def register_system(client, minion): """ Adds a spacewalk registration for a minion. """ # ask for the minion data to get its id that tell us # if it is registered, and data to register it ret = client.cmd_iter(minion, GRAINS_ITEMS_CMD) for grains in ret: logger.info("Registering new minion: %s", minion) if minion in grains: values = grains[minion]['ret'] logger.debug("%s grains:\n%s", minion, pp.pformat(values)) username = client.cmd(minion, PILLAR_GET_CMD, [ADMIN_USER_PILLAR_KEY]) if not username[minion]: logger.error("Can't get admin user from pillar key '%s'", ADMIN_USER_PILLAR_KEY) continue user = rhnUser.search(username[minion]) rhnSQL.clear_log_id() newserv = rhnServer.Server(user, values['osarch']) token = client.cmd(minion, PILLAR_GET_CMD, [ACTIVATION_KEY_PILLAR_KEY]) if not token[minion]: tokens_obj = rhnServer.search_org_token(user.contact["org_id"]) rhnFlags.set("universal_registration_token", tokens_obj) else: tokens_obj = rhnServer.search_token(token[minion]) rhnFlags.set("registration_token", tokens_obj) # reserve the id newserv.getid() # overrite the digital id # FIXME: None of these values appear in the systems properties newserv.server['digital_server_id'] = 'SALT-ID-%s' % minion newserv.server['release'] = values['osrelease'] newserv.server['os'] = values['osfullname'] newserv.server['name'] = minion newserv.server['running_kernel'] = values['kernelrelease'] newserv.virt_uuid = None newserv.save() rhnSQL.commit() logger.info("%s registered as %s", minion, newserv.getid()) else: logger.error("Registration failed: Can't get grains for %s", minion)
def search(server_id, username = None): log_debug(3, server_id, username) s = Server(None) if not s.reload(server_id) == 0: log_error("Reloading server id %d failed" % server_id) # we can't say that the server is not really found raise rhnFault(20) # now that it is reloaded, fix up the s.user field if username: s.user = rhnUser.search(username) return s
def login(self, username, password): """ This function that takes in the username and password and returns a session string if they are correct. It raises a rhnFault if the user/pass combo is not acceptable. """ log_debug(5, username) user = rhnUser.search(username) if not user or not user.check_password(password): raise rhnFault(2) session = user.create_session() return session.get_session()
def login(self, dict): log_debug(1) username = dict.get('username') password = dict.get('password') self.user = rhnUser.search(username) if not self.user or not (self.user.check_password(password)): raise rhnFault(2) # Good to go session = self.user.create_session() return session.get_session()
def search(server_id, username=None): """ search for a server in the database and return the Server object """ log_debug(3, server_id, username) s = Server(None) if not s.reload(server_id) == 0: log_error("Reloading server id %d failed" % server_id) # we can't say that the server is not really found raise rhnFault(20) # now that it is reloaded, fix up the s.user field if username: s.user = rhnUser.search(username) return s
def available_eus_channels(self, username, password, arch, version, release, other=None): ''' Given a server arch, redhat-release version, and redhat-release release returns the eligible channels for that system based on the entitlements in the org specified by username/password Returns a dict of the available channels in the format: {'default_channel' : 'channel_label', 'receiving_updates' : ['channel_label1', 'channel_label2'], 'channels' : {'channel_label1' : 'channel_name1', 'channel_lable2' : 'channel_name2'} } ''' user = rhnUser.search(username) if user is None: log_error("invalid username", username) raise rhnFault(2) if not user.check_password(password): log_error("User password check failed", username) raise rhnFault(2) server_arch = normalize_server_arch(arch) user_id = user.getid() org_id = user.contact['org_id'] channels = rhnChannel.base_eus_channel_for_ver_rel_arch( version, release, server_arch, org_id, user_id) log_debug(4, "EUS Channels are: %s" % str(channels)) default_channel = '' eus_channels = {} receiving_updates = [] if channels is not None: eus_channels = {} for channel in channels: eus_channels[channel['label']] = channel['name'] if channel['is_default'] == 'Y': default_channel = channel['label'] if channel['receiving_updates'] == 'Y': receiving_updates.append(channel['label']) return {'default_channel' : default_channel, 'receiving_updates' : receiving_updates, 'channels' : eus_channels}
def test_server_search(use_key=0): if use_key: user = None else: user = '******' u = rhnUser.search(user) s = rhnServer.Server(u, arch="athlon") s.server["release"] = "2.1AS" s.server["name"] = "test 1" if use_key: rhnFlags.set("registration_token", 'a02487cf77e72f86338f44212d23140d') s.save() print s.server["id"]
def test_disabled_users_are_listed(self): "Create a user, disable it and check if it is listed" u = misc_functions.create_new_user() self._verify_new_user(u) username = u.contact['login'] uid = u.getid() h = rhnSQL.prepare(""" INSERT INTO rhnwebcontactchangelog (id, web_contact_id, change_state_id) VALUES (5555, :user_id, 2) """) h.execute(user_id=uid) self.assertNotEqual(rhnUser.search(username), None)
def update_contact_info(self, username, password, info={}): """ this API call is no longer used """ log_debug(5, username, info) username, password = str(username), str(password) user = rhnUser.search(username) if user is None: log_error("invalid username", username) raise rhnFault(2) if not user.check_password(password): log_error("User password check failed", username) raise rhnFault(2) return 0
def _lookup_org_id(self, org_id): if isinstance(org_id, types.StringType): # Is it a user? u = rhnUser.search(org_id) if not u: raise InvalidUserError(org_id) return u.contact['org_id'] t = rhnSQL.Table('web_customer', 'id') row = t[org_id] if not row: raise InvalidOrgError(org_id) return row['id']
def login(self, dict): log_debug(1) username = dict.get('username') password = dict.get('password') self.user = rhnUser.search(username) if not self.user or not (self.user.check_password(password)): raise rhnFault(2) if rhnUser.is_user_disabled(username): msg = _(""" %s Account has been deactivated on this server. Please contact your Org administrator for more help.""") raise rhnFault(1, msg % username, explain=0) # Good to go session = self.user.create_session() return session.get_session()
def lookup_org_id(org_id): "Look up the org id by user name" if isinstance(org_id, types.StringType): # Is it a user? u = rhnUser.search(org_id) if not u: raise rhnServerGroup.InvalidUserError(org_id) return u.contact['org_id'] t = rhnSQL.Table('web_customer', 'id') row = t[org_id] if not row: raise rhnServerGroup.InvalidOrgError(org_id) return row['id']
def getUserGroups(login, password): # Authenticates a user and returns the list of groups it belongs # to, and the org id add_to_seclist(password) log_debug(4, login) user = rhnUser.search(login) if not user: log_debug("rhnUser.search failed") raise rhnFault(2) # Check the user's password if not user.check_password(password): log_debug("user.check_password failed") raise rhnFault(2) return getUserGroupsFromUserInstance(user)
def login(self, username, password): """ This function that takes in the username and password and returns a session string if they are correct. It raises a rhnFault if the user/pass combo is not acceptable. """ log_debug(5, username) user = rhnUser.search(username) if not user or not user.check_password(password): raise rhnFault(2) if rhnUser.is_user_disabled(username): msg = _(""" %s Account has been deactivated on this server. Please contact your Org administrator for more help.""") raise rhnFault(1, msg % username, explain=0) if rhnUser.is_user_read_only(user.username): raise rhnFault(702) session = user.create_session() return session.get_session()
def loadcert(self, cert, load_user=1): log_debug(4, cert) # certificate is presumed to be already verified if not isinstance(cert, Certificate): return -1 # reload the whole thing based on the cert data server = cert["system_id"] row = server_lib.getServerID(server) if row is None: return -1 sid = row["id"] # standard reload based on an ID ret = self.reload(sid) if not ret == 0: return ret # the reload() will never be able to fill in the username. It # would require from the database standpoint insuring that for # a given server we can have only one owner at any given time. # cert includes it and it's valid because it has been verified # through checksuming before we got here self.user = None # Load the user if at all possible. If it's not possible, # self.user will be None, which should be a handled case wherever # self.user is used. if load_user: # Load up the username associated with this profile self.user = rhnUser.search(cert["username"]) # 4/27/05 wregglej - Commented out this block because it was causing problems # with rhn_check/up2date when the user that registered the system was deleted. # if not self.user: # log_error("Invalid username for server id", # cert["username"], server, cert["profile_name"]) # raise rhnFault(9, "Invalid username '%s' for server id %s" %( # cert["username"], server)) # XXX: make sure that the database thinks that the server # registrnt is the same as this certificate thinks. The # certificate passed checksum checks, but it never hurts to be # too careful now with satellites and all. return 0
def system_id(self): log_debug(3, self.server, self.cert) if self.cert is None: # need to instantiate it cert = Certificate() cert["system_id"] = self.server["digital_server_id"] cert["os_release"] = self.server["release"] cert["operating_system"] = self.server["os"] cert["architecture"] = self.archname cert["profile_name"] = self.server["name"] cert["description"] = self.server["description"] if not self.user: log_debug(1, "The username is not available. Taking an active " \ "administrator from the same organization") self.user = rhnUser.search(self._get_active_org_admins( self.server["org_id"])[0]["login"]) cert["username"] = self.user.contact["login"] cert["type"] = self.type cert.set_secret(self.server["secret"]) self.cert = cert return self.cert.certificate()
def validate_system_user(self, username, password): username, password = rhnUser.check_user_password(username, password) user = rhnUser.search(username) if user is None: log_error("Can't register server to non-existent user") raise rhnFault(2, _("Attempt to register a system to an invalid username")) # This check validates username and password if not user.check_password(password): log_error("User password check failed", username) raise rhnFault(2) if rhnUser.is_user_disabled(username): msg = _(""" %s Account has been deactivated on this server. Please contact your Org administrator for more help.""") raise rhnFault(1, msg % username, explain=0) return user
def getUserGroups(login, password): # Authenticates a user and returns the list of groups it belongs # to, and the org id add_to_seclist(password) log_debug(4, login) user = rhnUser.search(login) if not user: log_debug("rhnUser.search failed") raise rhnFault(2) # Check the user's password if not user.check_password(password): log_debug("user.check_password failed") raise rhnFault(2) if rhnUser.is_user_disabled(username): msg = _(""" %s Account has been deactivated on this server. Please contact your Org administrator for more help.""") raise rhnFault(1, msg % username, explain=0) return getUserGroupsFromUserInstance(user)
# Copyright (c) 2008--2013 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # from spacewalk.common.rhnConfig import initCFG from spacewalk.server import rhnSQL, rhnUser rhnSQL.initDB("rhnuser/rhnuser@webdev") initCFG('server.xmlrpc') u = rhnUser.search("mibanescu-channel-admin") session = u.create_session() s = session.get_session() print("Checking with session", s) u = rhnUser.session_reload(s) print(u) print(u.username)
def create_new_user(org_id=None, username=None, password=None, roles=None, encrypt_password=False): "Create a new user" if org_id is None: org_id = create_new_org() else: org_id = lookup_org_id(org_id) if username is None: username = "******" % time.time() if password is None: password = "******" % time.time() if encrypt_password: password = rhnUser.encrypt_password(password) if roles is None: roles = [] login = username oracle_contact_id = None prefix = "Mr." first_names = "First Name %3.f" % time.time() last_name = "Last Name %3.f" % time.time() genqual = None parent_company = None company = "ACME" title = "" phone = "" fax = "" email = "*****@*****.**" % username pin = 0 first_names_ol = " " last_name_ol = " " address1 = " " address2 = " " address3 = " " city = " " state = " " zip_code = " " country = " " alt_first_names = None alt_last_name = None contact_call = "N" contact_mail = "N" contact_email = "N" contact_fax = "N" f = rhnSQL.Function('create_new_user', rhnSQL.types.NUMBER()) ret = f(org_id, login, password, oracle_contact_id, prefix, first_names, last_name, genqual, parent_company, company, title, phone, fax, email, pin, first_names_ol, last_name_ol, address1, address2, address3, city, state, zip_code, country, alt_first_names, alt_last_name, contact_call, contact_mail, contact_email, contact_fax) u = rhnUser.search(username) if u is None: raise Exception("Couldn't create the new user - user not found") # Set roles h = rhnSQL.prepare(""" select ug.id from rhnUserGroupType ugt, rhnUserGroup ug where ug.org_id = :org_id and ug.group_type = ugt.id and ugt.label = :role """) create_ugm = rhnSQL.Procedure("rhn_user.add_to_usergroup") for role in roles: h.execute(org_id=org_id, role=role) row = h.fetchone_dict() if not row: raise InvalidRoleError(org_id, role) user_group_id = row['id'] create_ugm(u.getid(), user_group_id) return u
def create_new_user(org_id=None, username=None, password=None, roles=None, encrypt_password = False): "Create a new user" if org_id is None: org_id = create_new_org() else: org_id = lookup_org_id(org_id) if username is None: username = "******" % time.time() if password is None: password = "******" % time.time() if encrypt_password: password = rhnUser.encrypt_password(password) if roles is None: roles = [] login = username oracle_contact_id = None prefix = "Mr." first_names = "First Name %3.f" % time.time() last_name = "Last Name %3.f" % time.time() genqual = None parent_company = None company = "ACME" title = "" phone = "" fax = "" email = "*****@*****.**" % username pin = 0 first_names_ol = " " last_name_ol = " " address1 = " " address2 = " " address3 = " " city = " " state = " " zip_code = " " country = " " alt_first_names = None alt_last_name = None contact_call = "N" contact_mail = "N" contact_email = "N" contact_fax = "N" f = rhnSQL.Function('create_new_user', rhnSQL.types.NUMBER()) ret = f( org_id, login, password, oracle_contact_id, prefix, first_names, last_name, genqual, parent_company, company, title, phone, fax, email, pin, first_names_ol, last_name_ol, address1, address2, address3, city, state, zip_code, country, alt_first_names, alt_last_name, contact_call, contact_mail, contact_email, contact_fax ) u = rhnUser.search(username) if u is None: raise Exception("Couldn't create the new user - user not found") # Set roles h = rhnSQL.prepare(""" select ug.id from rhnUserGroupType ugt, rhnUserGroup ug where ug.org_id = :org_id and ug.group_type = ugt.id and ugt.label = :role """) create_ugm = rhnSQL.Procedure("rhn_user.add_to_usergroup") for role in roles: h.execute(org_id=org_id, role=role) row = h.fetchone_dict() if not row: raise InvalidRoleError(org_id, role) user_group_id = row['id'] create_ugm(u.getid(), user_group_id) return u