def uploadProxy(self, proxy=False, useDNAsUserName=False):
"""
Upload a proxy to myproxy service.
proxy param can be:
: Default -> use current proxy
: string -> upload file specified as proxy
: X509Chain -> use chain
"""
retVal = FileSec.multiProxyArgument(proxy)
if not retVal['OK']:
return retVal
proxyDict = retVal['Value']
chain = proxyDict['chain']
proxyLocation = proxyDict['file']
#timeLeft = int( chain.getRemainingSecs()[ 'Value' ] / 3600 )
cmdArgs = ['-n']
cmdArgs.append('-s "%s"' % self._secServer)
#cmdArgs.append( '-c "%s"' % ( timeLeft - 1 ) )
#cmdArgs.append( '-t "%s"' % self._secMaxProxyHours )
cmdArgs.append('-C "%s"' % proxyLocation)
cmdArgs.append('-y "%s"' % proxyLocation)
cmdArgs.append(' -n -R wms-enmr.cerm.unifi.it ')
#cmdArgs.append( ' -n -R prod-wms-01.pd.infn.it ')
if useDNAsUserName:
cmdArgs.append('-d')
else:
retVal = self._getUsername(chain)
if not retVal['OK']:
FileSec.deleteMultiProxy(proxyDict)
return retVal
mpUsername = retVal['Value']
cmdArgs.append('-l "%s"' % mpUsername)
mpEnv = self._getExternalCmdEnvironment()
#Hack to upload properly
mpEnv['GT_PROXY_MODE'] = 'old'
os.environ['PATH'] = '/opt/globus/bin/'
cmd = "/opt/globus/bin/myproxy-init %s" % " ".join(cmdArgs)
result = shellCall(self._secCmdTimeout, cmd, env=mpEnv)
FileSec.deleteMultiProxy(proxyDict)
if not result['OK']:
errMsg = "Call to myproxy-init failed: %s" % retVal['Message']
return S_ERROR(errMsg)
status, output, error = result['Value']
# Clean-up files
if status:
errMsg = "Call to myproxy-init failed"
extErrMsg = 'Command: %s; StdOut: %s; StdErr: %s' % (cmd, result,
error)
return S_ERROR("%s %s" % (errMsg, extErrMsg))
return S_OK(output)
def getVOMSProxyInfo( self, proxy, option = False ):
""" Returns information about a proxy certificate (both grid and voms).
Available information is:
1. Full (grid)voms-proxy-info output
2. Proxy Certificate Timeleft in seconds (the output is an int)
3. DN
4. voms group (if any)
@type proxy_file: a string
@param proxy_file: the proxy certificate location.
@type option: a string
@param option: None is the default value. Other option available are:
- timeleft
- actimeleft
- identity
- fqan
- all
@rtype: tuple
@return: status, output, error, pyerror.
"""
validOptions = ['actimeleft', 'timeleft', 'identity', 'fqan', 'all']
if option:
if option not in validOptions:
S_ERROR( 'Non valid option %s' % option )
retVal = FileSec.multiProxyArgument( proxy )
if not retVal[ 'OK' ]:
return retVal
proxyDict = retVal[ 'Value' ]
chain = proxyDict[ 'chain' ]
proxyLocation = proxyDict[ 'file' ]
cmd = 'voms-proxy-info -dont-verify-ac -file %s' % proxyLocation
if option:
cmd += ' -%s' % option
result = shellCall( self._secCmdTimeout, cmd )
if proxyDict[ 'tempFile' ]:
self._unlinkFiles( proxyLocation )
if not result['OK']:
return S_ERROR( 'Failed to call voms-proxy-info' )
status, output, error = result['Value']
# FIXME: if the local copy of the voms server certificate is not up to date the command returns 0.
# the stdout needs to be parsed.
if status:
if error.find( 'VOMS extension not found' ) == -1 and \
not error.find( 'WARNING: Unable to verify signature! Server certificate possibly not installed.' ) == 0:
return S_ERROR( 'Failed to get proxy info. Command: %s; StdOut: %s; StdErr: %s' % ( cmd, output, error ) )
if option == 'fqan':
if output:
output = output.split( '/Role' )[0]
else:
output = '/lhcb'
return S_OK( output )
def vomsInfoAvailable( self ):
"""
Is voms info available?
"""
cmd = 'voms-proxy-info -h'
result = shellCall( self._secCmdTimeout, cmd )
if not result['OK']:
return False
status, output, error = result['Value']
if status:
return False
return True
def getDelegatedProxy(self,
proxyChain,
lifeTime=604800,
useDNAsUserName=False):
"""
Get delegated proxy from MyProxy server
return S_OK( X509Chain ) / S_ERROR
"""
#TODO: Set the proxy coming in proxyString to be the proxy to use
#Get myproxy username diracgroup:diracuser
retVal = FileSec.multiProxyArgument(proxyChain)
if not retVal['OK']:
return retVal
proxyDict = retVal['Value']
chain = proxyDict['chain']
proxyLocation = proxyDict['file']
retVal = self._generateTemporalFile()
if not retVal['OK']:
FileSec.deleteMultiProxy(proxyDict)
return retVal
newProxyLocation = retVal['Value']
# myproxy-get-delegation works only with environment variables
cmdEnv = self._getExternalCmdEnvironment()
if self._secRunningFromTrustedHost:
cmdEnv['X509_USER_CERT'] = self._secCertLoc
cmdEnv['X509_USER_KEY'] = self._secKeyLoc
if 'X509_USER_PROXY' in cmdEnv:
del cmdEnv['X509_USER_PROXY']
else:
cmdEnv['X509_USER_PROXY'] = proxyLocation
cmdArgs = []
cmdArgs.append("-s '%s'" % self._secServer)
cmdArgs.append("-t '%s'" % (int(lifeTime / 3600)))
cmdArgs.append("-a '%s'" % proxyLocation)
cmdArgs.append("-o '%s'" % newProxyLocation)
if useDNAsUserName:
cmdArgs.append('-d')
else:
retVal = self._getUsername(chain)
if not retVal['OK']:
FileSec.deleteMultiProxy(proxyDict)
return retVal
mpUsername = retVal['Value']
cmdArgs.append('-l "%s"' % mpUsername)
cmd = "myproxy-logon %s" % " ".join(cmdArgs)
gLogger.verbose("myproxy-logon command:\n%s" % cmd)
result = shellCall(self._secCmdTimeout, cmd, env=cmdEnv)
FileSec.deleteMultiProxy(proxyDict)
if not result['OK']:
errMsg = "Call to myproxy-logon failed: %s" % result['Message']
FileSec.deleteMultiProxy(proxyDict)
return S_ERROR(errMsg)
status, output, error = result['Value']
# Clean-up files
if status:
errMsg = "Call to myproxy-logon failed"
extErrMsg = 'Command: %s; StdOut: %s; StdErr: %s' % (cmd, result,
error)
FileSec.deleteMultiProxy(proxyDict)
return S_ERROR("%s %s" % (errMsg, extErrMsg))
chain = X509Chain()
retVal = chain.loadProxyFromFile(newProxyLocation)
if not retVal['OK']:
FileSec.deleteMultiProxy(proxyDict)
return S_ERROR(
"myproxy-logon failed when reading delegated file: %s" %
retVal['Message'])
FileSec.deleteMultiProxy(proxyDict)
return S_OK(chain)
def getInfo(self, proxyChain, useDNAsUserName=False):
"""
Get info from myproxy server
return S_OK( { 'username' : myproxyusername,
'owner' : owner DN,
'timeLeft' : secs left } ) / S_ERROR
"""
#TODO: Set the proxy coming in proxyString to be the proxy to use
#Get myproxy username diracgroup:diracuser
retVal = FileSec.multiProxyArgument(proxyChain)
if not retVal['OK']:
return retVal
proxyDict = retVal['Value']
chain = proxyDict['chain']
proxyLocation = proxyDict['file']
# myproxy-get-delegation works only with environment variables
cmdEnv = self._getExternalCmdEnvironment()
if self._secRunningFromTrustedHost:
cmdEnv['X509_USER_CERT'] = self._secCertLoc
cmdEnv['X509_USER_KEY'] = self._secKeyLoc
if 'X509_USER_PROXY' in cmdEnv:
del cmdEnv['X509_USER_PROXY']
else:
cmdEnv['X509_USER_PROXY'] = proxyLocation
cmdArgs = []
cmdArgs.append("-s '%s'" % self._secServer)
if useDNAsUserName:
cmdArgs.append('-d')
else:
retVal = self._getUsername(chain)
if not retVal['OK']:
FileSec.deleteMultiProxy(proxyDict)
return retVal
mpUsername = retVal['Value']
cmdArgs.append('-l "%s"' % mpUsername)
cmd = "myproxy-info %s" % " ".join(cmdArgs)
gLogger.verbose("myproxy-info command:\n%s" % cmd)
result = shellCall(self._secCmdTimeout, cmd, env=cmdEnv)
FileSec.deleteMultiProxy(proxyDict)
if not result['OK']:
errMsg = "Call to myproxy-info failed: %s" % result['Message']
FileSec.deleteMultiProxy(proxyDict)
return S_ERROR(errMsg)
status, output, error = result['Value']
# Clean-up files
if status:
errMsg = "Call to myproxy-info failed"
extErrMsg = 'Command: %s; StdOut: %s; StdErr: %s' % (cmd, result,
error)
return S_ERROR("%s %s" % (errMsg, extErrMsg))
infoDict = {}
usernameRE = re.compile("username\s*:\s*(\S*)")
ownerRE = re.compile("owner\s*:\s*(\S*)")
timeLeftRE = re.compile("timeleft\s*:\s*(\S*)")
for line in List.fromChar(output, "\n"):
match = usernameRE.search(line)
if match:
infoDict['username'] = match.group(1)
match = ownerRE.search(line)
if match:
infoDict['owner'] = match.group(1)
match = timeLeftRE.search(line)
if match:
try:
fields = List.fromChar(match.group(1), ":")
fields.reverse()
secsLeft = 0
for iP in range(len(fields)):
if iP == 0:
secsLeft += int(fields[iP])
elif iP == 1:
secsLeft += int(fields[iP]) * 60
elif iP == 2:
secsLeft += int(fields[iP]) * 3600
infoDict['timeLeft'] = secsLeft
except Exception, x:
print x
def setVOMSAttributes( self, proxy, attribute = None, vo = False ):
""" Sets voms attributes to a proxy
"""
if not vo:
vo = 'enmr.eu'
if not vo:
return S_ERROR( "No vo specified, and can't get default in the configuration" )
# set attribute amber group calcualtion
#attribute = "/enmr.eu/amber"
#attribute = "/enmr.eu/xplornih"
#attribute = ""
retVal = FileSec.multiProxyArgument( proxy )
if not retVal[ 'OK' ]:
return retVal
proxyDict = retVal[ 'Value' ]
chain = proxyDict[ 'chain' ]
proxyLocation = proxyDict[ 'file' ]
secs = chain.getRemainingSecs()[ 'Value' ] - 300
if secs < 0:
return S_ERROR( "Proxy length is less that 300 secs" )
hours = int( secs / 3600 )
mins = int( ( secs - hours * 3600 ) / 60 )
retVal = self._generateTemporalFile()
if not retVal[ 'OK' ]:
FileSec.deleteMultiProxy( proxyDict )
return retVal
newProxyLocation = retVal[ 'Value' ]
cmdArgs = []
cmdArgs.append( '-cert "%s.cert"' % proxyLocation )
cmdArgs.append( '-key "%s.key"' % proxyLocation )
cmdArgs.append( '-out "%s"' % newProxyLocation )
if attribute and attribute != 'NoRole':
cmdArgs.append( '-voms "%s:%s"' % ( vo, attribute ) )
else:
cmdArgs.append( '-voms "%s"' % vo )
cmdArgs.append( '--vomses /etc/vomses')
cmdArgs.append( '-valid "%s:%s"' % ( "24", "00" ) )
#cmdArgs.append( '-valid "%s:%s"' % ( hours, mins ) )
tmpDir = False
vomsesPath = self.getVOMSESLocation()
if vomsesPath:
cmdArgs.append( '-vomses "%s"' % vomsesPath )
cmd = '/usr/bin/voms-proxy-init %s' % " ".join( cmdArgs )
print "########VOMSPROXY###########"
print cmd
print "############################"
result = shellCall( self._secCmdTimeout, cmd )
if tmpDir: shutil.rmtree( tmpDir )
FileSec.deleteMultiProxy( proxyDict )
if not result['OK']:
self._unlinkFiles( newProxyLocation )
return S_ERROR( 'Failed to call voms-proxy-init' )
status, output, error = result['Value']
if status:
self._unlinkFiles( newProxyLocation )
return S_ERROR( 'Failed to set VOMS attributes. Command: %s; StdOut: %s; StdErr: %s' % ( cmd, output, error ) )
newChain = X509Chain()
retVal = newChain.loadProxyFromFile( newProxyLocation )
self._unlinkFiles( newProxyLocation )
if not retVal[ 'OK' ]:
return S_ERROR( "Can't load new proxy: %s" % retVal[ 'Message' ] )
return S_OK( newChain )
def exec_cmd(self, cmd):
cmdEnv = self._getExternalCmdEnvironment()
result = shellCall(self._secCmdTimeout, cmd, env=cmdEnv)
return result['Value']