[Mpuls-commits] r2407 - wasko/branches/2.0/mpulsweb/lib
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Apr 19 12:49:45 CEST 2010
Author: torsten
Date: 2010-04-19 12:49:44 +0200 (Mon, 19 Apr 2010)
New Revision: 2407
Modified:
wasko/branches/2.0/mpulsweb/lib/security.py
Log:
* mpulsweb/lib/security.py: standard way of getting db credentionals
which are not defined in the config file, will be looking for them in
http-headers.
Modified: wasko/branches/2.0/mpulsweb/lib/security.py
===================================================================
--- wasko/branches/2.0/mpulsweb/lib/security.py 2010-04-19 09:04:16 UTC (rev 2406)
+++ wasko/branches/2.0/mpulsweb/lib/security.py 2010-04-19 10:49:44 UTC (rev 2407)
@@ -226,32 +226,80 @@
log.warning("No file mapping file found named: %r", fname)
def getDbName():
+ '''Trys to get the name of the db to connect to. First try to get it from
+ the ini file. If no name is defined try to read it from the http-header
+ MPULS_DBNAME. If the dbname is not located in the http-header try to fetch
+ it from the SSL_CLIENT_S_DN_CN'''
dbname = None
+
+ # 1. Try to get the dbname from the ini.file
try:
+ dbname = config.get('mpuls.db.name')
+ if dbname is not None and len(dbname) > 0:
+ return NEW_DBS.get(dbname, dbname)
+ else: log.info("No database name defined in ini file")
+ except:
+ log.exception("Could not fetch database name from ini file")
+
+ # 2. Try to get the dbname from MPULS_DBNAME http-headers
+ try:
+ dbname = request.environ.get('MPULS_DBNAME')
+ if dbname is not None and len(dbname) > 0:
+ dbname = dbname.split(' ')[3].lower()
+ return NEW_DBS.get(dbname, dbname)
+ else: log.info("No database name defined in http-header file")
+ except:
+ log.exception("Could not get database name from http-headers")
+ raise
+
+ # 3. Try to get the dbname from SSL_CLIENT_S_DN_CN from client certificate
+ # This code is obsolete and should not be executed. In current versions of
+ # mpuls the dbname is located in the MPULS_DBNAME http-header.
+ try:
+ log.warning('Trying obsolete method to fetch dbname from client certificates')
dbname = request.environ['SSL_CLIENT_S_DN_CN'].split(' ')[3].lower()
return NEW_DBS.get(dbname, dbname)
except:
- try:
- dbname = config.get('mpuls.db.name')
- return NEW_DBS.get(dbname, dbname)
- except:
- log.exception("Could not fetch database name from client"
- " certificate")
- return dbname
+ log.exception("Could not get database name from client certificate")
+ raise
def getKAName():
kaname = ""
+ # 1. Try to get app name from config.
try:
+ kaname = config.get('mpuls.app.name')
+ if kaname is not None: return kaname
+ except:
+ log.error("Could not fetch KA-name from client certificate")
+
+ # 2. Try to get app name from http-header
+ try:
+ kaname = request.environ.get('MPULS_APPNAME')
+ if kaname is not None and len(kaname) > 0:
+ for f in slashSplit(kaname)[::-1]:
+ field = f.split('=')
+ # There are two OU. We want the one != WASKA
+ # TODO: Fetching kaname is application specific!
+ if field[0] == "OU" and field[1] != "WASKA":
+ kaname = field[1]
+ return kaname
+ else: log.info("No appname defined in http-header file")
+ except:
+ log.exception("Could not get appbase name from http-headers")
+ raise
+
+ # 3. Try to get the dbname from SSL_CLIENT_S_DN from client certificate
+ # This code is obsolete and should not be executed. In current versions of
+ # mpuls the dbname is located in the MPULS_APPNAME http-header.
+ try:
+ log.warning('Trying obsolete method to fetch appname from client certificates')
for f in slashSplit(request.environ['SSL_CLIENT_S_DN'])[::-1]:
field = f.split('=')
# There are two OU. We want the one != WASKA
if field[0] == "OU" and field[1] != "WASKA":
kaname = field[1]
except:
- try:
- kaname = config.get('mpuls.app.name')
- except:
- log.error("Could not fetch KA-name from client certificate")
+ log.exception("Could not fetch KA-name from client certificate")
return kaname
def checkRole(role):
More information about the Mpuls-commits
mailing list