def __checkDN(environ):
userDN = False
if 'SERVER_SOFTWARE' not in environ:
diracLogger.info("Getting the DN from /Website/DebugDN")
userDN = gWebConfig.getDebugDN()
if 'HTTPS' in environ and environ['HTTPS'] == 'on':
if 'SSL_CLIENT_S_DN' in environ:
userDN = environ['SSL_CLIENT_S_DN']
elif 'SSL_CLIENT_CERT' in environ:
userCert = X509Certificate.X509Certificate()
result = userCert.loadFromString(environ['SSL_CLIENT_CERT'])
if not result['OK']:
diracLogger.error("Could not load SSL_CLIENT_CERT: %s" %
result['Message'])
userName = "******"
else:
userDN = userCert.getSubjectDN()['Value']
else:
diracLogger.error(
"Web server is not properly configured to get SSL_CLIENT_S_DN or SSL_CLIENT_CERT in env"
)
if not userDN:
userName = "******"
else:
retVal = CS.getUsernameForDN(userDN)
if not retVal['OK']:
userName = "******"
else:
userName = retVal['Value']
diracLogger.info("Got username for user"
" => %s for %s" % (userName, userDN))
return (userDN, userName)
def __deleteSandboxFromExternalBackend(self, SEName, SEPFN):
if self.getCSOption("DelayedExternalDeletion", True):
gLogger.info("Setting deletion request")
try:
# We need the hostDN used in order to pass these credentials to the
# SandboxStoreDB..
hostCertLocation, _ = Locations.getHostCertificateAndKeyLocation(
)
hostCert = X509Certificate.X509Certificate()
hostCert.loadFromFile(hostCertLocation)
hostDN = hostCert.getSubjectDN().get("Value")
# use the host authentication to fetch the data
result = self.sandboxDB.getSandboxOwner(
SEName, SEPFN, hostDN, "hosts")
if not result["OK"]:
return result
_owner, ownerDN, ownerGroup = result["Value"]
request = Request()
request.RequestName = "RemoteSBDeletion:%s|%s:%s" % (
SEName, SEPFN, time.time())
request.OwnerDN = ownerDN
request.OwnerGroup = ownerGroup
physicalRemoval = Operation()
physicalRemoval.Type = "PhysicalRemoval"
physicalRemoval.TargetSE = SEName
fileToRemove = File()
fileToRemove.PFN = SEPFN
physicalRemoval.addFile(fileToRemove)
request.addOperation(physicalRemoval)
return ReqClient().putRequest(request)
except Exception as e:
gLogger.exception("Exception while setting deletion request")
return S_ERROR(f"Cannot set deletion request: {e}")
else:
gLogger.info("Deleting external Sandbox")
try:
return StorageElement(SEName).removeFile(SEPFN)
except Exception:
gLogger.exception(
"RM raised an exception while trying to delete a remote sandbox"
)
return S_ERROR(
"RM raised an exception while trying to delete a remote sandbox"
)
def __getCN(environ):
userCN = "unknown"
if 'HTTPS' in environ and environ['HTTPS'] == 'on':
if 'SSL_CLIENT_I_DN' in environ:
userCN = environ['SSL_CLIENT_I_DN']
elif 'SSL_CLIENT_CERT' in environ:
userCert = X509Certificate.X509Certificate()
result = userCert.loadFromString(environ['SSL_CLIENT_CERT'])
if not result['OK']:
diracLogger.error("Could not load SSL_CLIENT_CERT: %s" %
result['Message'])
else:
userCN = userCert.getIssuerDN()['Value']
else:
diracLogger.error(
"Web server is not properly configured to get SSL_CLIENT_I_DN or SSL_CLIENT_CERT in env"
)
diracLogger.info("Got CN %s" % userCN)
return userCN