def SMDS_authentication( logfile="/tmp/SMDS_login.log" ): """ Authenticate with the Syndicate metadata service """ logger.init( open(logfile, "a") ) def SMDS_auth_aux(username, password): api = MDAPI() user = None try: user = auth_user_from_email( api, username ) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) ) return False rc = False auth_struct = {'AuthMethod': 'password', 'Username': user['username'], 'AuthString': password} try: rc = auth_password_check( api, auth_struct, user, None ) except Exception, e: logger.error( "User '%s' failed to authenticate" % username)
def bootstrap_node( self, ssh_pkey_path, slicename, host, clean=True ): """ Start/update the syndicate control daemon on a given host """ bootstrap_path = os.path.join( self.config.MD_SERVICE_PATH, "tools/bootstrap.sh" ) repository = "https://svn.princeton.edu/cdnfs" install_dest = self.config.MD_SERVICE_PATH scp_proc = subprocess.Popen( ["/usr/bin/scp", "-i", ssh_pkey_path, bootstrap_path, slicename + "@" + host + ":/tmp/bootstrap.sh"] ) rc = scp_proc.wait() if rc: logger.error("scp rc = " + str(rc) ) return False bootstrap_args = ["/tmp/bootstrap.sh", "-d", self.config.MD_SERVICE_PATH, "-r", repository] if clean: bootstrap_args += ["-c"] ssh_proc = subprocess.Popen( ["/usr/bin/ssh", "-i", ssh_pkey_path, slicename + "@" + host] + bootstrap_args ) rc = ssh_proc.wait() if rc: logger.error("ssh bootstrap command rc = " + str(rc) ) return False return True
def SMDS_authentication(logfile="/tmp/SMDS_login.log"): """ Authenticate with the Syndicate metadata service """ logger.init(open(logfile, "a")) def SMDS_auth_aux(username, password): api = MDAPI() user = None try: user = auth_user_from_email(api, username) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e)) return False rc = False auth_struct = { 'AuthMethod': 'password', 'Username': user['username'], 'AuthString': password } try: rc = auth_password_check(api, auth_struct, user, None) except Exception, e: logger.error("User '%s' failed to authenticate" % username)
def SMDS_auth_aux(username, password): api = MDAPI() user = None try: user = auth_user_from_email( api, username ) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) ) return False
def login_bare( self, username, password ): """ Bare essentials login. """ api = MDAPI() user = None try: user = auth_user_from_email( api, username ) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) ) return False
def SMDS_auth_aux(username, password): api = MDAPI() user = None try: user = auth_user_from_email(api, username) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e)) return False
def login_bare(self, username, password): """ Bare essentials login. """ api = MDAPI() user = None try: user = auth_user_from_email(api, username) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e)) return False
def execute(self, query, params = None): cursor = self.cursor() try: # psycopg2 requires %()s format for all parameters, # regardless of type. # this needs to be done carefully though as with pattern-based filters # we might have percents embedded in the query # so e.g. GetPersons({'email':'*fake*'}) was resulting in .. LIKE '%sake%' if psycopg2: query = re.sub(r'(%\([^)]*\)|%)[df]', r'\1s', query) # rewrite wildcards set by Filter.py as '***' into '%' query = query.replace ('***','%') if not params: if self.debug: print >> log,'execute0',query cursor.execute(query) elif isinstance(params,dict): if self.debug: print >> log,'execute-dict: params',params,'query',query%params cursor.execute(query,params) elif isinstance(params,tuple) and len(params)==1: if self.debug: print >> log,'execute-tuple',query%params[0] cursor.execute(query,params[0]) else: param_seq=(params,) if self.debug: for params in param_seq: print >> log,'executemany',query%params cursor.executemany(query, param_seq) (self.rowcount, self.description, self.lastrowid) = \ (cursor.rowcount, cursor.description, cursor.lastrowid) except Exception, e: try: self.rollback() except: pass uuid = commands.getoutput("uuidgen") log.exception( e, "Database error %s:" % uuid ) log.error( "Failed Query:" ) log.error( query ) log.error( "Failed Params:" ) log.error( pformat(params) ) raise MDDBError("Please contact " + \ self.api.config.MD_NAME + " Support " + \ "<" + self.api.config.MD_MAIL_SUPPORT_ADDRESS + ">" + \ " and reference " + uuid)
def bootstrap_node(self, ssh_pkey_path, slicename, host, clean=True): """ Start/update the syndicate control daemon on a given host """ bootstrap_path = os.path.join(self.config.MD_SERVICE_PATH, "tools/bootstrap.sh") repository = "https://svn.princeton.edu/cdnfs" install_dest = self.config.MD_SERVICE_PATH scp_proc = subprocess.Popen([ "/usr/bin/scp", "-i", ssh_pkey_path, bootstrap_path, slicename + "@" + host + ":/tmp/bootstrap.sh" ]) rc = scp_proc.wait() if rc: logger.error("scp rc = " + str(rc)) return False bootstrap_args = [ "/tmp/bootstrap.sh", "-d", self.config.MD_SERVICE_PATH, "-r", repository ] if clean: bootstrap_args += ["-c"] ssh_proc = subprocess.Popen( ["/usr/bin/ssh", "-i", ssh_pkey_path, slicename + "@" + host] + bootstrap_args) rc = ssh_proc.wait() if rc: logger.error("ssh bootstrap command rc = " + str(rc)) return False return True
logger.info("Destroying metadata server '%s'" % self['name']) rc = 0 try: as_dict = {} as_dict.update(self) rc = server.destroy_server(as_dict) except Exception, e: logger.exception(e, "Could not restart metadata server") rc = -500 if rc == 1: self.sync() else: logger.error("Could not destroy metadata server, rc = %s" % rc) return rc def stop_server(self): # signal the controller on this metadata server's host to stop this metadata server old_status = self['status'] self['status'] = 'stopped' server = self.api.connect_mdctl(self['host']) logger.info("Stopping metadata server '%s'" % self['name']) rc = 0 try: as_dict = {}
def login(self, next=DEFAULT, onvalidation=DEFAULT, onaccept=DEFAULT, log=DEFAULT): """ Handle a login request, and redirect. """ request = current.request response = current.response session = current.session username_field = self.settings.login_userfield password_field = self.settings.password_field if next == DEFAULT: next = request.get_vars._next \ or request.post_vars._next \ or self.settings.login_next if onvalidation == DEFAULT: onvalidation = self.settings.login_onvalidation if onaccept == DEFAULT: onaccept = self.settings.login_onaccept if log == DEFAULT: log = self.messages.login_log user = None accepted_form = False if self.settings.login_form == self: # this object was responsible for logging in form =FORM( \ TABLE( \ TR(TD('Username:'******'Password:'******'login', onvalidation=onvalidation, hideerror=self.settings.hideerror): # sanitize inputs accepted_form = True # check for username in db username = form.vars[username_field] user = None try: user = Users( self.api, {'username': username} )[0] except: pass if user: # user in db, check if registration pending or disabled temp_user = user if temp_user['enabled'] == False: # user is not yet enabled response.flash = self.messages.login_disabled return form # check password try: rc = auth_password_check( self.api, {'Username':user['username'], 'AuthMethod':'password', 'AuthString':form.vars[password_field]}, user, None ) except: if log: logger.error("SMDS_Auth: User '%s' authentication failed (invalid credentials)" % user['username'] ) logger.flush() user = None # invalid credentials if not user: if log: logger.error("SMDS_Auth: User could not be looked up" ) logger.flush() # invalid login session.flash = self.messages.invalid_login redirect(self.url(args=request.args,vars=request.get_vars)) if user: user_public = user.public() user_stored = Storage(user_public) if log: logger.info("SMDS_Auth: User '%s' logged in" % user_public['username']) # process authenticated users # user wants to be logged in for longer session.auth = Storage( user = user_stored, last_visit = request.now, expiration = self.settings.long_expiration, remember = request.vars.has_key("remember"), hmac_key = web2py_uuid() ) self.user = user_public logger.info("SMDS_Auth: user_id = %s" % self.user_id) logger.flush() session.flash = self.messages.logged_in # how to continue if self.settings.login_form == self: if accepted_form: callback(onaccept,form) if isinstance(next, (list, tuple)): # fix issue with 2.6 next = next[0] if next and not next[0] == '/' and next[:4] != 'http': next = self.url(next.replace('[id]', str(form.vars.id))) redirect(next) return form elif user: callback(onaccept,None) redirect(next)
logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e)) return False rc = False auth_struct = { 'AuthMethod': 'password', 'Username': user['username'], 'AuthString': password } try: rc = auth_password_check(api, auth_struct, user, None) except Exception, e: logger.error("User '%s' failed to authenticate" % username) if rc and user: user_public = user.public() user_stored = Storage(user_public) if log: logger.info("SMDS_Auth: User '%s' logged in" % user_public['username']) # process authenticated users # user wants to be logged in for longer session.auth = Storage(user=user_stored, last_visit=request.now, expiration=self.settings.expiration, hmac_key=web2py_uuid())
def login(self, next=DEFAULT, onvalidation=DEFAULT, onaccept=DEFAULT, log=DEFAULT): """ Handle a login request, and redirect. """ request = current.request response = current.response session = current.session username_field = self.settings.login_userfield password_field = self.settings.password_field if next == DEFAULT: next = request.get_vars._next \ or request.post_vars._next \ or self.settings.login_next if onvalidation == DEFAULT: onvalidation = self.settings.login_onvalidation if onaccept == DEFAULT: onaccept = self.settings.login_onaccept if log == DEFAULT: log = self.messages.login_log user = None accepted_form = False if self.settings.login_form == self: # this object was responsible for logging in form =FORM( \ TABLE( \ TR(TD('Username:'******'Password:'******'login', onvalidation=onvalidation, hideerror=self.settings.hideerror): # sanitize inputs accepted_form = True # check for username in db username = form.vars[username_field] user = None try: user = Users(self.api, {'username': username})[0] except: pass if user: # user in db, check if registration pending or disabled temp_user = user if temp_user['enabled'] == False: # user is not yet enabled response.flash = self.messages.login_disabled return form # check password try: rc = auth_password_check( self.api, { 'Username': user['username'], 'AuthMethod': 'password', 'AuthString': form.vars[password_field] }, user, None) except: if log: logger.error( "SMDS_Auth: User '%s' authentication failed (invalid credentials)" % user['username']) logger.flush() user = None # invalid credentials if not user: if log: logger.error("SMDS_Auth: User could not be looked up") logger.flush() # invalid login session.flash = self.messages.invalid_login redirect(self.url(args=request.args, vars=request.get_vars)) if user: user_public = user.public() user_stored = Storage(user_public) if log: logger.info("SMDS_Auth: User '%s' logged in" % user_public['username']) # process authenticated users # user wants to be logged in for longer session.auth = Storage(user=user_stored, last_visit=request.now, expiration=self.settings.long_expiration, remember=request.vars.has_key("remember"), hmac_key=web2py_uuid()) self.user = user_public logger.info("SMDS_Auth: user_id = %s" % self.user_id) logger.flush() session.flash = self.messages.logged_in # how to continue if self.settings.login_form == self: if accepted_form: callback(onaccept, form) if isinstance(next, (list, tuple)): # fix issue with 2.6 next = next[0] if next and not next[0] == '/' and next[:4] != 'http': next = self.url(next.replace('[id]', str(form.vars.id))) redirect(next) return form elif user: callback(onaccept, None) redirect(next)
def register(self, next=DEFAULT, onvalidation=DEFAULT, onaccept=DEFAULT, log=DEFAULT): """ Register a new user """ request = current.request response = current.response session = current.session if self.is_logged_in(): # don't allow registration if we're already logged in redirect(self.settings.logged_url) # fill in defaults if next == DEFAULT: next = request.get_vars._next \ or request.post_vars._next \ or self.settings.register_next if onvalidation == DEFAULT: onvalidation = self.settings.register_onvalidation if onaccept == DEFAULT: onaccept = self.settings.register_onaccept if log == DEFAULT: log = self.messages.register_log # create a form... userfield = self.settings.login_userfield passfield = self.settings.password_field formstyle = self.settings.formstyle form =FORM( \ TABLE( \ TR(TD('Username:'******'Email:'), TD(INPUT(_name="email", _type="text",requires=IS_EMAIL(error_message=self.messages.invalid_email)))), \ TR(TD('Password:'******'Re-type Password:'******'password',None))), \ error_message=self.settings.mismatched_password))) \ ), \ INPUT(_type="Submit",_value="Register"), \ _name="register" ) if form.accepts(request, session, formname='register', onvalidation=onvalidation, hideerror=self.settings.hideerror): # verify that the password forms are the same if form.vars['password'] != form.vars['password2']: response.flash = messages.mismatched_password # inform the admin """ if not self.settings.mailer or \ not self.settings.mailer.send( to=self.maint_email, subject=self.messages.verify_email_subject, message=self.messages.verify_email % dict(username=form.vars['username'], email=form.vars['email'])): response.flash = self.messages.unable_send_email return form session.flash = self.messages.email_sent """ # make sure this user does not exist rc = 0 msg = "" try: user = Users(self.api, {'username': form.vars['username']})[0] rc = -1 # already exists msg = "User already exists" except: pass # create the user if rc == 0: try: user_fields = { 'username': form.vars['username'], 'password': form.vars['password'], 'email': form.vars['email'] } rc = self.api.call(("127.0.0.1", "localhost"), "AddUser", self.api.maint_auth, user_fields) except Exception, e: logger.exception(e, "register: exception") logger.flush() msg = "User could not be registered" rc = -1 if rc < 0: response.flash = msg logger.error("Failed to add user '%s' (email '%s')" % (user_fields['username'], user_fields['email'])) return form session.flash = self.messages.registration_pending if log: logger.info("Added user '%s' (email '%s')" % (user_fields['username'], user_fields['email'])) callback(onaccept, form) if not next: next = self.url(args=request.args) elif isinstance(next, (list, tuple)): ### fix issue with 2.6 next = next[0] elif next and not next[0] == '/' and next[:4] != 'http': next = self.url(next.replace('[id]', str(form.vars.id))) redirect(next)
class MDServer(Row): table_name = 'mdservers' primary_key = 'server_id' join_tables = ['user_mdserver', 'mdserver_user'] fields = { 'server_id': Parameter(long, "Server ID"), 'name': Parameter( str, "Owner-given name of this metadata server (will be URL-encoded)"), 'host': Parameter(str, "Name of the host that hosts this metadata server"), 'portnum': Parameter(int, "Port on which this metadata server listens", min=1025, max=65534), 'status': Parameter(str, "Desired status of this metadata server"), 'auth_read': Parameter(bool, "Must a user authenticate with the server to read from it?"), 'auth_write': Parameter(bool, "Must a user authenticate with the server to write to it?"), 'owner': Parameter( int, "User ID of the user who created and controls this metadata server" ), 'user_ids': Parameter([int], "User IDs of users subscribed to this metadata server") } related_fields = {'user_ids': [Parameter(int, "Subscribed user ID")]} def __init__(self, api, fields={}): super(MDServer, self).__init__(api, fields) import SMDS.user self._add_user = Row.add_object(SMDS.user.User, 'mdserver_user') self._remove_user = Row.remove_object(SMDS.user.User, 'mdserver_user') def add_user(self, obj, commit=True): self._add_user(self, obj, commit=commit) def remove_user(self, obj, commit=True): self._remove_user(self, obj, commit=commit) @classmethod def refresh(api, m): md = MDServers(api, [m['server_id']])[0] m.update(md) def remove_users(self, user_ids): import SMDS.user users = SMDS.user.Users(self.api, user_ids) if users: for user in users: self.remove_user(user, commit=False) self.commit() def create_server(self): # signal the controller on this metadata server's host to create this server self['status'] = 'stopped' server = self.api.connect_mdctl(self['host']) import SMDS.user # get our users if self.get('user_ids') == None: self['user_ids'] = [] user_ids = self['user_ids'] users = [] if user_ids: users = SMDS.user.Users(self.api, user_ids) logger.info("Creating metadata server '%s' with users '%s'" % (self['name'], [user['username'] for user in users])) rc = 0 try: as_dict = {} as_dict.update(self) user_dicts = [] for user in users: user_dict = {} user_dict.update(user) user_dicts.append(user_dict) rc = server.create_server(as_dict, user_dicts) except Exception, e: logger.exception(e, "Could not restart metadata server") rc = -500 if rc == 1: self.sync() else: logger.error("Could not create metadata server, rc = %s" % rc) return rc
user = None try: user = auth_user_from_email( api, username ) except Exception, e: logger.error( "User '%s' could not be authenticated (exception = %s)" % (username, e) ) return False rc = False auth_struct = {'AuthMethod': 'password', 'Username': user['username'], 'AuthString': password} try: rc = auth_password_check( api, auth_struct, user, None ) except Exception, e: logger.error( "User '%s' failed to authenticate" % username) if rc and user: user_public = user.public() user_stored = Storage(user_public) if log: logger.info("SMDS_Auth: User '%s' logged in" % user_public['username']) # process authenticated users # user wants to be logged in for longer session.auth = Storage( user = user_stored, last_visit = request.now, expiration = self.settings.expiration, hmac_key = web2py_uuid()
while True: line = fd.readline() if len(line) == 0: break line = line.strip() if len(line) == 0: continue if line[0] == '#': continue parts = line.split('=') if len(parts) < 2: logger.error( "Invalid config line %s" % config_file ) valid = False if valid: varname = parts[0].strip() # collate values values = [] for value in parts[1:]: s = value.strip('"') values.append( s ) if len(values) == 1: values = values[0] # this is a scalar # keep list of values if variable occurs multiple times
def register(self, next=DEFAULT, onvalidation=DEFAULT, onaccept=DEFAULT, log=DEFAULT): """ Register a new user """ request = current.request response = current.response session = current.session if self.is_logged_in(): # don't allow registration if we're already logged in redirect(self.settings.logged_url) # fill in defaults if next == DEFAULT: next = request.get_vars._next \ or request.post_vars._next \ or self.settings.register_next if onvalidation == DEFAULT: onvalidation = self.settings.register_onvalidation if onaccept == DEFAULT: onaccept = self.settings.register_onaccept if log == DEFAULT: log = self.messages.register_log # create a form... userfield = self.settings.login_userfield passfield = self.settings.password_field formstyle = self.settings.formstyle form =FORM( \ TABLE( \ TR(TD('Username:'******'Email:'), TD(INPUT(_name="email", _type="text",requires=IS_EMAIL(error_message=self.messages.invalid_email)))), \ TR(TD('Password:'******'Re-type Password:'******'password',None))), \ error_message=self.settings.mismatched_password))) \ ), \ INPUT(_type="Submit",_value="Register"), \ _name="register" ) if form.accepts(request, session, formname='register', onvalidation=onvalidation,hideerror=self.settings.hideerror): # verify that the password forms are the same if form.vars['password'] != form.vars['password2']: response.flash = messages.mismatched_password # inform the admin """ if not self.settings.mailer or \ not self.settings.mailer.send( to=self.maint_email, subject=self.messages.verify_email_subject, message=self.messages.verify_email % dict(username=form.vars['username'], email=form.vars['email'])): response.flash = self.messages.unable_send_email return form session.flash = self.messages.email_sent """ # make sure this user does not exist rc = 0 msg = "" try: user = Users(self.api, {'username': form.vars['username']})[0] rc = -1 # already exists msg = "User already exists" except: pass # create the user if rc == 0: try: user_fields = {'username': form.vars['username'], 'password': form.vars['password'], 'email': form.vars['email']} rc = self.api.call( ("127.0.0.1", "localhost"), "AddUser", self.api.maint_auth, user_fields ) except Exception, e: logger.exception(e, "register: exception") logger.flush() msg = "User could not be registered" rc = -1 if rc < 0: response.flash = msg logger.error("Failed to add user '%s' (email '%s')" % (user_fields['username'], user_fields['email']) ) return form session.flash = self.messages.registration_pending if log: logger.info("Added user '%s' (email '%s')" % (user_fields['username'], user_fields['email']) ) callback(onaccept,form) if not next: next = self.url(args = request.args) elif isinstance(next, (list, tuple)): ### fix issue with 2.6 next = next[0] elif next and not next[0] == '/' and next[:4] != 'http': next = self.url(next.replace('[id]', str(form.vars.id))) redirect(next)
while True: line = fd.readline() if len(line) == 0: break line = line.strip() if len(line) == 0: continue if line[0] == '#': continue parts = line.split('=') if len(parts) < 2: logger.error("Invalid config line %s" % config_file) valid = False if valid: varname = parts[0].strip() # collate values values = [] for value in parts[1:]: s = value.strip('"') values.append(s) if len(values) == 1: values = values[0] # this is a scalar # keep list of values if variable occurs multiple times
logger.info("Destroying metadata server '%s'" % self['name']) rc = 0 try: as_dict = {} as_dict.update( self ) rc = server.destroy_server( as_dict ) except Exception, e: logger.exception( e, "Could not restart metadata server") rc = -500 if rc == 1: self.sync() else: logger.error("Could not destroy metadata server, rc = %s" % rc) return rc def stop_server(self): # signal the controller on this metadata server's host to stop this metadata server old_status = self['status'] self['status'] = 'stopped' server = self.api.connect_mdctl( self['host'] ) logger.info("Stopping metadata server '%s'" % self['name']) rc = 0 try: