def lookup(self, *ident): report_tool = DebugReportsModel.get_system_report_tool() try: SoftwareUpdate() except Exception: update_tool = False else: update_tool = True try: repo = Repositories() except Exception: repo_mngt_tool = None else: repo_mngt_tool = repo._pkg_mnger.TYPE return { 'libvirt_stream_protocols': self.libvirt_stream_protocols, 'qemu_spice': self._qemu_support_spice(), 'qemu_stream': self.qemu_stream, 'screenshot': VMScreenshot.get_stream_test_result(), 'system_report_tool': bool(report_tool), 'update_tool': update_tool, 'repo_mngt_tool': repo_mngt_tool, 'federation': kconfig.get("server", "federation"), 'auth': kconfig.get("authentication", "method"), 'kernel_vfio': self.kernel_vfio, 'nm_running': FeatureTests.is_nm_running(), 'mem_hotplug_support': self.mem_hotplug_support }
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0755) except OSError as e: if e.errno == errno.EEXIST: pass cert = config.get('server', 'ssl_cert') key = config.get('server', 'ssl_key') if not (cert and key): cert = '%s/wok-cert.pem' % paths.conf_dir key = '%s/wok-key.pem' % paths.conf_dir params = {'listen_host': '127.0.0.1', 'listen_port': config.get('server', 'websockets_port'), 'ssl_only': False} # old websockify: do not use TokenFile if not tokenFile: params['target_cfg'] = WS_TOKENS_DIR # websockify 0.7 and higher: use TokenFile else: params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR) def start_proxy(): server = WebSocketProxy(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0755) except OSError as e: if e.errno == errno.EEXIST: pass cert = config.get('server', 'ssl_cert') key = config.get('server', 'ssl_key') if not (cert and key): cert = '%s/wok-cert.pem' % paths.conf_dir key = '%s/wok-key.pem' % paths.conf_dir params = { 'web': os.path.join(paths.ui_dir, 'pages/websockify'), 'listen_port': config.get('display', 'display_proxy_port'), 'target_cfg': WS_TOKENS_DIR, 'key': key, 'cert': cert, 'ssl_only': True } def start_proxy(): server = WebSocketProxy(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def authenticate(username, password): ldap_server = config.get("authentication", "ldap_server").strip('"') ldap_search_base = config.get("authentication", "ldap_search_base").strip('"') ldap_search_filter = config.get("authentication", "ldap_search_filter", vars={ "username": username.encode("utf-8") }).strip('"') connect = ldap.open(ldap_server) try: result = connect.search_s(ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter) if len(result) == 0: entity = ldap_search_filter % {'username': username} raise ldap.LDAPError("Invalid ldap entity:%s" % entity) connect.bind_s(result[0][0], password) connect.unbind_s() return True except ldap.INVALID_CREDENTIALS: # invalid user password raise OperationFailed("WOKAUTH0002E") except ldap.NO_SUCH_OBJECT: # ldap search base specified wrongly. raise OperationFailed("WOKAUTH0005E", { "item": 'ldap_search_base', "value": ldap_search_base }) except ldap.LDAPError, e: arg = {"username": username, "code": e.message} raise OperationFailed("WOKAUTH0001E", arg)
def authenticate(username, password): ldap_server = config.get('authentication', 'ldap_server').strip('"') ldap_search_base = config.get( 'authentication', 'ldap_search_base').strip('"') ldap_search_filter = config.get( 'authentication', 'ldap_search_filter', vars={'username': username.encode('utf-8')}, ).strip('"') connect = ldap.open(ldap_server) try: result = connect.search_s( ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter ) if len(result) == 0: entity = ldap_search_filter % {'username': username} raise ldap.LDAPError(f'Invalid ldap entity: {entity}') connect.bind_s(result[0][0], password) connect.unbind_s() return True except ldap.INVALID_CREDENTIALS: # invalid user password raise OperationFailed('WOKAUTH0002E') except ldap.NO_SUCH_OBJECT: # ldap search base specified wrongly. raise OperationFailed( 'WOKAUTH0005E', {'item': 'ldap_search_base', 'value': ldap_search_base} ) except ldap.LDAPError as e: arg = {'username': username, 'code': str(e)} raise OperationFailed('WOKAUTH0001E', arg)
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0755) except OSError as e: if e.errno == errno.EEXIST: pass cert = config.get('server', 'ssl_cert') key = config.get('server', 'ssl_key') if not (cert and key): cert = '%s/wok-cert.pem' % paths.conf_dir key = '%s/wok-key.pem' % paths.conf_dir params = {'listen_host': '127.0.0.1', 'listen_port': config.get('server', 'websockets_port'), 'target_cfg': WS_TOKENS_DIR, 'ssl_only': False} def start_proxy(): server = WebSocketProxy(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def lookup(self, *ident): report_tool = DebugReportsModel.get_system_report_tool() try: SoftwareUpdate() except Exception: update_tool = False else: update_tool = True try: repo = Repositories() except Exception: repo_mngt_tool = None else: repo_mngt_tool = repo._pkg_mnger.TYPE return {'libvirt_stream_protocols': self.libvirt_stream_protocols, 'qemu_spice': self._qemu_support_spice(), 'qemu_stream': self.qemu_stream, 'screenshot': VMScreenshot.get_stream_test_result(), 'system_report_tool': bool(report_tool), 'update_tool': update_tool, 'repo_mngt_tool': repo_mngt_tool, 'federation': kconfig.get("server", "federation"), 'auth': kconfig.get("authentication", "method"), 'kernel_vfio': self.kernel_vfio, 'nm_running': FeatureTests.is_nm_running(), 'mem_hotplug_support': self.mem_hotplug_support }
def lookup(self, name): return { 'ssl_port': config.get('server', 'ssl_port'), 'websockets_port': config.get('server', 'websockets_port'), 'auth': config.get('authentication', 'method'), 'version': get_version() }
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0755) except OSError as e: if e.errno == errno.EEXIST: pass cert = config.get('server', 'ssl_cert') key = config.get('server', 'ssl_key') if not (cert and key): cert = '%s/wok-cert.pem' % paths.conf_dir key = '%s/wok-key.pem' % paths.conf_dir params = { 'listen_host': '127.0.0.1', 'listen_port': config.get('server', 'websockets_port'), 'ssl_only': False } # old websockify: do not use TokenFile if not tokenFile: params['target_cfg'] = WS_TOKENS_DIR # websockify 0.7 and higher: use TokenFile else: params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR) def start_proxy(): server = WebSocketProxy(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def authenticate(username, password): ldap_server = config.get("authentication", "ldap_server").strip('"') ldap_search_base = config.get( "authentication", "ldap_search_base").strip('"') ldap_search_filter = config.get( "authentication", "ldap_search_filter", vars={"username": username.encode("utf-8")}).strip('"') connect = ldap.open(ldap_server) try: result = connect.search_s( ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter) if len(result) == 0: entity = ldap_search_filter % {'username': username} raise ldap.LDAPError("Invalid ldap entity:%s" % entity) connect.bind_s(result[0][0], password) connect.unbind_s() return True except ldap.INVALID_CREDENTIALS: # invalid user password raise OperationFailed("WOKAUTH0002E") except ldap.NO_SUCH_OBJECT: # ldap search base specified wrongly. raise OperationFailed("WOKAUTH0005E", {"item": 'ldap_search_base', "value": ldap_search_base}) except ldap.LDAPError, e: arg = {"username": username, "code": e.message} raise OperationFailed("WOKAUTH0001E", arg)
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0755) except OSError as e: if e.errno == errno.EEXIST: pass cert = config.get('server', 'ssl_cert') key = config.get('server', 'ssl_key') if not (cert and key): cert = '%s/wok-cert.pem' % paths.conf_dir key = '%s/wok-key.pem' % paths.conf_dir params = {'web': os.path.join(paths.ui_dir, 'pages/websockify'), 'listen_port': config.get('display', 'display_proxy_port'), 'target_cfg': WS_TOKENS_DIR, 'key': key, 'cert': cert, 'ssl_only': True} def start_proxy(): server = WebSocketProxy(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def lookup(self, *ident): return {'libvirt_stream_protocols': self.libvirt_stream_protocols, 'qemu_spice': self._qemu_support_spice(), 'qemu_stream': self.qemu_stream, 'screenshot': VMScreenshot.get_stream_test_result(), 'federation': kconfig.get("server", "federation"), 'auth': kconfig.get("authentication", "method"), 'kernel_vfio': self.kernel_vfio, 'nm_running': FeatureTests.is_nm_running(), 'mem_hotplug_support': self.mem_hotplug_support }
def lookup(self, *ident): return { 'libvirt_stream_protocols': self.libvirt_stream_protocols, 'qemu_spice': self._qemu_support_spice(), 'qemu_stream': self.qemu_stream, 'screenshot': VMScreenshot.get_stream_test_result(), 'federation': kconfig.get("server", "federation"), 'auth': kconfig.get("authentication", "method"), 'kernel_vfio': self.kernel_vfio, 'nm_running': FeatureTests.is_nm_running(), 'mem_hotplug_support': self.mem_hotplug_support }
def __init__(self, **kargs): # check federation feature is enabled on Kimchi server if not config.get("kimchi", {}).get("federation", False): return # register server on openslp hostname = socket.getfqdn(wok_config.get("server", "host")) port = wok_config.get("server", "ssl_port") self.url = hostname + ":" + port cmd = ["slptool", "register", "service:wokd://%s" % self.url] out, error, ret = run_command(cmd) if out and len(out) != 0: wok_log.error("Unable to register server on openSLP." " Details: %s" % out) cherrypy.engine.subscribe("exit", self._peer_deregister)
def get_roles(self): admin_ids = config.get("authentication", "ldap_admin_id").strip('"').split(',') for admin_id in admin_ids: if self.user[USER_NAME] == admin_id.strip(): self.user[USER_ROLES] = dict.fromkeys(tabs, 'admin') return self.user[USER_ROLES]
def __init__(self, **kargs): # check federation feature is enabled on Wok server if not config.get('server', 'federation') == 'on': return # register server on openslp hostname = socket.getfqdn() port = config.get("server", "proxy_port") self.url = hostname + ":" + port cmd = ["slptool", "register", "service:wokd://%s" % self.url] out, error, ret = run_command(cmd) if out and len(out) != 0: wok_log.error("Unable to register server on openSLP." " Details: %s" % out) cherrypy.engine.subscribe('exit', self._peer_deregister)
def get_roles(self): admin_ids = config.get( "authentication", "ldap_admin_id").strip('"').split(',') for admin_id in admin_ids: if self.user[USER_NAME] == admin_id.strip(): self.user[USER_ROLES] = dict.fromkeys(tabs, 'admin') return self.user[USER_ROLES]
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0755) except OSError as e: if e.errno == errno.EEXIST: pass params = {'listen_host': '127.0.0.1', 'listen_port': config.get('server', 'websockets_port'), 'ssl_only': False} # old websockify: do not use TokenFile if not tokenFile: params['target_cfg'] = WS_TOKENS_DIR # websockify 0.7 and higher: use TokenFile else: params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR) def start_proxy(): try: server = WebSocketProxy(RequestHandlerClass=CustomHandler, **params) except TypeError: server = CustomHandler(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def _get_role(self): admin_ids = config.get( "authentication", "ldap_admin_id").strip('"').split(',') for admin_id in admin_ids: if self.name == admin_id.strip(): return 'admin' return 'user'
def new_ws_proxy(): try: os.makedirs(WS_TOKENS_DIR, mode=0o755) except OSError as e: if e.errno == errno.EEXIST: pass params = { 'listen_host': '127.0.0.1', 'listen_port': config.get('server', 'websockets_port'), 'ssl_only': False, } # old websockify: do not use TokenFile if not tokenFile: params['target_cfg'] = WS_TOKENS_DIR # websockify 0.7 and higher: use TokenFile else: params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR) def start_proxy(): try: server = WebSocketProxy(RequestHandlerClass=CustomHandler, **params) except TypeError: server = CustomHandler(**params) server.start_server() proc = Process(target=start_proxy) proc.start() return proc
def __init__(self, **kargs): # check federation feature is enabled on Wok server if not config.get('server', 'federation') == 'on': return # register server on openslp hostname = socket.getfqdn() port = config.get('server', 'proxy_port') self.url = hostname + ':' + port cmd = ['slptool', 'register', f'service:wokd://{self.url}'] out, error, ret = run_command(cmd) if out and len(out) != 0: wok_log.error( f'Unable to register server on openSLP. ' f'Details: {out}') cherrypy.engine.subscribe('exit', self._peer_deregister)
def login(username, password, **kwargs): auth_args = { 'auth_type': config.get('authentication', 'method'), 'username': username, 'password': password, } user = User.get(auth_args) if not user: debug('User cannot be verified with the supplied password') return None debug('User verified, establishing session') cherrypy.session.acquire_lock() cherrypy.session.regenerate() cherrypy.session[USER_NAME] = username cherrypy.session[USER_GROUPS] = user.groups cherrypy.session[USER_ROLE] = user.role cherrypy.session[template.REFRESH] = time.time() cherrypy.session.release_lock() return { USER_NAME: user.name, USER_GROUPS: user.groups, USER_ROLE: user.role }
def check_auth_session(): """ A user is considered authenticated if we have an established session open for the user. """ cherrypy.session.acquire_lock() session = cherrypy.session.get(USER_NAME, None) cherrypy.session.release_lock() if session is not None: debug(f'Session authenticated for user {session}') wokRobot = cherrypy.request.headers.get('Wok-Robot') if wokRobot == 'wok-robot': if ( time.time() - cherrypy.session[template.REFRESH] > int(config.get('server', 'session_timeout')) * 60 ): cherrypy.session[USER_NAME] = None cherrypy.lib.sessions.expire() raise cherrypy.HTTPError(401, 'sessionTimeout') else: cherrypy.session[template.REFRESH] = time.time() return True debug('Session not found') return False
def _get_user(self, _user_id): ldap_server = config.get('authentication', 'ldap_server').strip('"') ldap_search_base = config.get( 'authentication', 'ldap_search_base').strip('"') ldap_search_filter = config.get( 'authentication', 'ldap_search_filter', vars={'username': _user_id.encode('utf-8')}).strip('"') connect = ldap.open(ldap_server) try: result = connect.search_s( ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter) if len(result) == 0: raise NotFoundError('KCHAUTH0004E', {'user_id': _user_id}) return result[0][1] except ldap.NO_SUCH_OBJECT: raise NotFoundError('KCHAUTH0004E', {'user_id': _user_id})
def _get_user(self, _user_id): ldap_server = config.get("authentication", "ldap_server").strip('"') ldap_search_base = config.get( "authentication", "ldap_search_base").strip('"') ldap_search_filter = config.get( "authentication", "ldap_search_filter", vars={"username": _user_id.encode("utf-8")}).strip('"') connect = ldap.open(ldap_server) try: result = connect.search_s( ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter) if len(result) == 0: raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id}) return result[0][1] except ldap.NO_SUCH_OBJECT: raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id})
def _listen(self, guest, console): """Accepts client connections. Each connection is directly linked to the desired guest console. Thus any data received from the client can be send to the guest console as well as any response from the guest console can be send back to the client console. """ client, client_addr = self._socket.accept() session_timeout = wok_config.get('server', 'session_timeout') client.settimeout(int(session_timeout) * 60) wok_log.info('[%s] Client connected to %s', self.name, self._guest_name) # register the callback to receive any data from the console console.eventAddCallback(libvirt.VIR_STREAM_EVENT_READABLE, self._send_to_client, client) # start the libvirt event loop in a python thread libvirt_loop = threading.Thread(target=self.libvirt_event_loop, args=(guest, client)) libvirt_loop.start() while True: data = '' try: data = client.recv(1024) except Exception as e: wok_log.info( '[%s] Client disconnected from %s: %s', self.name, self._guest_name, str(e), ) break if not data or data == CTRL_Q: break # if the console can no longer be accessed, close everything # and quits try: console.send(data) except Exception: wok_log.info('[%s] Console of %s is not accessible', self.name, self._guest_name) break # clear used resources when the connection is closed and, if possible, # tell the client the connection was lost. try: client.send(b'\\r\\n\\r\\nClient disconnected\\r\\n') except Exception: pass
def _listen(self, guest, console): """Accepts client connections. Each connection is directly linked to the desired guest console. Thus any data received from the client can be send to the guest console as well as any response from the guest console can be send back to the client console. """ client, client_addr = self._socket.accept() session_timeout = wok_config.get('server', 'session_timeout') client.settimeout(int(session_timeout) * 60) wok_log.info('[%s] Client connected to %s', self.name, self._guest_name) # register the callback to receive any data from the console console.eventAddCallback(libvirt.VIR_STREAM_EVENT_READABLE, self._send_to_client, client) # start the libvirt event loop in a python thread libvirt_loop = threading.Thread(target=self.libvirt_event_loop, args=(guest, client)) libvirt_loop.start() while True: data = '' try: data = client.recv(1024) except Exception as e: wok_log.info('[%s] Client disconnected from %s: %s', self.name, self._guest_name, e.message) break if not data or data == CTRL_Q: break # if the console can no longer be accessed, close everything # and quits try: console.send(data) except: wok_log.info('[%s] Console of %s is not accessible', self.name, self._guest_name) break # clear used resources when the connection is closed and, if possible, # tell the client the connection was lost. try: client.send('\r\n\r\nClient disconnected\r\n') except: pass
def _get_user(self, _user_id): ldap_server = config.get("authentication", "ldap_server").strip('"') ldap_search_base = config.get("authentication", "ldap_search_base").strip('"') ldap_search_filter = config.get("authentication", "ldap_search_filter", vars={ "username": _user_id.encode("utf-8") }).strip('"') connect = ldap.open(ldap_server) try: result = connect.search_s(ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter) if len(result) == 0: raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id}) return result[0][1] except ldap.NO_SUCH_OBJECT: raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id})
def _check_default_pools(self): pools = {} default_pool = tmpl_defaults["storagepool"] default_pool = default_pool.split("/")[-1] pools[default_pool] = {} if default_pool == "default": pools[default_pool] = {"path": "/var/lib/libvirt/images"} if config.get("server", "create_iso_pool") == "true": pools["ISO"] = {"path": "/var/lib/kimchi/isos"} error_msg = ( "Please, check the configuration in %s/template.conf to " "ensure it has a valid storage pool." % PluginPaths("kimchi").conf_dir ) conn = self.conn.get() for pool_name in pools: try: pool = conn.storagePoolLookupByName(pool_name) except libvirt.libvirtError, e: pool_path = pools[pool_name].get("path") if pool_path is None: msg = "Fatal: Unable to find storage pool %s. " + error_msg wok_log.error(msg % pool_name) wok_log.error("Details: %s", e.message) sys.exit(1) # Try to create the pool pool = E.pool(E.name(pool_name), type="dir") pool.append(E.target(E.path(pool_path))) xml = ET.tostring(pool) try: pool = conn.storagePoolDefineXML(xml, 0) except libvirt.libvirtError, e: msg = "Fatal: Unable to create storage pool %s. " msg += error_msg wok_log.error(msg % pool_name) wok_log.error("Details: %s", e.message) sys.exit(1) # Build and set autostart value to pool # Ignore error as the pool was already successfully created try: # Add build step to make sure target directory created # The build process may fail when the pool directory # already exists on system pool.build(libvirt.VIR_STORAGE_POOL_BUILD_NEW) pool.setAutostart(1) except: pass
def _check_default_pools(self): pools = {} default_pool = tmpl_defaults['storagepool'] default_pool = default_pool.split('/')[-1] pools[default_pool] = {} if default_pool == 'default': pools[default_pool] = {'path': '/var/lib/libvirt/images'} if config.get("server", "create_iso_pool") == "true": pools['ISO'] = {'path': '/var/lib/kimchi/isos'} error_msg = ("Please, check the configuration in %s/template.conf to " "ensure it has a valid storage pool." % PluginPaths('kimchi').conf_dir) conn = self.conn.get() for pool_name in pools: try: pool = conn.storagePoolLookupByName(pool_name) except libvirt.libvirtError, e: pool_path = pools[pool_name].get('path') if pool_path is None: msg = "Fatal: Unable to find storage pool %s. " + error_msg wok_log.error(msg % pool_name) wok_log.error("Details: %s", e.message) sys.exit(1) # Try to create the pool pool = E.pool(E.name(pool_name), type='dir') pool.append(E.target(E.path(pool_path))) xml = ET.tostring(pool) try: pool = conn.storagePoolDefineXML(xml, 0) except libvirt.libvirtError, e: msg = "Fatal: Unable to create storage pool %s. " msg += error_msg wok_log.error(msg % pool_name) wok_log.error("Details: %s", e.message) sys.exit(1) # Build and set autostart value to pool # Ignore error as the pool was already successfully created try: # Add build step to make sure target directory created # The build process may fail when the pool directory # already exists on system pool.build(libvirt.VIR_STORAGE_POOL_BUILD_NEW) pool.setAutostart(1) except: pass
def __init__(self): log = os.path.join(config.get("logging", "log_dir"), REQUEST_LOG_FILE) h = logging.handlers.WatchedFileHandler(log, 'a') h.setFormatter(logging.Formatter('%(message)s')) self.handler = h self.logger = logging.getLogger(WOK_REQUEST_LOGGER) self.logger.setLevel(logging.INFO) self.logger.addHandler(self.handler) # start request log's downloadable temporary files removal task interval = LOG_DOWNLOAD_TIMEOUT * SECONDS_PER_HOUR self.clean_task = BackgroundTask(interval, self.cleanLogFiles) self.clean_task.start()
def get_list(self): # check federation feature is enabled on Wok server if not config.get('server', 'federation') == 'on': return [] cmd = ["slptool", "findsrvs", "service:wokd"] out, error, ret = run_command(cmd) if ret != 0: return [] peers = [] for server in out.strip().split("\n"): match = re.match("service:wokd://(.*?),.*", server) peer = match.group(1) if peer != self.url: peers.append("https://" + peer) return peers
def get_list(self): # check federation feature is enabled on Kimchi server if config.get("server", "federation") == "off": return [] cmd = ["slptool", "findsrvs", "service:wokd"] out, error, ret = run_command(cmd) if ret != 0: return [] peers = [] for server in out.strip().split("\n"): match = re.match("service:wokd://(.*?),.*", server) peer = match.group(1) if peer != self.url: peers.append("https://" + peer) return peers
def login(username, password, **kwargs): auth_args = {'auth_type': config.get("authentication", "method"), 'username': username, 'password': password} user = User.get(auth_args) if not user: debug("User cannot be verified with the supplied password") return None debug("User verified, establishing session") cherrypy.session.acquire_lock() cherrypy.session.regenerate() cherrypy.session[USER_NAME] = username cherrypy.session[USER_GROUPS] = user.get_groups() cherrypy.session[USER_ROLES] = user.get_roles() cherrypy.session[REFRESH] = time.time() cherrypy.session.release_lock() return user.get_user()
def login(username, password, **kwargs): auth_args = {'auth_type': config.get("authentication", "method"), 'username': username.encode('utf-8'), 'password': password.encode('utf-8')} user = User.get(auth_args) if not user: debug("User cannot be verified with the supplied password") return None debug("User verified, establishing session") cherrypy.session.acquire_lock() cherrypy.session.regenerate() cherrypy.session[USER_NAME] = username cherrypy.session[USER_GROUPS] = user.groups cherrypy.session[USER_ROLE] = user.role cherrypy.session[template.REFRESH] = time.time() cherrypy.session.release_lock() return {USER_NAME: user.name, USER_GROUPS: user.groups, USER_ROLE: user.role}
def lookup(self, *ident): report_tool = DebugReportsModel.get_system_report_tool() try: SoftwareUpdate() except Exception: update_tool = False else: update_tool = True try: repo = Repositories() except Exception: repo_mngt_tool = None else: repo_mngt_tool = repo._pkg_mnger.TYPE return {'system_report_tool': bool(report_tool), 'update_tool': update_tool, 'repo_mngt_tool': repo_mngt_tool, 'federation': kconfig.get("server", "federation") }
def check_auth_session(): """ A user is considered authenticated if we have an established session open for the user. """ cherrypy.session.acquire_lock() session = cherrypy.session.get(USER_NAME, None) cherrypy.session.release_lock() if session is not None: debug("Session authenticated for user %s" % session) wokRobot = cherrypy.request.headers.get('Wok-Robot') if wokRobot == "wok-robot": if (time.time() - cherrypy.session[REFRESH] > int(config.get('server', 'session_timeout')) * 60): cherrypy.session[USER_NAME] = None cherrypy.lib.sessions.expire() raise cherrypy.HTTPError(401, "sessionTimeout") else: cherrypy.session[REFRESH] = time.time() return True debug("Session not found") return False
def __init__(self, options): # Check proxy configuration check_proxy_config() make_dirs = [ os.path.abspath(config.get_log_download_path()), os.path.abspath(configParser.get("logging", "log_dir")), os.path.dirname(os.path.abspath(options.access_log)), os.path.dirname(os.path.abspath(options.error_log)), os.path.dirname(os.path.abspath(config.get_object_store())) ] for directory in make_dirs: if not os.path.isdir(directory): os.makedirs(directory) self.configObj = WokConfig() # We'll use the session timeout (= 10 minutes) and the # nginx timeout (= 10 minutes). This monitor isn't involved # in anything other than monitor the timeout of the connection, # thus it is safe to unsubscribe. cherrypy.engine.timeout_monitor.unsubscribe() cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache) cherrypy.tools.wokauth = cherrypy.Tool('before_handler', auth.wokauth) # Setting host to 127.0.0.1. This makes wok run # as a localhost app, inaccessible to the outside # directly. You must go through the proxy. cherrypy.server.socket_host = '127.0.0.1' cherrypy.server.socket_port = options.cherrypy_port max_body_size_in_bytes = eval(options.max_body_size) * 1024 cherrypy.server.max_request_body_size = max_body_size_in_bytes cherrypy.log.access_file = options.access_log cherrypy.log.error_file = options.error_log logLevel = LOGGING_LEVEL.get(options.log_level, logging.DEBUG) dev_env = options.environment != 'production' # Enable cherrypy screen logging if running environment # is not 'production' if dev_env: cherrypy.log.screen = True # close standard file handlers because we are going to use a # watchedfiled handler, otherwise we will have two file handlers # pointing to the same file, duplicating log enries for handler in cherrypy.log.access_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.access_log.removeHandler(handler) for handler in cherrypy.log.error_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.error_log.removeHandler(handler) # Create handler to access log file h = logging.handlers.WatchedFileHandler(options.access_log, 'a', delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add access log file to cherrypy configuration cherrypy.log.access_log.addHandler(h) # Create handler to error log file h = SafeWatchedFileHandler(options.error_log, 'a', delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add error log file to cherrypy configuration cherrypy.log.error_log.addHandler(h) # start request logger self.reqLogger = RequestLogger() # Handling running mode if not dev_env: cherrypy.config.update({'environment': 'production'}) if hasattr(options, 'model'): model_instance = options.model else: model_instance = model.Model() for ident, node in sub_nodes.items(): if node.url_auth: cfg = self.configObj ident = "/%s" % ident cfg[ident] = {'tools.wokauth.on': True} self.app = cherrypy.tree.mount(WokRoot(model_instance, dev_env), options.server_root, self.configObj) self._load_plugins(options) cherrypy.lib.sessions.init()
def __init__(self, options): # Launch reverse proxy start_proxy(options) make_dirs = [ os.path.abspath(config.get_log_download_path()), os.path.abspath(configParser.get("logging", "log_dir")), os.path.dirname(os.path.abspath(options.access_log)), os.path.dirname(os.path.abspath(options.error_log)), os.path.dirname(os.path.abspath(config.get_object_store())), ] for directory in make_dirs: if not os.path.isdir(directory): os.makedirs(directory) self.configObj = WokConfig() # We'll use the session timeout (= 10 minutes) and the # nginx timeout (= 10 minutes). This monitor isn't involved # in anything other than monitor the timeout of the connection, # thus it is safe to unsubscribe. cherrypy.engine.timeout_monitor.unsubscribe() cherrypy.tools.nocache = cherrypy.Tool("on_end_resource", set_no_cache) cherrypy.tools.wokauth = cherrypy.Tool("before_handler", auth.wokauth) # Setting host to 127.0.0.1. This makes wok run # as a localhost app, inaccessible to the outside # directly. You must go through the proxy. cherrypy.server.socket_host = "127.0.0.1" cherrypy.server.socket_port = options.cherrypy_port max_body_size_in_bytes = eval(options.max_body_size) * 1024 cherrypy.server.max_request_body_size = max_body_size_in_bytes cherrypy.log.access_file = options.access_log cherrypy.log.error_file = options.error_log logLevel = LOGGING_LEVEL.get(options.log_level, logging.DEBUG) dev_env = options.environment != "production" # Enable cherrypy screen logging if running environment # is not 'production' if dev_env: cherrypy.log.screen = True # close standard file handlers because we are going to use a # watchedfiled handler, otherwise we will have two file handlers # pointing to the same file, duplicating log enries for handler in cherrypy.log.access_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.access_log.removeHandler(handler) for handler in cherrypy.log.error_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.error_log.removeHandler(handler) # Create handler to access log file h = logging.handlers.WatchedFileHandler(options.access_log, "a", delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add access log file to cherrypy configuration cherrypy.log.access_log.addHandler(h) # Create handler to error log file h = SafeWatchedFileHandler(options.error_log, "a", delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add error log file to cherrypy configuration cherrypy.log.error_log.addHandler(h) # start request logger self.reqLogger = RequestLogger() # only add logrotate if wok is installed if paths.installed: # redefine logrotate configuration according to wok.conf logrotate_file = os.path.join(paths.logrotate_dir, "wokd.in") with open(logrotate_file) as template: data = template.read() data = Template(data) data = data.safe_substitute(log_dir=configParser.get("logging", "log_dir")) # Write file to be used for nginx. config_file = open(os.path.join(paths.logrotate_dir, "wokd"), "w") config_file.write(data) config_file.close() # Handling running mode if not dev_env: cherrypy.config.update({"environment": "production"}) if hasattr(options, "model"): model_instance = options.model else: model_instance = model.Model() for ident, node in sub_nodes.items(): if node.url_auth: cfg = self.configObj ident = "/%s" % ident cfg[ident] = {"tools.wokauth.on": True} self.app = cherrypy.tree.mount(WokRoot(model_instance, dev_env), config=self.configObj) self._load_plugins(options) # Terminate proxy when cherrypy server is terminated cherrypy.engine.subscribe("exit", terminate_proxy) cherrypy.lib.sessions.init()
def _get_request_host(): host = cherrypy.request.headers.get('Host') if not host: host = wok_config.get("server", "host") host = host.split(':')[0] return host
def __init__(self, **args): auth_type = config.get('authentication', 'method') for klass in UsersModel.__subclasses__(): if auth_type == klass.auth_type: self.user = klass(**args)
def lookup(self, name): proxy_port = kconfig.get('display', 'display_proxy_port') return {'display_proxy_port': proxy_port, 'version': get_version()}
def __init__(self, **args): auth_type = config.get("authentication", "method") for klass in GroupsModel.__subclasses__(): if auth_type == klass.auth_type: self.grp = klass(**args)
def __init__(self, options): # Launch reverse proxy start_proxy(options) make_dirs = [ os.path.abspath(config.get_log_download_path()), os.path.abspath(configParser.get("logging", "log_dir")), os.path.dirname(os.path.abspath(options.access_log)), os.path.dirname(os.path.abspath(options.error_log)), os.path.dirname(os.path.abspath(config.get_object_store())) ] for directory in make_dirs: if not os.path.isdir(directory): os.makedirs(directory) self.configObj = WokConfig() # We'll use the session timeout (= 10 minutes) and the # nginx timeout (= 10 minutes). This monitor isn't involved # in anything other than monitor the timeout of the connection, # thus it is safe to unsubscribe. cherrypy.engine.timeout_monitor.unsubscribe() cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache) cherrypy.tools.wokauth = cherrypy.Tool('before_handler', auth.wokauth) # Setting host to 127.0.0.1. This makes wok run # as a localhost app, inaccessible to the outside # directly. You must go through the proxy. cherrypy.server.socket_host = '127.0.0.1' cherrypy.server.socket_port = options.cherrypy_port max_body_size_in_bytes = eval(options.max_body_size) * 1024 cherrypy.server.max_request_body_size = max_body_size_in_bytes cherrypy.log.access_file = options.access_log cherrypy.log.error_file = options.error_log logLevel = LOGGING_LEVEL.get(options.log_level, logging.DEBUG) dev_env = options.environment != 'production' # Enable cherrypy screen logging if running environment # is not 'production' if dev_env: cherrypy.log.screen = True # close standard file handlers because we are going to use a # watchedfiled handler, otherwise we will have two file handlers # pointing to the same file, duplicating log enries for handler in cherrypy.log.access_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.access_log.removeHandler(handler) for handler in cherrypy.log.error_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.error_log.removeHandler(handler) # Create handler to access log file h = logging.handlers.WatchedFileHandler(options.access_log, 'a', delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add access log file to cherrypy configuration cherrypy.log.access_log.addHandler(h) # Create handler to error log file h = SafeWatchedFileHandler(options.error_log, 'a', delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add error log file to cherrypy configuration cherrypy.log.error_log.addHandler(h) # start request logger self.reqLogger = RequestLogger() # only add logrotate if wok is installed if paths.installed: # redefine logrotate configuration according to wok.conf data = Template(LOGROTATE_TEMPLATE) data = data.safe_substitute( log_dir=configParser.get("logging", "log_dir"), log_size=configParser.get("logging", "log_size") ) # Write file to be used for nginx. config_file = open(os.path.join(paths.logrotate_dir, "wokd"), "w") config_file.write(data) config_file.close() # Handling running mode if not dev_env: cherrypy.config.update({'environment': 'production'}) if hasattr(options, 'model'): model_instance = options.model else: model_instance = model.Model() for ident, node in sub_nodes.items(): if node.url_auth: cfg = self.configObj ident = "/%s" % ident cfg[ident] = {'tools.wokauth.on': True} self.app = cherrypy.tree.mount(WokRoot(model_instance, dev_env), config=self.configObj) self._load_plugins(options) # Terminate proxy when cherrypy server is terminated cherrypy.engine.subscribe('exit', terminate_proxy) cherrypy.lib.sessions.init()
def lookup(self, name): return {'ssl_port': config.get('server', 'ssl_port'), 'websockets_port': config.get('server', 'websockets_port'), 'auth': config.get('authentication', 'method'), 'version': get_version()}
def __init__(self, options): # Update config.config with the command line values # So the whole application will have access to accurate values for sec in config.config.sections(): for item in config.config.options(sec): if hasattr(options, item): config.config.set(sec, item, str(getattr(options, item))) # Check proxy configuration if not hasattr(options, 'no_proxy') or not options.no_proxy: check_proxy_config() make_dirs = [ os.path.abspath(config.get_log_download_path()), os.path.abspath(configParser.get("logging", "log_dir")), os.path.dirname(os.path.abspath(options.access_log)), os.path.dirname(os.path.abspath(options.error_log)), os.path.dirname(os.path.abspath(config.get_object_store())), os.path.abspath(config.get_wstokens_dir()) ] for directory in make_dirs: if not os.path.isdir(directory): os.makedirs(directory) self.configObj = WokConfig() # We'll use the session timeout (= 10 minutes) and the # nginx timeout (= 10 minutes). This monitor isn't involved # in anything other than monitor the timeout of the connection, # thus it is safe to unsubscribe. cherrypy.engine.timeout_monitor.unsubscribe() cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache) cherrypy.tools.wokauth = cherrypy.Tool('before_handler', auth.wokauth) # Setting host to 127.0.0.1. This makes wok run # as a localhost app, inaccessible to the outside # directly. You must go through the proxy. cherrypy.server.socket_host = '127.0.0.1' cherrypy.server.socket_port = options.cherrypy_port max_body_size_in_bytes = eval(options.max_body_size) * 1024 cherrypy.server.max_request_body_size = max_body_size_in_bytes cherrypy.log.access_file = options.access_log cherrypy.log.error_file = options.error_log logLevel = LOGGING_LEVEL.get(options.log_level, logging.INFO) dev_env = options.environment != 'production' # Enable cherrypy screen logging if running environment # is not 'production' if dev_env: cherrypy.log.screen = True # close standard file handlers because we are going to use a # watchedfiled handler, otherwise we will have two file handlers # pointing to the same file, duplicating log enries for handler in cherrypy.log.access_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.access_log.removeHandler(handler) for handler in cherrypy.log.error_log.handlers[:]: if isinstance(handler, logging.FileHandler): cherrypy.log.error_log.removeHandler(handler) # set logLevel cherrypy.log.access_log.setLevel(logLevel) cherrypy.log.error_log.setLevel(logLevel) # Create handler to access log file h = logging.handlers.WatchedFileHandler(options.access_log, 'a', delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add access log file to cherrypy configuration cherrypy.log.access_log.addHandler(h) # Create handler to error log file h = SafeWatchedFileHandler(options.error_log, 'a', delay=1) h.setLevel(logLevel) h.setFormatter(cherrypy._cplogging.logfmt) # Add error log file to cherrypy configuration cherrypy.log.error_log.addHandler(h) # start request logger self.reqLogger = RequestLogger() # Handling running mode if not dev_env: cherrypy.config.update({'environment': 'production'}) for ident, node in sub_nodes.items(): if node.url_auth: cfg = self.configObj ident = "/%s" % ident cfg[ident] = {'tools.wokauth.on': True} cherrypy.tree.mount(WokRoot(model.Model(), dev_env), options.server_root, self.configObj) self._start_websocket_server() self._load_plugins() cherrypy.lib.sessions.init()