def __isGroupAuthApp( self, appLoc ):
handlerLoc = "/".join( List.fromChar( appLoc, "." )[1:] )
if not handlerLoc:
return False
if handlerLoc not in self.__handlers:
gLogger.error( "Handler %s required by %s does not exist!" % ( handlerLoc, appLoc ) )
return False
handler = self.__handlers[ handlerLoc ]
auth = AuthManager( Conf.getAuthSectionForHandler( handlerLoc ) )
return auth.authQuery( "", dict( self.__credDict ), handler.AUTH_PROPS )
def __isGroupAuthApp(self, appLoc, credDict):
handlerLoc = "/".join(List.fromChar(appLoc, ".")[1:])
if not handlerLoc:
return False
if handlerLoc not in self.__handlers:
gLogger.error("Handler %s required by %s does not exist!" %
(handlerLoc, appLoc))
return False
handler = self.__handlers[handlerLoc]
auth = AuthManager(Conf.getAuthSectionForHandler(handlerLoc))
return auth.authQuery("", credDict, handler.AUTH_PROPS)
def __auth(self, handlerRoute, group):
"""
Authenticate request
"""
userDN = self.getUserDN()
if group:
self.__credDict['group'] = group
else:
if userDN:
result = Registry.findDefaultGroupForDN(userDN)
if result['OK']:
self.__credDict['group'] = result['Value']
auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute))
ok = auth.authQuery("", self.__credDict, self.AUTH_PROPS)
if ok and userDN:
self.__credDict['validGroup'] = True
return ok
def __auth( self, handlerRoute, group ):
"""
Authenticate request
"""
userDN = self.getUserDN()
if group:
self.__credDict[ 'group' ] = group
else:
if userDN:
result = Registry.findDefaultGroupForDN( userDN )
if result[ 'OK' ]:
self.__credDict[ 'group' ] = result[ 'Value' ]
auth = AuthManager( Conf.getAuthSectionForHandler( handlerRoute ) )
ok = auth.authQuery( "", self.__credDict, self.AUTH_PROPS )
if ok and userDN:
self.__credDict[ 'validGroup' ] = True
return ok
def __isGroupAuthApp( self, appLoc ):
"""
The method checks if the application is authorized for a certain user group
:param str appLoc It is the application name for example: DIRAC.JobMonitor
:return bool if the handler is authorized to the user returns True otherwise False
"""
handlerLoc = "/".join( List.fromChar( appLoc, "." )[1:] )
if not handlerLoc:
gLogger.error( "Application handler does not exists:", appLoc )
return False
if handlerLoc not in self.__handlers:
gLogger.error( "Handler %s required by %s does not exist!" % ( handlerLoc, appLoc ) )
return False
handler = self.__handlers[ handlerLoc ]
auth = AuthManager( Conf.getAuthSectionForHandler( handlerLoc ) )
gLogger.info( "Authorization: %s -> %s" % ( dict( self.__credDict ), handler.AUTH_PROPS ) )
return auth.authQuery( "", dict( self.__credDict ), handler.AUTH_PROPS )
def __auth(self, handlerRoute, group):
"""
Authenticate request
"""
userDN = self.getUserDN()
if group:
self.__credDict['group'] = group
else:
if userDN:
result = Registry.findDefaultGroupForDN(userDN)
if result['OK']:
self.__credDict['group'] = result['Value']
self.__credDict['validGroup'] = False
if type(self.AUTH_PROPS) not in (types.ListType, types.TupleType):
self.AUTH_PROPS = [
p.strip() for p in self.AUTH_PROPS.split(",") if p.strip()
]
allAllowed = False
for p in self.AUTH_PROPS:
if p.lower() in ('all', 'any'):
allAllowed = True
auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute))
ok = auth.authQuery("", self.__credDict, self.AUTH_PROPS)
if ok:
if userDN:
self.__credDict['validGroup'] = True
self.log.info("AUTH OK: %s by %s@%s (%s)" %
(handlerRoute, self.__credDict['username'],
self.__credDict['group'], userDN))
else:
self.__credDict['validDN'] = False
self.log.info("AUTH OK: %s by visitor" % (handlerRoute))
elif allAllowed:
self.log.info("AUTH ALL: %s by %s" % (handlerRoute, userDN))
ok = True
else:
self.log.info("AUTH KO: %s by %s@%s" %
(handlerRoute, userDN, group))
return ok
def __auth(self, handlerRoute, group, method):
"""
Authenticate request
:param str handlerRoute: the name of the handler
:param str group: DIRAC group
:param str method: the name of the method
:return: bool
"""
userDN = self.getUserDN()
if group:
self.__credDict['group'] = group
else:
if userDN:
result = Registry.findDefaultGroupForDN(userDN)
if result['OK']:
self.__credDict['group'] = result['Value']
self.__credDict['validGroup'] = False
if type(self.AUTH_PROPS) not in (types.ListType, types.TupleType):
self.AUTH_PROPS = [
p.strip() for p in self.AUTH_PROPS.split(",") if p.strip()
]
auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute))
ok = auth.authQuery(method, self.__credDict, self.AUTH_PROPS)
if ok:
if userDN:
self.__credDict['validGroup'] = True
self.log.info("AUTH OK: %s by %s@%s (%s)" %
(handlerRoute, self.__credDict['username'],
self.__credDict['group'], userDN))
else:
self.__credDict['validDN'] = False
self.log.info("AUTH OK: %s by visitor" % (handlerRoute))
elif self.isTrustedHost(self.__credDict.get('DN')):
self.log.info("Request is coming from Trusted host")
return True
else:
self.log.info("AUTH KO: %s by %s@%s" %
(handlerRoute, userDN, group))
return ok
def __isGroupAuthApp(self, appLoc):
"""
The method checks if the application is authorized for a certain user group
:param str appLoc It is the application name for example: DIRAC.JobMonitor
:return bool if the handler is authorized to the user returns True otherwise False
"""
handlerLoc = "/".join(List.fromChar(appLoc, ".")[1:])
if not handlerLoc:
gLogger.error("Application handler does not exists:", appLoc)
return False
if handlerLoc not in self.__handlers:
gLogger.error("Handler %s required by %s does not exist!" %
(handlerLoc, appLoc))
return False
handler = self.__handlers[handlerLoc]
auth = AuthManager(Conf.getAuthSectionForHandler(handlerLoc))
gLogger.info("Authorization: %s -> %s" %
(dict(self.__credDict), handler.AUTH_PROPS))
return auth.authQuery("", dict(self.__credDict), handler.AUTH_PROPS)
def __auth(self, handlerRoute, group, method):
"""
Authenticate request
:param str handlerRoute: the name of the handler
:param str group: DIRAC group
:param str method: the name of the method
:return: bool
"""
userDN = self.getUserDN()
if group:
self.__credDict['group'] = group
else:
if userDN:
result = Registry.findDefaultGroupForDN(userDN)
if result['OK']:
self.__credDict['group'] = result['Value']
self.__credDict['validGroup'] = False
if type(self.AUTH_PROPS) not in (types.ListType, types.TupleType):
self.AUTH_PROPS = [p.strip() for p in self.AUTH_PROPS.split(",") if p.strip()]
auth = AuthManager(Conf.getAuthSectionForHandler(handlerRoute))
ok = auth.authQuery(method, self.__credDict, self.AUTH_PROPS)
if ok:
if userDN:
self.__credDict['validGroup'] = True
self.log.info("AUTH OK: %s by %s@%s (%s)" %
(handlerRoute, self.__credDict['username'], self.__credDict['group'], userDN))
else:
self.__credDict['validDN'] = False
self.log.info("AUTH OK: %s by visitor" % (handlerRoute))
elif self.isTrustedHost(self.__credDict.get('DN')):
self.log.info("Request is coming from Trusted host")
return True
else:
self.log.info("AUTH KO: %s by %s@%s" % (handlerRoute, userDN, group))
return ok
def __auth( self, handlerRoute, group ):
"""
Authenticate request
"""
userDN = self.getUserDN()
if group:
self.__credDict[ 'group' ] = group
else:
if userDN:
result = Registry.findDefaultGroupForDN( userDN )
if result[ 'OK' ]:
self.__credDict[ 'group' ] = result[ 'Value' ]
self.__credDict[ 'validGroup' ] = False
if type( self.AUTH_PROPS ) not in ( types.ListType, types.TupleType ):
self.AUTH_PROPS = [ p.strip() for p in self.AUTH_PROPS.split( "," ) if p.strip() ]
allAllowed = False
for p in self.AUTH_PROPS:
if p.lower() in ( 'all', 'any' ):
allAllowed = True
auth = AuthManager( Conf.getAuthSectionForHandler( handlerRoute ) )
ok = auth.authQuery( "", self.__credDict, self.AUTH_PROPS )
if ok:
if userDN:
self.__credDict[ 'validGroup' ] = True
self.log.info( "AUTH OK: %s by %s@%s (%s)" % ( handlerRoute, self.__credDict[ 'username' ], self.__credDict[ 'group' ], userDN ) )
else:
self.__credDict[ 'validDN' ] = False
self.log.info( "AUTH OK: %s by visitor" % ( handlerRoute ) )
elif allAllowed:
self.log.info( "AUTH ALL: %s by %s" % ( handlerRoute, userDN ) )
ok = True
else:
self.log.info( "AUTH KO: %s by %s@%s" % ( handlerRoute, userDN, group ) )
return ok
