X-Git-Url: https://snippets.scripts.mit.edu/gitweb.cgi/Scripts/git/.git/blobdiff_plain/31769b1f70ce77b815a64dd2a0dba525d48ace16..refs/heads/master:/django/mit/__init__.py diff --git a/django/mit/__init__.py b/django/mit/__init__.py index 8858248..4d09313 100644 --- a/django/mit/__init__.py +++ b/django/mit/__init__.py @@ -1,15 +1,73 @@ -from django.contrib.auth.middleware import RemoteUserMiddleware +import os +import subprocess +import tempfile +import ldap +import ldap.filter + from django.contrib.auth.backends import RemoteUserBackend +from django.contrib.auth.middleware import RemoteUserMiddleware from django.contrib.auth.views import login from django.contrib.auth import REDIRECT_FIELD_NAME from django.http import HttpResponseRedirect from django.contrib import auth from django.core.exceptions import ObjectDoesNotExist -import settings +from django.core.validators import URLValidator, ValidationError + +from django.conf import settings + +def zephyr(msg, clas='message', instance='log', rcpt='nobody',): + proc = subprocess.Popen( + ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ], + stdin=subprocess.PIPE, stdout=subprocess.PIPE + ) + proc.communicate(msg) -def zephyr(msg, clas='remit', instance='log', rcpt='adehnert',): - import os - os.system("zwrite -d -c '%s' -i '%s' '%s' -m '%s'" % (clas, instance, rcpt, msg, )) +def UrlOrAfsValidator(value): + if value.startswith('/mit/') or value.startswith('/afs/'): + return + else: + try: + URLValidator()(value) + except ValidationError: + raise ValidationError('Provide a valid URL or AFS path') + +def pag_check_helper(fn, args, aklog=False, ccname=None, **kwargs): + if 'executable' in kwargs: + raise ValueError('"executable" not supported with pag_check_*') + + env = None + if 'env' in kwargs: + env = kwargs['env'] + del kwargs['env'] + if ccname: + if env is not None: + env = dict(env) + else: + env = dict(os.environ) + env['KRB5CCNAME'] = ccname + + pagsh_cmd = 'exec "$@"' + if aklog: pagsh_cmd = "aklog && " + pagsh_cmd + args = ['pagsh', '-c', pagsh_cmd, 'exec', ] + args + + return fn(args, env=env, **kwargs) + +def pag_check_call(args, **kwargs): + return pag_check_helper(subprocess.check_call, args, **kwargs) +def pag_check_output(args, **kwargs): + return pag_check_helper(subprocess.check_output, args, **kwargs) + +def kinit(keytab=None, principal=None, autodelete=True, ): + if not keytab: + keytab = settings.KRB_KEYTAB + if not principal: + principal = settings.KRB_PRINCIPAL + assert keytab and principal + fd = tempfile.NamedTemporaryFile(mode='rb', prefix="krb5cc_djmit_", delete=autodelete, ) + env = dict(KRB5CCNAME=fd.name) + kinit_cmd = ['kinit', '-k', '-t', keytab, principal, ] + subprocess.check_call(kinit_cmd, env=env) + return fd class ScriptsRemoteUserMiddleware(RemoteUserMiddleware): header = 'SSL_CLIENT_S_DN_Email' @@ -24,29 +82,54 @@ class ScriptsRemoteUserBackend(RemoteUserBackend): return username def configure_user(self, user, ): username = user.username - import ldap - con = ldap.open('ldap.mit.edu') + user.set_unusable_password() + con = ldap.open('ldap-too.mit.edu') con.simple_bind_s("", "") dn = "dc=mit,dc=edu" fields = ['cn', 'sn', 'givenName', 'mail', ] - result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields) + userfilter = ldap.filter.filter_format('uid=%s', [username]) + result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields) if len(result) == 1: user.first_name = result[0][1]['givenName'][0] user.last_name = result[0][1]['sn'][0] - user.email = result[0][1]['mail'][0] + try: + user.email = result[0][1]['mail'][0] + except KeyError: + user.email = username + '@mit.edu' try: user.groups.add(auth.models.Group.objects.get(name='mit')) except ObjectDoesNotExist: print "Failed to retrieve mit group" - user.save() + else: + raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter)) try: user.groups.add(auth.models.Group.objects.get(name='autocreated')) except ObjectDoesNotExist: print "Failed to retrieve autocreated group" + user.save() return user +def get_or_create_mit_user(username, ): + """ + Given an MIT username, return a Django user object for them. + If necessary, create (and save) the Django user for them. + If the MIT user doesn't exist, raises ValueError. + """ + user, created = auth.models.User.objects.get_or_create(username=username, ) + if created: + backend = ScriptsRemoteUserBackend() + # Raises ValueError if the user doesn't exist + try: + return backend.configure_user(user), created + except ValueError: + user.delete() + raise + else: + return user, created + def scripts_login(request, **kwargs): - if request.META['HTTP_HOST'] == 'localhost': + host = request.META['HTTP_HOST'].split(':')[0] + if host in ('localhost', '127.0.0.1'): return login(request, **kwargs) elif request.META['SERVER_PORT'] == '444': if request.user.is_authenticated(): @@ -64,6 +147,5 @@ def scripts_login(request, **kwargs): return login(request, **kwargs) else: # Move to port 444 - host = request.META['HTTP_HOST'].split(':')[0] redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], ) return HttpResponseRedirect(redirect_to)