示例#1
0
        def DBSave(self):
            try:
                sSQL = "update login_security_settings set" \
                    " pass_max_age='" + self.PassMaxAge + "'," \
                    " pass_max_attempts='" + self.PassMaxAttempts + "'," \
                    " pass_max_length='" + self.PassMaxLength + "'," \
                    " pass_min_length='" + self.PassMinLength + "'," \
                    " pass_complexity='" + ("1" if catocommon.is_true(self.PassComplexity) else "0") + "'," \
                    " pass_age_warn_days='" + self.PassAgeWarn + "'," \
                    " pass_history = '" + self.PasswordHistory + "'," \
                    " pass_require_initial_change='" + ("1" if catocommon.is_true(self.PassRequireInitialChange) else "0") + "'," \
                    " auto_lock_reset='" + ("1" if catocommon.is_true(self.AutoLockReset) else "0") + "'," \
                    " login_message='" + self.LoginMessage.replace("'", "''") + "'," \
                    " auth_error_message='" + self.AuthErrorMessage.replace("'", "''").replace(";", "") + "'," \
                    " new_user_email_message='" + self.NewUserMessage.replace("'", "''").replace(";", "") + "'," \
                    " page_view_logging='" + ("1" if catocommon.is_true(self.PageViewLogging) else "0") + "'," \
                    " report_view_logging='" + ("1" if catocommon.is_true(self.ReportViewLogging) else "0") + "'," \
                    " allow_login='******'" \
                    " where id = 1"

                db = catocommon.new_conn()
                if not db.exec_db_noexcep(sSQL):
                    return False, db.error
            
                return True, ""
            except Exception, ex:
                raise Exception(ex)
                print ex
示例#2
0
 def __init__(self):
     try:
         sSQL = "select pass_max_age, pass_max_attempts, pass_max_length, pass_min_length, pass_age_warn_days," \
                 " auto_lock_reset, login_message, auth_error_message, pass_complexity, pass_require_initial_change, pass_history," \
                 " page_view_logging, report_view_logging, allow_login, new_user_email_message" \
                 " from login_security_settings" \
                 " where id = 1"
         
         db = catocommon.new_conn()
         row = db.select_row_dict(sSQL)
         if row:
             self.PassMaxAge = row["pass_max_age"]
             self.PassMaxAttempts = row["pass_max_attempts"]
             self.PassMaxLength = row["pass_max_length"]
             self.PassMinLength = row["pass_min_length"]
             self.PassComplexity = catocommon.is_true(row["pass_complexity"])
             self.PassAgeWarn = row["pass_age_warn_days"]
             self.PasswordHistory = row["pass_history"]
             self.PassRequireInitialChange = catocommon.is_true(row["pass_require_initial_change"])
             self.AutoLockReset = row["auto_lock_reset"]
             self.LoginMessage = row["login_message"]
             self.AuthErrorMessage = row["auth_error_message"]
             self.NewUserMessage = row["new_user_email_message"]
             self.PageViewLogging = catocommon.is_true(row["page_view_logging"])
             self.ReportViewLogging = catocommon.is_true(row["report_view_logging"])
             self.AllowLogin = catocommon.is_true(row["allow_login"])
     except Exception, ex:
         raise Exception(ex)
示例#3
0
    def delete_task(self, args):
        """Deletes all versions of a Task.

Required Arguments: 

* `task` - Either the Task ID or Name.

Optional Arguments:

* `force_delete` - Delete the Task, even if there are historical rows and references.  (Valid values: 1, yes, true)

Returns: Nothing if successful, error messages on failure.
"""
        # this is a admin function
        if not api._ADMIN:
            return R(err_code=R.Codes.Forbidden, err_msg="Only Administrators can perform this function.")
        
        required_params = ["task"]
        has_required, resp = api.check_required_params(required_params, args)
        if not has_required:
            return resp

        force = catocommon.is_true(args.get("force_delete"))

        obj = task.Task()
        obj.FromNameVersion(name=args["task"], include_code=False)

        if not api.is_object_allowed(obj.ID, catocommon.CatoObjectTypes.Task):
            return R(err_code=R.Codes.Forbidden, err_msg="You do not have access to the details of this Task.")
            
        task.Tasks.Delete(["'%s'" % obj.ID], force)
        
        catocommon.write_delete_log(api._USER_ID, catocommon.CatoObjectTypes.Task, obj.ID, obj.Name, "Deleted via API.")
        return R(response="[%s] successfully deleted." % obj.Name)
示例#4
0
    def SetNodeText(self, xpath, value, encrypt):
        try:
            if self.xml_tree is None:
                return False, "Registry object has no xml document."
            
            # if the xpath is "registry" or "" ... can't delete the root element
            if xpath == "registry" or xpath == "":
                return False, "Cannot set text on the root registry element."
                
            x_to_set = self.xml_tree.find(xpath)
            if x_to_set is not None:
                # setting the text on an element clears any children
                # we don't allow mixed content
                x_to_set.clear()
                
                # should we encrypt
                if catocommon.is_true(encrypt):
                    value = catocommon.cato_encrypt(value)
                    #encrypting also sets an attribute defining the data as such
                    x_to_set.set("encrypt", encrypt)
                    
                x_to_set.text = (value.replace("\\","\\\\") if value is not None else "")

                # update the xml_text in case we intend to keep using this object
                self.xml_text = ET.tostring(self.xml_tree)
                
                result, msg = self.DBSave()
                if not result:
                    return False, msg
            else:
                return False, "Unable to update - path [%s] was not found in registry." % xpath
            
            return True, ""
        except Exception, ex:
            raise Exception(ex)
示例#5
0
文件: asset.py 项目: AsherBond/cato
 def HasHistory(asset_id):
     """Returns True if the asset has historical data."""
     db = catocommon.new_conn()
     sql = "select count(*) from task_instance where asset_id = %s"
     iResults = db.select_col(sql, (asset_id))
     db.close()        
     return catocommon.is_true(iResults)
示例#6
0
        def DBSave(self):
            try:
                """ The messenger has some special considerations when updating!
                
                ($#d@x!&
                
                ^^^ can't even use that, it was messing up the web.py templator - do something else
                
                """
                sSQL = """update messenger_settings set mode_off_on='{0}', 
                    loop_delay_sec={1}, retry_delay_min={2}, retry_max_attempts={3}, 
                    smtp_server_addr='{4}', smtp_server_user='******', smtp_server_port={6}, 
                    from_email='{7}', from_name='{8}', admin_email='{9}'"""
                # only update password if it has been changed.
                sPasswordFiller = "~!@@!~"
                if self.SMTPUserPassword != sPasswordFiller:
                    sSQL += ",smtp_server_password='******'";

                sSQL = sSQL.format(("1" if catocommon.is_true(self.Enabled) else "0"), 
                       str(self.PollLoop), str(self.RetryDelay),
                        str(self.RetryMaxAttempts), self.SMTPServerAddress, self.SMTPUserAccount, 
                        str(self.SMTPServerPort), self.FromEmail, self.FromName, self.AdminEmail, 
                        catocommon.cato_encrypt(self.SMTPUserPassword))

                db = catocommon.new_conn()
                if not db.exec_db_noexcep(sSQL):
                    return False, db.error
            
                return True, ""
            except Exception, ex:
                print ex.__str__()
                raise Exception(ex)
示例#7
0
def IsObjectAllowed(object_id, object_type):
    # if permissions checking is turned off, everything is allowed
    if catoconfig.CONFIG["ui_permissions"] == "false":
        return True

    # given a task id, we need to find the original task id,
    # then check if the user can see it based on tags
    if GetSessionUserRole() == "Administrator":
        return True

    if not object_id or not object_type:
        log("Invalid or missing Object ID or Object Type.")
        return False

    sql = """select 1 from object_tags otu
        join object_tags oto on otu.tag_name = oto.tag_name
        where (otu.object_type = 1)
        and otu.object_id = %s
        and oto.object_type = %s
        and oto.object_id = %s"""

    uid = GetSessionUserID()
    db = catocommon.new_conn()
    result = db.select_col_noexcep(sql, (uid, object_type, object_id))
    db.close()

    return catocommon.is_true(result)
示例#8
0
        def DBSave(self):
            self.PassComplexity = catocommon.is_true(self.PassComplexity)
            self.PassRequireInitialChange = catocommon.is_true(self.PassRequireInitialChange)
            self.PageViewLogging = catocommon.is_true(self.PageViewLogging)
            self.ReportViewLogging = catocommon.is_true(self.ReportViewLogging)
            self.AllowLogin = catocommon.is_true(self.AllowLogin)

            self.PassMaxAge = int(self.PassMaxAge) if str(self.PassMaxAge).isdigit() else 90
            self.PassMaxAttempts = int(self.PassMaxAttempts) if str(self.PassMaxAttempts).isdigit() else 30
            self.PassMaxLength = int(self.PassMaxLength) if str(self.PassMaxLength).isdigit() else 32
            self.PassMinLength = int(self.PassMinLength) if str(self.PassMinLength).isdigit() else 8
            self.PassAgeWarn = int(self.PassAgeWarn) if str(self.PassAgeWarn).isdigit() else 15
            self.PasswordHistory = int(self.PasswordHistory) if str(self.PasswordHistory).isdigit() else 5
            self.AutoLockReset = int(self.AutoLockReset) if str(self.AutoLockReset).isdigit() else 1
            
            settings.set_application_section("security", json.dumps(self.__dict__))
            return True
示例#9
0
    def DBCreateNew(sUsername, sFullName, sAuthType, sPassword, sGeneratePW, sForcePasswordChange, sUserRole, sEmail, sStatus, sGroupArray):
        try:
            # TODO: All the password testing, etc.
            db = catocommon.new_conn()

            sNewID = catocommon.new_guid()

            if sAuthType == "local":
                if sPassword:
                    if sPassword:
                        result, msg = User.ValidatePassword(None, sPassword)
                        if result:
                            sEncPW = "'%s'" % catocommon.cato_encrypt(sPassword)
                        else:
                            return None, msg
                elif catocommon.is_true(sGeneratePW):
                    sEncPW = "'%s'" % catocommon.cato_encrypt(catocommon.generate_password())
                else:
                    return None, "A password must be provided, or check the box to generate one."
            elif sAuthType == "ldap":
                sEncPW = " null"
            
            sSQL = "insert into users" \
                " (user_id, username, full_name, authentication_type, force_change, email, status, user_role, user_password)" \
                " values ('" + sNewID + "'," \
                "'" + sUsername + "'," \
                "'" + sFullName + "'," \
                "'" + sAuthType + "'," \
                "'" + sForcePasswordChange + "'," \
                "'" + (sEmail if sEmail else "") + "'," \
                "'" + sStatus + "'," \
                "'" + sUserRole + "'," \
                "" + sEncPW + "" \
                ")"
            
            if not db.tran_exec_noexcep(sSQL):
                if db.error == "key_violation":
                    return None, "A User with that Login ID already exists.  Please select another."
                else: 
                    return None, db.error

            db.tran_commit()
            
            if sGroupArray:
                # if we can't create groups we don't actually fail...
                for tag in sGroupArray:
                    sql = "insert object_tags (object_type, object_id, tag_name) values (1, '%s','%s')" % (sNewID, tag)
                    if not db.exec_db_noexcep(sql):
                        print "Error creating Groups for new user %s." % sNewID
            
            # now it's inserted... lets get it back from the db as a complete object for confirmation.
            u = User()
            u.FromID(sNewID)
            u.AddPWToHistory(sEncPW)
            
            return u, None
        except Exception, ex:
            raise ex
示例#10
0
    def GET(self):
        args = web.input()
        db = catocommon.new_conn()

        out = []
        out.append("Configuring Cato...\n\n")

        # should we create the Administrator account
        msg = "Administrator Account:"
        out.append(msg)
        logger.info(msg)
        sql = "select count(*) from users where username = '******'"
        cnt = db.select_col_noexcep(sql)
        if not cnt:
            msg = "    Configuring Administrator account..."
            out.append(msg)
            logger.info(msg)
            pw = catocommon.cato_encrypt("password")
            sql = """INSERT INTO users
                (user_id, username, full_name, status, authentication_type, failed_login_attempts, force_change, email, user_role, user_password)
                VALUES (
                '0002bdaf-bfd5-4b9d-82d1-fd39c2947d19','administrator','Administrator',1,'local',0,1,'','Administrator',%s
                )"""
            db.exec_db_noexcep(sql, (pw))

            sql = """INSERT INTO user_password_history (user_id, change_time, password)
                VALUES ('0002bdaf-bfd5-4b9d-82d1-fd39c2947d19',now(),%s)"""
            db.exec_db_noexcep(sql, (pw))

            msg = "    ... done."
            out.append(msg)
            logger.info(msg)

        else:
            msg = "    ... exists ... not changing."
            out.append(msg)
            logger.info(msg)

        # should we create AWS clouds?
        if catocommon.is_true(args.get("createclouds")):
            from catocloud import cloud
            msg = "Checking Static Clouds..."
            out.append(msg)
            logger.info(msg)
            success = cloud.create_static_clouds()
            if success:
                msg = "    ... done."
                out.append(msg)
                logger.info(msg)
            else:
                msg = "    Errors occurred while creating Clouds.  Please check the REST API logfile for details."
                out.append(msg)
                logger.info(msg)

        db.close()
        out.append("\n")
        return "\n".join(out)
示例#11
0
        def DBSave(self):
            self.Enabled = catocommon.is_true(self.Enabled)

            self.LoopDelay = int(self.LoopDelay) if str(self.LoopDelay).isdigit() else 10
            self.ScheduleMinDepth = int(self.ScheduleMinDepth) if str(self.ScheduleMinDepth).isdigit() else 10
            self.ScheduleMaxDays = int(self.ScheduleMaxDays) if str(self.ScheduleMaxDays).isdigit() else 90

            settings.set_application_section("maestroscheduler", json.dumps(self.__dict__))
            return True
示例#12
0
文件: cskui.py 项目: AsherBond/cato
def main():
    # CATOPROCESS STARTUP

    dbglvl = 20
    if "csk_ui_debug" in catoconfig.CONFIG:
        try:
            dbglvl = int(catoconfig.CONFIG["csk_ui_debug"])
        except:
            raise Exception("csk_ui_debug setting in cato.conf must be an integer between 0-50.")
    catolog.DEBUG = dbglvl

    # this is a service, which has a db connection.
    # but we're not gonna use that for gui calls - we'll make our own when needed.
    server = catoprocess.CatoService(app_name)
    server.startup()

    # now that the service is set up, we'll know what the logfile name is.
    # so reget the logger
    logger = catolog.get_logger(app_name)
    catolog.set_debug(dbglvl)

    logger.info("Velocity UI - Version %s" % catoconfig.VERSION)
    logger.info("DEBUG set to %d..." % dbglvl)

    # WEB.PY STARTUP
    if "csk_ui_port" in catoconfig.CONFIG:
        port = catoconfig.CONFIG["csk_ui_port"]
        sys.argv.append(port)

    # enable ssl?
    if catocommon.is_true(catoconfig.CONFIG.get("csk_ui_use_ssl")):
        logger.info("Using SSL/TLS...")
        sslcert = catoconfig.CONFIG.get("csk_ui_ssl_cert", os.path.join(catoconfig.CONFDIR, "cato.crt"))
        sslkey = catoconfig.CONFIG.get("csk_ui_ssl_key", os.path.join(catoconfig.CONFDIR, "cato.key"))
        try:
            with open(sslcert):
                pass
            logger.debug("SSL Certificate [%s]" % sslcert)
            CherryPyWSGIServer.ssl_certificate = sslcert
        except:
            raise Exception("SSL Certificate not found at [%s]" % sslcert)
        try:
            with open(sslkey):
                pass
            logger.debug("SSL Key [%s]" % sslkey)
            CherryPyWSGIServer.ssl_private_key = sslkey
        except:
            raise Exception("SSL Key not found at [%s]" % sslcert)
    else:
        logger.info("Using standard HTTP. (Set csk_ui_use_ssl to 'true' in cato.conf to enable SSL/TLS.)")

    app.add_processor(auth_app_processor)
    app.notfound = notfound

    app.run()
示例#13
0
        def DBSave(self):
            """ 
            The messenger has some special considerations when updating!
            """
            self.Enabled = catocommon.is_true(self.Enabled)
            self.SMTPLegacySSL = catocommon.is_true(self.SMTPLegacySSL)

            self.PollLoop = int(self.PollLoop) if str(self.PollLoop).isdigit() else 30
            self.RetryDelay = int(self.RetryDelay) if str(self.RetryDelay).isdigit() else 5
            self.RetryMaxAttempts = int(self.RetryMaxAttempts) if str(self.RetryMaxAttempts).isdigit() else 3
            self.SMTPServerPort = int(self.SMTPServerPort) if str(self.SMTPServerPort).isdigit() else 25
            self.SMTPConnectionTimeout = int(self.SMTPConnectionTimeout) if str(self.SMTPConnectionTimeout).isdigit() else 30

            # only update password if it has been changed.  This "filler" is set in the gui to show stars so ignore it.
            if self.SMTPUserPassword and self.SMTPUserPassword != "~!@@!~":
                self.SMTPUserPassword = catocommon.cato_encrypt(self.SMTPUserPassword)

            # don't put these in the settings, they're utility
            del self.SMTPPasswordConfirm

            settings.set_application_section("messenger", json.dumps(self.__dict__))
            return True
示例#14
0
    def wmGetProvidersList(self):
        sUserDefinedOnly = uiCommon.getAjaxArg("sUserDefinedOnly")
        sHTML = ""
        cp = cloud.CloudProviders(include_clouds=False, include_products=False)
        if cp:
            for name, p in cp.iteritems():
                if catocommon.is_true(sUserDefinedOnly):
                    if p.UserDefinedClouds:
                        sHTML += "<option value=\"" + name + "\">" + name + "</option>"
                else:
                    sHTML += "<option value=\"" + name + "\">" + name + "</option>"

        return sHTML
示例#15
0
    def AuthenticateToken(self, token, client_ip):
        """
        The rules for authenticating from a token are different than uid/pwd.
        """
        self.ClientIP = client_ip
        
        # tokens are only allowed if the configuration file says so.
        if catocommon.is_true(catoconfig.CONFIG.get("ui_enable_tokenauth")):
            db = catocommon.new_conn()
            
            # check the token here - looking it up will return a user_id if it's still valid
            sql = "select user_id, created_dt from api_tokens where token = %s" 
            row = db.select_row_dict(sql, (token))
            
            if not row:
                return False, "invalid token"
            if not row["created_dt"] or not row["user_id"]:
                return False, "invalid token"
            
            # check the expiration date of the token
            now_ts = datetime.utcnow()
            
            mins = 30
            try:
                mins = int(catoconfig.CONFIG.get("ui_token_lifespan"))
            except:
                logger.warning("Config setting [ui_token_lifespan] not found or is not a number.  Using the default (30 minutes).")
            
            if (now_ts - row["created_dt"]) > timedelta(minutes=mins):
                logger.warning("The provided login token has expired. Tokens are good for %s minutes." % (mins))
                return False, "expired"
            
            # at the moment, UI tokens can't be kept current.  Once they expire they're gone.
#             # still all good?  Update the created_dt.
#             sql = """update api_tokens set created_dt = str_to_date('{0}', '%%Y-%%m-%%d %%H:%%i:%%s')
#                 where user_id = '{1}'""".format(now_ts, row["user_id"])
#             db.exec_db(sql)
#                 

            self.PopulateUser(user_id=row["user_id"])
        
            # Check for "locked" or "disabled" status
            if self.Status < 1:
                return False, "disabled"

            db.close()
            
            self._create_user_session()
            return True, ""
        else:
            return False, None
示例#16
0
 def __init__(self):
     try:
         sSQL = "select mode_off_on, loop_delay_sec, max_processes" \
             " from poller_settings" \
             " where id = 1"
         
         db = catocommon.new_conn()
         row = db.select_row_dict(sSQL)
         if row:
             self.Enabled = catocommon.is_true(row["mode_off_on"])
             self.LoopDelay = row["loop_delay_sec"]
             self.MaxProcesses = row["max_processes"]
     except Exception, ex:
         raise Exception(ex)
示例#17
0
        def DBSave(self):
            try:
                sSQL = "update poller_settings set" \
                    " mode_off_on='" + ("1" if catocommon.is_true(self.Enabled) else "0") + "'," \
                    " loop_delay_sec='" + str(self.LoopDelay) + "'," \
                    " max_processes='" + str(self.MaxProcesses) + "'"

                db = catocommon.new_conn()
                if not db.exec_db_noexcep(sSQL):
                    return False, db.error
            
                return True, ""
            except Exception, ex:
                raise Exception(ex)
示例#18
0
 def __init__(self):
     try:
         sSQL = "select mode_off_on, loop_delay_sec, schedule_min_depth, schedule_max_days, clean_app_registry" \
             " from scheduler_settings" \
             " where id = 1"
         
         db = catocommon.new_conn()
         row = db.select_row_dict(sSQL)
         if row:
             self.Enabled = catocommon.is_true(row["mode_off_on"])
             self.LoopDelay = row["loop_delay_sec"]
             self.ScheduleMinDepth = row["schedule_min_depth"]
             self.ScheduleMaxDays = row["schedule_max_days"]
             self.CleanAppRegistry = row["clean_app_registry"]
     except Exception, ex:
         raise Exception(ex)
示例#19
0
        def DBSave(self):
            try:
                sSQL = "update scheduler_settings set" \
                " mode_off_on='" + ("1" if catocommon.is_true(self.Enabled) else "0") + "'," \
                " loop_delay_sec='" + str(self.LoopDelay) + "'," \
                " schedule_min_depth='" + str(self.ScheduleMinDepth) +"'," \
                " schedule_max_days='" + str(self.ScheduleMaxDays) +"'," \
                " clean_app_registry = '" + str(self.CleanAppRegistry) + "'"

                db = catocommon.new_conn()
                if not db.exec_db_noexcep(sSQL):
                    return False, db.error
            
                return True, ""
            except Exception, ex:
                raise Exception(ex)
示例#20
0
    def wmGetProvidersList(self):
        try:
            sUserDefinedOnly = uiCommon.getAjaxArg("sUserDefinedOnly")
            sHTML = ""
            cp = providers.CloudProviders()
            if cp:
                for name, p in cp.iteritems():
                    if catocommon.is_true(sUserDefinedOnly):
                        if p.UserDefinedClouds:
                            sHTML += "<option value=\"" + name + "\">" + name + "</option>"
                    else:
                        sHTML += "<option value=\"" + name + "\">" + name + "</option>"

            return sHTML
        except Exception:
            uiCommon.log_nouser(traceback.format_exc(), 0)
            return traceback.format_exc()
示例#21
0
 def wmGetProvidersList(self):
     try:
         sUserDefinedOnly = uiCommon.getAjaxArg("sUserDefinedOnly")
         sHTML = ""
         cp = providers.CloudProviders()
         if cp:
             for name, p in cp.iteritems():
                 if catocommon.is_true(sUserDefinedOnly):
                     if p.UserDefinedClouds:
                         sHTML += "<option value=\"" + name + "\">" + name + "</option>"
                 else:
                     sHTML += "<option value=\"" + name + "\">" + name + "</option>"
 
                 
         return sHTML
     except Exception:
         uiCommon.log_nouser(traceback.format_exc(), 0)
         return traceback.format_exc()
示例#22
0
    def wmAssetSearch(self):
        sFilter = uiCommon.getAjaxArg("sSearch")
        sAllowMultiSelect = uiCommon.getAjaxArg("bAllowMultiSelect")
        bAllowMultiSelect = catocommon.is_true(sAllowMultiSelect)

        a = asset.Assets(sFilter)
        if a.rows:
            sHTML = "<hr />"

            iRowsToGet = len(a.rows)

            if iRowsToGet == 0:
                sHTML += "No results found"
            else:
                if iRowsToGet >= 100:
                    sHTML += "<div>Search found " + iRowsToGet + " results.  Displaying the first 100.</div>"
                    iRowsToGet = 99

                sHTML += "<ul id=\"search_asset_ul\" class=\"search_dialog_ul\">"

                i = 0
                for row in a.rows:
                    if i > iRowsToGet:
                        break

                    sHTML += "<li class=\"ui-widget-content ui-corner-all search_dialog_value\" tag=\"asset_picker_row\"" \
                        " asset_id=\"" + row["ID"] + "\"" \
                        " asset_name=\"" + row["Name"] + "\"" \
                        "\">"
                    sHTML += "<div class=\"search_dialog_value_name\">"
                    if bAllowMultiSelect:
                        sHTML += "<input type='checkbox' name='assetcheckboxes' id='assetchk_" + row["ID"] + "' value='assetchk_" + row["ID"] + "'>"
                    sHTML += "<span>" + row["Name"] + "</span>"
                    sHTML += "</div>"

                    sHTML += "<span class=\"search_dialog_value_inline_item\">Address: " + row["Address"] + "</span>"

                    sHTML += "</li>"

                    i += 1

            sHTML += "</ul>"

        return sHTML
示例#23
0
 def __init__(self):
     try:
         sSQL = "select mode_off_on, loop_delay_sec, retry_delay_min, retry_max_attempts," \
             " smtp_server_addr, smtp_server_user, smtp_server_password, smtp_server_port, from_email, from_name, admin_email" \
             " from messenger_settings" \
             " where id = 1"
         
         db = catocommon.new_conn()
         row = db.select_row_dict(sSQL)
         if row:
             self.Enabled = catocommon.is_true(row["mode_off_on"])
             self.PollLoop = row["loop_delay_sec"]
             self.RetryDelay = row["retry_delay_min"]
             self.RetryMaxAttempts = row["retry_max_attempts"]
             self.SMTPServerAddress = row["smtp_server_addr"]
             self.SMTPUserAccount = row["smtp_server_user"]
             self.SMTPUserPassword = catocommon.cato_decrypt(row["smtp_server_password"])
             self.SMTPServerPort = row["smtp_server_port"]
             self.FromEmail = row["from_email"]
             self.FromName = row["from_name"]
             self.AdminEmail = row["admin_email"]
     except Exception, ex:
         raise Exception(ex)
示例#24
0
def GetLog():
    """
    delivers an html page with a refresh timer.  content is the last n rows of the logfile
    """
    lines = getAjaxArg("lines")
    lines = lines if lines else "100"

    refresh = 30
    r = getAjaxArg("refresh")
    if r:
        try:
            refresh = int(r)
        except:
            pass

    instance = getAjaxArg("instance")

    # if 'process' is omitted, return the logfile for this process
    process = getAjaxArg("process")
    selected = process
    if process:
        if process in ["task_instance", "sequence_instance"]:
            d = process.replace("task_instance", "te").replace("sequence_instance", "se")
            process = os.path.join(catolog.LOGPATH, "%s/%s.log" % (d, instance))
        else:
            process = os.path.join(catolog.LOGPATH, "%s.log" % (process))
    else:
        process = catolog.LOGFILE

    buf = os.popen("tail -n %s %s" % (lines, process)).readlines()

    # the 'raw' flag means just return the actual buffer, no markup
    if catocommon.is_true(getAjaxArg("raw")):
        return "".join(buf)

    # if it's not raw, it's reversed
    buf = reversed(buf)

    # this is just easier here
    svcs = [
        "cato_admin_ui",
        "cato_canvas_api",
        "cato_depmarshall",
        "cato_messenger",
        "cato_poller",
        "cato_rest_api",
        "cato_scheduler",
        "cato_user_ui",
        "csk_ui",
        "csk_cd_ui",
        "csk_job_handler",
        "csk_metrics",
        "csk_msghub",
        "maestro_newsfeed_api",
        "maestro_scheduler",
        "task_instance",
        "sequence_instance"
        ]

    pickerhtml = ""
    for x in svcs:
        sel = "selected='selected'" if x in selected else ""
        pickerhtml += '<option %s value="%s">%s</option>' % (sel, x, x)

    html = """<!DOCTYPE html>
    <html>
        <head>
            <title>log - velocity</title>
            <style>
                body {
                    word-wrap: break-word;
                }
            </style>
            <script type="text/javascript">
                function enter(e) {
                    if ( typeof e == 'undefined' && window.event) {
                        e = window.event;
                    }
                    if (e.keyCode == 13) {
                        refresh();
                    }
                }
                function showte() {
                    var p = document.getElementById('process').value;
                    if (p === "task_instance" || p === "sequence_instance") {
                        document.getElementById('instancespan').style.display="";
                    } else {
                        document.getElementById('instancespan').style.display="none";
                    }
                }
                function refresh() {
                    var url = "getlog?";
                    
                    var nl = document.getElementById('num_lines').value;
                    if (nl) {
                        url = url + "&lines=" + nl;
                    }

                    var r = document.getElementById('ref_secs').value;
                    if (r) {
                        url = url + "&refresh=" + r;
                    }

                    var p = document.getElementById('process').value;
                    url = url + "&process=" + p;

                    var i = document.getElementById('instance').value;
                    if (i) {
                        url = url + "&instance=" + i;
                    }

                    location.href = url;
                }
            </script>
        </head>
        <body>
            Lines: <input type="text" id="num_lines" onkeypress="enter(event);" value="%s" />
            Refresh: <input type="text" id="ref_secs" onkeypress="enter(event);" value="%s" />
            Service: <select id="process" onchange="showte();">%s</select>
            <span id="instancespan" style="display: none;">Instance: <input type="text" id="instance" onkeypress="enter(event);" value="%s" /></span>
            <button onclick="refresh();">Go</button>
            <hr>
            <h4>%s</h4>
            <pre>%s</pre>
            <div style="height: 20px;"></div>
            <script>
                setInterval(function() {location.reload();}, %d*1000);
                showte();
            </script>
        </body>
    </html>
    """ % (lines, refresh, pickerhtml, instance, process, "".join(buf), refresh)

    return html
示例#25
0
 def DBSave(self):
     self.Enabled = catocommon.is_true(self.Enabled)
     self.LoopDelay = int(self.LoopDelay) if str(self.LoopDelay).isdigit() else 10
     self.Debug = int(self.Debug) if str(self.Debug).isdigit() else 20
     settings.set_application_section("marshaller", json.dumps(self.__dict__))
     return True
示例#26
0
    def reset_password(self, args):
        """Resets the password of the authenticated, or a specified User.

If a user is specified, and the authenticated user is an Administrator, 
this will reset the password of the specified user to the provided value.

If no user is specified, the password of the authenticated user will be changed.

NOTE: to prevent accidental change of an Administrators password, an extra trap is in place:
    * the username (or id) MUST be provided, even if the authenticated user 
        is the user being changed.

Required Arguments: 

* `password` - the new password.
* - OR -
* `generate` - generate a random password.

Optional Arguments:

* `user` - Either the User ID or Name.

Returns: Success message if successful, error messages on failure.
"""
        user = args.get("user")
        new_pw = args.get("password")
        generate = catocommon.is_true(args.get("generate"))

        # this is a admin function, kick out 
        if user and not api._ADMIN:
            return R(err_code=R.Codes.Forbidden, err_msg="Only Administrators can perform this function.")

        # the only way to reset an "Administrator" role password
        # is to BE an Administrator and SPECIFY a user, even if the user is you
        if not user and api._ADMIN:
            return R(err_code=R.Codes.Forbidden, err_detail="Administrators must specify a user to change.")

        if not new_pw and not generate:
            return R(err_code=R.Codes.Exception, err_detail="A password must be provided, or 'generate' must be true.")

        obj = catouser.User()
        obj.FromName(user)

        if obj.ID:
            # if a password was provided, or the random flag was set...exclusively
            if new_pw:
                # if the user requesting the change *IS* the user being changed...
                # set force_change to False
                force = True
                if obj.ID == api._USER_ID:
                    force = False
                    
                obj.ChangePassword(new_password=new_pw, force_change=force)
            elif generate:
                obj.ChangePassword(generate=generate)
        else:
            return R(err_code=R.Codes.GetError, err_detail="Unable to update password.")

        
        catocommon.write_change_log(api._USER_ID, catocommon.CatoObjectTypes.User, obj.ID, obj.FullName, "Password change/reset via API.")
        return R(response="[%s] password operation successful." % obj.FullName)
示例#27
0
 def DBSave(self):
     self.Enabled = catocommon.is_true(self.Enabled)
     self.LoopDelay = int(self.LoopDelay) if str(self.LoopDelay).isdigit() else 3
     self.MaxProcesses = int(self.MaxProcesses) if str(self.MaxProcesses).isdigit() else 32
     settings.set_application_section("poller", json.dumps(self.__dict__))
     return True
示例#28
0
    def create_user(self, args):
        """Creates a new user account.

Only an 'Administrator' can create other users.  If the credentials used for this API call 
are not an Administrator, the call will not succeed.

Required Arguments: 

* `user` - A login name for the user.
* `name` - The full name of the user.
* `role` - The users role.  Valid values: 
    
    * Administrator
    * Developer
    * User

Optional Arguments:

* `password` - Password for the user. If password is not provided, a random password will be generated.
* `email` - Email address for the user.  Required if 'password' is omitted.
* `authtype` - 'local' or 'ldap'.  Default is 'local' if omitted.
* `forcechange` - Require user to change password. Default is 'true' if omitted. (Valid values: 'true' or 'false')
* `status` - Status of the new account. Default is 'enabled' if omitted. (Valid values: enabled, disabled, locked)
* `expires` - Expiration date for this account.  Default is 'never expires'. Must be in mm/dd/yyyy format.
* `groups` - A list of groups the user belongs to. Group names cannot contain spaces. Comma delimited list.
* `get_token` - If true, will return an automatic login token.  (Valid values: 1, yes, true)

Returns: A [User Object](restapi/api-response-objects.html#User){:target="_blank"}.
"""

        # this is a admin function, kick out 
        if not api._ADMIN:
            return R(err_code=R.Codes.Forbidden, err_msg="Only Administrators can perform this function.")

        # define the required parameters for this call
        required_params = ["user", "name", "role"]
        has_required, resp = api.check_required_params(required_params, args)
        if not has_required:
            return resp

        generate = True if not args.get("password") else False
        if generate and not args.get("email"):
            return R(err_code=R.Codes.Exception, err_detail="Email is required if password is omitted.")

        status = args.get("status", 1)  # default if omitted is 'enabled'

        groups = args.get("groups").split(",") if args.get("groups") else None
        
        # validate the expiration date is properly formatted, otherwise pass None
        import dateutil.parser as parser
        expiration_dt = None
        try:
            tmp = parser.parse(args.get("expires"))
            expiration_dt = tmp.strftime("%m/%d/%Y")
        except:
            pass

        obj = catouser.User.DBCreateNew(username=args["user"],
                                        fullname=args["name"],
                                        role=args["role"],
                                        password=args.get("password"),
                                        generatepw=generate,
                                        authtype=args.get("authtype"),
                                        forcechange=args.get("forcechange"),
                                        email=args.get("email"),
                                        status=status,
                                        expires=expiration_dt,
                                        groups=groups)
        
        # do we get a login token?
        if catocommon.is_true(args.get("get_token")):
            obj.GetToken()

        if obj:
            catocommon.write_add_log(api._USER_ID, catocommon.CatoObjectTypes.User, obj.ID, obj.LoginID, "User created by API.")
            if args.get("output_format") == "json":
                return R(response=obj.AsJSON())
            elif args.get("output_format") == "text":
                return R(response=obj.AsText(args.get("output_delimiter"), args.get("header")))
            else:
                return R(response=obj.AsXML())
        else:
            return R(err_code=R.Codes.CreateError, err_detail="Unable to create User.")
示例#29
0
    def DBCreateNew(username, fullname, role, password, generatepw, authtype="local", forcechange=1, email=None, status=1, expires=None, groups=None):
        # TODO: All the password testing, etc.
        db = catocommon.new_conn()

        # all sorts of validation
        if re.match("^[\a-zA-Z0-9_.-@]+$", username) is None:
            raise Exception("Usernames cannot contain spaces or any characters other than letters, numbers or these chars [_.@-].")

        newid = catocommon.new_guid()
        authtype = authtype if authtype else "local"
        forcechange = 0 if forcechange == 0 or forcechange == "0" else 1
        email = email if email else ""
        encpw = None
        
        if authtype == "local":
            if password:
                result, msg = User.ValidatePassword(None, password)
                if result:
                    encpw = catocommon.cato_encrypt(password)
                else:
                    raise Exception(msg)
            elif catocommon.is_true(generatepw):
                encpw = catocommon.cato_encrypt(catocommon.generate_password())
            else:
                raise Exception("A password must be provided, or check the box to generate one.")

        if role not in ("Administrator", "Developer", "User"):
            raise Exception("Role must be 'Administrator', 'Developer', or 'User'.")
        
        pw2insert = "'%s'" % encpw if encpw else " null"
        ex2insert = ("str_to_date('{0}', '%%m/%%d/%%Y')".format(expires) if expires else " null")
        sql = """insert into users
            (user_id, username, full_name, authentication_type, force_change, email, status, user_role, user_password, expiration_dt)
            values ('%s', '%s', '%s', '%s', %s, '%s', '%s', '%s', %s, %s)""" % (newid, username, fullname, authtype, forcechange,
                email, status, role, pw2insert, ex2insert)

        if not db.tran_exec_noexcep(sql):
            if db.error == "key_violation":
                raise Exception("A User with that Login ID already exists.  Please select another.")
            else: 
                raise Exception(db.error)

        db.tran_commit()
        
        if groups:
            # if we can't create groups we don't actually fail...
            sql = "select group_concat(tag_name order by tag_name separator ',') as tags from tags"
            alltags = db.select_col_noexcep(sql)
            if alltags:
                alltags = alltags.split(",")
                for tag in groups:
                    if tag in alltags:
                        sql = "insert object_tags (object_type, object_id, tag_name) values (1, '%s','%s')" % (newid, tag)
                        if not db.exec_db_noexcep(sql):
                            logger.error("Error creating Groups for new user %s." % newid)
        
        # now it's inserted... lets get it back from the db as a complete object for confirmation.
        u = User()
        u.FromID(newid)
        u.AddPWToHistory(encpw)
        
        db.close()
        return u
示例#30
0
    def update_user(self, args):
        """Updates a user account.

Only an 'Administrator' can manage other users.  If the credentials used for this API call 
are not an Administrator, the call will not succeed.

Properties will only be updated if the option is provided.  Omitted properties will not be changed.

NOTE: the "username" of a user cannot be changed.

If a user has 'locked' their account by numerous failed login attempts, the flag is reset 
by setting any property.  It's easiest to just the status to 'enabled'.

Required Arguments: 

* `user` - ID or Name of the User to update.

Optional Arguments:

* `name` - The full name of the user.
* `role` - The users role.  (Valid values: Administrator, Developer, User)
* `email` - Email address for the user.  Can be cleared with "None".
* `authtype` - 'local' or 'ldap'.
* `forcechange` - Require user to change password on next login. (Valid values: 'true' or 'false')
* `status` - Status of the account. (Valid values: enabled, disabled, locked)
* `expires` - Expiration date for this account.  Must be in mm/dd/yyyy format. Can be cleared with "None".
* `groups` - Add to the list of groups the user belongs to. Group names cannot contain spaces. Comma delimited list.

* `password` - the new password.
* - OR -
* `generate` - generate a random password.

Returns: A [User Object](restapi/api-response-objects.html#User){:target="_blank"}.
"""

        # this is a admin function, kick out 
        if not api._ADMIN:
            return R(err_code=R.Codes.Forbidden, err_msg="Only Administrators can perform this function.")

        # define the required parameters for this call
        required_params = ["user"]
        has_required, resp = api.check_required_params(required_params, args)
        if not has_required:
            return resp

        obj = catouser.User()
        obj.FromName(args["user"])
        if not obj.ID:
            return R(err_code=R.Codes.GetError, err_detail="Cannot find User.")
            
        # first, we have a procedure for changing password
        new_pw = args.get("password")
        generate = catocommon.is_true(args.get("generate"))
        if new_pw:
            obj.ChangePassword(new_password=new_pw)
        elif generate:
            obj.ChangePassword(generate=generate)
        
        # now we can change the properties
        
        # these can't be null or empty
        obj.FullName = args.get("name", obj.FullName)
        obj.AuthenticationType = args.get("authtype", obj.AuthenticationType)
        obj.Role = args.get("role", obj.Role)
        obj.Status = args.get("status", obj.Status)
        
        # these can be set to null/empty
        obj.Expires = args.get("expires", obj.Expires)

        obj.Email = args.get("email", obj.Email)
        obj.Email = None if obj.Email.lower() == "none" else obj.Email

        
        # this is always reset from the API... one less argument to mess with.
        obj.FailedLoginAttempts = 0

        # these are figured out manually

        # force change
        if args.get("forcechange"):
            obj.ForceChange = 1 if args["forcechange"] == "true" else 0
        
        """
        OK this group stuff is a little tricky.  User.DBUpdate requires us to send in the complete list of Groups we want.

        1) the User object already has a list, self.Tags, of all the tags it has.
        2) the caller might have sent a COMPLETE list of tags (from the UI), or only a list to ADD (from the API)
        doesn't really matter.  
        
        So, we:
            a) MERGE self.Tags with self._Groups, we'll get a distinct list of all groups we HAD or want to ADD
            b) delete all tags
            c) insert our new merged list
        """
        groups = args.get("groups").split(",") if args.get("groups") else []
        if obj.Tags is not None:
            groups = obj.Tags + groups  # merge the lists
        obj._Groups = list(set(groups))  # make it distinct
        
        # all the properties are set... call DBUpdate!
        if obj.DBUpdate():
            catocommon.write_change_log(api._USER_ID, catocommon.CatoObjectTypes.User, obj.ID, obj.FullName, "User updated via API.")

        if args.get("output_format") == "json":
            return R(response=obj.AsJSON())
        elif args.get("output_format") == "text":
            return R(response=obj.AsText(args.get("output_delimiter"), args.get("header")))
        else:
            return R(response=obj.AsXML())
示例#31
0
def main():
    # CATOPROCESS STARTUP

    dbglvl = 20
    if "admin_ui_debug" in catoconfig.CONFIG:
        try:
            dbglvl = int(catoconfig.CONFIG["admin_ui_debug"])
        except:
            raise Exception("admin_ui_debug setting in cato.conf must be an integer between 0-50.")
    catolog.DEBUG = dbglvl

    c_dbglvl = 20
    if "admin_ui_client_debug" in catoconfig.CONFIG:
        try:
            c_dbglvl = int(catoconfig.CONFIG["admin_ui_client_debug"])
        except:
            raise Exception("admin_ui_client_debug setting in cato.conf must be an integer between 0-50.")
    catolog.CLIENTDEBUG = c_dbglvl

    # this is a service, which has a db connection.
    # but we're not gonna use that for gui calls - we'll make our own when needed.
    server = catoprocess.CatoService(app_name)
    server.startup()

    # now that the service is set up, we'll know what the logfile name is.
    # so reget the logger
    logger = catolog.get_logger(app_name)
    catolog.set_debug(dbglvl)

    logger.info("Cato UI - Version %s" % catoconfig.VERSION)
    logger.info("DEBUG set to %d..." % dbglvl)
    logger.info("CLIENTDEBUG set to %d..." % c_dbglvl)

    # we need to build some static html here...
    # caching in the session is a bad idea, and this stuff very very rarely changes.
    # so, when the service is started it will update the files, and the ui
    # will simply pull in the files when requested.
    _build_ui_cache()

    # WEB.PY STARTUP
    if "admin_ui_port" in catoconfig.CONFIG:
        port = catoconfig.CONFIG["admin_ui_port"]
        sys.argv.append(port)

    # enable ssl?
    if catocommon.is_true(catoconfig.CONFIG.get("admin_ui_use_ssl")):
        logger.info("Using SSL/TLS...")
        sslcert = catoconfig.CONFIG.get("admin_ui_ssl_cert", os.path.join(catoconfig.CONFDIR, "cato.crt"))
        sslkey = catoconfig.CONFIG.get("admin_ui_ssl_key", os.path.join(catoconfig.CONFDIR, "cato.key"))
        try:
            with open(sslcert):
                pass
            logger.debug("SSL Certificate [%s]" % sslcert)
            CherryPyWSGIServer.ssl_certificate = sslcert
        except:
            raise Exception("SSL Certificate not found at [%s]" % sslcert)
        try:
            with open(sslkey):
                pass
            logger.debug("SSL Key [%s]" % sslkey)
            CherryPyWSGIServer.ssl_private_key = sslkey
        except:
            raise Exception("SSL Key not found at [%s]" % sslcert)
    else:
        logger.info("Using standard HTTP. (Set admin_ui_use_ssl to 'true' in cato.conf to enable SSL/TLS.)")

    app.add_processor(auth_app_processor)
    app.notfound = notfound

    app.run()