[Mpuls-commits] r2407 - wasko/branches/2.0/mpulsweb/lib

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Apr 19 12:49:45 CEST 2010


Author: torsten
Date: 2010-04-19 12:49:44 +0200 (Mon, 19 Apr 2010)
New Revision: 2407

Modified:
   wasko/branches/2.0/mpulsweb/lib/security.py
Log:
* mpulsweb/lib/security.py: standard way of getting db credentionals
which are not defined in the config file, will be looking for them in
http-headers.



Modified: wasko/branches/2.0/mpulsweb/lib/security.py
===================================================================
--- wasko/branches/2.0/mpulsweb/lib/security.py	2010-04-19 09:04:16 UTC (rev 2406)
+++ wasko/branches/2.0/mpulsweb/lib/security.py	2010-04-19 10:49:44 UTC (rev 2407)
@@ -226,32 +226,80 @@
         log.warning("No file mapping file found named: %r", fname)
 
 def getDbName():
+    '''Trys to get the name of the db to connect to. First try to get it from
+    the ini file. If no name is defined try to read it from the http-header
+    MPULS_DBNAME. If the dbname is not located in the http-header try to fetch
+    it from the SSL_CLIENT_S_DN_CN'''
     dbname = None
+
+    # 1. Try to get the dbname from the ini.file
     try:
+        dbname = config.get('mpuls.db.name')
+        if dbname is not None and len(dbname) > 0:
+            return NEW_DBS.get(dbname, dbname)
+        else: log.info("No database name defined in ini file")
+    except:
+        log.exception("Could not fetch database name from ini file")
+
+    # 2. Try to get the dbname from MPULS_DBNAME http-headers 
+    try:
+        dbname = request.environ.get('MPULS_DBNAME')
+        if dbname is not None and len(dbname) > 0:
+            dbname = dbname.split(' ')[3].lower()
+            return NEW_DBS.get(dbname, dbname)
+        else: log.info("No database name defined in http-header file")
+    except:
+        log.exception("Could not get database name from http-headers")
+        raise
+
+    # 3. Try to get the dbname from SSL_CLIENT_S_DN_CN from client certificate 
+    # This code is obsolete and should not be executed. In current versions of
+    # mpuls the dbname is located in the MPULS_DBNAME http-header.
+    try:
+        log.warning('Trying obsolete method to fetch dbname from client certificates')
         dbname = request.environ['SSL_CLIENT_S_DN_CN'].split(' ')[3].lower()
         return NEW_DBS.get(dbname, dbname)
     except:
-        try:
-            dbname = config.get('mpuls.db.name')
-            return NEW_DBS.get(dbname, dbname)
-        except:
-            log.exception("Could not fetch database name from client"
-                          " certificate")
-    return dbname
+        log.exception("Could not get database name from client certificate")
+        raise
 
 def getKAName():
     kaname = ""
+    # 1. Try to get app name from config.
     try:
+        kaname = config.get('mpuls.app.name')
+        if kaname is not None: return kaname
+    except:
+        log.error("Could not fetch KA-name from client certificate")
+
+    # 2. Try to get app name from http-header
+    try:
+        kaname = request.environ.get('MPULS_APPNAME')
+        if kaname is not None and len(kaname) > 0:
+            for f in slashSplit(kaname)[::-1]:
+                field = f.split('=')
+                # There are two OU. We want the one != WASKA
+                # TODO: Fetching kaname is application specific!
+                if field[0] == "OU" and field[1] != "WASKA":
+                    kaname = field[1]
+            return kaname
+        else: log.info("No appname defined in http-header file")
+    except:
+        log.exception("Could not get appbase name from http-headers")
+        raise
+
+    # 3. Try to get the dbname from SSL_CLIENT_S_DN from client certificate 
+    # This code is obsolete and should not be executed. In current versions of
+    # mpuls the dbname is located in the MPULS_APPNAME http-header.
+    try:
+        log.warning('Trying obsolete method to fetch appname from client certificates')
         for f in slashSplit(request.environ['SSL_CLIENT_S_DN'])[::-1]:
             field = f.split('=')
             # There are two OU. We want the one != WASKA
             if field[0] == "OU" and field[1] != "WASKA":
                 kaname = field[1]
     except:
-        try:
-            kaname = config.get('mpuls.app.name')
-        except:
-            log.error("Could not fetch KA-name from client certificate")
+        log.exception("Could not fetch KA-name from client certificate")
     return kaname
 
 def checkRole(role):



More information about the Mpuls-commits mailing list