def __init__(self, verbose=False, verbose_format='text'): self.verbose = verbose self.verbose_format = verbose_format self.config = AMIConfig() # AMI web service locator self.ami_service_locator = AMISecureWebServiceServiceLocator() self.cert_info = None # AMI Secure Web Service instance self.ami_service = None
def create_auth_config(): config = AMIConfig() # warn user about encoded password config.add_comment('AMI', 'Your password is only base64 encoded here and can be decoded.') config.add_comment('AMI', 'Please do not share this file publicly.') config.set('AMI', 'AMIUser', raw_input('Username: '******'AMI', 'AMIPass', base64.b64encode(getpass())) f = open(AMI_CONFIG, 'w') config.write(f) f.close() # only allow user to read and write os.chmod(AMI_CONFIG, 0600)
class AMIClient(object): """ AMIClient handles sending a command to the AMI server and receiving the response. """ def __init__(self, verbose=False, verbose_format='text'): self.verbose = verbose self.verbose_format = verbose_format self.config = AMIConfig() # AMI web service locator self.ami_service_locator = AMISecureWebServiceServiceLocator() self.cert_info = None # AMI Secure Web Service instance self.ami_service = None """ User/password authentication ---------------------------- """ def auth(self, user, password): self.reset_cert_auth() self.authenticate(user, password) def is_authenticated(self): """ Returns `True` if user is authenticated, `False` otherwise. """ return ((self.config.get('AMI', 'AMIPass') != '') and (self.config.get('AMI', 'AMIUser') != '')) def authenticate(self, user, password): """ Sets User ID and password with *user* and *password* parameters respectively. """ self.config.set('AMI', 'AMIUser', user) self.config.set('AMI', 'AMIPass', base64.b64encode(password)) """ Certificate authentication -------------------------- """ def reset_cert_auth(self): self.ami_service = self.ami_service_locator.getAMISecureWebService( url=None) def set_cert_auth(self): try: if hasattr(os, "geteuid"): user_id = os.geteuid() else: user_id = -1 except: # in case client isn't running on linux system user_id = -1 options = {} #options['capath']= "/etc/grid-security/certificates" if user_id == 0: # we are running as root, use host certificate options['cert_file'] = "/etc/grid-security/hostcert.pem" options['key_file'] = "/etc/grid-security/hostkey.pem" else: proxy_fname = "/tmp/x509up_u%d" % user_id # look for a proxy in X509_USER_PROXY env variable if (os.environ.has_key("X509_USER_PROXY") and os.path.exists(os.environ['X509_USER_PROXY'])): options['cert_file'] = os.environ['X509_USER_PROXY'] options['key_file'] = os.environ['X509_USER_PROXY'] # look for a proxy elif os.path.exists(proxy_fname): options['cert_file'] = proxy_fname options['key_file'] = proxy_fname # no configured environment # using https with no client authentication else: options = None self.cert_info = options self.ami_service = self.ami_service_locator.getAMISecureWebService( url=None, transdict=options) """ Authentication from AMICommand arguments ---------------------------------------- """ def set_user_credentials(self, args): password = None user = None remove = [] for arg in args: save = arg value = "" if arg.startswith('-'): arg = arg[1:] if arg.startswith('-'): arg = arg[1:] if arg.find('=') > 0: value = arg[arg.find('=') + 1:] value = value.replace('=', '\=') arg = arg[0:arg.find('=')] if arg == 'AMIPass': remove.append(save) password = value if arg == 'AMIUser': remove.append(save) user = value if (user is not None) and (password is not None): self.authenticate(user, password) out = [] for arg in args: if arg not in remove: out.append(arg) return out """ Authentication checking ----------------------- """ def check_auth(self): try: args = ["GetLevelInfo", "levelName=motherDatabase"] result = self.execute(args) msg = result.output(xslt='xml') return msg[msg.find('amiLogin="******" database')] except Exception, error: return None