def check_login(fn, self, *a, **kw): session_key = cherrypy.session.get('sessionKey', None) is_api = util.is_api() if not session_key: logger.info( 'require_login - no splunkd sessionKey variable set; cherrypy_session=%s request_path=%s' % (cherrypy.session.id, cherrypy.request.path_info)) logger.debug('require_login - cookie request header: %s' % unicode(cherrypy.request.cookie)) logger.debug('require_login - cookie response header: %s' % unicode(cherrypy.response.cookie)) if is_api or util.is_xhr(): logger.info( 'require_login - is api/XHR request, raising 401 status') raise cherrypy.HTTPError(401) else: logger.info('require_login - redirecting to login') self.redirect_to_url('/account/login', _qs=[('return_to', util.current_url_path())]) try: return fn(self, *a, **kw) except splunk.AuthenticationFailed: logger.info('sessionKey rejected by splunkd') cherrypy.session.delete() if is_api or util.is_xhr(): raise cherrypy.HTTPError(401) else: self.redirect_to_url('/account/login', _qs=[('return_to', util.current_url_path())])
def submitPrincipal(self, config, action, **kwargs): ''' add configuration for a single principal used with a cluster's kerberos ''' app = cherrypy.request.path_info.split('/')[3] user = cherrypy.session['user']['name'] id = kwargs.pop('id', None) try: principal = Principal.get(id) principal.update(kwargs) # Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/... # instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/... if principal.entity and principal.entity.owner: principal.entity.owner = 'nobody' except: principal = Principal(app, user, **kwargs) if principal.passive_save(): if app_util.is_xhr(): cherrypy.response.status = 200 return "" else: raise cherrypy.HTTPRedirect( self.make_url(['app', app, 'config_clusters']), 303) else: if app_util.is_xhr(): cherrypy.response.status = 404 return self.render_template( '/%s:/templates/add_principal.html' % app, dict(form_content='fomasdafe', app=app, principal=principal))
def submit(self, action, **kwargs): '''Accept data to setup the Splunk HDFS app''' app = cherrypy.request.path_info.split('/')[3] user = cherrypy.session['user']['name'] #remove the csrf protection...(perhaps this should be done for us? del kwargs['splunk_form_key'] #TODO make this a lib function or static method on the model and replace this and the one in the defaultExports.saveJob keys = kwargs.keys() partitions = [] for k in keys: if k.startswith( 'partition_' ): # and splunk.util.normalizeBoolean(kwargs.get(k, 'f')): partitions.append(k[len('partition_'):]) del kwargs[k] kwargs['partition_fields'] = ','.join( partitions) if len(partitions) > 0 else 'None' kwargs['search'] = 'This should not get saved' defaultExport = HDFSExport(app, user, 'default', **kwargs) defaultExport.metadata.sharing = 'app' defaultExport.metadata.owner = 'nobody' defaultExport.metadata.app = app logger.info("Submitted setup form with params: %s" % kwargs) if defaultExport.passive_save(): if app_util.is_xhr(): cherrypy.response.status = 200 return "" raise cherrypy.HTTPRedirect( self.make_url(['app', app, 'config_clusters']), 303) if app_util.is_xhr(): cherrypy.response.status = 404 return self.render_template( '/%s:/templates/export_defaults.html' % app, dict(form_content='fomasdafe', app=app, defaultExport=defaultExport))
def check(fn, self, *a, **kw): is_api = util.is_api() request = cherrypy.request if not handle_api and is_api: raise RequestRefused(404) if handle_api is ONLY_API and not is_api: raise RequestRefused(404) _methods = methods if _methods: if isinstance(_methods, basestring): _methods = [ _methods ] if request.method not in _methods: raise RequestRefused(405) # verify that version info is good; do it here so that any URI access # will trigger the check startup.initVersionInfo() # add a convenience property to all request objects to get at the # current relative URI request.relative_uri = request.path_info + (('?' + request.query_string) if request.query_string else '') if cherrypy.config.get('root_endpoint') not in ['/', None, '']: request.relative_uri = cherrypy.config.get('root_endpoint') + request.relative_uri # CSRF protection # Disable in tests by setting cherrypy.config.update({'environment': 'test_suite'}) if verify_session and request.method == 'POST' and not cherrypy.config.get('environment') == 'test_suite': is_xhr = util.is_xhr() form_key = request.headers.get('X-Splunk-Form-Key') if is_xhr else request.params.get('splunk_form_key') # verify that the incoming form key matches server's version if not util.isValidFormKey(form_key): if is_xhr: logger.warn('CSRF: validation failed because client XHR did not include proper header') else: logger.warn('CSRF: validation failed because HTTP POST did not include expected parameter') if must_login: if is_xhr: raise cherrypy.HTTPError(401, _('Splunk cannot authenticate the request. CSRF validation failed.')) else: return self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] ) logger.warn('CSRF: skipping 401 redirect response because endpoint did not request protection') # basic input cleansing if trim_spaces: for key, value in kw.iteritems(): if isinstance(value, basestring): kw[key] = value.strip() if kw[key] != value: logger.debug('Leading/trailing whitespaces were trimmed in "%s" argument' % key) return fn(self, *a, **kw)
def check_login(fn, self, *a, **kw): session_key = cherrypy.session.get('sessionKey', None) is_api = util.is_api() if not session_key: logger.info('require_login - no splunkd sessionKey variable set; cherrypy_session=%s request_path=%s' % (cherrypy.session.id, cherrypy.request.path_info)) logger.debug('require_login - cookie request header: %s' % unicode(cherrypy.request.cookie)) logger.debug('require_login - cookie response header: %s' % unicode(cherrypy.response.cookie)) if is_api or util.is_xhr(): logger.info('require_login - is api/XHR request, raising 401 status') raise cherrypy.HTTPError(401) else: logger.info('require_login - redirecting to login') self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] ) try: return fn(self, *a, **kw) except splunk.AuthenticationFailed: logger.info('sessionKey rejected by splunkd') cherrypy.session.delete() if is_api or util.is_xhr(): raise cherrypy.HTTPError(401) else: self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
def check(fn, self, *a, **kw): is_api = util.is_api() request = cherrypy.request if not handle_api and is_api: raise RequestRefused(404) if handle_api is ONLY_API and not is_api: raise RequestRefused(404) _methods = methods if _methods: if isinstance(_methods, basestring): _methods = [_methods] if request.method not in _methods: raise RequestRefused(405) # verify that version info is good; do it here so that any URI access # will trigger the check startup.initVersionInfo() # add a convenience property to all request objects to get at the # current relative URI request.relative_uri = request.path_info + ( ('?' + request.query_string) if request.query_string else '') if cherrypy.config.get('root_endpoint') not in ['/', None, '']: request.relative_uri = cherrypy.config.get( 'root_endpoint') + request.relative_uri # CSRF protection # Disable in tests by setting cherrypy.config.update({'environment': 'test_suite'}) if verify_session and request.method == 'POST' and not cherrypy.config.get( 'environment') == 'test_suite': is_xhr = util.is_xhr() form_key = request.headers.get( 'X-Splunk-Form-Key') if is_xhr else request.params.get( 'splunk_form_key') # verify that the incoming form key matches server's version if not util.isValidFormKey(form_key): if is_xhr: logger.warn( 'CSRF: validation failed because client XHR did not include proper header' ) else: logger.warn( 'CSRF: validation failed because HTTP POST did not include expected parameter' ) if must_login: if is_xhr: raise cherrypy.HTTPError( 401, _('Splunk cannot authenticate the request. CSRF validation failed.' )) else: return self.redirect_to_url( '/account/login', _qs=[('return_to', util.current_url_path())]) logger.warn( 'CSRF: skipping 401 redirect response because endpoint did not request protection' ) # basic input cleansing if trim_spaces: for key, value in kw.iteritems(): if isinstance(value, basestring): kw[key] = value.strip() if kw[key] != value: logger.debug( 'Leading/trailing whitespaces were trimmed in "%s" argument' % key) return fn(self, *a, **kw)
def submitCluster(self, config, action, **kwargs): '''add configuration for a single HDFS cluster''' app = cherrypy.request.path_info.split('/')[3] user = cherrypy.session['user']['name'] errors = [] if kwargs.get('secure', 0): #TODO: verify service principal is provided if kwargs.get('kerberos_principal') == 'add': principal = Principal( app, user, **{ 'name': kwargs.get('principal_name'), 'keytab_path': kwargs.get('principal_keytab_location') }) if principal.passive_save(): kwargs['kerberos_principal'] = kwargs.get('principal_name') else: errors += principal.errors else: if kwargs.get('kerberos_principal'): kwargs['kerberos_principal'] = '' if kwargs.get('kerberos_service_principal'): kwargs['kerberos_service_principal'] = '' id = kwargs.pop('id', None) type = kwargs.pop('type', None) if type == 'remote': kwargs['uri'] = 'hdfs://%s' % kwargs.get( 'name') if 'name' in kwargs else None elif type == 'local': kwargs['uri'] = 'file://%s' % kwargs.pop('local_mount') else: raise cherrypy.HTTPError(400, 'Expected cluster type parameter') try: cluster = Cluster.get(id) cluster.update(kwargs) # Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/... # instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/... if cluster.entity and cluster.entity.owner: cluster.entity.owner = 'nobody' edit = True except: cluster = Cluster(app, user, **kwargs) edit = False # save stuff iff there were no errors while saving the principal if len(errors) == 0: logger.info("Saving cluster with args: %s " % kwargs) if cluster.passive_save(): this_app = App.get(App.build_id(app, app, user)) this_app.is_configured = True this_app.passive_save() if app_util.is_xhr(): cherrypy.response.status = 200 return "" raise cherrypy.HTTPRedirect( self.make_url(['app', app, 'config_clusters']), 303) principals = Principal.all().filter_by_app(app) principal_name = kwargs.get('principal_name', '') principal_keytab_location = kwargs.get('principal_keytab_location', '') cluster.errors += errors if app_util.is_xhr(): cherrypy.response.status = 404 return self.render_template( '/%s:/templates/add_cluster.html' % app, dict(form_content='fomasdafe', app=app, cluster=cluster, edit=edit, principals=principals, principal_name=principal_name, principal_keytab_location=principal_keytab_location, selectedTab=type))