def handle_request(req, filename = None):
if req == '':
log.alert('Empty body received. Filename: %s' % filename)
return False
keys = gpg.get_keys(req)
(em, body) = gpg.verify_sig(req)
if not em:
log.alert("Invalid signature, missing/untrusted key. Keys in gpg batch: '%s'" % keys)
return False
user = acl.user_by_email(em)
if user == None:
# FIXME: security email here
log.alert("'%s' not in acl. Keys in gpg batch: '%s'" % (em, keys))
return False
acl.set_current_user(user)
status.push("request from %s" % user.login)
r = request.parse_request(body)
if r.kind == 'group':
handle_group(r, user)
elif r.kind == 'notification':
handle_notification(r, user)
else:
msg = "%s: don't know how to handle requests of this kind '%s'" \
% (user.get_login(), r.kind)
log.alert(msg)
m = user.message_to()
m.set_headers(subject = "unknown request")
m.write_line(msg)
m.send()
status.pop()
return True
def handle_request(req, filename=None):
if req == '':
log.alert('Empty body received. Filename: %s' % filename)
return False
keys = gpg.get_keys(req)
(em, body) = gpg.verify_sig(req)
if not em:
log.alert(
"Invalid signature, missing/untrusted key. Keys in gpg batch: '%s'"
% keys)
return False
user = acl.user_by_email(em)
if user == None:
# FIXME: security email here
log.alert("'%s' not in acl. Keys in gpg batch: '%s'" % (em, keys))
return False
acl.set_current_user(user)
status.push("request from %s" % user.login)
r = request.parse_request(body)
if r.kind == 'group':
handle_group(r, user)
elif r.kind == 'notification':
handle_notification(r, user)
else:
msg = "%s: don't know how to handle requests of this kind '%s'" \
% (user.get_login(), r.kind)
log.alert(msg)
m = user.message_to()
m.set_headers(subject="unknown request")
m.write_line(msg)
m.send()
status.pop()
return True
def read_signed(self):
if re.search(r"\.gz$", self.name):
f = gzip.open(self.name)
else:
f = open(self.name)
(signers, body) = gpg.verify_sig(f.read())
self.signers = signers
self.requests = request.parse_requests(body)
def read_signed(self):
if re.search(r"\.gz$", self.name):
f = gzip.open(self.name)
else:
f = open(self.name)
(signers, body) = gpg.verify_sig(f.read())
self.signers = signers
self.requests = request.parse_requests(body)
signal.alarm(300)
try:
headers = { 'Cache-Control': 'no-cache', 'Pragma': 'no-cache' }
req = urllib2.Request(url=control_url + "/queue.gz", headers=headers)
f = urllib2.urlopen(req)
signal.alarm(0)
except Exception, e:
signal.alarm(0)
log.error("can't fetch %s: %s" % (control_url + "/queue.gz", e))
sys.exit(1)
sio = StringIO.StringIO()
util.sendfile(f, sio)
f.close()
sio.seek(0)
f = gzip.GzipFile(fileobj = sio)
(signers, body) = gpg.verify_sig(f.read())
u = acl.user_by_email(signers)
if u == None:
log.alert("queue.gz not signed with signature of valid user: %s" % signers)
sys.exit(1)
if not u.can_do("sign_queue", "all"):
log.alert("user %s is not allowed to sign my queue" % u.login)
sys.exit(1)
return request.parse_requests(body)
def handle_reqs(builder, reqs):
qpath = path.queue_file + "-" + builder
if not os.access(qpath, os.F_OK):
util.append_to(qpath, "<queue/>\n")
q = B_Queue(qpath)
q.lock(0)
signal.alarm(300)
try:
headers = {'Cache-Control': 'no-cache', 'Pragma': 'no-cache'}
req = urllib2.Request(url=control_url + "/queue.gz", headers=headers)
f = urllib2.urlopen(req)
signal.alarm(0)
except Exception, e:
signal.alarm(0)
log.error("can't fetch %s: %s" % (control_url + "/queue.gz", e))
sys.exit(1)
sio = StringIO.StringIO()
util.sendfile(f, sio)
f.close()
sio.seek(0)
f = gzip.GzipFile(fileobj=sio)
(signers, body) = gpg.verify_sig(f.read())
u = acl.user_by_email(signers)
if u == None:
log.alert("queue.gz not signed with signature of valid user: %s" %
signers)
sys.exit(1)
if not u.can_do("sign_queue", "all"):
log.alert("user %s is not allowed to sign my queue" % u.login)
sys.exit(1)
return request.parse_requests(body)
def handle_reqs(builder, reqs):
qpath = path.queue_file + "-" + builder
if not os.access(qpath, os.F_OK):
util.append_to(qpath, "<queue/>\n")
signal.alarm(0)
except Exception, e:
signal.alarm(0)
log.error("can't fetch %s: %s" % (control_url + "/queue.gz", e))
sys.exit(1)
sio = StringIO.StringIO()
util.sendfile(f, sio)
f.close()
sio.seek(0)
f = gzip.GzipFile(fileobj=sio)
try:
fdata = f.read()
except struct.error, e:
log.alert("corrupted fetched queue.gz file")
sys.exit(1)
(signers, body) = gpg.verify_sig(fdata)
u = acl.user_by_email(signers)
if u == None:
log.alert("queue.gz not signed with signature of valid user: %s" %
signers)
sys.exit(1)
if not u.can_do("sign_queue", "all"):
log.alert("user %s is not allowed to sign my queue" % u.login)
sys.exit(1)
return request.parse_requests(body)
def handle_reqs(builder, reqs):
qpath = path.queue_file + "-" + builder
if not os.access(qpath, os.F_OK):
util.append_to(qpath, "<queue/>\n")