def update_credential_file(username, client_id, credential_data, request_clientname): """ Updates the credential file. """ proxy_dir = glideFactoryLib.factoryConfig.get_client_proxies_dir(username) fname_short = 'credential_%s_%s' % (request_clientname, glideFactoryLib.escapeParam(client_id)) fname = os.path.join(proxy_dir, fname_short) fname_compressed = "%s_compressed" % fname msg = "updating credential file %s" % fname logSupport.log.debug(msg) if username != MY_USERNAME: msg = "updating using privsep" logSupport.log.debug(msg) # use privsep # all args go through the environment, so they are protected update_credential_env = ['HEXDATA=%s' % binascii.b2a_hex(credential_data), 'FNAME=%s' % fname, 'FNAME_COMPRESSED=%s' % fname_compressed] for var in ('PATH', 'LD_LIBRARY_PATH', 'PYTHON_PATH'): if os.environ.has_key(var): update_credential_env.append('%s=%s' % (var, os.environ[var])) try: condorPrivsep.execute(username, glideFactoryLib.factoryConfig.submit_dir, os.path.join(glideFactoryLib.factoryConfig.submit_dir, 'update_proxy.py'), ['update_proxy.py'], update_credential_env) except condorPrivsep.ExeError, e: raise RuntimeError, "Failed to update credential %s in %s (user %s): %s" % (client_id, proxy_dir, username, e) except:
def delete_dir(self): base_dir = os.path.dirname(self.dir) if not os.path.isdir(base_dir): raise RuntimeError("Missing base %s directory %s!" % (self.dir_name, base_dir)) if self.user == MY_USERNAME: # keep it simple, if possible shutil.rmtree(self.dir) elif self.privsep_mkdir: try: # use privsep rmtree, as requested condorPrivsep.rmtree(base_dir, os.path.basename(self.dir)) except condorPrivsep.ExeError as e: raise RuntimeError("Failed to remove %s dir (user %s): %s" % (self.dir_name, self.user, e)) except: raise RuntimeError( "Failed to remove %s dir (user %s): Unknown privsep error" % (self.dir_name, self.user)) else: try: # use the execute command # do not use the rmtree one, as we do not need root privileges condorPrivsep.execute(self.user, base_dir, '/bin/rm', ['rm', '-fr', self.dir], stdout_fname=None) except condorPrivsep.ExeError as e: raise RuntimeError("Failed to remove %s dir (user %s): %s" % (self.dir_name, self.user, e)) except: raise RuntimeError( "Failed to remove %s dir (user %s): Unknown privsep error" % (self.dir_name, self.user))
def create_dir(self,fail_if_exists=True): base_dir=os.path.dirname(self.dir) if not os.path.isdir(base_dir): raise RuntimeError("Missing base %s directory %s."%(self.dir_name, base_dir)) if os.path.isdir(self.dir): if fail_if_exists: raise RuntimeError("Cannot create %s dir %s, already exists."%(self.dir_name, self.dir)) else: return False # already exists, nothing to do if self.user==MY_USERNAME: # keep it simple, if possible try: os.mkdir(self.dir, self.chmod) except OSError as e: raise RuntimeError("Failed to create %s dir: %s"%(self.dir_name, e)) else: try: # use the execute command # do not use the mkdir one, as we do not need root privileges condorPrivsep.execute(self.user, base_dir, '/bin/mkdir', ['mkdir', self.dir], stdout_fname=None) # with condor 7.9.4 a permissions change is required condorPrivsep.execute(self.user, base_dir, '/bin/chmod', ['chmod', "0%o"%self.chmod, self.dir], stdout_fname=None) except condorPrivsep.ExeError as e: raise RuntimeError("Failed to create %s dir (user %s): %s"%(self.dir_name, self.user, e)) except: raise RuntimeError("Failed to create %s dir (user %s): Unknown privsep error"%(self.dir_name, self.user)) return True
def update_credential_file(username, client_id, credential_data, request_clientname): """ Updates the credential file. """ proxy_dir = glideFactoryLib.factoryConfig.get_client_proxies_dir(username) fname_short = 'credential_%s_%s' % (request_clientname, glideFactoryLib.escapeParam(client_id)) fname = os.path.join(proxy_dir, fname_short) fname_compressed = "%s_compressed" % fname msg = "updating credential file %s" % fname logSupport.log.debug(msg) if username != MY_USERNAME: msg = "updating using privsep" logSupport.log.debug(msg) # use privsep # all args go through the environment, so they are protected update_credential_env = [ 'HEXDATA=%s' % binascii.b2a_hex(credential_data), 'FNAME=%s' % fname, 'FNAME_COMPRESSED=%s' % fname_compressed ] for var in ('PATH', 'LD_LIBRARY_PATH', 'PYTHON_PATH'): if var in os.environ: update_credential_env.append('%s=%s' % (var, os.environ[var])) try: condorPrivsep.execute( username, glideFactoryLib.factoryConfig.submit_dir, os.path.join(glideFactoryLib.factoryConfig.submit_dir, 'update_proxy.py'), ['update_proxy.py'], update_credential_env) except condorPrivsep.ExeError as e: raise RuntimeError( "Failed to update credential %s in %s (user %s): %s" % (client_id, proxy_dir, username, e)) except: raise RuntimeError( "Failed to update credential %s in %s (user %s): Unknown privsep error" % (client_id, proxy_dir, username)) else: msg = "no privsep, updating directly" logSupport.log.debug(msg) safe_update(fname, credential_data) compressed_credential = compress_credential(credential_data) safe_update(fname_compressed, compressed_credential) return fname, fname_compressed
raise RuntimeError,"Failed to create %s dir: %s"%(self.dir_name,e) elif self.privsep_mkdir: try: # use privsep mkdir, as requested condorPrivsep.mkdir(base_dir,os.path.basename(self.dir),self.user) # with condor 7.9.4 a permissions change is required condorPrivsep.execute(self.user,base_dir,'/bin/chmod',['chmod','0755',self.dir],stdout_fname=None) except condorPrivsep.ExeError, e: raise RuntimeError,"Failed to create %s dir (user %s): %s"%(self.dir_name,self.user,e) except: raise RuntimeError,"Failed to create %s dir (user %s): Unknown privsep error"%(self.dir_name,self.user) else: try: # use the execute command # do not use the mkdir one, as we do not need root privileges condorPrivsep.execute(self.user,base_dir,'/bin/mkdir',['mkdir',self.dir],stdout_fname=None) # with condor 7.9.4 a permissions change is required condorPrivsep.execute(self.user,base_dir,'/bin/chmod',['chmod','0755',self.dir],stdout_fname=None) except condorPrivsep.ExeError, e: raise RuntimeError,"Failed to create %s dir (user %s): %s"%(self.dir_name,self.user,e) except: raise RuntimeError,"Failed to create %s dir (user %s): Unknown privsep error"%(self.dir_name,self.user) return True def delete_dir(self): base_dir=os.path.dirname(self.dir) if not os.path.isdir(base_dir): raise RuntimeError,"Missing base %s directory %s!"%(self.dir_name,base_dir) if self.user==MY_USERNAME: # keep it simple, if possible