def uploadProxy(self, proxy=False, useDNAsUserName=False): """ Upload a proxy to myproxy service. proxy param can be: : Default -> use current proxy : string -> upload file specified as proxy : X509Chain -> use chain """ retVal = FileSec.multiProxyArgument(proxy) if not retVal['OK']: return retVal proxyDict = retVal['Value'] chain = proxyDict['chain'] proxyLocation = proxyDict['file'] #timeLeft = int( chain.getRemainingSecs()[ 'Value' ] / 3600 ) cmdArgs = ['-n'] cmdArgs.append('-s "%s"' % self._secServer) #cmdArgs.append( '-c "%s"' % ( timeLeft - 1 ) ) #cmdArgs.append( '-t "%s"' % self._secMaxProxyHours ) cmdArgs.append('-C "%s"' % proxyLocation) cmdArgs.append('-y "%s"' % proxyLocation) cmdArgs.append(' -n -R wms-enmr.cerm.unifi.it ') #cmdArgs.append( ' -n -R prod-wms-01.pd.infn.it ') if useDNAsUserName: cmdArgs.append('-d') else: retVal = self._getUsername(chain) if not retVal['OK']: FileSec.deleteMultiProxy(proxyDict) return retVal mpUsername = retVal['Value'] cmdArgs.append('-l "%s"' % mpUsername) mpEnv = self._getExternalCmdEnvironment() #Hack to upload properly mpEnv['GT_PROXY_MODE'] = 'old' os.environ['PATH'] = '/opt/globus/bin/' cmd = "/opt/globus/bin/myproxy-init %s" % " ".join(cmdArgs) result = shellCall(self._secCmdTimeout, cmd, env=mpEnv) FileSec.deleteMultiProxy(proxyDict) if not result['OK']: errMsg = "Call to myproxy-init failed: %s" % retVal['Message'] return S_ERROR(errMsg) status, output, error = result['Value'] # Clean-up files if status: errMsg = "Call to myproxy-init failed" extErrMsg = 'Command: %s; StdOut: %s; StdErr: %s' % (cmd, result, error) return S_ERROR("%s %s" % (errMsg, extErrMsg)) return S_OK(output)
def getVOMSProxyInfo( self, proxy, option = False ): """ Returns information about a proxy certificate (both grid and voms). Available information is: 1. Full (grid)voms-proxy-info output 2. Proxy Certificate Timeleft in seconds (the output is an int) 3. DN 4. voms group (if any) @type proxy_file: a string @param proxy_file: the proxy certificate location. @type option: a string @param option: None is the default value. Other option available are: - timeleft - actimeleft - identity - fqan - all @rtype: tuple @return: status, output, error, pyerror. """ validOptions = ['actimeleft', 'timeleft', 'identity', 'fqan', 'all'] if option: if option not in validOptions: S_ERROR( 'Non valid option %s' % option ) retVal = FileSec.multiProxyArgument( proxy ) if not retVal[ 'OK' ]: return retVal proxyDict = retVal[ 'Value' ] chain = proxyDict[ 'chain' ] proxyLocation = proxyDict[ 'file' ] cmd = 'voms-proxy-info -dont-verify-ac -file %s' % proxyLocation if option: cmd += ' -%s' % option result = shellCall( self._secCmdTimeout, cmd ) if proxyDict[ 'tempFile' ]: self._unlinkFiles( proxyLocation ) if not result['OK']: return S_ERROR( 'Failed to call voms-proxy-info' ) status, output, error = result['Value'] # FIXME: if the local copy of the voms server certificate is not up to date the command returns 0. # the stdout needs to be parsed. if status: if error.find( 'VOMS extension not found' ) == -1 and \ not error.find( 'WARNING: Unable to verify signature! Server certificate possibly not installed.' ) == 0: return S_ERROR( 'Failed to get proxy info. Command: %s; StdOut: %s; StdErr: %s' % ( cmd, output, error ) ) if option == 'fqan': if output: output = output.split( '/Role' )[0] else: output = '/lhcb' return S_OK( output )
def vomsInfoAvailable( self ): """ Is voms info available? """ cmd = 'voms-proxy-info -h' result = shellCall( self._secCmdTimeout, cmd ) if not result['OK']: return False status, output, error = result['Value'] if status: return False return True
def getDelegatedProxy(self, proxyChain, lifeTime=604800, useDNAsUserName=False): """ Get delegated proxy from MyProxy server return S_OK( X509Chain ) / S_ERROR """ #TODO: Set the proxy coming in proxyString to be the proxy to use #Get myproxy username diracgroup:diracuser retVal = FileSec.multiProxyArgument(proxyChain) if not retVal['OK']: return retVal proxyDict = retVal['Value'] chain = proxyDict['chain'] proxyLocation = proxyDict['file'] retVal = self._generateTemporalFile() if not retVal['OK']: FileSec.deleteMultiProxy(proxyDict) return retVal newProxyLocation = retVal['Value'] # myproxy-get-delegation works only with environment variables cmdEnv = self._getExternalCmdEnvironment() if self._secRunningFromTrustedHost: cmdEnv['X509_USER_CERT'] = self._secCertLoc cmdEnv['X509_USER_KEY'] = self._secKeyLoc if 'X509_USER_PROXY' in cmdEnv: del cmdEnv['X509_USER_PROXY'] else: cmdEnv['X509_USER_PROXY'] = proxyLocation cmdArgs = [] cmdArgs.append("-s '%s'" % self._secServer) cmdArgs.append("-t '%s'" % (int(lifeTime / 3600))) cmdArgs.append("-a '%s'" % proxyLocation) cmdArgs.append("-o '%s'" % newProxyLocation) if useDNAsUserName: cmdArgs.append('-d') else: retVal = self._getUsername(chain) if not retVal['OK']: FileSec.deleteMultiProxy(proxyDict) return retVal mpUsername = retVal['Value'] cmdArgs.append('-l "%s"' % mpUsername) cmd = "myproxy-logon %s" % " ".join(cmdArgs) gLogger.verbose("myproxy-logon command:\n%s" % cmd) result = shellCall(self._secCmdTimeout, cmd, env=cmdEnv) FileSec.deleteMultiProxy(proxyDict) if not result['OK']: errMsg = "Call to myproxy-logon failed: %s" % result['Message'] FileSec.deleteMultiProxy(proxyDict) return S_ERROR(errMsg) status, output, error = result['Value'] # Clean-up files if status: errMsg = "Call to myproxy-logon failed" extErrMsg = 'Command: %s; StdOut: %s; StdErr: %s' % (cmd, result, error) FileSec.deleteMultiProxy(proxyDict) return S_ERROR("%s %s" % (errMsg, extErrMsg)) chain = X509Chain() retVal = chain.loadProxyFromFile(newProxyLocation) if not retVal['OK']: FileSec.deleteMultiProxy(proxyDict) return S_ERROR( "myproxy-logon failed when reading delegated file: %s" % retVal['Message']) FileSec.deleteMultiProxy(proxyDict) return S_OK(chain)
def getInfo(self, proxyChain, useDNAsUserName=False): """ Get info from myproxy server return S_OK( { 'username' : myproxyusername, 'owner' : owner DN, 'timeLeft' : secs left } ) / S_ERROR """ #TODO: Set the proxy coming in proxyString to be the proxy to use #Get myproxy username diracgroup:diracuser retVal = FileSec.multiProxyArgument(proxyChain) if not retVal['OK']: return retVal proxyDict = retVal['Value'] chain = proxyDict['chain'] proxyLocation = proxyDict['file'] # myproxy-get-delegation works only with environment variables cmdEnv = self._getExternalCmdEnvironment() if self._secRunningFromTrustedHost: cmdEnv['X509_USER_CERT'] = self._secCertLoc cmdEnv['X509_USER_KEY'] = self._secKeyLoc if 'X509_USER_PROXY' in cmdEnv: del cmdEnv['X509_USER_PROXY'] else: cmdEnv['X509_USER_PROXY'] = proxyLocation cmdArgs = [] cmdArgs.append("-s '%s'" % self._secServer) if useDNAsUserName: cmdArgs.append('-d') else: retVal = self._getUsername(chain) if not retVal['OK']: FileSec.deleteMultiProxy(proxyDict) return retVal mpUsername = retVal['Value'] cmdArgs.append('-l "%s"' % mpUsername) cmd = "myproxy-info %s" % " ".join(cmdArgs) gLogger.verbose("myproxy-info command:\n%s" % cmd) result = shellCall(self._secCmdTimeout, cmd, env=cmdEnv) FileSec.deleteMultiProxy(proxyDict) if not result['OK']: errMsg = "Call to myproxy-info failed: %s" % result['Message'] FileSec.deleteMultiProxy(proxyDict) return S_ERROR(errMsg) status, output, error = result['Value'] # Clean-up files if status: errMsg = "Call to myproxy-info failed" extErrMsg = 'Command: %s; StdOut: %s; StdErr: %s' % (cmd, result, error) return S_ERROR("%s %s" % (errMsg, extErrMsg)) infoDict = {} usernameRE = re.compile("username\s*:\s*(\S*)") ownerRE = re.compile("owner\s*:\s*(\S*)") timeLeftRE = re.compile("timeleft\s*:\s*(\S*)") for line in List.fromChar(output, "\n"): match = usernameRE.search(line) if match: infoDict['username'] = match.group(1) match = ownerRE.search(line) if match: infoDict['owner'] = match.group(1) match = timeLeftRE.search(line) if match: try: fields = List.fromChar(match.group(1), ":") fields.reverse() secsLeft = 0 for iP in range(len(fields)): if iP == 0: secsLeft += int(fields[iP]) elif iP == 1: secsLeft += int(fields[iP]) * 60 elif iP == 2: secsLeft += int(fields[iP]) * 3600 infoDict['timeLeft'] = secsLeft except Exception, x: print x
def setVOMSAttributes( self, proxy, attribute = None, vo = False ): """ Sets voms attributes to a proxy """ if not vo: vo = 'enmr.eu' if not vo: return S_ERROR( "No vo specified, and can't get default in the configuration" ) # set attribute amber group calcualtion #attribute = "/enmr.eu/amber" #attribute = "/enmr.eu/xplornih" #attribute = "" retVal = FileSec.multiProxyArgument( proxy ) if not retVal[ 'OK' ]: return retVal proxyDict = retVal[ 'Value' ] chain = proxyDict[ 'chain' ] proxyLocation = proxyDict[ 'file' ] secs = chain.getRemainingSecs()[ 'Value' ] - 300 if secs < 0: return S_ERROR( "Proxy length is less that 300 secs" ) hours = int( secs / 3600 ) mins = int( ( secs - hours * 3600 ) / 60 ) retVal = self._generateTemporalFile() if not retVal[ 'OK' ]: FileSec.deleteMultiProxy( proxyDict ) return retVal newProxyLocation = retVal[ 'Value' ] cmdArgs = [] cmdArgs.append( '-cert "%s.cert"' % proxyLocation ) cmdArgs.append( '-key "%s.key"' % proxyLocation ) cmdArgs.append( '-out "%s"' % newProxyLocation ) if attribute and attribute != 'NoRole': cmdArgs.append( '-voms "%s:%s"' % ( vo, attribute ) ) else: cmdArgs.append( '-voms "%s"' % vo ) cmdArgs.append( '--vomses /etc/vomses') cmdArgs.append( '-valid "%s:%s"' % ( "24", "00" ) ) #cmdArgs.append( '-valid "%s:%s"' % ( hours, mins ) ) tmpDir = False vomsesPath = self.getVOMSESLocation() if vomsesPath: cmdArgs.append( '-vomses "%s"' % vomsesPath ) cmd = '/usr/bin/voms-proxy-init %s' % " ".join( cmdArgs ) print "########VOMSPROXY###########" print cmd print "############################" result = shellCall( self._secCmdTimeout, cmd ) if tmpDir: shutil.rmtree( tmpDir ) FileSec.deleteMultiProxy( proxyDict ) if not result['OK']: self._unlinkFiles( newProxyLocation ) return S_ERROR( 'Failed to call voms-proxy-init' ) status, output, error = result['Value'] if status: self._unlinkFiles( newProxyLocation ) return S_ERROR( 'Failed to set VOMS attributes. Command: %s; StdOut: %s; StdErr: %s' % ( cmd, output, error ) ) newChain = X509Chain() retVal = newChain.loadProxyFromFile( newProxyLocation ) self._unlinkFiles( newProxyLocation ) if not retVal[ 'OK' ]: return S_ERROR( "Can't load new proxy: %s" % retVal[ 'Message' ] ) return S_OK( newChain )
def exec_cmd(self, cmd): cmdEnv = self._getExternalCmdEnvironment() result = shellCall(self._secCmdTimeout, cmd, env=cmdEnv) return result['Value']