def getService(self, user, srcIp, idService, idTransport, doTest=True):
"""
Get service info from
"""
userService = self.locateUserService(user, idService, create=True)
# Early log of "access try" so we can imagine what is going on
userService.setConnectionSource(srcIp, 'unknown')
if userService.isInMaintenance() is True:
raise ServiceInMaintenanceMode()
if userService.deployed_service.isAccessAllowed() is False:
raise ServiceAccessDeniedByCalendar()
if idTransport is None or idTransport == '': # Find a suitable transport
for v in userService.deployed_service.transports.order_by(
'priority'):
if v.validForIp(srcIp):
idTransport = v.uuid
break
try:
trans = Transport.objects.get(uuid=idTransport)
except Exception:
raise InvalidServiceException()
# Ensures that the transport is allowed for this service
if trans not in userService.deployed_service.transports.all():
raise InvalidServiceException()
# If transport is not available for the request IP...
if trans.validForIp(srcIp) is False:
msg = 'The requested transport {} is not valid for {}'.format(
trans.name, srcIp)
logger.error(msg)
raise InvalidServiceException(msg)
if user is not None:
userName = user.name
else:
userName = '******'
if doTest is False:
# traceLogger.info('GOT service "{}" for user "{}" with transport "{}" (NOT TESTED)'.format(userService.name, userName, trans.name))
return None, userService, None, trans, None
serviceNotReadyCode = 0x0001
ip = 'unknown'
# Test if the service is ready
if userService.isReady():
serviceNotReadyCode = 0x0002
log.doLog(
userService, log.INFO,
"User {0} from {1} has initiated access".format(
user.name, srcIp), log.WEB)
# If ready, show transport for this service, if also ready ofc
iads = userService.getInstance()
ip = iads.getIp()
userService.logIP(ip) # Update known ip
if self.checkUuid(
userService) is False: # Machine is not what is expected
serviceNotReadyCode = 0x0004
log.doLog(userService, log.WARN,
"User service is not accessible (ip {0})".format(ip),
log.TRANSPORT)
logger.debug(
'Transport is not ready for user service {0}'.format(
userService))
else:
events.addEvent(userService.deployed_service,
events.ET_ACCESS,
username=userName,
srcip=srcIp,
dstip=ip,
uniqueid=userService.unique_id)
if ip is not None:
serviceNotReadyCode = 0x0003
itrans = trans.getInstance()
if itrans.isAvailableFor(userService, ip):
# userService.setConnectionSource(srcIp, 'unknown')
log.doLog(userService, log.INFO, "User service ready",
log.WEB)
self.notifyPreconnect(
userService,
itrans.processedUser(userService,
user), itrans.protocol)
traceLogger.info(
'READY on service "{}" for user "{}" with transport "{}" (ip:{})'
.format(userService.name, userName, trans.name,
ip))
return ip, userService, iads, trans, itrans
else:
message = itrans.getCustomAvailableErrorMsg(
userService, ip)
log.doLog(userService, log.WARN, message,
log.TRANSPORT)
logger.debug(
'Transport is not ready for user service {}: {}'.
format(userService, message))
else:
logger.debug(
'Ip not available from user service {0}'.format(
userService))
else:
log.doLog(
userService, log.WARN,
"User {0} from {1} tried to access, but service was not ready".
format(user.name, srcIp), log.WEB)
traceLogger.error(
'ERROR {} on service "{}" for user "{}" with transport "{}" (ip:{})'
.format(serviceNotReadyCode, userService.name, userName,
trans.name, ip))
raise ServiceNotReadyError(code=serviceNotReadyCode,
service=userService,
transport=trans)
def getService(request, idService, idTransport, doTest=True):
kind, idService = idService[0], idService[1:]
logger.debug('Kind of service: {0}, idService: {1}'.format(
kind, idService))
if kind == 'A': # This is an assigned service
logger.debug('Getting A service {}'.format(idService))
ads = UserService.objects.get(uuid=idService)
ads.deployed_service.validateUser(request.user)
else:
ds = DeployedService.objects.get(uuid=idService)
# We first do a sanity check for this, if the user has access to this service
# If it fails, will raise an exception
ds.validateUser(request.user)
# Now we have to locate an instance of the service, so we can assign it to user.
ads = UserServiceManager.manager().getAssignationForUser(
ds, request.user)
if ads.isInMaintenance() is True:
raise ServiceInMaintenanceMode()
logger.debug('Found service: {0}'.format(ads))
trans = Transport.objects.get(uuid=idTransport)
# Ensures that the transport is allowed for this service
if trans not in ads.deployed_service.transports.all():
raise InvalidServiceException()
# If transport is not available for the request IP...
if trans.validForIp(request.ip) is False:
raise InvalidServiceException()
if doTest is False:
return (None, ads, None, trans, None)
# Test if the service is ready
if ads.isReady():
log.doLog(
ads, log.INFO, "User {0} from {1} has initiated access".format(
request.user.name, request.ip), log.WEB)
# If ready, show transport for this service, if also ready ofc
iads = ads.getInstance()
ip = iads.getIp()
events.addEvent(ads.deployed_service,
events.ET_ACCESS,
username=request.user.name,
srcip=request.ip,
dstip=ip,
uniqueid=ads.unique_id)
if ip is not None:
itrans = trans.getInstance()
if itrans.isAvailableFor(ip):
ads.setConnectionSource(request.ip, 'unknown')
log.doLog(ads, log.INFO, "User service ready", log.WEB)
UserServiceManager.manager().notifyPreconnect(
ads, itrans.processedUser(ads, request.user),
itrans.protocol)
return (ip, ads, iads, trans, itrans)
else:
log.doLog(ads, log.WARN,
"User service is not accessible (ip {0})".format(ip),
log.TRANSPORT)
logger.debug(
'Transport is not ready for user service {0}'.format(ads))
else:
logger.debug('Ip not available from user service {0}'.format(ads))
else:
log.doLog(
ads, log.WARN,
"User {0} from {1} tried to access, but machine was not ready".
format(request.user.name, request.ip), log.WEB)
return None
def ticketAuth(request, ticketId):
'''
Used to authenticate an user via a ticket
'''
ticket = Ticket(ticketId)
logger.debug('Ticket: {}'.format(ticket))
try:
try:
# Extract ticket.data from ticket.data storage, and remove it if success
username = ticket.data['username']
groups = ticket.data['groups']
auth = ticket.data['auth']
realname = ticket.data['realname']
servicePool = ticket.data['servicePool']
password = ticket.data['password']
transport = ticket.data['transport']
except:
logger.error('Ticket stored is not valid')
raise InvalidUserException()
# Remove ticket
ticket.delete()
auth = Authenticator.objects.get(uuid=auth)
# If user does not exists in DB, create it right now
# Add user to groups, if they exists...
grps = []
for g in groups:
try:
grps.append(auth.groups.get(uuid=g))
except Exception:
logger.debug('Group list has changed since ticket assignement')
if len(grps) == 0:
logger.error('Ticket has no valid groups')
raise Exception('Invalid ticket authentication')
usr = auth.getOrCreateUser(username, realname)
if usr is None or State.isActive(
usr.state) is False: # If user is inactive, raise an exception
raise InvalidUserException()
# Add groups to user (replace existing groups)
usr.groups = grps
# Right now, we assume that user supports java, let's see how this works
# Force cookie generation
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
# Check if servicePool is part of the ticket
if servicePool is not None:
servicePool = DeployedService.objects.get(uuid=servicePool)
# Check if service pool can't be accessed by groups
servicePool.validateUser(usr)
if servicePool.isInMaintenance():
raise ServiceInMaintenanceMode()
transport = Transport.objects.get(uuid=transport)
response = service(
request, 'F' + servicePool.uuid,
transport.uuid) # 'A' Indicates 'assigned service'
else:
response = HttpResponsePermanentRedirect(
reverse('uds.web.views.index'))
# Now ensure uds cookie is at response
getUDSCookie(request, response, True)
return response
except Authenticator.DoesNotExist:
logger.error('Ticket has an non existing authenticator')
return errors.error(request, InvalidUserException())
except DeployedService.DoesNotExist:
logger.error('Ticket has an invalid Service Pool')
return errors.error(request, InvalidServiceException())
except Exception as e:
logger.exception('Exception')
return errors.exceptionView(request, e)
def getService(self, user, srcIp, idService, idTransport, doTest=True):
'''
Get service info from
'''
kind, idService = idService[0], idService[1:]
logger.debug('Kind of service: {0}, idService: {1}'.format(
kind, idService))
if kind == 'A': # This is an assigned service
logger.debug('Getting A service {}'.format(idService))
userService = UserService.objects.get(uuid=idService)
userService.deployed_service.validateUser(user)
else:
ds = ServicePool.objects.get(uuid=idService)
# We first do a sanity check for this, if the user has access to this service
# If it fails, will raise an exception
ds.validateUser(user)
# Now we have to locate an instance of the service, so we can assign it to user.
userService = self.getAssignationForUser(ds, user)
logger.debug('Found service: {0}'.format(userService))
if userService.isInMaintenance() is True:
raise ServiceInMaintenanceMode()
# If service is not visible, do not allow it to be used
if userService.deployed_service.isVisible() is False:
raise InvalidServiceException()
if userService.deployed_service.isAccessAllowed() is False:
raise ServiceAccessDeniedByCalendar()
if idTransport is None or idTransport == '': # Find a suitable transport
for v in userService.deployed_service.transports.order_by(
'priority'):
if v.validForIp(srcIp):
idTransport = v.uuid
break
try:
trans = Transport.objects.get(uuid=idTransport)
except Exception:
raise InvalidServiceException()
# Ensures that the transport is allowed for this service
if trans not in userService.deployed_service.transports.all():
raise InvalidServiceException()
# If transport is not available for the request IP...
if trans.validForIp(srcIp) is False:
raise InvalidServiceException()
if user is not None:
userName = user.name
if doTest is False:
# traceLogger.info('GOT service "{}" for user "{}" with transport "{}" (NOT TESTED)'.format(userService.name, userName, trans.name))
return (None, userService, None, trans, None)
serviceNotReadyCode = 0x0001
ip = 'unknown'
# Test if the service is ready
if userService.isReady():
serviceNotReadyCode = 0x0002
log.doLog(
userService, log.INFO,
"User {0} from {1} has initiated access".format(
user.name, srcIp), log.WEB)
# If ready, show transport for this service, if also ready ofc
iads = userService.getInstance()
ip = iads.getIp()
if self.checkUuid(
userService) is False: # Machine is not what is expected
serviceNotReadyCode = 0x0004
log.doLog(userService, log.WARN,
"User service is not accessible (ip {0})".format(ip),
log.TRANSPORT)
logger.debug(
'Transport is not ready for user service {0}'.format(
userService))
else:
events.addEvent(userService.deployed_service,
events.ET_ACCESS,
username=userName,
srcip=srcIp,
dstip=ip,
uniqueid=userService.unique_id)
if ip is not None:
serviceNotReadyCode = 0x0003
itrans = trans.getInstance()
if itrans.isAvailableFor(userService, ip):
userService.setConnectionSource(srcIp, 'unknown')
log.doLog(userService, log.INFO, "User service ready",
log.WEB)
self.notifyPreconnect(
userService,
itrans.processedUser(userService,
user), itrans.protocol)
traceLogger.info(
'READY on service "{}" for user "{}" with transport "{}" (ip:{})'
.format(userService.name, userName, trans.name,
ip))
return (ip, userService, iads, trans, itrans)
else:
log.doLog(
userService, log.WARN,
"User service is not accessible (ip {0})".format(
ip), log.TRANSPORT)
logger.debug(
'Transport is not ready for user service {0}'.
format(userService))
else:
logger.debug(
'Ip not available from user service {0}'.format(
userService))
else:
log.doLog(
userService, log.WARN,
"User {0} from {1} tried to access, but service was not ready".
format(user.name, srcIp), log.WEB)
traceLogger.error(
'ERROR {} on service "{}" for user "{}" with transport "{}" (ip:{})'
.format(serviceNotReadyCode, userService.name, userName,
trans.name, ip))
raise ServiceNotReadyError(code=serviceNotReadyCode,
service=userService,
transport=trans)