예제 #1
0
    def check_login(fn, self, *a, **kw):
        session_key = cherrypy.session.get('sessionKey', None)
        is_api = util.is_api()

        if not session_key:
            logger.info(
                'require_login - no splunkd sessionKey variable set; cherrypy_session=%s request_path=%s'
                % (cherrypy.session.id, cherrypy.request.path_info))
            logger.debug('require_login - cookie request header: %s' %
                         unicode(cherrypy.request.cookie))
            logger.debug('require_login - cookie response header: %s' %
                         unicode(cherrypy.response.cookie))
            if is_api or util.is_xhr():
                logger.info(
                    'require_login - is api/XHR request, raising 401 status')
                raise cherrypy.HTTPError(401)
            else:
                logger.info('require_login - redirecting to login')
                self.redirect_to_url('/account/login',
                                     _qs=[('return_to',
                                           util.current_url_path())])

        try:
            return fn(self, *a, **kw)
        except splunk.AuthenticationFailed:
            logger.info('sessionKey rejected by splunkd')
            cherrypy.session.delete()
            if is_api or util.is_xhr():
                raise cherrypy.HTTPError(401)
            else:
                self.redirect_to_url('/account/login',
                                     _qs=[('return_to',
                                           util.current_url_path())])
예제 #2
0
    def submitPrincipal(self, config, action, **kwargs):
        '''
        add configuration for a single principal used with a cluster's kerberos
        '''
        app = cherrypy.request.path_info.split('/')[3]
        user = cherrypy.session['user']['name']

        id = kwargs.pop('id', None)

        try:
            principal = Principal.get(id)
            principal.update(kwargs)
            # Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/...
            # instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/...
            if principal.entity and principal.entity.owner:
                principal.entity.owner = 'nobody'
        except:
            principal = Principal(app, user, **kwargs)

        if principal.passive_save():
            if app_util.is_xhr():
                cherrypy.response.status = 200
                return ""
            else:
                raise cherrypy.HTTPRedirect(
                    self.make_url(['app', app, 'config_clusters']), 303)
        else:
            if app_util.is_xhr():
                cherrypy.response.status = 404
            return self.render_template(
                '/%s:/templates/add_principal.html' % app,
                dict(form_content='fomasdafe', app=app, principal=principal))
예제 #3
0
    def submit(self, action, **kwargs):
        '''Accept data to setup the Splunk HDFS app'''

        app = cherrypy.request.path_info.split('/')[3]
        user = cherrypy.session['user']['name']

        #remove the csrf protection...(perhaps this should be done for us?
        del kwargs['splunk_form_key']

        #TODO make this a lib function or static method on the model and replace this and the one in the defaultExports.saveJob
        keys = kwargs.keys()
        partitions = []
        for k in keys:
            if k.startswith(
                    'partition_'
            ):  # and splunk.util.normalizeBoolean(kwargs.get(k, 'f')):
                partitions.append(k[len('partition_'):])
                del kwargs[k]

        kwargs['partition_fields'] = ','.join(
            partitions) if len(partitions) > 0 else 'None'

        kwargs['search'] = 'This should not get saved'

        defaultExport = HDFSExport(app, user, 'default', **kwargs)
        defaultExport.metadata.sharing = 'app'
        defaultExport.metadata.owner = 'nobody'
        defaultExport.metadata.app = app

        logger.info("Submitted setup form with params: %s" % kwargs)

        if defaultExport.passive_save():
            if app_util.is_xhr():
                cherrypy.response.status = 200
                return ""
            raise cherrypy.HTTPRedirect(
                self.make_url(['app', app, 'config_clusters']), 303)

        if app_util.is_xhr():
            cherrypy.response.status = 404
        return self.render_template(
            '/%s:/templates/export_defaults.html' % app,
            dict(form_content='fomasdafe',
                 app=app,
                 defaultExport=defaultExport))
예제 #4
0
    def check(fn, self, *a, **kw):
        is_api = util.is_api()
        request = cherrypy.request
        if not handle_api and is_api:
            raise RequestRefused(404)
        if handle_api is ONLY_API and not is_api:
            raise RequestRefused(404)
        _methods = methods
        if _methods:
            if isinstance(_methods, basestring):
                _methods = [ _methods ]
            if request.method not in _methods:
                raise RequestRefused(405)
        
        # verify that version info is good; do it here so that any URI access
        # will trigger the check
        startup.initVersionInfo()

        # add a convenience property to all request objects to get at the
        # current relative URI
        request.relative_uri = request.path_info + (('?' + request.query_string) if request.query_string else '')
        if cherrypy.config.get('root_endpoint') not in ['/', None, '']:
            request.relative_uri = cherrypy.config.get('root_endpoint') + request.relative_uri

        # CSRF protection
        # Disable in tests by setting cherrypy.config.update({'environment': 'test_suite'})
        if verify_session and request.method == 'POST' and not cherrypy.config.get('environment') == 'test_suite':
            is_xhr = util.is_xhr()
            form_key = request.headers.get('X-Splunk-Form-Key') if is_xhr else request.params.get('splunk_form_key')
            # verify that the incoming form key matches server's version
            if not util.isValidFormKey(form_key):
                if is_xhr:
                    logger.warn('CSRF: validation failed because client XHR did not include proper header')
                else:
                    logger.warn('CSRF: validation failed because HTTP POST did not include expected parameter')
                if must_login:
                    if is_xhr:
                        raise cherrypy.HTTPError(401, _('Splunk cannot authenticate the request. CSRF validation failed.'))
                    else:
                        return self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
                logger.warn('CSRF: skipping 401 redirect response because endpoint did not request protection')

        # basic input cleansing
        if trim_spaces:
            for key, value in kw.iteritems():
                if isinstance(value, basestring):
                    kw[key] = value.strip()
                    if kw[key] != value:
                        logger.debug('Leading/trailing whitespaces were trimmed in "%s" argument' % key)
                
        return fn(self, *a, **kw)
예제 #5
0
    def check_login(fn, self, *a, **kw):
        session_key = cherrypy.session.get('sessionKey', None)
        is_api = util.is_api()

        if not session_key:
            logger.info('require_login - no splunkd sessionKey variable set; cherrypy_session=%s request_path=%s' % (cherrypy.session.id, cherrypy.request.path_info))
            logger.debug('require_login - cookie request header: %s' % unicode(cherrypy.request.cookie))
            logger.debug('require_login - cookie response header: %s' % unicode(cherrypy.response.cookie))
            if is_api or util.is_xhr():
                logger.info('require_login - is api/XHR request, raising 401 status')
                raise cherrypy.HTTPError(401)
            else:
                logger.info('require_login - redirecting to login')
                self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
            
        try:
            return fn(self, *a, **kw)
        except splunk.AuthenticationFailed:
            logger.info('sessionKey rejected by splunkd')
            cherrypy.session.delete()
            if is_api or util.is_xhr():
                raise cherrypy.HTTPError(401)
            else:
                self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
예제 #6
0
    def check(fn, self, *a, **kw):
        is_api = util.is_api()
        request = cherrypy.request
        if not handle_api and is_api:
            raise RequestRefused(404)
        if handle_api is ONLY_API and not is_api:
            raise RequestRefused(404)
        _methods = methods
        if _methods:
            if isinstance(_methods, basestring):
                _methods = [_methods]
            if request.method not in _methods:
                raise RequestRefused(405)

        # verify that version info is good; do it here so that any URI access
        # will trigger the check
        startup.initVersionInfo()

        # add a convenience property to all request objects to get at the
        # current relative URI
        request.relative_uri = request.path_info + (
            ('?' + request.query_string) if request.query_string else '')
        if cherrypy.config.get('root_endpoint') not in ['/', None, '']:
            request.relative_uri = cherrypy.config.get(
                'root_endpoint') + request.relative_uri

        # CSRF protection
        # Disable in tests by setting cherrypy.config.update({'environment': 'test_suite'})
        if verify_session and request.method == 'POST' and not cherrypy.config.get(
                'environment') == 'test_suite':
            is_xhr = util.is_xhr()
            form_key = request.headers.get(
                'X-Splunk-Form-Key') if is_xhr else request.params.get(
                    'splunk_form_key')
            # verify that the incoming form key matches server's version
            if not util.isValidFormKey(form_key):
                if is_xhr:
                    logger.warn(
                        'CSRF: validation failed because client XHR did not include proper header'
                    )
                else:
                    logger.warn(
                        'CSRF: validation failed because HTTP POST did not include expected parameter'
                    )
                if must_login:
                    if is_xhr:
                        raise cherrypy.HTTPError(
                            401,
                            _('Splunk cannot authenticate the request. CSRF validation failed.'
                              ))
                    else:
                        return self.redirect_to_url(
                            '/account/login',
                            _qs=[('return_to', util.current_url_path())])
                logger.warn(
                    'CSRF: skipping 401 redirect response because endpoint did not request protection'
                )

        # basic input cleansing
        if trim_spaces:
            for key, value in kw.iteritems():
                if isinstance(value, basestring):
                    kw[key] = value.strip()
                    if kw[key] != value:
                        logger.debug(
                            'Leading/trailing whitespaces were trimmed in "%s" argument'
                            % key)

        return fn(self, *a, **kw)
예제 #7
0
    def submitCluster(self, config, action, **kwargs):
        '''add configuration for a single HDFS cluster'''
        app = cherrypy.request.path_info.split('/')[3]
        user = cherrypy.session['user']['name']

        errors = []
        if kwargs.get('secure', 0):
            #TODO: verify service principal is provided

            if kwargs.get('kerberos_principal') == 'add':
                principal = Principal(
                    app, user, **{
                        'name': kwargs.get('principal_name'),
                        'keytab_path': kwargs.get('principal_keytab_location')
                    })
                if principal.passive_save():
                    kwargs['kerberos_principal'] = kwargs.get('principal_name')
                else:
                    errors += principal.errors
        else:
            if kwargs.get('kerberos_principal'):
                kwargs['kerberos_principal'] = ''
            if kwargs.get('kerberos_service_principal'):
                kwargs['kerberos_service_principal'] = ''

        id = kwargs.pop('id', None)
        type = kwargs.pop('type', None)
        if type == 'remote':
            kwargs['uri'] = 'hdfs://%s' % kwargs.get(
                'name') if 'name' in kwargs else None
        elif type == 'local':
            kwargs['uri'] = 'file://%s' % kwargs.pop('local_mount')
        else:
            raise cherrypy.HTTPError(400, 'Expected cluster type parameter')

        try:
            cluster = Cluster.get(id)
            cluster.update(kwargs)
            # Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/...
            # instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/...
            if cluster.entity and cluster.entity.owner:
                cluster.entity.owner = 'nobody'
            edit = True
        except:
            cluster = Cluster(app, user, **kwargs)
            edit = False

        # save stuff iff there were no errors while saving the principal
        if len(errors) == 0:
            logger.info("Saving cluster with args: %s " % kwargs)
            if cluster.passive_save():
                this_app = App.get(App.build_id(app, app, user))
                this_app.is_configured = True
                this_app.passive_save()
                if app_util.is_xhr():
                    cherrypy.response.status = 200
                    return ""
                raise cherrypy.HTTPRedirect(
                    self.make_url(['app', app, 'config_clusters']), 303)

        principals = Principal.all().filter_by_app(app)
        principal_name = kwargs.get('principal_name', '')
        principal_keytab_location = kwargs.get('principal_keytab_location', '')
        cluster.errors += errors

        if app_util.is_xhr():
            cherrypy.response.status = 404
        return self.render_template(
            '/%s:/templates/add_cluster.html' % app,
            dict(form_content='fomasdafe',
                 app=app,
                 cluster=cluster,
                 edit=edit,
                 principals=principals,
                 principal_name=principal_name,
                 principal_keytab_location=principal_keytab_location,
                 selectedTab=type))