Example #1
0
def create_mongo_config():
    """
    Inspects the pulp config's mongodb settings and returns a data structure
    that can be passed to celery for it's mongodb result backend config.

    :return:    dictionary with keys 'host' and 'database', and optionally with
                keys 'user' and 'password', that can be passed to celery as the
                config for a mongodb result backend
    :rtype:     dict
    """
    db_name = config.get('database', 'name')

    # celery 3.1 doesn't support multiple seeds, so we just use the first one
    seeds = config.get('database', 'seeds')
    seed = seeds.split(',')[0].strip()
    host = seed.split(':')[0]
    port = seed.split(':')[1] if ':' in seed else None
    mongo_config = {'host': host, 'database': db_name}
    if port:
        mongo_config['port'] = port
    if config.has_option('database', 'username') and config.has_option(
            'database', 'password'):
        mongo_config['user'] = config.get('database', 'username')
        mongo_config['password'] = config.get('database', 'password')
    return mongo_config
Example #2
0
def create_mongo_config():
    """
    Inspects the pulp config's mongodb settings and returns a data structure
    that can be passed to celery for it's mongodb result backend config.

    :return:    dictionary with keys 'host' and 'database', and optionally with
                keys 'user' and 'password', that can be passed to celery as the
                config for a mongodb result backend
    :rtype:     dict
    """
    db_name = config.get('database', 'name')

    # celery 3.1 doesn't support multiple seeds, so we just use the first one
    seeds = config.get('database', 'seeds')
    seed = seeds.split(',')[0].strip()
    host = seed.split(':')[0]
    port = seed.split(':')[1] if ':' in seed else None
    mongo_config = {'host': host, 'database': db_name}
    if port:
        mongo_config['port'] = port
    if config.has_option('database', 'username') and config.has_option('database', 'password'):
        mongo_config['user'] = config.get('database', 'username')
        mongo_config['password'] = config.get('database', 'password')
    if config.getboolean('database', 'ssl'):
        mongo_config['ssl'] = True
        ssl_keyfile = config.get('database', 'ssl_keyfile')
        ssl_certfile = config.get('database', 'ssl_certfile')
        if ssl_keyfile:
            mongo_config['ssl_keyfile'] = ssl_keyfile
        if ssl_certfile:
            mongo_config['ssl_certfile'] = ssl_certfile
        verify_ssl = config.getboolean('database', 'verify_ssl')
        mongo_config['ssl_cert_reqs'] = ssl.CERT_REQUIRED if verify_ssl else ssl.CERT_NONE
        mongo_config['ssl_ca_certs'] = config.get('database', 'ca_path')
    return mongo_config
Example #3
0
    def check_oauth(self, username, method, url, auth, query):
        """
        Check OAuth header credentials.
        Return None if the credentials are invalid

        :type username: str
        :param username: username corresponding to credentials

        :type method: str
        :param method: http method

        :type url: str
        :param url: request url

        :type auth: str
        :param auth: http authorization header value

        :type query: str
        :param query: http request query string

        :rtype: str or None
        :return: user login corresponding to the credentials
        """
        is_consumer = False
        headers = {'Authorization': auth}
        req = oauth2.Request.from_request(method,
                                          url,
                                          headers,
                                          query_string=query)

        if not req:
            return None, is_consumer

        if not (config.has_option('oauth', 'oauth_key')
                and config.has_option('oauth', 'oauth_secret')):
            _logger.error(
                _("Attempting OAuth authentication and you do not have oauth_key and "
                  "oauth_secret in pulp.conf"))
            return None, is_consumer

        key = config.get('oauth', 'oauth_key')
        secret = config.get('oauth', 'oauth_secret')

        consumer = oauth2.Consumer(key=key, secret=secret)
        server = oauth2.Server()
        server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())

        try:
            # this call has a return value, but failures are noted by the exception
            server.verify_request(req, consumer, None)
        except oauth2.Error, e:
            _logger.error('error verifying OAuth signature: %s' % e)
            return None, is_consumer
Example #4
0
    def check_oauth(self, username, method, url, auth, query):
        """
        Check OAuth header credentials.
        Return None if the credentials are invalid

        :type username: str
        :param username: username corresponding to credentials

        :type method: str
        :param method: http method

        :type url: str
        :param url: request url

        :type auth: str
        :param auth: http authorization header value

        :type query: str
        :param query: http request query string

        :rtype: str or None
        :return: user login corresponding to the credentials
        """
        is_consumer = False
        headers = {'Authorization': auth}
        req = oauth2.Request.from_request(method, url, headers, query_string=query)

        if not req:
            return None, is_consumer

        if not (config.has_option('oauth', 'oauth_key') and
                config.has_option('oauth', 'oauth_secret')):
            _logger.error(_("Attempting OAuth authentication and you do not have oauth_key and "
                            "oauth_secret in pulp.conf"))
            return None, is_consumer

        key = config.get('oauth', 'oauth_key')
        secret = config.get('oauth', 'oauth_secret')

        consumer = oauth2.Consumer(key=key, secret=secret)
        server = oauth2.Server()
        server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())

        try:
            # this call has a return value, but failures are noted by the exception
            server.verify_request(req, consumer, None)
        except oauth2.Error, e:
            _logger.error('error verifying OAuth signature: %s' % e)
            return None, is_consumer
Example #5
0
    def _check_username_password_ldap(self, username, password=None):
        """
        Check a username and password against the ldap server.
        Return None if the username and password are not valid

        :type username: str
        :param username: the login of the user

        :type password: str or None
        :param password: password of the user, None => do not validate the password

        :rtype: L{pulp.server.db.model.auth.User} instance or None
        :return: user corresponding to the credentials
        """

        ldap_uri = config.get('ldap', 'uri')
        ldap_base = config.get('ldap', 'base')
        ldap_tls = config.getboolean('ldap', 'tls')

        ldap_filter = None
        if config.has_option('ldap', 'filter'):
            ldap_filter = config.get('ldap', 'filter')

        ldap_server = ldap_connection.LDAPConnection(server=ldap_uri,
                                                     tls=ldap_tls)
        ldap_server.connect()
        user = ldap_server.authenticate_user(ldap_base,
                                             username,
                                             password,
                                             filter=ldap_filter)
        return user
Example #6
0
    def _check_username_password_ldap(self, username, password=None):
        """
        Check a username and password against the ldap server.
        Return None if the username and password are not valid

        :type username: str
        :param username: the login of the user

        :type password: str or None
        :param password: password of the user, None => do not validate the password

        :rtype: L{pulp.server.db.model.auth.User} instance or None
        :return: user corresponding to the credentials
        """

        ldap_uri = config.get('ldap', 'uri')
        ldap_base = config.get('ldap', 'base')
        ldap_tls = config.getboolean('ldap', 'tls')

        ldap_filter = None
        if config.has_option('ldap', 'filter'):
            ldap_filter = config.get('ldap', 'filter')

        ldap_server = ldap_connection.LDAPConnection(server=ldap_uri, tls=ldap_tls)
        ldap_server.connect()
        user = ldap_server.authenticate_user(ldap_base, username, password,
                                             filter=ldap_filter)
        return user
Example #7
0
def _check_username_password_ldap(username, password=None):
    """
    Check a username and password against the ldap server.
    Return None if the username and password are not valid
    @type username: str
    @param username: the login of the user
    @type password: str or None
    @param password: password of the user, None => do not validate the password
    @rtype: L{pulp.server.db.model.User} instance or None
    @return: user corresponding to the credentials
    """
    ldap_uri = "ldap://localhost"
    if config.has_option('ldap', 'uri'):
        ldap_uri = config.get("ldap", "uri")
    else:
        _log.info("No valid server found, default to localhost")
    ldap_base = "dc=localhost"
    if config.has_option('ldap', 'base'):
        ldap_base = config.get('ldap', 'base')
    else:
        _log.info("No valid base found, default to localhost")
    ldap_filter = None
    if config.has_option('ldap', 'filter'):
        ldap_filter = config.get('ldap', 'filter')
    ldap_tls = False
    if config.has_option('ldap', 'tls'):
        ldap_tls = config.getboolean('ldap', 'tls')
    ldap_server = ldap_connection.LDAPConnection(server=ldap_uri, tls=ldap_tls)
    ldap_server.connect()
    user = None
    if password is not None:
        user = ldap_server.authenticate_user(ldap_base, username, password,
                                             filter=ldap_filter)
    else:
        user_query_manager = factory.user_query_manager()
        user = user_query_manager.find_by_login(username)
    if user is None:
        return None
    return user
Example #8
0
def create_mongo_config():
    """
    Inspects the pulp config's mongodb settings and returns a data structure
    that can be passed to celery for it's mongodb result backend config.

    :return:    dictionary with keys 'host' and 'database', and optionally with
                keys 'user' and 'password', that can be passed to celery as the
                config for a mongodb result backend
    :rtype:     dict
    """
    db_name = config.get('database', 'name')

    # celery 3.1 doesn't support multiple seeds, so we just use the first one
    seeds = config.get('database', 'seeds')
    seed = seeds.split(',')[0].strip()
    host = seed.split(':')[0]
    port = seed.split(':')[1] if ':' in seed else None
    mongo_config = {'host': host, 'database': db_name}
    if port:
        mongo_config['port'] = port
    if config.has_option('database', 'username') and config.has_option(
            'database', 'password'):
        mongo_config['user'] = config.get('database', 'username')
        mongo_config['password'] = config.get('database', 'password')
    if config.getboolean('database', 'ssl'):
        mongo_config['ssl'] = True
        ssl_keyfile = config.get('database', 'ssl_keyfile')
        ssl_certfile = config.get('database', 'ssl_certfile')
        if ssl_keyfile:
            mongo_config['ssl_keyfile'] = ssl_keyfile
        if ssl_certfile:
            mongo_config['ssl_certfile'] = ssl_certfile
        verify_ssl = config.getboolean('database', 'verify_ssl')
        mongo_config[
            'ssl_cert_reqs'] = ssl.CERT_REQUIRED if verify_ssl else ssl.CERT_NONE
        mongo_config['ssl_ca_certs'] = config.get('database', 'ca_path')
    return mongo_config
Example #9
0
def create_mongo_config():
    """
    Inspects the pulp config's mongodb settings and returns a data structure
    that can be passed to celery for it's mongodb result backend config.

    :return:    dictionary with keys 'host' and 'database', and optionally with
                keys 'user' and 'password', that can be passed to celery as the
                config for a mongodb result backend
    :rtype:     dict
    """
    db_name = config.get('database', 'name')

    # celery 3.1 doesn't support multiple seeds, so we just use the first one
    seeds = config.get('database', 'seeds')
    seed = seeds.split(',')[0].strip()
    host = seed.split(':')[0]
    port = seed.split(':')[1] if ':' in seed else None
    mongo_config = {'host': host, 'database': db_name}
    if port:
        mongo_config['port'] = port
    if config.has_option('database', 'user') and config.has_option('database', 'password'):
        mongo_config['user'] = config.get('database', 'user')
        mongo_config['password'] = config.get('database', 'password')
    return mongo_config
Example #10
0
def check_oauth(username, method, url, auth, query):
    """
    Check OAuth header credentials.
    Return None if the credentials are invalid
    @type username: str
    @param username: username corresponding to credentials
    @type method: str
    @param method: http method
    @type url: str
    @param url: request url
    @type auth: str
    @param auth: http authorization header value
    @type query: str
    @param query: http request query string
    @rtype: L{pulp.server.db.model.User} instance or None
    @return: user corresponding to the credentials
    """
    headers = {'Authorization': auth}
    req = oauth2.Request.from_request(method, url, headers, query_string=query)
    if not req:
        return None
    if not (config.has_option('security', 'oauth_key') and
            config.has_option('security', 'oauth_secret')):
        _log.error("Attempting OAuth authentication and you do not have oauth_key and oauth_secret in pulp.conf")
        return None
    key = config.get('security', 'oauth_key')
    secret = config.get('security', 'oauth_secret')
    consumer = oauth2.Consumer(key=key, secret=secret)
    server = oauth2.Server()
    server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1())
    try:
        # this call has a return value, but failures are noted by the exception
        server.verify_request(req, consumer, None)
    except oauth2.Error, e:
        _log.error('error verifying OAuth signature: %s' % e)
        return None
Example #11
0
    def _add_from_ldap(self, username, userdata):
        """
        @param username:  Username to be added
        @param user: tuple of user data as returned by lookup_user

        Adds a user to the pulp user database with no password and
        returns a pulp.server.db.model.User object
        """
        user = User.get_collection().find_one({'login' : username})
        if user is None:
            attrs = userdata[1]
            try:
                name = attrs['gecos']
            except KeyError:
                name = username
            user =  self.user_manager.create_user(login=username, name=name)
            if config.has_option('ldap', 'default_role'):
                role_id = config.get('ldap', 'default_role')
                self.role_manager.add_user_to_role(role_id, username)
                              
        return user
Example #12
0
    def _add_from_ldap(self, username, userdata):
        """
        @param username:  Username to be added
        @param userdata: tuple of user data as returned by lookup_user

        Adds a user to the pulp user database with no password and
        returns a pulp.server.db.model.User object
        """
        user = User.get_collection().find_one({'login' : username})
        if user is None:
            attrs = userdata[1]
            if 'gecos' in attrs and isinstance(attrs['gecos'], basestring):
                name = attrs['gecos']
            else:
                name = username
            user =  self.user_manager.create_user(login=username, name=name)
            if config.has_option('ldap', 'default_role'):
                role_id = config.get('ldap', 'default_role')
                self.role_manager.add_user_to_role(role_id, username)
                              
        return user
Example #13
0
    def _add_from_ldap(self, username, userdata):
        """
        @param username:  Username to be added
        @param userdata: tuple of user data as returned by lookup_user

        Adds a user to the pulp user database with no password and
        returns a pulp.server.db.model.User object
        """
        user = model.User.objects(login=username).first()
        if user is None:
            attrs = userdata[1]
            if 'gecos' in attrs and isinstance(attrs['gecos'], basestring):
                name = attrs['gecos']
            else:
                name = username
            user = user_controller.create_user(login=username, name=name)
            if config.has_option('ldap', 'default_role'):
                role_id = config.get('ldap', 'default_role')
                self.role_manager.add_user_to_role(role_id, username)

        return user
Example #14
0
    def _add_from_ldap(self, username, userdata):
        """
        @param username:  Username to be added
        @param user: tuple of user data as returned by lookup_user

        Adds a user to the pulp user database with no password and
        returns a pulp.server.db.model.User object
        """
        user = _user_manager.find_by_login(username)
        if user is None:
            attrs = userdata[1]
            try:
                name = attrs['gecos']
            except KeyError:
                name = username
            user =  _user_manager.create_user(login=username, name=name)
            if config.has_option('ldap', 'default_role'):
                role = config.get('ldap', 'default_role')
                rv = authorization.add_user_to_role(role, username)
                if not rv:
                    log.error("Could not add user [%s] to role [%s]" %
                              (username, role))
                              
        return user