def __init__(self,
auth_user,
domain_admin,
ex_domain_admin,
management_server,
exchange_commands,
session_key=None,
*args,
**kwargs):
"""Set up the WinRM client to be used with running Exchange commands.
:type auth_user: string
:param auth_user: The username of the account we use to connect to the
server.
:type domain_admin: string
:param domain_admin: The username of the account we use to connect to
the AD domain we are going to synchronize with."""
super(ExchangeClient, self).__init__(*args, **kwargs)
self.logger.debug("ExchangeClient super returned")
self.add_credentials(
username=auth_user,
password=unicode(read_password(auth_user, self.host), 'utf-8'))
self.ignore_stdout_pattern = re.compile('.*EOB\n', flags=re.DOTALL)
# Patterns used to filter out passwords.
self.wash_output_patterns = [
re.compile('ConvertTo-SecureString.*\\w*...', flags=re.DOTALL)]
self.management_server = management_server
self.exchange_commands = exchange_commands
self.session_key = session_key if session_key else 'cereauth'
# TODO: Make the following line pretty
self.auth_user_password = unicode(
read_password(auth_user, kwargs['host']), 'utf-8')
# Note that we save the user's password by domain and not the host. It
# _could_ be the wrong way to do it. TBD: Maybe both host and domain?
self.ad_user, self.ad_domain = self._split_domain_username(
domain_admin)
self.ad_user_password = unicode(
read_password(self.ad_user, self.ad_domain),
'utf-8')
self.ex_user, self.ex_domain = self._split_domain_username(
ex_domain_admin)
self.ex_user_password = unicode(
read_password(self.ex_user, self.ex_domain),
'utf-8')
# Set up the winrm / PowerShell connection
self.logger.debug("ExchangeClient: Preparing to connect")
self.connect()
self.logger.debug("ExchangeClient: Connected")
# Collect AD-controllers
controllers = self._get_domain_controllers(self.ad_domain,
self.ex_domain)
self.ad_server = controllers['domain']
self.resource_ad_server = controllers['resource_domain']
# TODO: For all commands. Use the two variables above, and specify
# which DC we use
self.logger.debug("ExchangeClient: Init done")
def __init__(self,
auth_user,
domain_admin,
ex_domain_admin,
management_server,
exchange_commands,
session_key=None,
*args,
**kwargs):
"""Set up the WinRM client to be used with running Exchange commands.
:type auth_user: string
:param auth_user: The username of the account we use to connect to the
server.
:type domain_admin: string
:param domain_admin: The username of the account we use to connect to
the AD domain we are going to synchronize with."""
super(ExchangeClient, self).__init__(*args, **kwargs)
self.logger.debug("ExchangeClient super returned")
self.add_credentials(username=auth_user,
password=unicode(
read_password(auth_user, self.host), 'utf-8'))
self.ignore_stdout_pattern = re.compile('.*EOB\n', flags=re.DOTALL)
# Patterns used to filter out passwords.
self.wash_output_patterns = [
re.compile('ConvertTo-SecureString.*\\w*...', flags=re.DOTALL)
]
self.management_server = management_server
self.exchange_commands = exchange_commands
self.session_key = session_key if session_key else 'cereauth'
# TODO: Make the following line pretty
self.auth_user_password = unicode(
read_password(auth_user, kwargs['host']), 'utf-8')
# Note that we save the user's password by domain and not the host. It
# _could_ be the wrong way to do it. TBD: Maybe both host and domain?
self.ad_user, self.ad_domain = self._split_domain_username(
domain_admin)
self.ad_user_password = unicode(
read_password(self.ad_user, self.ad_domain), 'utf-8')
self.ex_user, self.ex_domain = self._split_domain_username(
ex_domain_admin)
self.ex_user_password = unicode(
read_password(self.ex_user, self.ex_domain), 'utf-8')
# Set up the winrm / PowerShell connection
self.logger.debug("ExchangeClient: Preparing to connect")
self.connect()
self.logger.debug("ExchangeClient: Connected")
# Collect AD-controllers
controllers = self._get_domain_controllers(self.ad_domain,
self.ex_domain)
self.ad_server = controllers['domain']
self.resource_ad_server = controllers['resource_domain']
# TODO: For all commands. Use the two variables above, and specify
# which DC we use
self.logger.debug("ExchangeClient: Init done")
def __init__(self, config):
"""Init the Pika AMQP 0.9.1 wrapper client.
:type config: BaseAMQPClientConfig
:param config: The configuration for the AMQP client.
"""
# Define potential credentials
if config.username:
from Cerebrum.Utils import read_password
cred = pika.credentials.PlainCredentials(
config.username,
read_password(config.username,
config.hostname))
ssl_opts = None
else:
raise ClientErrors.ConfigurationFormatError(
"Configuration contains neither 'username' or 'cert' value")
# Create connection-object
try:
self.conn_params = pika.ConnectionParameters(
host=config.hostname,
port=config.port,
virtual_host=config.virtual_host,
credentials=cred,
ssl=config.tls_on,
ssl_options=ssl_opts)
except Exception as e:
raise ClientErrors.ConnectionError(
'Invalid connection parameters: {}'.format(e))
self.channel = self.connection = None
def create_celery_app(app_name):
"""
Creates a celery.Celery (app) object with the name `app_name`
and uses the config object `app_name`
Keyword Arguments:
:param app_name: The name of the app and the setting module-object
:type app_name: str
:return: celery.Celery (app) object
:rtype: celery.Celery
"""
app = Celery(app_name)
app.config_from_object(app_name)
broker_url = ('amqp://{username}:{password}@'
'{hostname}:{port}/{vhost}').format(
username=app.conf['CELERY_TASKS_USERNAME'],
password=read_password(
app.conf['CELERY_TASKS_USERNAME'],
app.conf['CELERY_TASKS_HOSTNAME']),
hostname=app.conf['CELERY_TASKS_HOSTNAME'],
port=app.conf['CELERY_TASKS_PORT'],
vhost=app.conf['CELERY_TASKS_VHOST'])
app.conf['broker_url'] = broker_url
# deprecated Celery 3.x format...
app.conf['BROKER_URL'] = broker_url
return app
def __init__(self, db, co, logger,
host=cereconf.AD_SERVER_HOST, port=cereconf.AD_SERVER_PORT,
url=None, ad_ldap=cereconf.AD_LDAP, mock=False):
"""
Initialize AD syncronization, i.e. connect to AD service on
given host.
"""
self.db = db
self.co = co
self.logger = logger
if mock:
self.logger.warn("Using mock server")
from Cerebrum.modules.ad import ADTesting
self.server = ADTesting.MockADServer(self.logger)
else:
parts = urlparse.urlsplit(url or '')
scheme = parts.scheme or 'https'
host = parts.hostname or host
port = parts.port or port
username = parts.username or cereconf.AD_DOMAIN_ADMIN_USER
password = read_password(username, host)
netloc = "%s:%s@%s:%d" % (username, '********', host, port)
url = urlparse.urlunsplit((scheme, netloc, ) + parts[2:])
self.logger.debug("Connecting to %s", url)
netloc = "%s:%s@%s:%d" % (username, password, host, port)
url = urlparse.urlunsplit((scheme, netloc, ) + parts[2:])
self.server = xmlrpclib.Server(url)
self.ad_ldap = ad_ldap
def __init__(self, config):
"""Init the Pika AMQP 0.9.1 wrapper client.
:type config: BaseAMQPClientConfig
:param config: The configuration for the AMQP client.
"""
# Define potential credentials
if config.username:
from Cerebrum.Utils import read_password
cred = pika.credentials.PlainCredentials(config.username, read_password(config.username, config.hostname))
ssl_opts = None
else:
raise ClientErrors.ConfigurationFormatError("Configuration contains neither 'username' or 'cert' value")
# Create connection-object
try:
self.conn_params = pika.ConnectionParameters(
host=config.hostname,
port=config.port,
virtual_host=config.virtual_host,
credentials=cred,
ssl=config.tls_on,
ssl_options=ssl_opts,
)
except Exception as e:
raise ClientErrors.ConnectionError("Invalid connection parameters: {}".format(e))
self.channel = self.connection = None
def main(inargs=None):
# Parse arguments
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument('-p',
'--pagafile',
metavar='filename',
help='Read national identities from given Paga file',
required=True)
add_commit_args(parser)
Cerebrum.logutils.options.install_subparser(parser)
args = parser.parse_args(inargs)
Cerebrum.logutils.autoconf('cronjob', args)
try:
file_obj = open(args.pagafile, 'r')
except IOError:
sys.exit("Could not open file: '{}'".format(args.pagafile))
reader = csv.reader(file_obj, delimiter=';')
row_fetched = 0
row_fetch_max = 1000
row_count = sum(1 for row in file_obj)
file_obj.seek(0)
mobile_count = 0
# Initialize database
db = Factory.get('Database')()
db.cl_init(change_program='fetch_mobile')
logger.info("Updating BAS with ICE numbers from Difi's"
"'Kontakt- og reservasjonssregister'.")
# Dummy username
token = read_password('difi', 'oppslag.uit.no')
while row_fetched < row_count:
# GET all national identities
national_identies = get_national_identies(reader, row_fetch_max)
# GET all mobile phone numbers
mobile_phones = get_mobile_list(token, national_identies)
# UPDATE BAS
mobile_count += update_bas(db, mobile_phones)
row_fetched += row_fetch_max
logger.debug("############")
logger.debug("Lines in pagafile: %s" % row_count)
if mobile_count > 0:
logger.info("%s new ICE numbers added to BAS." % mobile_count)
if args.commit:
db.commit()
logger.info("Committed all changes.")
else:
db.rollback()
logger.info("Dryrun. Rollback changes.")
else:
logger.info("No new ICE numbers found.")
def init_ldap(self):
"""Initzialize LDAP connection."""
self.ldap_srv = ldap.ldapobject.ReconnectLDAPObject(
"%s://%s/" % (self.config["ldap_proto"], self.config["ldap_server"]), retry_max=5, retry_delay=60
)
usr = self.config["ldap_user"].split("\\")[1]
self.ldap_srv.bind_s(self.config["ldap_user"], read_password(usr, self.config["ldap_server"]))
self.ldap_lc = ldap.controls.SimplePagedResultsControl(True, self._ldap_page_size, "")
def read_password_catcher(user, system, host=None):
"""Override to ignore missing password files.
This is since we're in test don't need the password to other systems.
"""
try:
return read_password(user, system, host)
except IOError:
return 'random9'
def read_password_catcher(user, system, host=None):
"""Override to ignore missing password files.
This is since we're in test don't need the password to other systems.
"""
try:
return read_password(user, system, host)
except IOError:
return 'random9'
def __init__(self, db, logger, host, port, ad_domain_admin):
"""
Connect to AD service
"""
self.logger = logger
self.db = db
self.co = Factory.get("Constants")(self.db)
# Create connection to AD agent
password = read_password(ad_domain_admin, host)
url = "https://%s:%s@%s:%s" % (ad_domain_admin, password, host, port)
self.server = xmlrpclib.Server(url)
def __init__(self, db, logger, host, port, ad_domain_admin):
"""
Connect to AD service
"""
self.logger = logger
self.db = db
self.co = Factory.get("Constants")(self.db)
# Create connection to AD agent
password = read_password(ad_domain_admin, host)
url = "https://%s:%s@%s:%s" % (ad_domain_admin, password, host, port)
self.server = xmlrpclib.Server(url)
def _get_auth(self):
"""Reads the password from file and returns the credentials.
:return tuple:
Username and password.
"""
self.logger.debug("CIMClient: Caching credentials")
password = read_password(user=self.config.auth_user,
system=self.config.auth_system,
host=self.config.auth_host)
return (self.config.auth_user, password)
def __init__(self,
db,
co,
logger,
host=cereconf.AD_SERVER_HOST,
port=cereconf.AD_SERVER_PORT,
url=None,
ad_ldap=cereconf.AD_LDAP,
dry_run=False):
"""
Initialize AD syncronization, i.e. connect to AD service on
given host.
"""
self.db = db
self.co = co
self.logger = logger
ad_domain_admin = cereconf.AD_DOMAIN_ADMIN_USER
try:
if url is None:
password = read_password(ad_domain_admin, host)
url = "https://%s:%s@%s:%i" % (ad_domain_admin, password, host,
port)
else:
m = re.match(r'([^:]+)://([^:]+):(\d+)', url)
if not m:
raise ValueError, "Error parsing URL: %s" % url
protocol = m.group(1)
host = m.group(2)
port = m.group(3)
password = read_password(ad_domain_admin, host)
url = "%s://%s:%s@%s:%s" % (protocol, ad_domain_admin,
password, host, port)
self.server = xmlrpclib.Server(url)
except IOError, e:
if not dry_run:
raise e
self.logger.critical(e)
self.logger.error(
"No AD connection, so dryrunning cerebrum code only")
from Cerebrum.modules.ad import ADTesting
self.server = ADTesting.MockADServer(self.logger)
def _get_auth(self):
"""Reads the password from file and returns the credentials.
:return tuple:
Username and password.
"""
self.logger.debug("CIMClient: Caching credentials")
password = read_password(
user=self.config.auth_user,
system=self.config.auth_system,
host=self.config.auth_host)
return (self.config.auth_user, password)
def init_ldap(self):
"""Initzialize LDAP connection."""
self.ldap_srv = ldap.ldapobject.ReconnectLDAPObject(
'%s://%s/' % (self.config['ldap_proto'],
self.config['ldap_server']),
retry_max=5, retry_delay=60)
usr = self.config['ldap_user'].split('\\')[1]
self.ldap_srv.bind_s(self.config['ldap_user'], read_password(
usr, self.config['ldap_server']))
self.ldap_lc = ldap.controls.SimplePagedResultsControl(
True, self._ldap_page_size, '')
def __call__(self, phone_to, message):
""" Sends an SMS message to the given phone number.
:param unicode phone_to:
The phone number to send the message to.
:param unicode message:
The message to send to the given phone number.
"""
assert isinstance(phone_to, text_type)
assert isinstance(message, text_type)
try:
phone_to = self._filter_phone_number(phone_to)
except ValueError as e:
logger.warning("Unable to send SMS: %s", e)
return False
if getattr(cereconf, 'SMS_DISABLE', True):
logger.info("Would have sent %r to %r'", message, phone_to)
return True
hostname = urlparse(self._url).hostname
password = read_password(user=self._user, system=hostname)
data = {
b'b': self._user.encode('latin1'),
b'p': password.encode('latin1'),
b's': self._system.encode('latin1'),
b't': phone_to.encode('latin1'),
b'm': message.encode('latin1'),
}
logger.debug("Sending SMS to %r (user=%r, system=%r)", phone_to,
self._user, self._system)
try:
response = requests.post(self._url,
data=data,
timeout=self._timeout)
except requests.exceptions.RequestException as e:
logger.warning('SMS gateway error: %s', e)
return False
if response.status_code != 200:
logger.warning("SMS gateway responded with code=%r body=%r",
response.status_code, response.text)
return False
success = self._validate_response(response)
if success:
logger.debug("SMS to %r sent OK", phone_to)
else:
logger.warning("SMS to %r could not be sent", phone_to)
return bool(success)
def __init__(self, db, co, logger,
host=cereconf.AD_SERVER_HOST, port=cereconf.AD_SERVER_PORT,
url=None, ad_ldap=cereconf.AD_LDAP, dry_run=False):
"""
Initialize AD syncronization, i.e. connect to AD service on
given host.
"""
self.db = db
self.co = co
self.logger = logger
ad_domain_admin = cereconf.AD_DOMAIN_ADMIN_USER
try:
if url is None:
password = read_password(ad_domain_admin, host)
url = "https://%s:%s@%s:%i" % (ad_domain_admin, password,
host, port)
else:
m = re.match(r'([^:]+)://([^:]+):(\d+)', url)
if not m:
raise ValueError, "Error parsing URL: %s" % url
protocol = m.group(1)
host = m.group(2)
port = m.group(3)
password = read_password(ad_domain_admin, host)
url = "%s://%s:%s@%s:%s" % (
protocol,
ad_domain_admin,
password,
host,
port)
self.server = xmlrpclib.Server(url)
except IOError, e:
if not dry_run:
raise e
self.logger.critical(e)
self.logger.error(
"No AD connection, so dryrunning cerebrum code only")
from Cerebrum.modules.ad import ADTesting
self.server = ADTesting.MockADServer(self.logger)
def connect(self, username=None, password=None):
if username:
ldap_user = username
else:
ldap_user = self.config.ldap_user
if password:
ldap_pass = password
else:
ldap_pass = read_password(ldap_user, self.config.ldap_server)
self.connection = ldap.initialize('{0}://{1}'.format(
self.config.ldap_proto, self.config.ldap_server))
self.connection.bind_s(self.config.bind_dn_template.format(ldap_user),
ldap_pass)
def main():
parser = argparse.ArgumentParser(
description='Generates a dump file for the UA database')
parser.add_argument(
'-i', '--input-file',
type=text_type,
help='system name and input file (e.g. system_sap:/path/to/file)')
parser.add_argument(
'-o', '--output-directory',
type=text_type,
help='output directory')
parser.add_argument(
'-d', '--distribute',
action='store_true',
dest='distribute',
default=False,
help='transfer file')
parser.add_argument(
'-e', '--employees',
action='store_true',
dest='do_employees',
default=False,
help='include employees in the output')
args = parser.parse_args()
logger.info("Generating UA dump")
sysname, person_file = args.input_file.split(":")
output_file = AtomicFileWriter(
os.path.join(args.output_directory, "uadata.new"), "w",
encoding="latin1")
generate_output(output_file, args.do_employees, sysname, person_file)
output_file.close()
diff_file = "uadata.%s" % time.strftime("%Y-%m-%d")
do_sillydiff(args.output_directory, "uadata.old", "uadata.new", diff_file)
os.rename(os.path.join(args.output_directory, "uadata.new"),
os.path.join(args.output_directory, "uadata.old"))
if args.distribute:
logger.info('Uploading file to %s', cereconf.UA_FTP_HOST)
passwd = read_password(cereconf.UA_FTP_UNAME, cereconf.UA_FTP_HOST)
ftpput(host=cereconf.UA_FTP_HOST,
uname=cereconf.UA_FTP_UNAME,
password=passwd,
local_dir=args.output_directory,
file=diff_file,
remote_dir="ua-lt")
logger.info('Done')
def init_ldap(self):
"""Initzialize LDAP connection."""
self.ldap_srv = ldap.ldapobject.ReconnectLDAPObject(
'%s://%s/' % (self.config['ldap_proto'],
self.config['ldap_server']),
retry_max=self.LDAP_RETRY_MAX,
retry_delay=self.LDAP_RETRY_DELAY)
usr = self.config['ldap_user'].split('\\')[1]
self.ldap_srv.bind_s(
self.config['ldap_user'],
read_password(usr, self.config['ldap_server']))
self.ldap_lc = ldap.controls.SimplePagedResultsControl(
True, self._ldap_page_size, '')
def init_app(self, app, db_ctx):
self.app = app
self.db = db_ctx
config = app.config.setdefault('PROXY_AUTH', {})
enable = config.setdefault('enable', False)
self._require_username = config.setdefault('username', 'gateway')
self._require_password = None
self._realm = config.setdefault('realm', 'proxy')
if enable:
self._require_password = read_password(self._require_username,
self._realm)
app.before_request(self.authenticate)
app.teardown_appcontext(self.clear)
def connect(self, username=None, password=None):
if username:
ldap_user = username
else:
ldap_user = self.config.ldap_user
if password:
ldap_pass = password
else:
ldap_pass = read_password(ldap_user,
self.config.ldap_server)
self.connection = ldap.initialize('{0}://{1}'.format(
self.config.ldap_proto,
self.config.ldap_server
))
self.connection.bind_s(self.config.bind_dn_template.format(ldap_user),
ldap_pass)
def make_ephorte_client(config_file, mock=False):
"""Setup ephorte ws from config file name
:type config_file: basestring
:param config_file: file name
"""
from Cerebrum.Utils import read_password
config = Config(config_file)
cls = Cerebrum2EphorteClientMock if mock else Cerebrum2EphorteClient
client = cls(wsdl=config.wsdl,
customer_id=config.customer_id,
database=config.database,
client_key=config.client_key,
client_cert=config.client_cert,
ca_certs=config.ca_certs,
username=config.username,
password=read_password(
config.username, config.wsdl.split('/')[2]),
timeout=config.timeout)
return client, config
def ldap_connect(self, serv_l=None):
if not serv_l:
serv_l = cereconf.LDAP['server']
for server in serv_l:
try:
serv, user = [str(y) for y in server.split(':')]
f_name = cereconf.LDAP[
'dump_dir'] + '/log/' + serv + '.sync.log'
try:
passwd = read_password(user, serv)
except:
logger.warn('No valid password-file for %r!', serv)
break
if os.path.isfile(f_name):
self.s_list[serv] = [file(f_name, 'a')]
else:
self.s_list[serv] = [file(f_name, 'w')]
user = "******".join((user, ldapconf('ORG', 'dn')))
con = ldap.open(serv)
con.protocol_version = ldap.VERSION3
try:
if cereconf.TLS_CACERT_FILE is not None:
con.OPT_X_TLS_CACERTFILE = cereconf.TLS_CACERT_FILE
except:
pass
try:
if cereconf.TLS_CACERT_DIR is not None:
con.OPT_X_TLS_CACERTDIR = cereconf.TLS_CACERT_DIR
except:
pass
l_bind = None
try:
con.start_tls_s()
l_bind = con.simple_bind(user, passwd)
self.s_list[serv].append(con)
except:
logger.warn("Could not open TLS-connection to %r", serv)
self.s_list[serv][0].close()
del self.s_list[serv]
if l_bind and con:
logger.info("TLS-connection open to %r", serv)
except ldap.LDAPError as e:
logger.warn(e)
def connect(self,
user=None,
password=None,
service=None,
client_encoding=None,
host=None,
port=None):
dsn = []
if service is None:
service = cereconf.CEREBRUM_DATABASE_NAME
if user is None:
user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user')
if host is None:
host = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('host')
if port is None:
port = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('port')
if password is None and user is not None:
password = read_password(user, service, host)
if service is not None:
dsn.append('dbname=' + service)
if user is not None:
dsn.append('user='******'password='******'host=' + host)
if port is not None:
dsn.append('port=' + str(port))
dsn_string = ' '.join(dsn)
if client_encoding is None:
client_encoding = self.encoding
else:
self.encoding = client_encoding
app_name = _format_pg_app_name(os.path.basename(sys.argv[0]))
super(PsycoPG2, self).connect(dsn_string, application_name=app_name)
self._db.set_isolation_level(1) # read-committed
self.execute("SET CLIENT_ENCODING TO '%s'" % client_encoding)
self.commit()
def make_ephorte_client(config_file, mock=False):
"""Setup ephorte ws from config file name
:type config_file: basestring
:param config_file: file name
"""
from Cerebrum.Utils import read_password
config = Config(config_file)
cls = Cerebrum2EphorteClientMock if mock else Cerebrum2EphorteClient
client = cls(wsdl=config.wsdl,
customer_id=config.customer_id,
database=config.database,
client_key=config.client_key,
client_cert=config.client_cert,
ca_certs=config.ca_certs,
username=config.username,
password=read_password(config.username,
config.wsdl.split('/')[2]),
timeout=config.timeout)
return client, config
def ldap_connect(self, serv_l=None):
if not serv_l:
serv_l = cereconf.LDAP['server']
for server in serv_l:
try:
serv, user = [str(y) for y in server.split(':')]
f_name = cereconf.LDAP['dump_dir']+'/log/' + serv+'.sync.log'
try:
passwd = read_password(user, serv)
except:
logger.warn('No valid password-file for %r!', serv)
break
if os.path.isfile(f_name):
self.s_list[serv] = [file(f_name, 'a')]
else:
self.s_list[serv] = [file(f_name, 'w')]
user = "******".join((user, ldapconf('ORG', 'dn')))
con = ldap.open(serv)
con.protocol_version = ldap.VERSION3
try:
if cereconf.TLS_CACERT_FILE is not None:
con.OPT_X_TLS_CACERTFILE = cereconf.TLS_CACERT_FILE
except:
pass
try:
if cereconf.TLS_CACERT_DIR is not None:
con.OPT_X_TLS_CACERTDIR = cereconf.TLS_CACERT_DIR
except:
pass
l_bind = None
try:
con.start_tls_s()
l_bind = con.simple_bind(user, passwd)
self.s_list[serv].append(con)
except:
logger.warn("Could not open TLS-connection to %r", serv)
self.s_list[serv][0].close()
del self.s_list[serv]
if l_bind and con:
logger.info("TLS-connection open to %r", serv)
except ldap.LDAPError as e:
logger.warn(e)
def connect(self,
user=None,
password=None,
service=None,
client_encoding=None,
host=None,
port=None):
dsn = []
if service is None:
service = cereconf.CEREBRUM_DATABASE_NAME
if user is None:
user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user')
if host is None:
host = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('host')
if port is None:
port = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('port')
if password is None and user is not None:
password = read_password(user, service, host)
if service is not None:
dsn.append('dbname=' + service)
if user is not None:
dsn.append('user='******'password='******'host=' + host)
if port is not None:
dsn.append('port=' + str(port))
dsn_string = ' '.join(dsn)
if client_encoding is None:
client_encoding = self.encoding
else:
self.encoding = client_encoding
super(PsycoPG2, self).connect(dsn_string)
self._db.set_isolation_level(1) # read-committed
self.execute("SET CLIENT_ENCODING TO '%s'" % client_encoding)
self.commit()
def connect(self,
user=None,
password=None,
service=None,
client_encoding=None):
cdata = self._connect_data
cdata.clear()
cdata['arg_user'] = user
cdata['arg_password'] = password
cdata['arg_service'] = service
if service is None:
service = cereconf.CEREBRUM_DATABASE_NAME
if user is None:
user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user')
if password is None:
password = read_password(user, service)
conn_str = '%s/%s@%s' % (user, password, service)
cdata['conn_str'] = conn_str
if client_encoding is None:
client_encoding = self.encoding
else:
self.encoding = client_encoding
# The encoding names in Oracle don't look like PostgreSQL's,
# so we translate them into a single standard.
# TODO: Fix this, so that all valid encodings will actually work?
encoding_names = {
'iso8859-1': "american_america.we8iso8859p1",
'utf-8': "american_america.utf8"
}
codec_info = codecs.lookup(client_encoding)
os.environ['NLS_LANG'] = encoding_names.get(codec_info.name,
client_encoding)
# Call superclass .connect with appropriate CONNECTIONSTRING;
# this will in turn invoke the connect() function in the
# cx_Oracle module.
super(cx_Oracle, self).connect(conn_str)
self._db.inputtypehandler = cx_InputTypeHandler
self._db.outputtypehandler = cx_OutputTypeHandler
def main(inargs=None):
parser = argparse.ArgumentParser(description="Update LDAP")
Cerebrum.logutils.options.install_subparser(parser)
args = parser.parse_args(inargs)
Cerebrum.logutils.autoconf('cronjob', args)
today = datetime.date.today().strftime('%Y%m%d')
ldap_server = cereconf.LDAP['server']
user = cereconf.LDAP['user']
password = read_password(user, ldap_server)
ldap_dump_dir = ldapconf(None, 'dump_dir')
infile = os.path.join(ldap_dump_dir, 'uit_diff_%s' % (today, ))
ldap_temp_file = os.path.join(ldap_dump_dir, "temp_uit_ldif")
ldap_diff = os.path.join(ldap_dump_dir, "uit_ldif")
ret = 0
ret = os.system(' '.join((
'/usr/bin/ldapmodify',
'-x',
'-H',
'ldaps://%s' % (ldap_server, ),
'-D',
'"cn=%s,dc=uit,dc=no"' % (user, ),
'-w',
password,
'-f',
infile,
)))
if ret != 0:
logger.error("Unable to update ldap server")
raise SystemExit(1)
ret = os.system("mv %s %s" % (ldap_temp_file, ldap_diff))
if ret != 0:
logger.error("Unable to copy tempfile")
raise SystemExit(1)
def _get_data(config, url):
import requests
import json
from Cerebrum.Utils import read_password
auth = (config.auth_user,
read_password(user=config.auth_user,
system=config.auth_system))
headers = {'Accept': 'application/json'}
try:
logger.debug4(u'Fetching {}'.format(url))
r = requests.get(url, auth=auth, headers=headers)
logger.debug4(u'Fetch completed')
except Exception as e:
# Be polite on connection errors. Conenction errors seldom fix
# themselves quickly.
import time
time.sleep(1)
raise RemoteSourceUnavailable(str(e))
if r.status_code == 200:
data = json.loads(r.text).get(u'd', None)
for k in data:
if (isinstance(data.get(k), dict)
and '__deferred' in data.get(k)
and 'uri' in data.get(k).get('__deferred')):
# Fetch, unpack and store data
r = _get_data(config,
data.get(k).get('__deferred').get('uri'))
if r.keys() == [u'results']:
r = r[u'results']
data.update({k: r})
return data
else:
raise RemoteSourceError(
u'Could not fetch {} from remote source: {}: {}'.format(
url, r.status_code, r.reason))
def _get_data(config, url):
import requests
import json
from Cerebrum.Utils import read_password
auth = (config.auth_user, read_password(user=config.auth_user,
system=config.auth_system))
headers = {'Accept': 'application/json'}
try:
logger.debug4(u'Fetching {}'.format(url))
r = requests.get(url, auth=auth, headers=headers)
logger.debug4(u'Fetch completed')
except Exception as e:
# Be polite on connection errors. Conenction errors seldom fix
# themselves quickly.
import time
time.sleep(1)
raise RemoteSourceUnavailable(str(e))
if r.status_code == 200:
data = json.loads(r.text).get(u'd', None)
for k in data:
if (isinstance(data.get(k), dict) and
'__deferred' in data.get(k) and
'uri' in data.get(k).get('__deferred')):
# Fetch, unpack and store data
r = _get_data(config,
data.get(k).get('__deferred').get('uri'))
if r.keys() == [u'results']:
r = r[u'results']
data.update({k: r})
return data
else:
raise RemoteSourceError(
u'Could not fetch {} from remote source: {}: {}'.format(
url, r.status_code, r.reason))
def connect(self, user=None, password=None, service=None,
client_encoding=None):
cdata = self._connect_data
cdata.clear()
cdata['arg_user'] = user
cdata['arg_password'] = password
cdata['arg_service'] = service
if service is None:
service = cereconf.CEREBRUM_DATABASE_NAME
if user is None:
user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user')
if password is None:
password = read_password(user, service)
conn_str = '%s/%s@%s' % (user, password, service)
cdata['conn_str'] = conn_str
if client_encoding is None:
client_encoding = self.encoding
else:
self.encoding = client_encoding
# The encoding names in Oracle don't look like PostgreSQL's,
# so we translate them into a single standard.
# TODO: Fix this, so that all valid encodings will actually work?
encoding_names = {'iso8859-1': "american_america.we8iso8859p1",
'utf-8': "american_america.utf8"}
codec_info = codecs.lookup(client_encoding)
os.environ['NLS_LANG'] = encoding_names.get(codec_info.name,
client_encoding)
# Call superclass .connect with appropriate CONNECTIONSTRING;
# this will in turn invoke the connect() function in the
# cx_Oracle module.
super(cx_Oracle, self).connect(conn_str)
self._db.inputtypehandler = cx_InputTypeHandler
self._db.outputtypehandler = cx_OutputTypeHandler
key = val
elif opt in ("-i",):
instance = val
elif opt in ("-h",):
usage()
elif opt in ("-H",):
host = val
else:
print "Error: Invalid arg"
usage(-2)
if not key:
from Cerebrum.Utils import read_password
try:
key = read_password(instance, host)
except Exception, e:
logger.error("Error: %s" % e)
sys.exit(-3)
if file and key:
return export(file, key, host)
elif key:
return status(key, host)
else:
usage(-1)
if __name__ == "__main__":
main()
if not host:
host = sync['server']
if not port:
port = sync.get('port', None)
user = sync['auth_user']
logger.info("Start")
client = WinRMClient(host=host,
port=port,
encrypted=encrypted,
logger=logger)
# TODO: add ca, client_key and client_cert
client._winrs_skip_cmd_shell = False
#client._winrs_consolemode_stdin = False
client.add_credentials(username=user,
password=unicode(read_password(user, host),
'utf-8'))
for opt, val in opts:
if opt == '--delete-shell':
logger.info("Deleting shell with ShellId: %s", val)
client.wsman_delete(val)
logger.info("Finished")
sys.exit()
# Get server identification:
logger.info("Identifying server")
ident = client.wsman_identify()
# TODO: doesn't work now
for key in ('ProtocolVersion', 'ProductVendor', 'ProductVersion'):
for event, elem in ident.iterfind(
elif opt in ('-k', ):
key = val
elif opt in ('-i', ):
instance = val
elif opt in ('-h', ):
usage()
elif opt in ('-H', ):
host = val
else:
print "Error: Invalid arg"
usage(-2)
if not key:
from Cerebrum.Utils import read_password
try:
key = read_password(instance, host)
except Exception, e:
logger.error("Error: %s" % e)
sys.exit(-3)
if file and key:
return export(file, key, host)
elif key:
return status(key, host)
else:
usage(-1)
if __name__ == '__main__':
main()
def make_credentials(username, hostname):
return pika.credentials.PlainCredentials(username,
read_password(username, hostname))
def _read_password(self, database, user):
return read_password(user, database)
def decrypt_password(self, method, cryptstring):
for system, pgpkey in cereconf.AUTH_PGP.items():
if method == self._pgp_auth(system):
passphrase = read_password(pgpkey, system)
return pgp_decrypt(cryptstring, pgpkey, passphrase)
return self.__super.decrypt_password(method, cryptstring)
def main():
"""
"""
logger = Factory.get_logger('cronjob')
parser = argparse.ArgumentParser(
description='The following options are available')
parser.add_argument('-H',
'--hostname',
metavar='HOSTNAME/IP',
type=str,
dest='hostname',
default='localhost',
help='MQ hostname / IP address (default: localhost)')
parser.add_argument(
'-d',
'--dryrun',
action='store_true',
dest='dryrun',
default=False,
help='Do not actually schedule the tasks. Just logg and be happy')
parser.add_argument('-e',
'--target-exchange',
metavar='EXCHANGE',
type=str,
dest='target_exchange',
default='ex_scheduled_messages',
help=('Exchage to send scheduled messages to '
'(default: ex_scheduled_messages)'))
parser.add_argument('-q',
'--queue',
metavar='QUEUE',
type=str,
dest='queue',
default='q_scheduling',
help='Queue to consume from (default: q_scheduling)')
parser.add_argument('-P',
'--port',
metavar='PORT',
type=int,
dest='port',
default=5671,
help='AMQP port (default: 5671)')
parser.add_argument(
'-p',
'--password',
metavar='PASSWORD[FILE]',
type=str,
dest='password',
default='',
help=('Password / text-file containing the target password'
' (default & recommended: prompt for passwd)'))
parser.add_argument('-t',
'--consumer-tag',
metavar='TAG',
type=str,
dest='consumer_tag',
default='tiny_scheduler',
help='Consumer tag (default: tiny_scheduler)')
parser.add_argument('-u',
'--username',
metavar='USERNAME',
type=str,
dest='username',
default='cerebrum',
help='Subscriber username (default: cerebrum)')
parser.add_argument('-V',
'--vhost',
metavar='VHOST',
type=str,
dest='vhost',
default='/no/uio/integration',
help='Vhost (default: /no/uio/integration)')
args = parser.parse_args()
args.logger = logger
logger.info('tiny_scheduler started')
if not args.password:
try:
args.password = read_password(args.username, args.hostname)
except Exception as e:
logger.error('Unable to retrieve password for user {username}: '
'{error}'.format(username=args.username, error=e))
sys.exit(errno.EACCES)
elif os.path.isfile(args.password):
try:
with open(args.password, 'r') as fp:
passwd = fp.readline()
if passwd.strip():
args.password = passwd.strip()
except Exception as e:
logger.error('Unable to open password file: {0}'.format(e))
sys.exit(1)
creds_broker = pika.PlainCredentials(args.username, args.password)
conn_params = pika.ConnectionParameters(args.hostname,
args.port,
virtual_host=args.vhost,
ssl=True,
credentials=creds_broker)
conn_broker = pika.BlockingConnection(conn_params)
channel = conn_broker.channel()
consumer_callback = ConsumerCallback(args)
channel.basic_consume(consumer_callback,
queue=args.queue,
no_ack=False,
consumer_tag=args.consumer_tag)
logger.info('Consumer active!')
try:
channel.start_consuming()
except KeyboardInterrupt:
logger.info('Terminating...')
def _read_password(self, database, user):
return read_password(user, database)
print "Command to run is required"
usage(1)
if not host:
host = sync['server']
if not port:
port = sync.get('port', None)
user = sync['auth_user']
client = WinRMClient(host=host, port=port, encrypted=encrypted,
logger=logger)
# TODO: add ca, client_key and client_cert
client._winrs_skip_cmd_shell = False
#client._winrs_consolemode_stdin = False
client.add_credentials(username=user,
password=read_password(user, host))
client.connect()
code = ' '.join(args)
logger.debug("Running code: %s" % code)
try:
out = client.run(code)
finally:
client.close()
for outtype in ('stderr', 'stdout'):
data = out.get(outtype)
if data:
print '%s:' % outtype.upper()
print data
print
def main():
"""
"""
logger = Factory.get_logger('cronjob')
parser = argparse.ArgumentParser(
description='The following options are available')
parser.add_argument(
'-H', '--hostname',
metavar='HOSTNAME/IP',
type=str,
dest='hostname',
default='localhost',
help='MQ hostname / IP address (default: localhost)')
parser.add_argument(
'-d', '--dryrun',
action='store_true',
dest='dryrun',
default=False,
help='Do not actually schedule the tasks. Just logg and be happy')
parser.add_argument(
'-q', '--queue',
metavar='QUEUE',
type=str,
dest='queue',
default='q_scheduling',
help='Queue to consume from (default: q_scheduling)')
parser.add_argument(
'-P', '--port',
metavar='PORT',
type=int,
dest='port',
default=5671,
help='AMQP port (default: 5671)')
parser.add_argument(
'-p', '--password',
metavar='PASSWORD[FILE]',
type=str,
dest='password',
default='',
help=('Password / text-file containing the target password'
' (default & recommended: prompt for passwd)'))
parser.add_argument(
'-t', '--consumer-tag',
metavar='TAG',
type=str,
dest='consumer_tag',
default='tiny_scheduler',
help='Consumer tag (default: tiny_scheduler)')
parser.add_argument(
'-u', '--username',
metavar='USERNAME',
type=str,
dest='username',
default='cerebrum',
help='Subscriber username (default: cerebrum)')
parser.add_argument(
'-V', '--vhost',
metavar='VHOST',
type=str,
dest='vhost',
default='/no/uio/integration',
help='Vhost (default: /no/uio/integration)')
args = parser.parse_args()
args.logger = logger
logger.info('tiny_scheduler started')
if not args.password:
try:
args.password = read_password(args.username, args.hostname)
except Exception as e:
logger.error(
'Unable to retrieve password for user {username}: '
'{error}'.format(username=args.username, error=e))
sys.exit(errno.EACCES)
elif os.path.isfile(args.password):
try:
with open(args.password, 'r') as fp:
passwd = fp.readline()
if passwd.strip():
args.password = passwd.strip()
except Exception as e:
logger.error('Unable to open password file: {0}'.format(e))
sys.exit(1)
creds_broker = pika.PlainCredentials(args.username, args.password)
conn_params = pika.ConnectionParameters(args.hostname,
args.port,
virtual_host=args.vhost,
ssl=True,
credentials=creds_broker)
conn_broker = pika.BlockingConnection(conn_params)
channel = conn_broker.channel()
consumer_callback = ConsumerCallback(args)
channel.basic_consume(consumer_callback,
queue=args.queue,
no_ack=False,
consumer_tag=args.consumer_tag)
logger.info('Consumer active!')
try:
channel.start_consuming()
except KeyboardInterrupt:
logger.info('Terminating...')
def make_credentials(username, hostname):
return pika.credentials.PlainCredentials(
username,
read_password(username, hostname))
if not host:
host = sync['server']
if not port:
port = sync.get('port', None)
user = sync['auth_user']
logger.info("Start")
client = WinRMClient(host=host,
port=port,
encrypted=encrypted,
logger=logger)
# TODO: add ca, client_key and client_cert
client._winrs_skip_cmd_shell = False
#client._winrs_consolemode_stdin = False
client.add_credentials(username=user, password=read_password(user, host))
for opt, val in opts:
if opt == '--delete-shell':
logger.info("Deleting shell with ShellId: %s", val)
client.wsman_delete(val)
logger.info("Finished")
sys.exit()
# Get server identification:
logger.info("Identifying server")
ident = client.wsman_identify()
# TODO: doesn't work now
for key in ('ProtocolVersion', 'ProductVendor', 'ProductVersion'):
for event, elem in ident.iterfind(
'{http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd}%s'
usage(1)
if not host:
host = sync['server']
if not port:
port = sync.get('port', None)
user = sync['auth_user']
logger.info("Start")
client = WinRMClient(host=host, port=port, encrypted=encrypted,
logger=logger)
# TODO: add ca, client_key and client_cert
client._winrs_skip_cmd_shell = False
#client._winrs_consolemode_stdin = False
client.add_credentials(username=user,
password=unicode(read_password(user, host), 'utf-8'))
for opt, val in opts:
if opt == '--delete-shell':
logger.info("Deleting shell with ShellId: %s", val)
client.wsman_delete(val)
logger.info("Finished")
sys.exit()
# Get server identification:
logger.info("Identifying server")
ident = client.wsman_identify()
# TODO: doesn't work now
for key in ('ProtocolVersion', 'ProductVendor', 'ProductVersion'):
def decrypt_password(self, method, cryptstring):
for system, pgpkey in cereconf.AUTH_PGP.items():
if method == self._pgp_auth(system):
passphrase = read_password(pgpkey, system)
return pgp_decrypt(cryptstring, pgpkey, passphrase)
return self.__super.decrypt_password(method, cryptstring)
