Esempio n. 1
0
def connect_to_master_db(user=None):
    "Connect to 'user's master database"

    if user is None:
        user = getpass.getuser()

    u = users.get_user_by_username(user)

    dburi = u.get_master_db_url()

    return connect(dburi)
Esempio n. 2
0
def connect_to_master_db(user=None):
    "Connect to 'user's master database"

    if user is None:
        user = getpass.getuser()

    u = users.get_user_by_username(user)

    dburi = u.get_master_db_url()

    return connect(dburi)
Esempio n. 3
0
def authorize_request():
    cred = request.authorization

    if not cred:
        log.error("Auth required")
        return basic_auth_response()

    if not authenticate(cred.username, cred.password):
        log.error("Invalid login: %s", cred.username)
        return basic_auth_response()

    try:
        g.user = user.get_user_by_username(cred.username)
    except user.NoSuchUser, e:
        log.error("No such user: %s" % cred.username)
        return basic_auth_response()
Esempio n. 4
0
def authorize_request():
    cred = request.authorization

    if not cred:
        log.error("Auth required")
        return basic_auth_response()

    if not authenticate(cred.username, cred.password):
        log.error("Invalid login: %s", cred.username)
        return basic_auth_response()

    try:
        g.user = user.get_user_by_username(cred.username)
    except user.NoSuchUser, e:
        log.error("No such user: %s" % cred.username)
        return basic_auth_response()
Esempio n. 5
0
 def get_user(self):
     return user.get_user_by_username(self.username)
Esempio n. 6
0
 def get_user(self):
     # Just return info for the user running the service
     if "username" in g:
         return user.get_user_by_username(g.username)
     else:
         return user.get_user_by_uid(os.getuid())
Esempio n. 7
0
def before():

    # Static files do not need to be authenticated.
    if (request.script_root + request.path).startswith(url_for("static", filename="")):
        return

    #
    # Authentication
    #

    cred = request.authorization
    username = cred.username if cred else None
    password = cred.password if cred else None

    authclass = app.config["AUTHENTICATION"]
    if authclass not in globals():
        log.error("Unknown authentication method: %s", authclass)
        return make_response("Invalid server configuration", 500)

    Authentication = globals()[authclass]
    auth = Authentication(username, password)
    if not auth.authenticate():
        log.error("Invalid login: %s", username)
        return basic_auth_response()

    try:
        g.user = auth.get_user()
    except user.NoSuchUser as e:
        log.error("No such user: %s" % username)
        return basic_auth_response()

    log.info("Authenticated user %s", g.user.username)

    # If a username is not specified in the requested URI, then set username to the logged in user?
    if "username" not in g:
        g.username = g.user.username

    #
    # Authorization
    #

    # Root user is off limits.
    if g.username == "root":
        log.error("Accessing root user info. is not allowed")
        # If the user has logged in as root, then ask user to login as a regular user.
        # If the non-root logged in user is attempting to access root user's data, then return 403 FORBIDDEN
        if g.user.username == "root":
            return basic_auth_response()
        else:
            abort(403)

    user_info = g.user

    if g.username != g.user.username:
        # Is user (g.user.username) allowed to view user (g.username) runs?
        if not is_user_an_admin(g.user.username):
            log.error(
                "User %s is accessing user %s's runs" % (g.user.username, g.username)
            )
            abort(403)

        # Is user a valid system user?
        try:
            user_info = user.get_user_by_username(g.username)
        except user.NoSuchUser as e:
            log.error("User %s is not a valid user" % g.username)
            abort(400)

    if app.config["PROCESS_SWITCHING"]:
        # If required, set uid and gid of handler process
        if os.getuid() != user_info.uid:
            if os.getuid() != 0:
                log.error(
                    "Pegasus service must run as root to enable process switching"
                )
                return make_response(
                    "Pegasus service must run as root to enable process switching", 500
                )

        os.setgid(user_info.gid)
        os.setuid(user_info.uid)

    # Does the user have a Pegasus home directory?
    user_pegasus_dir = user_info.get_pegasus_dir()

    if not os.path.isdir(user_pegasus_dir):
        log.info("User's pegasus directory does not exist. Creating one...")
        try:
            os.makedirs(user_pegasus_dir, mode=0o744)
        except OSError:
            log.info("Invalid Permissions: Could not create user's pegasus directory.")
            return make_response("Could not find user's Pegasus directory", 404)

    # Set master DB URL for the dashboard
    # For testing master_db_url would be pre-populated, so let's not overwrite it here.
    if "master_db_url" not in g:
        g.master_db_url = user_info.get_master_db_url()
Esempio n. 8
0
def authorization():
    # Static files do not need to be authorized.
    if (request.script_root + request.path).startswith(url_for("static", filename="")):
        return

    # Root user is off limits.
    if g.username == "root":
        log.error("Accessing root user info. is not allowed")
        # If the user has logged in as root, then ask user to login as a regular user.
        # If the non-root logged in user is attempting to access root user's data,
        # then return 403 FORBIDDEN
        if g.user.username == "root":
            return _basic_auth_response()
        else:
            abort(403)

    user_info = g.user

    if g.username != g.user.username:
        # Is user (g.user.username) allowed to view user (g.username) runs?
        if not _is_user_an_admin(g.user.username):
            log.error(
                "User {} is accessing user {}'s runs".format(
                    g.user.username, g.username
                )
            )
            abort(403)

        # Is user a valid system user?
        try:
            user_info = user.get_user_by_username(g.username)
        except user.NoSuchUser:
            log.error("User %s is not a valid user" % g.username)
            abort(400)

    if current_app.config["PROCESS_SWITCHING"]:
        # If required, set uid and gid of handler process
        if os.getuid() != user_info.uid:
            if os.getuid() != 0:
                log.error(
                    "Pegasus service must run as root to enable process switching"
                )
                return make_response(
                    "Pegasus service must run as root to enable process switching", 500
                )

        os.setgid(user_info.gid)
        os.setuid(user_info.uid)

    # Does the user have a Pegasus home directory?
    user_pegasus_dir = user_info.get_pegasus_dir()

    if not os.path.isdir(user_pegasus_dir):
        log.info("User's pegasus directory does not exist. Creating one...")
        try:
            os.makedirs(user_pegasus_dir, mode=0o744)
        except OSError:
            log.info("Invalid Permissions: Could not create user's pegasus directory.")
            return make_response("Could not find user's Pegasus directory", 404)

    # Set master DB URL for the dashboard
    # For testing master_db_url would be pre-populated, so let's not overwrite it here.
    if "master_db_url" not in g:
        g.master_db_url = user_info.get_master_db_url()
Esempio n. 9
0
 def get_localdir(self):
     u = user.get_user_by_username(self.username)
     edir = u.get_ensembles_dir()
     return os.path.join(edir, self.name)
Esempio n. 10
0
        if g.user.username == 'root':
            return basic_auth_response()
        else:
            abort(403)

    user_info = g.user

    if g.username != g.user.username:
        # Is user (g.user.username) allowed to view user (g.username) runs?
        if not is_user_an_admin(g.user.username):
            log.error("User %s is accessing user %s's runs" % (g.user.username, g.username))
            abort(403)

        # Is user a valid system user?
        try:
            user_info = user.get_user_by_username(g.username)
        except user.NoSuchUser, e:
            log.error('User %s is not a valid user' % g.username)
            abort(400)

    if app.config["PROCESS_SWITCHING"]:
        # If required, set uid and gid of handler process
        if os.getuid() != user_info.uid:
            if os.getuid() != 0:
                log.error("Pegasus service must run as root to enable process switching")
                return make_response("Pegasus service must run as root to enable process switching", 500)

        os.setgid(user_info.gid)
        os.setuid(user_info.uid)

    # Does the user have a Pegasus home directory?
Esempio n. 11
0
 def get_localdir(self):
     u = user.get_user_by_username(self.username)
     edir = u.get_ensembles_dir()
     return os.path.join(edir, self.name)