def __init__(self, auth_user, domain_admin, ex_domain_admin, management_server, exchange_commands, session_key=None, *args, **kwargs): """Set up the WinRM client to be used with running Exchange commands. :type auth_user: string :param auth_user: The username of the account we use to connect to the server. :type domain_admin: string :param domain_admin: The username of the account we use to connect to the AD domain we are going to synchronize with.""" super(ExchangeClient, self).__init__(*args, **kwargs) self.logger.debug("ExchangeClient super returned") self.add_credentials( username=auth_user, password=unicode(read_password(auth_user, self.host), 'utf-8')) self.ignore_stdout_pattern = re.compile('.*EOB\n', flags=re.DOTALL) # Patterns used to filter out passwords. self.wash_output_patterns = [ re.compile('ConvertTo-SecureString.*\\w*...', flags=re.DOTALL)] self.management_server = management_server self.exchange_commands = exchange_commands self.session_key = session_key if session_key else 'cereauth' # TODO: Make the following line pretty self.auth_user_password = unicode( read_password(auth_user, kwargs['host']), 'utf-8') # Note that we save the user's password by domain and not the host. It # _could_ be the wrong way to do it. TBD: Maybe both host and domain? self.ad_user, self.ad_domain = self._split_domain_username( domain_admin) self.ad_user_password = unicode( read_password(self.ad_user, self.ad_domain), 'utf-8') self.ex_user, self.ex_domain = self._split_domain_username( ex_domain_admin) self.ex_user_password = unicode( read_password(self.ex_user, self.ex_domain), 'utf-8') # Set up the winrm / PowerShell connection self.logger.debug("ExchangeClient: Preparing to connect") self.connect() self.logger.debug("ExchangeClient: Connected") # Collect AD-controllers controllers = self._get_domain_controllers(self.ad_domain, self.ex_domain) self.ad_server = controllers['domain'] self.resource_ad_server = controllers['resource_domain'] # TODO: For all commands. Use the two variables above, and specify # which DC we use self.logger.debug("ExchangeClient: Init done")
def __init__(self, auth_user, domain_admin, ex_domain_admin, management_server, exchange_commands, session_key=None, *args, **kwargs): """Set up the WinRM client to be used with running Exchange commands. :type auth_user: string :param auth_user: The username of the account we use to connect to the server. :type domain_admin: string :param domain_admin: The username of the account we use to connect to the AD domain we are going to synchronize with.""" super(ExchangeClient, self).__init__(*args, **kwargs) self.logger.debug("ExchangeClient super returned") self.add_credentials(username=auth_user, password=unicode( read_password(auth_user, self.host), 'utf-8')) self.ignore_stdout_pattern = re.compile('.*EOB\n', flags=re.DOTALL) # Patterns used to filter out passwords. self.wash_output_patterns = [ re.compile('ConvertTo-SecureString.*\\w*...', flags=re.DOTALL) ] self.management_server = management_server self.exchange_commands = exchange_commands self.session_key = session_key if session_key else 'cereauth' # TODO: Make the following line pretty self.auth_user_password = unicode( read_password(auth_user, kwargs['host']), 'utf-8') # Note that we save the user's password by domain and not the host. It # _could_ be the wrong way to do it. TBD: Maybe both host and domain? self.ad_user, self.ad_domain = self._split_domain_username( domain_admin) self.ad_user_password = unicode( read_password(self.ad_user, self.ad_domain), 'utf-8') self.ex_user, self.ex_domain = self._split_domain_username( ex_domain_admin) self.ex_user_password = unicode( read_password(self.ex_user, self.ex_domain), 'utf-8') # Set up the winrm / PowerShell connection self.logger.debug("ExchangeClient: Preparing to connect") self.connect() self.logger.debug("ExchangeClient: Connected") # Collect AD-controllers controllers = self._get_domain_controllers(self.ad_domain, self.ex_domain) self.ad_server = controllers['domain'] self.resource_ad_server = controllers['resource_domain'] # TODO: For all commands. Use the two variables above, and specify # which DC we use self.logger.debug("ExchangeClient: Init done")
def __init__(self, config): """Init the Pika AMQP 0.9.1 wrapper client. :type config: BaseAMQPClientConfig :param config: The configuration for the AMQP client. """ # Define potential credentials if config.username: from Cerebrum.Utils import read_password cred = pika.credentials.PlainCredentials( config.username, read_password(config.username, config.hostname)) ssl_opts = None else: raise ClientErrors.ConfigurationFormatError( "Configuration contains neither 'username' or 'cert' value") # Create connection-object try: self.conn_params = pika.ConnectionParameters( host=config.hostname, port=config.port, virtual_host=config.virtual_host, credentials=cred, ssl=config.tls_on, ssl_options=ssl_opts) except Exception as e: raise ClientErrors.ConnectionError( 'Invalid connection parameters: {}'.format(e)) self.channel = self.connection = None
def create_celery_app(app_name): """ Creates a celery.Celery (app) object with the name `app_name` and uses the config object `app_name` Keyword Arguments: :param app_name: The name of the app and the setting module-object :type app_name: str :return: celery.Celery (app) object :rtype: celery.Celery """ app = Celery(app_name) app.config_from_object(app_name) broker_url = ('amqp://{username}:{password}@' '{hostname}:{port}/{vhost}').format( username=app.conf['CELERY_TASKS_USERNAME'], password=read_password( app.conf['CELERY_TASKS_USERNAME'], app.conf['CELERY_TASKS_HOSTNAME']), hostname=app.conf['CELERY_TASKS_HOSTNAME'], port=app.conf['CELERY_TASKS_PORT'], vhost=app.conf['CELERY_TASKS_VHOST']) app.conf['broker_url'] = broker_url # deprecated Celery 3.x format... app.conf['BROKER_URL'] = broker_url return app
def __init__(self, db, co, logger, host=cereconf.AD_SERVER_HOST, port=cereconf.AD_SERVER_PORT, url=None, ad_ldap=cereconf.AD_LDAP, mock=False): """ Initialize AD syncronization, i.e. connect to AD service on given host. """ self.db = db self.co = co self.logger = logger if mock: self.logger.warn("Using mock server") from Cerebrum.modules.ad import ADTesting self.server = ADTesting.MockADServer(self.logger) else: parts = urlparse.urlsplit(url or '') scheme = parts.scheme or 'https' host = parts.hostname or host port = parts.port or port username = parts.username or cereconf.AD_DOMAIN_ADMIN_USER password = read_password(username, host) netloc = "%s:%s@%s:%d" % (username, '********', host, port) url = urlparse.urlunsplit((scheme, netloc, ) + parts[2:]) self.logger.debug("Connecting to %s", url) netloc = "%s:%s@%s:%d" % (username, password, host, port) url = urlparse.urlunsplit((scheme, netloc, ) + parts[2:]) self.server = xmlrpclib.Server(url) self.ad_ldap = ad_ldap
def __init__(self, config): """Init the Pika AMQP 0.9.1 wrapper client. :type config: BaseAMQPClientConfig :param config: The configuration for the AMQP client. """ # Define potential credentials if config.username: from Cerebrum.Utils import read_password cred = pika.credentials.PlainCredentials(config.username, read_password(config.username, config.hostname)) ssl_opts = None else: raise ClientErrors.ConfigurationFormatError("Configuration contains neither 'username' or 'cert' value") # Create connection-object try: self.conn_params = pika.ConnectionParameters( host=config.hostname, port=config.port, virtual_host=config.virtual_host, credentials=cred, ssl=config.tls_on, ssl_options=ssl_opts, ) except Exception as e: raise ClientErrors.ConnectionError("Invalid connection parameters: {}".format(e)) self.channel = self.connection = None
def main(inargs=None): # Parse arguments parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('-p', '--pagafile', metavar='filename', help='Read national identities from given Paga file', required=True) add_commit_args(parser) Cerebrum.logutils.options.install_subparser(parser) args = parser.parse_args(inargs) Cerebrum.logutils.autoconf('cronjob', args) try: file_obj = open(args.pagafile, 'r') except IOError: sys.exit("Could not open file: '{}'".format(args.pagafile)) reader = csv.reader(file_obj, delimiter=';') row_fetched = 0 row_fetch_max = 1000 row_count = sum(1 for row in file_obj) file_obj.seek(0) mobile_count = 0 # Initialize database db = Factory.get('Database')() db.cl_init(change_program='fetch_mobile') logger.info("Updating BAS with ICE numbers from Difi's" "'Kontakt- og reservasjonssregister'.") # Dummy username token = read_password('difi', 'oppslag.uit.no') while row_fetched < row_count: # GET all national identities national_identies = get_national_identies(reader, row_fetch_max) # GET all mobile phone numbers mobile_phones = get_mobile_list(token, national_identies) # UPDATE BAS mobile_count += update_bas(db, mobile_phones) row_fetched += row_fetch_max logger.debug("############") logger.debug("Lines in pagafile: %s" % row_count) if mobile_count > 0: logger.info("%s new ICE numbers added to BAS." % mobile_count) if args.commit: db.commit() logger.info("Committed all changes.") else: db.rollback() logger.info("Dryrun. Rollback changes.") else: logger.info("No new ICE numbers found.")
def init_ldap(self): """Initzialize LDAP connection.""" self.ldap_srv = ldap.ldapobject.ReconnectLDAPObject( "%s://%s/" % (self.config["ldap_proto"], self.config["ldap_server"]), retry_max=5, retry_delay=60 ) usr = self.config["ldap_user"].split("\\")[1] self.ldap_srv.bind_s(self.config["ldap_user"], read_password(usr, self.config["ldap_server"])) self.ldap_lc = ldap.controls.SimplePagedResultsControl(True, self._ldap_page_size, "")
def read_password_catcher(user, system, host=None): """Override to ignore missing password files. This is since we're in test don't need the password to other systems. """ try: return read_password(user, system, host) except IOError: return 'random9'
def __init__(self, db, logger, host, port, ad_domain_admin): """ Connect to AD service """ self.logger = logger self.db = db self.co = Factory.get("Constants")(self.db) # Create connection to AD agent password = read_password(ad_domain_admin, host) url = "https://%s:%s@%s:%s" % (ad_domain_admin, password, host, port) self.server = xmlrpclib.Server(url)
def _get_auth(self): """Reads the password from file and returns the credentials. :return tuple: Username and password. """ self.logger.debug("CIMClient: Caching credentials") password = read_password(user=self.config.auth_user, system=self.config.auth_system, host=self.config.auth_host) return (self.config.auth_user, password)
def __init__(self, db, co, logger, host=cereconf.AD_SERVER_HOST, port=cereconf.AD_SERVER_PORT, url=None, ad_ldap=cereconf.AD_LDAP, dry_run=False): """ Initialize AD syncronization, i.e. connect to AD service on given host. """ self.db = db self.co = co self.logger = logger ad_domain_admin = cereconf.AD_DOMAIN_ADMIN_USER try: if url is None: password = read_password(ad_domain_admin, host) url = "https://%s:%s@%s:%i" % (ad_domain_admin, password, host, port) else: m = re.match(r'([^:]+)://([^:]+):(\d+)', url) if not m: raise ValueError, "Error parsing URL: %s" % url protocol = m.group(1) host = m.group(2) port = m.group(3) password = read_password(ad_domain_admin, host) url = "%s://%s:%s@%s:%s" % (protocol, ad_domain_admin, password, host, port) self.server = xmlrpclib.Server(url) except IOError, e: if not dry_run: raise e self.logger.critical(e) self.logger.error( "No AD connection, so dryrunning cerebrum code only") from Cerebrum.modules.ad import ADTesting self.server = ADTesting.MockADServer(self.logger)
def _get_auth(self): """Reads the password from file and returns the credentials. :return tuple: Username and password. """ self.logger.debug("CIMClient: Caching credentials") password = read_password( user=self.config.auth_user, system=self.config.auth_system, host=self.config.auth_host) return (self.config.auth_user, password)
def init_ldap(self): """Initzialize LDAP connection.""" self.ldap_srv = ldap.ldapobject.ReconnectLDAPObject( '%s://%s/' % (self.config['ldap_proto'], self.config['ldap_server']), retry_max=5, retry_delay=60) usr = self.config['ldap_user'].split('\\')[1] self.ldap_srv.bind_s(self.config['ldap_user'], read_password( usr, self.config['ldap_server'])) self.ldap_lc = ldap.controls.SimplePagedResultsControl( True, self._ldap_page_size, '')
def __call__(self, phone_to, message): """ Sends an SMS message to the given phone number. :param unicode phone_to: The phone number to send the message to. :param unicode message: The message to send to the given phone number. """ assert isinstance(phone_to, text_type) assert isinstance(message, text_type) try: phone_to = self._filter_phone_number(phone_to) except ValueError as e: logger.warning("Unable to send SMS: %s", e) return False if getattr(cereconf, 'SMS_DISABLE', True): logger.info("Would have sent %r to %r'", message, phone_to) return True hostname = urlparse(self._url).hostname password = read_password(user=self._user, system=hostname) data = { b'b': self._user.encode('latin1'), b'p': password.encode('latin1'), b's': self._system.encode('latin1'), b't': phone_to.encode('latin1'), b'm': message.encode('latin1'), } logger.debug("Sending SMS to %r (user=%r, system=%r)", phone_to, self._user, self._system) try: response = requests.post(self._url, data=data, timeout=self._timeout) except requests.exceptions.RequestException as e: logger.warning('SMS gateway error: %s', e) return False if response.status_code != 200: logger.warning("SMS gateway responded with code=%r body=%r", response.status_code, response.text) return False success = self._validate_response(response) if success: logger.debug("SMS to %r sent OK", phone_to) else: logger.warning("SMS to %r could not be sent", phone_to) return bool(success)
def __init__(self, db, co, logger, host=cereconf.AD_SERVER_HOST, port=cereconf.AD_SERVER_PORT, url=None, ad_ldap=cereconf.AD_LDAP, dry_run=False): """ Initialize AD syncronization, i.e. connect to AD service on given host. """ self.db = db self.co = co self.logger = logger ad_domain_admin = cereconf.AD_DOMAIN_ADMIN_USER try: if url is None: password = read_password(ad_domain_admin, host) url = "https://%s:%s@%s:%i" % (ad_domain_admin, password, host, port) else: m = re.match(r'([^:]+)://([^:]+):(\d+)', url) if not m: raise ValueError, "Error parsing URL: %s" % url protocol = m.group(1) host = m.group(2) port = m.group(3) password = read_password(ad_domain_admin, host) url = "%s://%s:%s@%s:%s" % ( protocol, ad_domain_admin, password, host, port) self.server = xmlrpclib.Server(url) except IOError, e: if not dry_run: raise e self.logger.critical(e) self.logger.error( "No AD connection, so dryrunning cerebrum code only") from Cerebrum.modules.ad import ADTesting self.server = ADTesting.MockADServer(self.logger)
def connect(self, username=None, password=None): if username: ldap_user = username else: ldap_user = self.config.ldap_user if password: ldap_pass = password else: ldap_pass = read_password(ldap_user, self.config.ldap_server) self.connection = ldap.initialize('{0}://{1}'.format( self.config.ldap_proto, self.config.ldap_server)) self.connection.bind_s(self.config.bind_dn_template.format(ldap_user), ldap_pass)
def main(): parser = argparse.ArgumentParser( description='Generates a dump file for the UA database') parser.add_argument( '-i', '--input-file', type=text_type, help='system name and input file (e.g. system_sap:/path/to/file)') parser.add_argument( '-o', '--output-directory', type=text_type, help='output directory') parser.add_argument( '-d', '--distribute', action='store_true', dest='distribute', default=False, help='transfer file') parser.add_argument( '-e', '--employees', action='store_true', dest='do_employees', default=False, help='include employees in the output') args = parser.parse_args() logger.info("Generating UA dump") sysname, person_file = args.input_file.split(":") output_file = AtomicFileWriter( os.path.join(args.output_directory, "uadata.new"), "w", encoding="latin1") generate_output(output_file, args.do_employees, sysname, person_file) output_file.close() diff_file = "uadata.%s" % time.strftime("%Y-%m-%d") do_sillydiff(args.output_directory, "uadata.old", "uadata.new", diff_file) os.rename(os.path.join(args.output_directory, "uadata.new"), os.path.join(args.output_directory, "uadata.old")) if args.distribute: logger.info('Uploading file to %s', cereconf.UA_FTP_HOST) passwd = read_password(cereconf.UA_FTP_UNAME, cereconf.UA_FTP_HOST) ftpput(host=cereconf.UA_FTP_HOST, uname=cereconf.UA_FTP_UNAME, password=passwd, local_dir=args.output_directory, file=diff_file, remote_dir="ua-lt") logger.info('Done')
def init_ldap(self): """Initzialize LDAP connection.""" self.ldap_srv = ldap.ldapobject.ReconnectLDAPObject( '%s://%s/' % (self.config['ldap_proto'], self.config['ldap_server']), retry_max=self.LDAP_RETRY_MAX, retry_delay=self.LDAP_RETRY_DELAY) usr = self.config['ldap_user'].split('\\')[1] self.ldap_srv.bind_s( self.config['ldap_user'], read_password(usr, self.config['ldap_server'])) self.ldap_lc = ldap.controls.SimplePagedResultsControl( True, self._ldap_page_size, '')
def init_app(self, app, db_ctx): self.app = app self.db = db_ctx config = app.config.setdefault('PROXY_AUTH', {}) enable = config.setdefault('enable', False) self._require_username = config.setdefault('username', 'gateway') self._require_password = None self._realm = config.setdefault('realm', 'proxy') if enable: self._require_password = read_password(self._require_username, self._realm) app.before_request(self.authenticate) app.teardown_appcontext(self.clear)
def connect(self, username=None, password=None): if username: ldap_user = username else: ldap_user = self.config.ldap_user if password: ldap_pass = password else: ldap_pass = read_password(ldap_user, self.config.ldap_server) self.connection = ldap.initialize('{0}://{1}'.format( self.config.ldap_proto, self.config.ldap_server )) self.connection.bind_s(self.config.bind_dn_template.format(ldap_user), ldap_pass)
def make_ephorte_client(config_file, mock=False): """Setup ephorte ws from config file name :type config_file: basestring :param config_file: file name """ from Cerebrum.Utils import read_password config = Config(config_file) cls = Cerebrum2EphorteClientMock if mock else Cerebrum2EphorteClient client = cls(wsdl=config.wsdl, customer_id=config.customer_id, database=config.database, client_key=config.client_key, client_cert=config.client_cert, ca_certs=config.ca_certs, username=config.username, password=read_password( config.username, config.wsdl.split('/')[2]), timeout=config.timeout) return client, config
def ldap_connect(self, serv_l=None): if not serv_l: serv_l = cereconf.LDAP['server'] for server in serv_l: try: serv, user = [str(y) for y in server.split(':')] f_name = cereconf.LDAP[ 'dump_dir'] + '/log/' + serv + '.sync.log' try: passwd = read_password(user, serv) except: logger.warn('No valid password-file for %r!', serv) break if os.path.isfile(f_name): self.s_list[serv] = [file(f_name, 'a')] else: self.s_list[serv] = [file(f_name, 'w')] user = "******".join((user, ldapconf('ORG', 'dn'))) con = ldap.open(serv) con.protocol_version = ldap.VERSION3 try: if cereconf.TLS_CACERT_FILE is not None: con.OPT_X_TLS_CACERTFILE = cereconf.TLS_CACERT_FILE except: pass try: if cereconf.TLS_CACERT_DIR is not None: con.OPT_X_TLS_CACERTDIR = cereconf.TLS_CACERT_DIR except: pass l_bind = None try: con.start_tls_s() l_bind = con.simple_bind(user, passwd) self.s_list[serv].append(con) except: logger.warn("Could not open TLS-connection to %r", serv) self.s_list[serv][0].close() del self.s_list[serv] if l_bind and con: logger.info("TLS-connection open to %r", serv) except ldap.LDAPError as e: logger.warn(e)
def connect(self, user=None, password=None, service=None, client_encoding=None, host=None, port=None): dsn = [] if service is None: service = cereconf.CEREBRUM_DATABASE_NAME if user is None: user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user') if host is None: host = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('host') if port is None: port = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('port') if password is None and user is not None: password = read_password(user, service, host) if service is not None: dsn.append('dbname=' + service) if user is not None: dsn.append('user='******'password='******'host=' + host) if port is not None: dsn.append('port=' + str(port)) dsn_string = ' '.join(dsn) if client_encoding is None: client_encoding = self.encoding else: self.encoding = client_encoding app_name = _format_pg_app_name(os.path.basename(sys.argv[0])) super(PsycoPG2, self).connect(dsn_string, application_name=app_name) self._db.set_isolation_level(1) # read-committed self.execute("SET CLIENT_ENCODING TO '%s'" % client_encoding) self.commit()
def make_ephorte_client(config_file, mock=False): """Setup ephorte ws from config file name :type config_file: basestring :param config_file: file name """ from Cerebrum.Utils import read_password config = Config(config_file) cls = Cerebrum2EphorteClientMock if mock else Cerebrum2EphorteClient client = cls(wsdl=config.wsdl, customer_id=config.customer_id, database=config.database, client_key=config.client_key, client_cert=config.client_cert, ca_certs=config.ca_certs, username=config.username, password=read_password(config.username, config.wsdl.split('/')[2]), timeout=config.timeout) return client, config
def ldap_connect(self, serv_l=None): if not serv_l: serv_l = cereconf.LDAP['server'] for server in serv_l: try: serv, user = [str(y) for y in server.split(':')] f_name = cereconf.LDAP['dump_dir']+'/log/' + serv+'.sync.log' try: passwd = read_password(user, serv) except: logger.warn('No valid password-file for %r!', serv) break if os.path.isfile(f_name): self.s_list[serv] = [file(f_name, 'a')] else: self.s_list[serv] = [file(f_name, 'w')] user = "******".join((user, ldapconf('ORG', 'dn'))) con = ldap.open(serv) con.protocol_version = ldap.VERSION3 try: if cereconf.TLS_CACERT_FILE is not None: con.OPT_X_TLS_CACERTFILE = cereconf.TLS_CACERT_FILE except: pass try: if cereconf.TLS_CACERT_DIR is not None: con.OPT_X_TLS_CACERTDIR = cereconf.TLS_CACERT_DIR except: pass l_bind = None try: con.start_tls_s() l_bind = con.simple_bind(user, passwd) self.s_list[serv].append(con) except: logger.warn("Could not open TLS-connection to %r", serv) self.s_list[serv][0].close() del self.s_list[serv] if l_bind and con: logger.info("TLS-connection open to %r", serv) except ldap.LDAPError as e: logger.warn(e)
def connect(self, user=None, password=None, service=None, client_encoding=None, host=None, port=None): dsn = [] if service is None: service = cereconf.CEREBRUM_DATABASE_NAME if user is None: user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user') if host is None: host = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('host') if port is None: port = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('port') if password is None and user is not None: password = read_password(user, service, host) if service is not None: dsn.append('dbname=' + service) if user is not None: dsn.append('user='******'password='******'host=' + host) if port is not None: dsn.append('port=' + str(port)) dsn_string = ' '.join(dsn) if client_encoding is None: client_encoding = self.encoding else: self.encoding = client_encoding super(PsycoPG2, self).connect(dsn_string) self._db.set_isolation_level(1) # read-committed self.execute("SET CLIENT_ENCODING TO '%s'" % client_encoding) self.commit()
def connect(self, user=None, password=None, service=None, client_encoding=None): cdata = self._connect_data cdata.clear() cdata['arg_user'] = user cdata['arg_password'] = password cdata['arg_service'] = service if service is None: service = cereconf.CEREBRUM_DATABASE_NAME if user is None: user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user') if password is None: password = read_password(user, service) conn_str = '%s/%s@%s' % (user, password, service) cdata['conn_str'] = conn_str if client_encoding is None: client_encoding = self.encoding else: self.encoding = client_encoding # The encoding names in Oracle don't look like PostgreSQL's, # so we translate them into a single standard. # TODO: Fix this, so that all valid encodings will actually work? encoding_names = { 'iso8859-1': "american_america.we8iso8859p1", 'utf-8': "american_america.utf8" } codec_info = codecs.lookup(client_encoding) os.environ['NLS_LANG'] = encoding_names.get(codec_info.name, client_encoding) # Call superclass .connect with appropriate CONNECTIONSTRING; # this will in turn invoke the connect() function in the # cx_Oracle module. super(cx_Oracle, self).connect(conn_str) self._db.inputtypehandler = cx_InputTypeHandler self._db.outputtypehandler = cx_OutputTypeHandler
def main(inargs=None): parser = argparse.ArgumentParser(description="Update LDAP") Cerebrum.logutils.options.install_subparser(parser) args = parser.parse_args(inargs) Cerebrum.logutils.autoconf('cronjob', args) today = datetime.date.today().strftime('%Y%m%d') ldap_server = cereconf.LDAP['server'] user = cereconf.LDAP['user'] password = read_password(user, ldap_server) ldap_dump_dir = ldapconf(None, 'dump_dir') infile = os.path.join(ldap_dump_dir, 'uit_diff_%s' % (today, )) ldap_temp_file = os.path.join(ldap_dump_dir, "temp_uit_ldif") ldap_diff = os.path.join(ldap_dump_dir, "uit_ldif") ret = 0 ret = os.system(' '.join(( '/usr/bin/ldapmodify', '-x', '-H', 'ldaps://%s' % (ldap_server, ), '-D', '"cn=%s,dc=uit,dc=no"' % (user, ), '-w', password, '-f', infile, ))) if ret != 0: logger.error("Unable to update ldap server") raise SystemExit(1) ret = os.system("mv %s %s" % (ldap_temp_file, ldap_diff)) if ret != 0: logger.error("Unable to copy tempfile") raise SystemExit(1)
def _get_data(config, url): import requests import json from Cerebrum.Utils import read_password auth = (config.auth_user, read_password(user=config.auth_user, system=config.auth_system)) headers = {'Accept': 'application/json'} try: logger.debug4(u'Fetching {}'.format(url)) r = requests.get(url, auth=auth, headers=headers) logger.debug4(u'Fetch completed') except Exception as e: # Be polite on connection errors. Conenction errors seldom fix # themselves quickly. import time time.sleep(1) raise RemoteSourceUnavailable(str(e)) if r.status_code == 200: data = json.loads(r.text).get(u'd', None) for k in data: if (isinstance(data.get(k), dict) and '__deferred' in data.get(k) and 'uri' in data.get(k).get('__deferred')): # Fetch, unpack and store data r = _get_data(config, data.get(k).get('__deferred').get('uri')) if r.keys() == [u'results']: r = r[u'results'] data.update({k: r}) return data else: raise RemoteSourceError( u'Could not fetch {} from remote source: {}: {}'.format( url, r.status_code, r.reason))
def connect(self, user=None, password=None, service=None, client_encoding=None): cdata = self._connect_data cdata.clear() cdata['arg_user'] = user cdata['arg_password'] = password cdata['arg_service'] = service if service is None: service = cereconf.CEREBRUM_DATABASE_NAME if user is None: user = cereconf.CEREBRUM_DATABASE_CONNECT_DATA.get('user') if password is None: password = read_password(user, service) conn_str = '%s/%s@%s' % (user, password, service) cdata['conn_str'] = conn_str if client_encoding is None: client_encoding = self.encoding else: self.encoding = client_encoding # The encoding names in Oracle don't look like PostgreSQL's, # so we translate them into a single standard. # TODO: Fix this, so that all valid encodings will actually work? encoding_names = {'iso8859-1': "american_america.we8iso8859p1", 'utf-8': "american_america.utf8"} codec_info = codecs.lookup(client_encoding) os.environ['NLS_LANG'] = encoding_names.get(codec_info.name, client_encoding) # Call superclass .connect with appropriate CONNECTIONSTRING; # this will in turn invoke the connect() function in the # cx_Oracle module. super(cx_Oracle, self).connect(conn_str) self._db.inputtypehandler = cx_InputTypeHandler self._db.outputtypehandler = cx_OutputTypeHandler
key = val elif opt in ("-i",): instance = val elif opt in ("-h",): usage() elif opt in ("-H",): host = val else: print "Error: Invalid arg" usage(-2) if not key: from Cerebrum.Utils import read_password try: key = read_password(instance, host) except Exception, e: logger.error("Error: %s" % e) sys.exit(-3) if file and key: return export(file, key, host) elif key: return status(key, host) else: usage(-1) if __name__ == "__main__": main()
if not host: host = sync['server'] if not port: port = sync.get('port', None) user = sync['auth_user'] logger.info("Start") client = WinRMClient(host=host, port=port, encrypted=encrypted, logger=logger) # TODO: add ca, client_key and client_cert client._winrs_skip_cmd_shell = False #client._winrs_consolemode_stdin = False client.add_credentials(username=user, password=unicode(read_password(user, host), 'utf-8')) for opt, val in opts: if opt == '--delete-shell': logger.info("Deleting shell with ShellId: %s", val) client.wsman_delete(val) logger.info("Finished") sys.exit() # Get server identification: logger.info("Identifying server") ident = client.wsman_identify() # TODO: doesn't work now for key in ('ProtocolVersion', 'ProductVendor', 'ProductVersion'): for event, elem in ident.iterfind(
elif opt in ('-k', ): key = val elif opt in ('-i', ): instance = val elif opt in ('-h', ): usage() elif opt in ('-H', ): host = val else: print "Error: Invalid arg" usage(-2) if not key: from Cerebrum.Utils import read_password try: key = read_password(instance, host) except Exception, e: logger.error("Error: %s" % e) sys.exit(-3) if file and key: return export(file, key, host) elif key: return status(key, host) else: usage(-1) if __name__ == '__main__': main()
def make_credentials(username, hostname): return pika.credentials.PlainCredentials(username, read_password(username, hostname))
def _read_password(self, database, user): return read_password(user, database)
def decrypt_password(self, method, cryptstring): for system, pgpkey in cereconf.AUTH_PGP.items(): if method == self._pgp_auth(system): passphrase = read_password(pgpkey, system) return pgp_decrypt(cryptstring, pgpkey, passphrase) return self.__super.decrypt_password(method, cryptstring)
def main(): """ """ logger = Factory.get_logger('cronjob') parser = argparse.ArgumentParser( description='The following options are available') parser.add_argument('-H', '--hostname', metavar='HOSTNAME/IP', type=str, dest='hostname', default='localhost', help='MQ hostname / IP address (default: localhost)') parser.add_argument( '-d', '--dryrun', action='store_true', dest='dryrun', default=False, help='Do not actually schedule the tasks. Just logg and be happy') parser.add_argument('-e', '--target-exchange', metavar='EXCHANGE', type=str, dest='target_exchange', default='ex_scheduled_messages', help=('Exchage to send scheduled messages to ' '(default: ex_scheduled_messages)')) parser.add_argument('-q', '--queue', metavar='QUEUE', type=str, dest='queue', default='q_scheduling', help='Queue to consume from (default: q_scheduling)') parser.add_argument('-P', '--port', metavar='PORT', type=int, dest='port', default=5671, help='AMQP port (default: 5671)') parser.add_argument( '-p', '--password', metavar='PASSWORD[FILE]', type=str, dest='password', default='', help=('Password / text-file containing the target password' ' (default & recommended: prompt for passwd)')) parser.add_argument('-t', '--consumer-tag', metavar='TAG', type=str, dest='consumer_tag', default='tiny_scheduler', help='Consumer tag (default: tiny_scheduler)') parser.add_argument('-u', '--username', metavar='USERNAME', type=str, dest='username', default='cerebrum', help='Subscriber username (default: cerebrum)') parser.add_argument('-V', '--vhost', metavar='VHOST', type=str, dest='vhost', default='/no/uio/integration', help='Vhost (default: /no/uio/integration)') args = parser.parse_args() args.logger = logger logger.info('tiny_scheduler started') if not args.password: try: args.password = read_password(args.username, args.hostname) except Exception as e: logger.error('Unable to retrieve password for user {username}: ' '{error}'.format(username=args.username, error=e)) sys.exit(errno.EACCES) elif os.path.isfile(args.password): try: with open(args.password, 'r') as fp: passwd = fp.readline() if passwd.strip(): args.password = passwd.strip() except Exception as e: logger.error('Unable to open password file: {0}'.format(e)) sys.exit(1) creds_broker = pika.PlainCredentials(args.username, args.password) conn_params = pika.ConnectionParameters(args.hostname, args.port, virtual_host=args.vhost, ssl=True, credentials=creds_broker) conn_broker = pika.BlockingConnection(conn_params) channel = conn_broker.channel() consumer_callback = ConsumerCallback(args) channel.basic_consume(consumer_callback, queue=args.queue, no_ack=False, consumer_tag=args.consumer_tag) logger.info('Consumer active!') try: channel.start_consuming() except KeyboardInterrupt: logger.info('Terminating...')
print "Command to run is required" usage(1) if not host: host = sync['server'] if not port: port = sync.get('port', None) user = sync['auth_user'] client = WinRMClient(host=host, port=port, encrypted=encrypted, logger=logger) # TODO: add ca, client_key and client_cert client._winrs_skip_cmd_shell = False #client._winrs_consolemode_stdin = False client.add_credentials(username=user, password=read_password(user, host)) client.connect() code = ' '.join(args) logger.debug("Running code: %s" % code) try: out = client.run(code) finally: client.close() for outtype in ('stderr', 'stdout'): data = out.get(outtype) if data: print '%s:' % outtype.upper() print data print
def main(): """ """ logger = Factory.get_logger('cronjob') parser = argparse.ArgumentParser( description='The following options are available') parser.add_argument( '-H', '--hostname', metavar='HOSTNAME/IP', type=str, dest='hostname', default='localhost', help='MQ hostname / IP address (default: localhost)') parser.add_argument( '-d', '--dryrun', action='store_true', dest='dryrun', default=False, help='Do not actually schedule the tasks. Just logg and be happy') parser.add_argument( '-q', '--queue', metavar='QUEUE', type=str, dest='queue', default='q_scheduling', help='Queue to consume from (default: q_scheduling)') parser.add_argument( '-P', '--port', metavar='PORT', type=int, dest='port', default=5671, help='AMQP port (default: 5671)') parser.add_argument( '-p', '--password', metavar='PASSWORD[FILE]', type=str, dest='password', default='', help=('Password / text-file containing the target password' ' (default & recommended: prompt for passwd)')) parser.add_argument( '-t', '--consumer-tag', metavar='TAG', type=str, dest='consumer_tag', default='tiny_scheduler', help='Consumer tag (default: tiny_scheduler)') parser.add_argument( '-u', '--username', metavar='USERNAME', type=str, dest='username', default='cerebrum', help='Subscriber username (default: cerebrum)') parser.add_argument( '-V', '--vhost', metavar='VHOST', type=str, dest='vhost', default='/no/uio/integration', help='Vhost (default: /no/uio/integration)') args = parser.parse_args() args.logger = logger logger.info('tiny_scheduler started') if not args.password: try: args.password = read_password(args.username, args.hostname) except Exception as e: logger.error( 'Unable to retrieve password for user {username}: ' '{error}'.format(username=args.username, error=e)) sys.exit(errno.EACCES) elif os.path.isfile(args.password): try: with open(args.password, 'r') as fp: passwd = fp.readline() if passwd.strip(): args.password = passwd.strip() except Exception as e: logger.error('Unable to open password file: {0}'.format(e)) sys.exit(1) creds_broker = pika.PlainCredentials(args.username, args.password) conn_params = pika.ConnectionParameters(args.hostname, args.port, virtual_host=args.vhost, ssl=True, credentials=creds_broker) conn_broker = pika.BlockingConnection(conn_params) channel = conn_broker.channel() consumer_callback = ConsumerCallback(args) channel.basic_consume(consumer_callback, queue=args.queue, no_ack=False, consumer_tag=args.consumer_tag) logger.info('Consumer active!') try: channel.start_consuming() except KeyboardInterrupt: logger.info('Terminating...')
def make_credentials(username, hostname): return pika.credentials.PlainCredentials( username, read_password(username, hostname))
if not host: host = sync['server'] if not port: port = sync.get('port', None) user = sync['auth_user'] logger.info("Start") client = WinRMClient(host=host, port=port, encrypted=encrypted, logger=logger) # TODO: add ca, client_key and client_cert client._winrs_skip_cmd_shell = False #client._winrs_consolemode_stdin = False client.add_credentials(username=user, password=read_password(user, host)) for opt, val in opts: if opt == '--delete-shell': logger.info("Deleting shell with ShellId: %s", val) client.wsman_delete(val) logger.info("Finished") sys.exit() # Get server identification: logger.info("Identifying server") ident = client.wsman_identify() # TODO: doesn't work now for key in ('ProtocolVersion', 'ProductVendor', 'ProductVersion'): for event, elem in ident.iterfind( '{http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd}%s'
usage(1) if not host: host = sync['server'] if not port: port = sync.get('port', None) user = sync['auth_user'] logger.info("Start") client = WinRMClient(host=host, port=port, encrypted=encrypted, logger=logger) # TODO: add ca, client_key and client_cert client._winrs_skip_cmd_shell = False #client._winrs_consolemode_stdin = False client.add_credentials(username=user, password=unicode(read_password(user, host), 'utf-8')) for opt, val in opts: if opt == '--delete-shell': logger.info("Deleting shell with ShellId: %s", val) client.wsman_delete(val) logger.info("Finished") sys.exit() # Get server identification: logger.info("Identifying server") ident = client.wsman_identify() # TODO: doesn't work now for key in ('ProtocolVersion', 'ProductVendor', 'ProductVersion'):