| 1 |
spiga |
1.1 |
import os,sys
|
| 2 |
|
|
import commands
|
| 3 |
|
|
import traceback
|
| 4 |
|
|
import time
|
| 5 |
spiga |
1.2 |
import re
|
| 6 |
spiga |
1.1 |
from ProdCommon.BossLite.Common.System import executeCommand
|
| 7 |
|
|
|
| 8 |
|
|
class Proxy:
|
| 9 |
|
|
"""
|
| 10 |
|
|
basic class to handle user Token
|
| 11 |
|
|
"""
|
| 12 |
|
|
def __init__( self, **args ):
|
| 13 |
|
|
self.timeout = args.get( "timeout", None )
|
| 14 |
|
|
self.myproxyServer = args.get( "myProxySvr", '')
|
| 15 |
|
|
self.serverDN = args.get( "serverDN", '')
|
| 16 |
|
|
self.shareDir = args.get( "shareDir", '')
|
| 17 |
|
|
self.userName = args.get( "userName", '')
|
| 18 |
|
|
self.debug = args.get("debug",False)
|
| 19 |
|
|
self.args = args
|
| 20 |
|
|
|
| 21 |
|
|
def ExecuteCommand( self, command ):
|
| 22 |
|
|
"""
|
| 23 |
|
|
_ExecuteCommand_
|
| 24 |
|
|
|
| 25 |
|
|
Util it execute the command provided in a popen object with a timeout
|
| 26 |
|
|
"""
|
| 27 |
|
|
|
| 28 |
|
|
return executeCommand( command, self.timeout )
|
| 29 |
|
|
|
| 30 |
|
|
|
| 31 |
|
|
def getUserProxy(self):
|
| 32 |
|
|
"""
|
| 33 |
|
|
"""
|
| 34 |
|
|
try:
|
| 35 |
|
|
proxy = os.path.expandvars('$X509_USER_PROXY')
|
| 36 |
|
|
except Exception,ex:
|
| 37 |
|
|
msg = ('Error %s in getUserProxy search\n' %str(ex))
|
| 38 |
|
|
if self.debug : msg += traceback.format_exc()
|
| 39 |
|
|
raise Exception(msg)
|
| 40 |
|
|
return proxy.strip()
|
| 41 |
|
|
|
| 42 |
|
|
def getSubject(self, proxy = None):
|
| 43 |
|
|
"""
|
| 44 |
|
|
"""
|
| 45 |
|
|
subject = None
|
| 46 |
|
|
if proxy == None: proxy=self.getUserProxy()
|
| 47 |
|
|
|
| 48 |
|
|
cmd = 'openssl x509 -in '+proxy+' -subject -noout'
|
| 49 |
|
|
|
| 50 |
|
|
out, ret = self.ExecuteCommand(cmd)
|
| 51 |
|
|
if ret != 0 :
|
| 52 |
|
|
msg = "Error while checking proxy subject for %s"%proxy
|
| 53 |
|
|
raise Exception(msg)
|
| 54 |
|
|
lines = out.split('\n')[0]
|
| 55 |
|
|
|
| 56 |
|
|
return subject.strip()
|
| 57 |
|
|
|
| 58 |
|
|
def getUserName(self, proxy = None ):
|
| 59 |
|
|
"""
|
| 60 |
|
|
"""
|
| 61 |
|
|
uName = None
|
| 62 |
|
|
if proxy == None: proxy=self.getUserProxy()
|
| 63 |
|
|
|
| 64 |
|
|
cmd = "voms-proxy-info -file "+proxy+" -subject"
|
| 65 |
|
|
|
| 66 |
|
|
out, ret = self.ExecuteCommand(cmd)
|
| 67 |
|
|
if ret != 0 :
|
| 68 |
|
|
msg = "Error while extracting User Name from proxy %s"%proxy
|
| 69 |
|
|
raise Exception(msg)
|
| 70 |
|
|
|
| 71 |
|
|
emelments = out.split('/')
|
| 72 |
|
|
uName = elements[-1:][0].split('CN=')[1]
|
| 73 |
|
|
|
| 74 |
|
|
return uName.strip()
|
| 75 |
|
|
|
| 76 |
|
|
def checkCredential(self, proxy=None, Time=10):
|
| 77 |
|
|
"""
|
| 78 |
|
|
Function to check the Globus proxy.
|
| 79 |
|
|
"""
|
| 80 |
|
|
valid = True
|
| 81 |
|
|
if proxy == None: proxy=self.getUserProxy()
|
| 82 |
|
|
minTimeLeft=int(Time)*3600 # in seconds
|
| 83 |
|
|
|
| 84 |
spiga |
1.2 |
cmd = 'voms-proxy-info -file '+proxy+' -timeleft 2>/dev/null'
|
| 85 |
spiga |
1.1 |
|
| 86 |
spiga |
1.2 |
timeLeftLocal, ret = self.ExecuteCommand(cmd)
|
| 87 |
|
|
|
| 88 |
|
|
if ret != 0 and ret != 1:
|
| 89 |
|
|
msg = "Error while checking proxy timeleft for %s"%proxy
|
| 90 |
|
|
raise Exception(msg)
|
| 91 |
|
|
|
| 92 |
spiga |
1.1 |
## if no valid proxy
|
| 93 |
spiga |
1.2 |
if not timeLeftLocal :
|
| 94 |
|
|
valid = False
|
| 95 |
|
|
elif int(timeLeftLocal)<minTimeLeft :
|
| 96 |
spiga |
1.1 |
valid = False
|
| 97 |
|
|
return valid
|
| 98 |
|
|
|
| 99 |
|
|
def renewCredential( self, proxy=None ):
|
| 100 |
|
|
"""
|
| 101 |
|
|
"""
|
| 102 |
|
|
if proxy == None: proxy=self.getUserProxy()
|
| 103 |
|
|
# check
|
| 104 |
|
|
if not self.checkCredential():
|
| 105 |
|
|
# ask for proxy delegation
|
| 106 |
|
|
# using myproxy
|
| 107 |
|
|
pass
|
| 108 |
|
|
return
|
| 109 |
|
|
|
| 110 |
spiga |
1.2 |
def checkAttribute( self, proxy=None, vo='cms', group=None, role=None):
|
| 111 |
spiga |
1.1 |
"""
|
| 112 |
|
|
"""
|
| 113 |
spiga |
1.2 |
valid = True
|
| 114 |
spiga |
1.1 |
if proxy == None: proxy=self.getUserProxy()
|
| 115 |
|
|
|
| 116 |
|
|
## check first attribute
|
| 117 |
spiga |
1.2 |
cmd = 'export X509_USER_PROXY=%s; voms-proxy-info -fqan 2>/dev/null | head -1'%proxy
|
| 118 |
spiga |
1.1 |
|
| 119 |
spiga |
1.2 |
reg="/%s/"%vo
|
| 120 |
|
|
if group:
|
| 121 |
|
|
reg+=group
|
| 122 |
|
|
if role:
|
| 123 |
|
|
reg+="/Role=%s"%role
|
| 124 |
spiga |
1.1 |
|
| 125 |
spiga |
1.2 |
att, ret = self.ExecuteCommand(cmd)
|
| 126 |
|
|
|
| 127 |
|
|
if ret != 0 :
|
| 128 |
|
|
msg = "Error while checking proxy timeleft for %s"%proxy
|
| 129 |
|
|
raise Exception(msg)
|
| 130 |
|
|
|
| 131 |
|
|
## you always have at least /cms/Role=NULL/Capability=NULL
|
| 132 |
|
|
if not re.compile(r"^"+reg).search(att):
|
| 133 |
|
|
if self.debug: print "\tWrong VO group/role.\n"
|
| 134 |
|
|
valid = False
|
| 135 |
|
|
return valid
|
| 136 |
spiga |
1.1 |
|
| 137 |
spiga |
1.2 |
def ManualRenewCredential( self, proxy=None, vo='cms', group=None, role=None ):
|
| 138 |
spiga |
1.1 |
"""
|
| 139 |
|
|
"""
|
| 140 |
|
|
|
| 141 |
spiga |
1.2 |
cmd = 'voms-proxy-init -voms %s'%vo
|
| 142 |
|
|
|
| 143 |
|
|
if group:
|
| 144 |
|
|
cmd += ':/'+vo+'/'+group
|
| 145 |
|
|
if role:
|
| 146 |
|
|
cmd += '/role='+role
|
| 147 |
|
|
cmd += ' -valid 192:00'
|
| 148 |
|
|
print cmd
|
| 149 |
|
|
try:
|
| 150 |
|
|
out = os.system(cmd)
|
| 151 |
|
|
if (out>0): raise Exception("Unable to create a valid proxy!\n")
|
| 152 |
|
|
except:
|
| 153 |
|
|
msg = "Unable to create a valid proxy!\n"
|
| 154 |
|
|
raise Exception(msg)
|
| 155 |
|
|
|
| 156 |
|
|
def checkMyProxy( self , proxy=None, Time=4 ):
|
| 157 |
spiga |
1.1 |
"""
|
| 158 |
|
|
"""
|
| 159 |
spiga |
1.2 |
if proxy == None: proxy=self.getUserProxy()
|
| 160 |
spiga |
1.1 |
## check the myproxy server
|
| 161 |
|
|
valid = True
|
| 162 |
spiga |
1.2 |
|
| 163 |
|
|
#cmd = 'export X509_USER_PROXY=%s; myproxy-info -d -s %s 2>/dev/null'%(proxy,self.myproxyServer)
|
| 164 |
|
|
cmd = 'myproxy-info -d -s %s 2>/dev/null'%(self.myproxyServer)
|
| 165 |
|
|
|
| 166 |
|
|
out, ret = self.ExecuteCommand(cmd)
|
| 167 |
|
|
if ret != 0 and ret != 1 :
|
| 168 |
|
|
msg = "Error while checking myproxy timeleft for %s"%proxy
|
| 169 |
|
|
raise Exception(msg)
|
| 170 |
spiga |
1.1 |
|
| 171 |
|
|
if not out:
|
| 172 |
spiga |
1.2 |
if self.debug: print '\tNo credential delegated to myproxy server %s will do now'%self.myproxyServer
|
| 173 |
spiga |
1.1 |
valid = False
|
| 174 |
|
|
else:
|
| 175 |
|
|
## minimum time: 5 days
|
| 176 |
spiga |
1.2 |
minTime = int(Time) * 24 * 3600
|
| 177 |
spiga |
1.1 |
## regex to extract the right information
|
| 178 |
|
|
myproxyRE = re.compile("timeleft: (?P<hours>[\\d]*):(?P<minutes>[\\d]*):(?P<seconds>[\\d]*)")
|
| 179 |
|
|
for row in out.split("\n"):
|
| 180 |
|
|
g = myproxyRE.search(row)
|
| 181 |
|
|
if g:
|
| 182 |
|
|
hours = g.group("hours")
|
| 183 |
|
|
minutes = g.group("minutes")
|
| 184 |
|
|
seconds = g.group("seconds")
|
| 185 |
|
|
timeleft = int(hours)*3600 + int(minutes)*60 + int(seconds)
|
| 186 |
|
|
if timeleft < minTime:
|
| 187 |
spiga |
1.2 |
if self.debug: print '\tYour proxy will expire in:\n\t%s hours %s minutes %s seconds\n'%(hours,minutes,seconds)
|
| 188 |
spiga |
1.1 |
valid = False
|
| 189 |
|
|
return valid
|
| 190 |
|
|
|
| 191 |
|
|
def ManualRenewMyProxy( self ):
|
| 192 |
|
|
"""
|
| 193 |
|
|
"""
|
| 194 |
spiga |
1.2 |
cmd = 'myproxy-init -d -n -s %s'%self.myproxyServer
|
| 195 |
|
|
out = os.system(cmd)
|
| 196 |
|
|
if (out>0):
|
| 197 |
|
|
raise Exception("Unable to delegate the proxy to myproxyserver %s"%self.myproxyServer+" !\n")
|
| 198 |
spiga |
1.1 |
return
|
| 199 |
|
|
|
| 200 |
|
|
def logonProxy( self ):
|
| 201 |
|
|
"""
|
| 202 |
|
|
To be implemented
|
| 203 |
|
|
"""
|
| 204 |
|
|
#
|
| 205 |
|
|
return
|
