlerRoute, userDN, group)) return ok
def __auth( self, handlerRoute, group ): """ Authenticate request """ userDN = self.getUserDN() if group: self.__credDict[ 'group' ] = group else: if userDN: result = Registry.findDefaultGroupForDN( userDN ) if result[ 'OK' ]: self.__credDict[ 'group' ] = result[ 'Value' ] self.__credDict[ 'validGroup' ] = False if type( self.AUTH_PROPS ) not in ( types.ListType, types.TupleType ): self.AUTH_PROPS = [ p.strip() for p in self.AUTH_PROPS.split( "," ) if p.strip() ] allAllowed = False for p in self.AUTH_PROPS: if p.lower() in ( 'all', 'any' ): allAllowed = True auth = AuthManager( Conf.getAuthSectionForHandler( handlerRoute ) ) ok = auth.authQuery( "", self.__credDict, self.AUTH_PROPS ) if ok: if userDN: self.__credDict[ 'validGroup' ] = True self.log.info( "AUTH OK: %s by %s@%s (%s)" % ( handlerRoute, self.__credDict[ 'username' ], self.__credDict[ 'group' ], userDN ) ) else: self.__credDict[ 'validDN' ] = False self.log.info( "AUTH OK: %s by visitor" % ( handlerRoute ) ) elif allAllowed: self.log.info( "AUTH ALL: %s by %s" % ( handlerRoute, userDN ) ) ok = True else: self.log.info( "AUTH KO: %s by %s@%s" % ( handlerRoute, userDN, group ) ) return ok