Exemplo n.º 1
0
def getUserNameAndGroup(info):
    """ Get the user name and group from the DN and VOMS role
  """

    global dnCache, roleCache

    owner = {}
    if "OwnerDN" not in info:
        return owner

    username = dnCache.get(info.get('OwnerDN'))
    if not username:
        result = getUsernameForDN(info.get('OwnerDN', 'Unknown'))
        if result['OK']:
            username = result['Value']
            dnCache[info['OwnerDN']] = username
        elif "No username" in result['Message']:
            username = '******'
            dnCache[info['OwnerDN']] = username

    if username and username != 'Unknown':
        groups = roleCache.get('/' + info.get('OwnerRole'))
        if not groups:
            groups = getGroupsWithVOMSAttribute('/' + info['OwnerRole'])
            roleCache['/' + info['OwnerRole']] = groups
        if groups:
            owner['username'] = username
            owner['group'] = groups[0]

    return owner
Exemplo n.º 2
0
def getUserNameAndGroup(info):
  """ Get the user name and group from the DN and VOMS role
  """

  global dnCache, roleCache

  owner = {}
  username = dnCache.get(info['OwnerDN'])
  if not username:
    result = getUsernameForDN(info['OwnerDN'])
    if result['OK']:
      username = result['Value']
      dnCache[info['OwnerDN']] = username
    elif "No username" in result['Message']:
      username = '******'
      dnCache[info['OwnerDN']] = username

  if username and username != 'Unknown':
    groups = roleCache.get('/'+info['OwnerRole'])
    if not groups:
      groups = getGroupsWithVOMSAttribute('/'+info['OwnerRole'])
      roleCache['/'+info['OwnerRole']] = groups
    if groups:
      owner['username'] = username
      owner['group'] = groups[0]

  return owner
Exemplo n.º 3
0
def getUserNameAndGroup(info):
    """Get the user name and group from the DN and VOMS role"""

    global dnCache, roleCache

    owner = {}
    if "OwnerDN" not in info:
        return owner

    username = dnCache.get(info.get("OwnerDN"))
    if not username:
        result = getUsernameForDN(info.get("OwnerDN", "Unknown"))
        if result["OK"]:
            username = result["Value"]
            dnCache[info["OwnerDN"]] = username
        elif "No username" in result["Message"]:
            username = "******"
            dnCache[info["OwnerDN"]] = username

    if username and username != "Unknown":
        groups = roleCache.get("/" + info.get("OwnerRole"))
        if not groups:
            groups = getGroupsWithVOMSAttribute("/" + info["OwnerRole"])
            roleCache["/" + info["OwnerRole"]] = groups
        if groups:
            owner["username"] = username
            owner["group"] = groups[0]

    return owner
Exemplo n.º 4
0
    def getProxyForLFN(self, lfn):
        """ get proxy for lfn

    :param str lfn: LFN
    :return: S_ERROR or S_OK( "/path/to/proxy/file" )
    """
        dirMeta = self.replicaManager().getCatalogDirectoryMetadata(
            lfn, singleFile=True)
        if not dirMeta["OK"]:
            return dirMeta
        dirMeta = dirMeta["Value"]

        ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta[
            "OwnerRole"].startswith("/") else dirMeta["OwnerRole"]
        ownerDN = dirMeta["OwnerDN"]

        ownerProxy = None
        for ownerGroup in getGroupsWithVOMSAttribute(ownerRole):
            vomsProxy = gProxyManager.downloadVOMSProxy(
                ownerDN,
                ownerGroup,
                limited=True,
                requiredVOMSAttribute=ownerRole)
            if not vomsProxy["OK"]:
                self.log.debug(
                    "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s"
                    % (ownerDN, ownerRole, vomsProxy["Message"]))
                continue
            ownerProxy = vomsProxy["Value"]
            self.log.debug("getProxyForLFN: got proxy for %s@%s [%s]" %
                           (ownerDN, ownerGroup, ownerRole))
            break

        if not ownerProxy:
            return S_ERROR("Unable to get owner proxy")

        dumpToFile = ownerProxy.dumpAllToFile()
        if not dumpToFile["OK"]:
            self.log.error("getProxyForLFN: error dumping proxy to file: %s" %
                           dumpToFile["Message"])
            return dumpToFile
        dumpToFile = dumpToFile["Value"]
        os.environ["X509_USER_PROXY"] = dumpToFile
        return dumpToFile
Exemplo n.º 5
0
  def getProxyForLFN( self, lfn ):
    """ get proxy for lfn

    :param str lfn: LFN
    :return: S_ERROR or S_OK( "/path/to/proxy/file" )
    """
    dirMeta = returnSingleResult( self.fc.getDirectoryMetadata( lfn ) )
    if not dirMeta["OK"]:
      return dirMeta
    dirMeta = dirMeta["Value"]

    ownerRole = "/%s" % dirMeta["OwnerRole"] if not dirMeta["OwnerRole"].startswith( "/" ) else dirMeta["OwnerRole"]
    ownerDN = dirMeta["OwnerDN"]

    ownerProxy = None
    for ownerGroup in getGroupsWithVOMSAttribute( ownerRole ):
      vomsProxy = gProxyManager.downloadVOMSProxy( ownerDN, ownerGroup, limited = True,
                                                   requiredVOMSAttribute = ownerRole )
      if not vomsProxy["OK"]:
        self.log.debug( "getProxyForLFN: failed to get VOMS proxy for %s role=%s: %s" % ( ownerDN,
                                                                                          ownerRole,
                                                                                          vomsProxy["Message"] ) )
        continue
      ownerProxy = vomsProxy["Value"]
      self.log.debug( "getProxyForLFN: got proxy for %s@%s [%s]" % ( ownerDN, ownerGroup, ownerRole ) )
      break

    if not ownerProxy:
      return S_ERROR( "Unable to get owner proxy" )

    dumpToFile = ownerProxy.dumpAllToFile()
    if not dumpToFile["OK"]:
      self.log.error( "getProxyForLFN: error dumping proxy to file: %s" % dumpToFile["Message"] )
      return dumpToFile
    dumpToFile = dumpToFile["Value"]
    os.environ["X509_USER_PROXY"] = dumpToFile
    return dumpToFile
Exemplo n.º 6
0
def getUsersGroupsAndSEs(queryQueue, name_id_se):
    """ This dumps the users, groups and SEs from the LFC, converts them into DIRAC group, and
      create the query to insert them into the DFC.

      WATCH OUT !!
      The DIRAC group is evaluated from the VOMS attribute, since this is what is used in the LFC.
      So if you have several DIRAC groups that have the same voms role, the assigned group will
      be the first one...

      :param queryQueue : queue in which to put the SQL statement to be executed against the DFC
      :param name_id_se : cache to be filled in with the mapping {seName:id in the DFC}

  """

    connection = cx_Oracle.Connection(prodDbAccount,
                                      prodDbAccountPassword,
                                      prodDbTNS,
                                      threaded=True)
    fromdbR_ = connection.cursor()
    fromdbR_.arraysize = 1000

    # First, fetch all the UID and DN from the LFC
    if fromdbR_.execute("SELECT USERID, USERNAME from CNS_USERINFO"):
        rows = fromdbR_.fetchall()
        for row in rows:

            uid = row[0]
            dn = row[1]

            name = uid_name.get(uid)
            # If the name is not in cache,
            if not name:

                # We do some mangling of the DN to try to have sensitive name whatever happen
                # We also include the UID in case the name is not unique, or several DN are associated
                namePart = 'name'
                idPart = ''
                dnSplit = dn.split('CN=')
                try:
                    namePart = dnSplit[-1].replace("'", " ")
                except Exception as e:
                    pass
                try:
                    idPart = dnSplit[2].replace("/", "")
                except Exception as e:
                    pass
                idPart += ' uid_%s' % uid
                name = "Unknown (%s %s)" % (namePart, idPart)

            # Now, we do try to convert the DN into a DIRAC username
            if "Unknown" in name:
                result = getUsernameForDN(dn)
                if result['OK']:
                    name = result['Value']
                uid_name[uid] = name

        # Now we prepare the SQL statement to insert them into the DFC
        for uid in uid_name:
            username = uid_name[uid]
            queryQueue.put(
                "INSERT INTO FC_Users(UID, UserName) values (%s, '%s');\n" %
                (uid, username))

    # Now, same principle on the group
    if fromdbR_.execute("SELECT GID, GROUPNAME from CNS_GROUPINFO"):
        rows = fromdbR_.fetchall()
        for row in rows:
            gid = row[0]
            gn = row[1]

            groupname = gn

            # CAUTION: as explained in the docstring, if multiple groups share the same voms role
            # we take the first one
            groups = getGroupsWithVOMSAttribute('/' + gn)

            if groups:
                groupname = groups[0]

            queryQueue.put(
                "INSERT INTO FC_Groups(GID, GroupName) values (%s, '%s');\n" %
                (gid, groupname))

    # We build a cache that contains the mapping between the name and its ID in the DFC DB
    # The ID starts at 2 because ID=1 is taken by FakeSe
    seCounter = 2
    # Fetch the name from the LFC
    if fromdbR_.execute("select unique HOST from CNS_FILE_REPLICA"):
        rows = fromdbR_.fetchall()
        for row in rows:
            seName = row[0]
            # Populate the SE cache
            name_id_se[seName] = seCounter
            # Create the query for the DFC
            queryQueue.put(
                "INSERT INTO FC_StorageElements(SEID, SEName) values (%s, '%s');\n"
                % (seCounter, seName))
            seCounter += 1

    # Also here we just insert all the statuses defined above
    for status in dirac_status:
        queryQueue.put("INSERT INTO FC_Statuses (Status) values ('%s');\n" %
                       status)

    fromdbR_.close()
    connection.close()

    # Set the poison pill in the queue
    queryQueue.put(None)

    return
Exemplo n.º 7
0
def getUsersGroupsAndSEs( queryQueue, name_id_se ):
  """ This dumps the users, groups and SEs from the LFC, converts them into DIRAC group, and
      create the query to insert them into the DFC.

      WATCH OUT !!
      The DIRAC group is evaluated from the VOMS attribute, since this is what is used in the LFC.
      So if you have several DIRAC groups that have the same voms role, the assigned group will
      be the first one...

      :param queryQueue : queue in which to put the SQL statement to be executed against the DFC
      :param name_id_se : cache to be filled in with the mapping {seName:id in the DFC}

  """


  connection = cx_Oracle.Connection( prodDbAccount, prodDbAccountPassword, prodDbTNS, threaded = True )
  fromdbR_ = connection.cursor()
  fromdbR_.arraysize = 1000

  # First, fetch all the UID and DN from the LFC
  if fromdbR_.execute( "SELECT USERID, USERNAME from CNS_USERINFO" ):
    rows = fromdbR_.fetchall()
    for row in rows:

      uid = row[0]
      dn = row[1]

      name = uid_name.get( uid )
      # If the name is not in cache,
      if not name:

        # We do some mangling of the DN to try to have sensitive name whatever happen
        # We also include the UID in case the name is not unique, or several DN are associated
        namePart = 'name'
        idPart = ''
        dnSplit = dn.split( 'CN=' )
        try:
          namePart = dnSplit[-1].replace( "'", " " )
        except Exception as e:
          pass
        try:
          idPart = dnSplit[2].replace( "/", "" )
        except Exception as e:
          pass
        idPart += ' uid_%s' % uid
        name = "Unknown (%s %s)" % ( namePart, idPart )

      # Now, we do try to convert the DN into a DIRAC username
      if "Unknown" in name:
        result = getUsernameForDN( dn )
        if result['OK']:
          name = result['Value']
        uid_name[uid] = name

    # Now we prepare the SQL statement to insert them into the DFC
    for uid in uid_name:
      username = uid_name[uid]
      queryQueue.put( "INSERT INTO FC_Users(UID, UserName) values (%s, '%s');\n" % ( uid, username ) )

  # Now, same principle on the group
  if fromdbR_.execute( "SELECT GID, GROUPNAME from CNS_GROUPINFO" ):
    rows = fromdbR_.fetchall()
    for row in rows:
      gid = row[0]
      gn = row[1]

      groupname = gn

      # CAUTION: as explained in the docstring, if multiple groups share the same voms role
      # we take the first one
      groups = getGroupsWithVOMSAttribute( '/' + gn )

      if groups:
        groupname = groups[0]


      queryQueue.put( "INSERT INTO FC_Groups(GID, GroupName) values (%s, '%s');\n" % ( gid, groupname ) )



  # We build a cache that contains the mapping between the name and its ID in the DFC DB
  # The ID starts at 2 because ID=1 is taken by FakeSe
  seCounter = 2
  # Fetch the name from the LFC
  if fromdbR_.execute( "select unique HOST from CNS_FILE_REPLICA" ):
    rows = fromdbR_.fetchall()
    for row in rows:
      seName = row[0]
      # Populate the SE cache
      name_id_se[seName] = seCounter
      # Create the query for the DFC
      queryQueue.put( "INSERT INTO FC_StorageElements(SEID, SEName) values (%s, '%s');\n" % ( seCounter, seName ) )
      seCounter += 1

  # Also here we just insert all the statuses defined above
  for status in dirac_status:
    queryQueue.put( "INSERT INTO FC_Statuses (Status) values ('%s');\n" % status )


  fromdbR_.close()
  connection.close()

  # Set the poison pill in the queue
  queryQueue.put( None )

  return