def create_mongo_config(): """ Inspects the pulp config's mongodb settings and returns a data structure that can be passed to celery for it's mongodb result backend config. :return: dictionary with keys 'host' and 'database', and optionally with keys 'user' and 'password', that can be passed to celery as the config for a mongodb result backend :rtype: dict """ db_name = config.get('database', 'name') # celery 3.1 doesn't support multiple seeds, so we just use the first one seeds = config.get('database', 'seeds') seed = seeds.split(',')[0].strip() host = seed.split(':')[0] port = seed.split(':')[1] if ':' in seed else None mongo_config = {'host': host, 'database': db_name} if port: mongo_config['port'] = port if config.has_option('database', 'username') and config.has_option( 'database', 'password'): mongo_config['user'] = config.get('database', 'username') mongo_config['password'] = config.get('database', 'password') return mongo_config
def create_mongo_config(): """ Inspects the pulp config's mongodb settings and returns a data structure that can be passed to celery for it's mongodb result backend config. :return: dictionary with keys 'host' and 'database', and optionally with keys 'user' and 'password', that can be passed to celery as the config for a mongodb result backend :rtype: dict """ db_name = config.get('database', 'name') # celery 3.1 doesn't support multiple seeds, so we just use the first one seeds = config.get('database', 'seeds') seed = seeds.split(',')[0].strip() host = seed.split(':')[0] port = seed.split(':')[1] if ':' in seed else None mongo_config = {'host': host, 'database': db_name} if port: mongo_config['port'] = port if config.has_option('database', 'username') and config.has_option('database', 'password'): mongo_config['user'] = config.get('database', 'username') mongo_config['password'] = config.get('database', 'password') if config.getboolean('database', 'ssl'): mongo_config['ssl'] = True ssl_keyfile = config.get('database', 'ssl_keyfile') ssl_certfile = config.get('database', 'ssl_certfile') if ssl_keyfile: mongo_config['ssl_keyfile'] = ssl_keyfile if ssl_certfile: mongo_config['ssl_certfile'] = ssl_certfile verify_ssl = config.getboolean('database', 'verify_ssl') mongo_config['ssl_cert_reqs'] = ssl.CERT_REQUIRED if verify_ssl else ssl.CERT_NONE mongo_config['ssl_ca_certs'] = config.get('database', 'ca_path') return mongo_config
def check_oauth(self, username, method, url, auth, query): """ Check OAuth header credentials. Return None if the credentials are invalid :type username: str :param username: username corresponding to credentials :type method: str :param method: http method :type url: str :param url: request url :type auth: str :param auth: http authorization header value :type query: str :param query: http request query string :rtype: str or None :return: user login corresponding to the credentials """ is_consumer = False headers = {'Authorization': auth} req = oauth2.Request.from_request(method, url, headers, query_string=query) if not req: return None, is_consumer if not (config.has_option('oauth', 'oauth_key') and config.has_option('oauth', 'oauth_secret')): _logger.error( _("Attempting OAuth authentication and you do not have oauth_key and " "oauth_secret in pulp.conf")) return None, is_consumer key = config.get('oauth', 'oauth_key') secret = config.get('oauth', 'oauth_secret') consumer = oauth2.Consumer(key=key, secret=secret) server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) try: # this call has a return value, but failures are noted by the exception server.verify_request(req, consumer, None) except oauth2.Error, e: _logger.error('error verifying OAuth signature: %s' % e) return None, is_consumer
def check_oauth(self, username, method, url, auth, query): """ Check OAuth header credentials. Return None if the credentials are invalid :type username: str :param username: username corresponding to credentials :type method: str :param method: http method :type url: str :param url: request url :type auth: str :param auth: http authorization header value :type query: str :param query: http request query string :rtype: str or None :return: user login corresponding to the credentials """ is_consumer = False headers = {'Authorization': auth} req = oauth2.Request.from_request(method, url, headers, query_string=query) if not req: return None, is_consumer if not (config.has_option('oauth', 'oauth_key') and config.has_option('oauth', 'oauth_secret')): _logger.error(_("Attempting OAuth authentication and you do not have oauth_key and " "oauth_secret in pulp.conf")) return None, is_consumer key = config.get('oauth', 'oauth_key') secret = config.get('oauth', 'oauth_secret') consumer = oauth2.Consumer(key=key, secret=secret) server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) try: # this call has a return value, but failures are noted by the exception server.verify_request(req, consumer, None) except oauth2.Error, e: _logger.error('error verifying OAuth signature: %s' % e) return None, is_consumer
def _check_username_password_ldap(self, username, password=None): """ Check a username and password against the ldap server. Return None if the username and password are not valid :type username: str :param username: the login of the user :type password: str or None :param password: password of the user, None => do not validate the password :rtype: L{pulp.server.db.model.auth.User} instance or None :return: user corresponding to the credentials """ ldap_uri = config.get('ldap', 'uri') ldap_base = config.get('ldap', 'base') ldap_tls = config.getboolean('ldap', 'tls') ldap_filter = None if config.has_option('ldap', 'filter'): ldap_filter = config.get('ldap', 'filter') ldap_server = ldap_connection.LDAPConnection(server=ldap_uri, tls=ldap_tls) ldap_server.connect() user = ldap_server.authenticate_user(ldap_base, username, password, filter=ldap_filter) return user
def _check_username_password_ldap(username, password=None): """ Check a username and password against the ldap server. Return None if the username and password are not valid @type username: str @param username: the login of the user @type password: str or None @param password: password of the user, None => do not validate the password @rtype: L{pulp.server.db.model.User} instance or None @return: user corresponding to the credentials """ ldap_uri = "ldap://localhost" if config.has_option('ldap', 'uri'): ldap_uri = config.get("ldap", "uri") else: _log.info("No valid server found, default to localhost") ldap_base = "dc=localhost" if config.has_option('ldap', 'base'): ldap_base = config.get('ldap', 'base') else: _log.info("No valid base found, default to localhost") ldap_filter = None if config.has_option('ldap', 'filter'): ldap_filter = config.get('ldap', 'filter') ldap_tls = False if config.has_option('ldap', 'tls'): ldap_tls = config.getboolean('ldap', 'tls') ldap_server = ldap_connection.LDAPConnection(server=ldap_uri, tls=ldap_tls) ldap_server.connect() user = None if password is not None: user = ldap_server.authenticate_user(ldap_base, username, password, filter=ldap_filter) else: user_query_manager = factory.user_query_manager() user = user_query_manager.find_by_login(username) if user is None: return None return user
def create_mongo_config(): """ Inspects the pulp config's mongodb settings and returns a data structure that can be passed to celery for it's mongodb result backend config. :return: dictionary with keys 'host' and 'database', and optionally with keys 'user' and 'password', that can be passed to celery as the config for a mongodb result backend :rtype: dict """ db_name = config.get('database', 'name') # celery 3.1 doesn't support multiple seeds, so we just use the first one seeds = config.get('database', 'seeds') seed = seeds.split(',')[0].strip() host = seed.split(':')[0] port = seed.split(':')[1] if ':' in seed else None mongo_config = {'host': host, 'database': db_name} if port: mongo_config['port'] = port if config.has_option('database', 'username') and config.has_option( 'database', 'password'): mongo_config['user'] = config.get('database', 'username') mongo_config['password'] = config.get('database', 'password') if config.getboolean('database', 'ssl'): mongo_config['ssl'] = True ssl_keyfile = config.get('database', 'ssl_keyfile') ssl_certfile = config.get('database', 'ssl_certfile') if ssl_keyfile: mongo_config['ssl_keyfile'] = ssl_keyfile if ssl_certfile: mongo_config['ssl_certfile'] = ssl_certfile verify_ssl = config.getboolean('database', 'verify_ssl') mongo_config[ 'ssl_cert_reqs'] = ssl.CERT_REQUIRED if verify_ssl else ssl.CERT_NONE mongo_config['ssl_ca_certs'] = config.get('database', 'ca_path') return mongo_config
def create_mongo_config(): """ Inspects the pulp config's mongodb settings and returns a data structure that can be passed to celery for it's mongodb result backend config. :return: dictionary with keys 'host' and 'database', and optionally with keys 'user' and 'password', that can be passed to celery as the config for a mongodb result backend :rtype: dict """ db_name = config.get('database', 'name') # celery 3.1 doesn't support multiple seeds, so we just use the first one seeds = config.get('database', 'seeds') seed = seeds.split(',')[0].strip() host = seed.split(':')[0] port = seed.split(':')[1] if ':' in seed else None mongo_config = {'host': host, 'database': db_name} if port: mongo_config['port'] = port if config.has_option('database', 'user') and config.has_option('database', 'password'): mongo_config['user'] = config.get('database', 'user') mongo_config['password'] = config.get('database', 'password') return mongo_config
def check_oauth(username, method, url, auth, query): """ Check OAuth header credentials. Return None if the credentials are invalid @type username: str @param username: username corresponding to credentials @type method: str @param method: http method @type url: str @param url: request url @type auth: str @param auth: http authorization header value @type query: str @param query: http request query string @rtype: L{pulp.server.db.model.User} instance or None @return: user corresponding to the credentials """ headers = {'Authorization': auth} req = oauth2.Request.from_request(method, url, headers, query_string=query) if not req: return None if not (config.has_option('security', 'oauth_key') and config.has_option('security', 'oauth_secret')): _log.error("Attempting OAuth authentication and you do not have oauth_key and oauth_secret in pulp.conf") return None key = config.get('security', 'oauth_key') secret = config.get('security', 'oauth_secret') consumer = oauth2.Consumer(key=key, secret=secret) server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) try: # this call has a return value, but failures are noted by the exception server.verify_request(req, consumer, None) except oauth2.Error, e: _log.error('error verifying OAuth signature: %s' % e) return None
def _add_from_ldap(self, username, userdata): """ @param username: Username to be added @param user: tuple of user data as returned by lookup_user Adds a user to the pulp user database with no password and returns a pulp.server.db.model.User object """ user = User.get_collection().find_one({'login' : username}) if user is None: attrs = userdata[1] try: name = attrs['gecos'] except KeyError: name = username user = self.user_manager.create_user(login=username, name=name) if config.has_option('ldap', 'default_role'): role_id = config.get('ldap', 'default_role') self.role_manager.add_user_to_role(role_id, username) return user
def _add_from_ldap(self, username, userdata): """ @param username: Username to be added @param userdata: tuple of user data as returned by lookup_user Adds a user to the pulp user database with no password and returns a pulp.server.db.model.User object """ user = User.get_collection().find_one({'login' : username}) if user is None: attrs = userdata[1] if 'gecos' in attrs and isinstance(attrs['gecos'], basestring): name = attrs['gecos'] else: name = username user = self.user_manager.create_user(login=username, name=name) if config.has_option('ldap', 'default_role'): role_id = config.get('ldap', 'default_role') self.role_manager.add_user_to_role(role_id, username) return user
def _add_from_ldap(self, username, userdata): """ @param username: Username to be added @param userdata: tuple of user data as returned by lookup_user Adds a user to the pulp user database with no password and returns a pulp.server.db.model.User object """ user = model.User.objects(login=username).first() if user is None: attrs = userdata[1] if 'gecos' in attrs and isinstance(attrs['gecos'], basestring): name = attrs['gecos'] else: name = username user = user_controller.create_user(login=username, name=name) if config.has_option('ldap', 'default_role'): role_id = config.get('ldap', 'default_role') self.role_manager.add_user_to_role(role_id, username) return user
def _add_from_ldap(self, username, userdata): """ @param username: Username to be added @param user: tuple of user data as returned by lookup_user Adds a user to the pulp user database with no password and returns a pulp.server.db.model.User object """ user = _user_manager.find_by_login(username) if user is None: attrs = userdata[1] try: name = attrs['gecos'] except KeyError: name = username user = _user_manager.create_user(login=username, name=name) if config.has_option('ldap', 'default_role'): role = config.get('ldap', 'default_role') rv = authorization.add_user_to_role(role, username) if not rv: log.error("Could not add user [%s] to role [%s]" % (username, role)) return user