def make_error(code, topic=None, details=None, **kwargs): # Add topic to make it usable inside of the error messages if not kwargs: kwargs = {} kwargs.update(dict(topic=topic)) # Assemble message text = ClacksErrorHandler._codes[code] % kwargs # Assemble error information env = Environment.getInstance() db = env.get_mongo_db('clacks').errors data = dict(code=code, topic=topic, text=text, kwargs=kwargs, trace=traceback.format_stack(), details=details, timestamp=datetime.now(), user=None) # Write to db and update uuid __id = str(db.save(data)) # First, catch unconverted exceptions if not code in ClacksErrorHandler._codes: return code return '<%s> %s' % (__id, text)
def setSambaPassword(self, user, object_dn, password): """ Set a new samba-password for a user """ # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "sambaNTPassword") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "w", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to write %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "w") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "sambaLMPassword") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "w", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to write %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "w") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) # Set the password and commit the changes lm, nt = smbpasswd.hash(password) user = ObjectProxy(object_dn) user.sambaNTPassword = nt user.sambaLMPassword = lm user.commit()
def __init__(self, *args, **kwargs): self.log = logging.getLogger(__name__) self.env = Environment.getInstance() self.__secret = self.env.config.get('http.cookie-secret', default="TecloigJink4") self.__consumer = None super(WSHandler, self).__init__(*args, **kwargs)
def main(): env = Environment.getInstance() config = env.config # Load configuration path = config.get('backend-monitor.audit-log', default='/var/lib/clacks/ldap-audit.log') modifier = config.get('backend-monitor.modifier') user = config.get('core.id') password = config.get('amqp.key') url = parseURL(makeAuthURL(config.get('amqp.url'), user, password)) # Connect to Clacks BUS proxy = AMQPServiceProxy(url['source'] + "/" + env.domain) # Main loop while True: sleep(1) # Wait for file to pop up if not os.path.exists(path): continue # Wait for file to be file if not os.path.isfile(path): continue # Check if it is effectively readable try: with open(path) as f: pass except IOError as e: continue # Listen for changes monitor(path, modifier, proxy)
def accountUnlockable(self, user, object_dn): index = PluginRegistry.getInstance("ObjectIndex") # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "isLocked") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "r", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to read %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "r") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) res = index.search({"dn": object_dn, "userPassword": {"$size": 1}}, {"userPassword": 1}) if res.count(): hsh = res[0]["userPassword"][0] else: # No password hash -> cannot lock/unlock account return False # Try to detect the responsible password method-class pwd_o = self.detect_method_by_hash(hsh) if not pwd_o: # Could not identify password method return False return pwd_o.isUnlockable(hsh)
def setUp(self): """ Stuff to be run before every test """ Environment.config = os.path.join(os.path.dirname(os.path.realpath(__file__))) Environment.noargs = True self.env = Environment.getInstance() self.mgr = LibinstManager() keyring = """-----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) lQHYBEx2RJ8BBADGAvwUiutOLO+OgkpWmOfNczRcEWZSja8jfZJFAHkSknq7t9lM FD0qYkjxnmGvi44cPmKu7Z2xkBxljyKK5pDOkCqB2QBUrXSnb3rg6/w9gX8Mh1er e8VZ/45sjxqwoUIPWWsrmEotQ9388KbEhdw14FQj/rai/Xa7rqYI6nVQSQARAQAB AAP6AyHggTljDsfnvu3ZQj/ihdj27A056XmOJ4elkobqNpfsdI9l8t3fy4dFvy28 8gKvnzG08uG1iyD1mnBho/sdytTKe7GMLDcHyWWBOl31WLKUzQFTOpQ6EjzKNyNl CGvwSKBm8u81BfNi7FpfgnVI733jdqZ8Lvq5znKRrK4WJdECANOaZn78oghTONUQ 1Fo6PgrjFkD337TR3Dm5tllp0Mlly9C9/N5CiTZj/0VLNyzT0tHVik8WEmF37bgY Zd2gA9kCAO+Oj6k9Bqs6uTjHFmT5NEGvoJVSd4Q+F4jDmT+U2yJEBUk1dHiRAcEr NcRU5VMbpBk9rbsmikX0oA1gavaNmfECAJi9uX99nb+dNWpqFqHxuDKaHapG9cKv AlI+btxIAzPFvqMuHMjFKn6T57D8QpIz1f7LdmlYKKOr3DRmaYOaJBClOrQ2QXV0 b2dlbmVyYXRlZCBLZXkgKEdlbmVyYXRlZCBieSBnbnVwZy5weSkgPGphbndAaG9t ZXI+iLgEEwECACIFAkx2RJ8CGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ ELxLvnLaEqJwX2oD/2wAOYbZG68k7iDOqFI1TpQjlgRQKHNuvindjWrPjfgsDfZH kEhidYX1IRzgyhhLjrPDcB0RTcnjlXm9xOXJb3tcuyKWxi2CHMstdgTMHt6xb37o LcWMU6gayNYj7eMgCOFM6ywySRS81FC+PPnr147xbp5FwgmoPRK52MURsHJ+ =RwlJ -----END PGP PRIVATE KEY BLOCK-----""" self.assertTrue(self.mgr.addKeys(keyring)) self.helperAddRepositoryTypes() self.assertTrue(self.mgr.createDistribution("debian", "deb")) self.assertTrue(self.mgr.createRelease("debian", "lenny")) self.assertTrue(self.mgr.createRelease("debian", "lenny/5.0.4")) self.assertTrue(self.mgr.createRelease("debian", "squeeze"))
def __init__(self): self.env = env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.debug("initializing asterisk number resolver") self.__default_image = Image.open(pkg_resources.resource_filename("amires", "data/phone.png")) # Load resolver for entry in pkg_resources.iter_entry_points("phone.resolver"): module = entry.load() self.log.debug("loading resolver module '%s'" % module.__name__) obj = module() self.resolver[module.__name__] = { 'object': obj, 'priority': obj.priority, } # Load renderer for entry in pkg_resources.iter_entry_points("notification.renderer"): module = entry.load() self.log.debug("loading renderer module '%s'" % module.__name__) self.renderer[module.__name__] = { 'object': module(), 'priority': module.priority, } self.last_event = None
def setUserPassword(self, user, object_dn, password): """ Set a new password for a user """ # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "userPassword") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "w", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to write %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "w") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) user = ObjectProxy(object_dn) method = user.passwordMethod # Try to detect the responsible password method-class pwd_o = self.get_method_by_method_type(method) if not pwd_o: raise PasswordException(C.make_error("PASSWORD_UNKNOWN_HASH", type=method)) # Generate the new password hash usind the detected method pwd_str = pwd_o.generate_password_hash(password, method) # Set the password and commit the changes user.userPassword = pwd_str user.commit()
def __init__(self): env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.debug("initializing AMQP service provider") self.env = env self.__cr = None self.__cmdWorker = None
def lockAccountPassword(self, user, object_dn): """ Locks the account password for the given DN """ # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s.attributes.%s" % (env.domain, "User", "userPassword") aclresolver = PluginRegistry.getInstance("ACLResolver") if not aclresolver.check(user, topic, "w", base=object_dn): self.__log.debug( "user '%s' has insufficient permissions to write %s on %s, required is %s:%s" % (user, "isLocked", object_dn, topic, "w") ) raise ACLException(C.make_error("PERMISSION_ACCESS", topic, target=object_dn)) # Get the object for the given dn user = ObjectProxy(object_dn) # Check if there is a userPasswort available and set if not "userPassword" in user.get_attributes(): raise PasswordException(C.make_error("PASSWORD_NO_ATTRIBUTE")) if not user.userPassword: raise PasswordException(C.make_error("PASSWORD_NOT_AVAILABLE")) # Try to detect the responsible password method-class pwd_o = self.detect_method_by_hash(user.userPassword) if not pwd_o: raise PasswordException(C.make_error("PASSWORD_METHOD_UNKNOWN")) # Lock the hash and save it user.userPassword = pwd_o.lock_account(user.userPassword) user.commit()
def main(): """ Main programm which is called when the clacks agent process gets started. It does the main forking os related tasks. """ # Set process list title os.putenv('SPT_NOENV', 'non_empty_value') setproctitle("clacks-agent") # Inizialize core environment env = Environment.getInstance() if not env.base: env.log.critical("Clacks agent needs a 'core.base' do operate on") exit(1) env.log.info("Clacks %s is starting up (server id: %s)" % (VERSION, env.id)) if env.config.get('core.profile'): import cProfile import clacks.common.lsprofcalltree p = cProfile.Profile() p.runctx('mainLoop(env)', globals(), {'env': env}) #pylint: disable=E1101 k = clacks.common.lsprofcalltree.KCacheGrind(p) data = open('prof.kgrind', 'w+') k.output(data) data.close() else: mainLoop(env)
def __init__(self): env = Environment.getInstance() self.env = env self.log = logging.getLogger(__name__) # Read config values self.__puppet_user = env.config.get("puppet.user", default=env.config.get("client.user", default="clacks")) self.__target_dir = env.config.get("puppet.target", default="/etc/puppet") self.__puppet_command = env.config.get("puppet.command", default="/usr/bin/puppet") self.__report_dir = env.config.get("puppet.report-dir", default="/var/log/puppet") self.__base_dir = getpwnam(self.__puppet_user).pw_dir # Initialize if not already done if not self.puppetIsInitialized(): self.puppetInitialize(True) # Start log listener wm = pyinotify.WatchManager() # pylint: disable-msg=E1101 wm.add_watch(self.__report_dir, pyinotify.IN_CREATE, rec=True, auto_add=True) #@UndefinedVariable notifier = pyinotify.ThreadedNotifier(wm, PuppetLogWatcher()) env.threads.append(notifier) notifier.start()
def __init__(self): conn = get_system_bus() dbus.service.Object.__init__(self, conn, '/org/clacks/puppet') self.env = Environment.getInstance() self.log = logging.getLogger(__name__) self.logdir = self.env.config.get("puppet.report-dir", "/var/log/puppet") # Check puppet configuration config = ConfigParser.ConfigParser() config.read('/etc/puppet/puppet.conf') try: if config.get("main", "report", "false") != "true": raise OptionMissing("puppet has no reporting enabled") if config.get("main", "reportdir", "") != self.logdir: raise OptionMissing("reportdir configured in " \ "/etc/puppet/puppet.conf and %s do not match" % self.env.config.get('core.config')) if config.get("main", "reports", "") != "store_clacks": raise OptionMissing("storage module probably not compatible") except OptionMissing: self.hint("configuration section for puppet is incomplete") except ConfigParser.NoOptionError: self.hint("configuration section for puppet is incomplete")
def setUp(self): """ Stuff to be run before every test """ Environment.config = "sample_test.conf" Environment.noargs = True self.env = Environment.getInstance() self.plugin = SampleModule()
def __init__(self): env = Environment.getInstance() self.env = env self.__dr = DBusRunner.get_instance() self.__bus = None # Register for resume events zope.event.subscribers.append(self.__handle_events)
def __init__(self): self.env = env = Environment.getInstance() self.whitelisted_users = self.env.config.get("doingreport.users") if self.whitelisted_users: self.whitelisted_users = [s.strip() for s in self.whitelisted_users.split(",")] self.forge_url = self.env.config.get("fetcher-goforge.site-url", default="http://localhost/")
def __init__(self): """ Construct a new AMQPClientHandler instance based on the configuration stored in the environment. @type env: Environment @param env: L{Environment} object """ env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.debug("initializing AMQP client handler") self.env = env # Load configuration self.url = parseURL(self.env.config.get('amqp.url', None)) self.domain = self.env.config.get('ampq.domain', default="org.clacks") self.dns_domain = socket.getfqdn().split('.', 1)[1] # Use zeroconf if there's no URL if self.url: o = urlparse(self.url['source']) else: url = ZeroconfClient.discover(['_amqps._tcp', '_amqp._tcp'], domain=self.domain)[0] o = urlparse(url) # pylint: disable=E1101 self.domain = o.path[1::] # Configure system user = self.env.uuid key = self.env.config.get('amqp.key') if key: # pylint: disable=E1101 self.url = parseURL( '%s://%s:%s@%s%s' % (o.scheme, user, key, o.netloc, o.path)) else: self.url = parseURL(url) # Make proxy connection self.log.info( "using service '%s/%s'" % (self.url['host'], self.url['path'])) self.__proxy = AMQPServiceProxy(self.url['source']) # Set params and go for it self.reconnect = self.env.config.get('amqp.reconnect', True) self.reconnect_interval = self.env.config.get( 'amqp.reconnect-interval', 3) self.reconnect_limit = self.env.config.get('amqp.reconnect-limit', 0) # Check if credentials are supplied if not self.env.config.get("amqp.key"): raise Exception("no key supplied - please join the client") # Start connection self.start()
def __init__(self): self.env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.info("initializing object index handler") self.factory = ObjectFactory.getInstance() # Listen for object events zope.event.subscribers.append(self.__handle_events)
def __init__(self): self.env = Environment.getInstance() # Load container mapping from object Factory factory = ObjectFactory.getInstance() self.containers = [] for ot, info in factory.getObjectTypes().items(): if 'container' in info: self.containers.append(ot)
def __init__(self): self.__shells = {} # Use a shell source file env = Environment.getInstance() source = env.config.get('posix.shells', default="/etc/shells") with open(source) as f: self.__shells = filter(lambda y: not y.startswith("#"), [x.strip() for x in f.read().split("\n")])
def __init__(self): env = Environment.getInstance() self.env = env self.log = logging.getLogger(__name__) # Register ourselfs for bus changes on org.clacks dr = DBusRunner.get_instance() self.bus = dr.get_system_bus() self.bus.watch_name_owner("org.clacks", self.__dbus_proxy_monitor)
def searchForObjectDetails(self, user, extension, attribute, fltr, attributes, skip_values): """ Search selectable items valid for the attribute "extension.attribute". This is used to add new groups to the users groupMembership attribute. """ # Extract the the required information about the object # relation out of the BackendParameters for the given extension. of = ObjectFactory.getInstance() be_data = of.getObjectBackendParameters(extension, attribute) if not be_data: raise GOsaException(C.make_error("BACKEND_PARAMETER_MISSING", extension=extension, attribute=attribute)) # Collection basic information otype, oattr, foreignMatchAttr, matchAttr = be_data[attribute] #@UnusedVariable # Create a list of attributes that will be requested if oattr not in attributes: attributes.append(oattr) attrs = dict([(x, 1) for x in attributes]) if not "dn" in attrs: attrs.update({'dn': 1}) # Start the query and brind the result in a usable form index = PluginRegistry.getInstance("ObjectIndex") res = index.search({ '$or': [{'_type': otype}, {'_extensions': otype}], oattr: re.compile("^.*" + re.escape(fltr) + ".*$") }, attrs) result = [] # Do we have read permissions for the requested attribute env = Environment.getInstance() topic = "%s.objects.%s" % (env.domain, otype) aclresolver = PluginRegistry.getInstance("ACLResolver") for entry in res: if not aclresolver.check(user, topic, "s", base=entry['dn']): continue item = {} for attr in attributes: if attr in entry and len(entry[attr]): item[attr] = entry[attr] if attr == "dn" else entry[attr][0] else: item[attr] = "" item['__identifier__'] = item[oattr] # Skip values that are in the skip list if skip_values and item['__identifier__'] in skip_values: continue result.append(item) return result
def __init__(self, path, callback): # Initialize the plugin and set path self.bp = self.path = path self.callback = callback self.env = Environment.getInstance() self.log = logging.getLogger(__name__) # Start the files ystem surveillance thread now self.__start()
def __init__(self): env = Environment.getInstance() self.env = env self.log = logging.getLogger(__name__) self.log.info("initializing JSON RPC service provider") self.path = self.env.config.get('jsonrpc.path', default="/rpc") self.__zeroconf = None self.__http = None self.__app = None
def __init__(self): """ Construct a new ClientService instance based on the configuration stored in the environment. """ env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.info("initializing client service") self.env = env self.__cr = None
def __init__(self, obj): super(ImageProcessor, self).__init__(obj) # Get mongo cache collection env = Environment.getInstance() self.db = env.get_mongo_db('clacks') # Ensure basic index for the objects for index in ['uuid', 'attribute', 'modified']: self.db.cache.ensure_index(index)
def __init__(self): env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.info("initializing HTTP service provider") self.env = env self.srv = None self.ssl = None self.app = None self.host = None self.scheme = None self.port = None
def __init__(self): env = Environment.getInstance() self.env = env self.log = logging.getLogger(__name__) # Register ourselfs for bus changes on org.clacks dr = DBusRunner.get_instance() self.bus = dr.get_system_bus() self.bus.watch_name_owner("org.clacks", self.__dbus_proxy_monitor) # Create icon cache directory self.spool = env.config.get("client.spool", default="/var/spool/clacks")
def __init__(self): self.env = env = Environment.getInstance() # read replacement configuration if not PhoneNumberResolver.replace: for opt in env.config.getOptions("resolver-replace"): itm = env.config.get("resolver-replace.%s" % opt) res = re.search("^\"(.*)\",\"(.*)\"$", itm) res = re.search("^\"(.*)\"[\s]*,[\s]*\"(.*)\"$", itm) if res: PhoneNumberResolver.replace.append([res.group(1), res.group(2)])
def __init__(self): env = Environment.getInstance() self.log = logging.getLogger(__name__) self.log.debug("initializing scheduler") self.env = env self.sched = Scheduler(origin=self.env.id) self.sched.add_jobstore( MongoDBJobStore(database="clacks", collection="scheduler", connection=self.env.get_mongo_connection()), "default", ) self.sched.add_jobstore(RAMJobStore(), "ram", True)