You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
182 lines
4.9 KiB
182 lines
4.9 KiB
from __future__ import absolute_import
|
|
import splunk.safe_lxml_etree as et
|
|
import logging
|
|
import platform
|
|
import time
|
|
|
|
import splunk
|
|
import splunk.clilib.cli_common as comm
|
|
import splunk.entity as en
|
|
import splunk.rest as rest
|
|
import splunk.util as util
|
|
|
|
logger = logging.getLogger('splunk.auth')
|
|
|
|
import __main__
|
|
|
|
def getSessionKey(username, password, hostPath=None, newPassword=None):
|
|
'''
|
|
Get a session key from the auth system
|
|
'''
|
|
|
|
uri = '/services/auth/login'
|
|
if hostPath:
|
|
uri = splunk.mergeHostPath(hostPath) + uri
|
|
args = {'username': username, 'password': password }
|
|
|
|
if newPassword:
|
|
args['new_password'] = newPassword
|
|
|
|
# To prove the theory of timing issue of Splunkd not in running state
|
|
# in Windows Bamboo tests, sleep for 10 seconds
|
|
|
|
# An attempt to fix SPL-37413
|
|
# if platform.system() == 'Windows':
|
|
# time.sleep(10)
|
|
|
|
serverResponse, serverContent = rest.simpleRequest(uri, postargs=args)
|
|
|
|
if serverResponse.status != 200:
|
|
logger.error('getSessionKey - unable to login; check credentials')
|
|
rest.extractMessages(et.fromstring(serverContent))
|
|
return None
|
|
|
|
root = et.fromstring(serverContent)
|
|
sessionKey = root.findtext('sessionKey')
|
|
|
|
splunk.setDefault('username', username)
|
|
splunk.setDefault('sessionKey', sessionKey)
|
|
|
|
return sessionKey
|
|
|
|
def getSessionKeyForTrustedUser(username, hostPath=None):
|
|
'''
|
|
Get a session key from the auth system
|
|
'''
|
|
|
|
uri = '/services/auth/trustedlogin'
|
|
if hostPath:
|
|
uri = splunk.mergeHostPath(hostPath) + uri
|
|
args = {'username': username}
|
|
|
|
serverResponse, serverContent = rest.simpleRequest(uri, postargs=args)
|
|
|
|
if serverResponse.status != 200:
|
|
logger.error('getSessionKey - unable to login; check credentials')
|
|
rest.extractMessages(et.fromstring(serverContent))
|
|
return None
|
|
|
|
root = et.fromstring(serverContent)
|
|
sessionKey = root.findtext('sessionKey')
|
|
|
|
splunk.setDefault('username', username)
|
|
splunk.setDefault('sessionKey', sessionKey)
|
|
|
|
return sessionKey
|
|
|
|
def getUserPrefs(key):
|
|
'''
|
|
obtain the user specific preference
|
|
'''
|
|
return en.getEntities('data/user-prefs').get('general').get(key)
|
|
|
|
def getUserPrefsGeneral(key):
|
|
'''
|
|
obtain the global preference
|
|
'''
|
|
return en.getEntities('data/user-prefs').get('general_default').get(key)
|
|
|
|
|
|
def ping(hostPath=None, sessionKey=None):
|
|
'''
|
|
Pings services server and returns a bool for a users session. This method is useful for
|
|
synchronizing an applications authentication with Splunk's services authentication.
|
|
'''
|
|
uri = '/services'
|
|
if hostPath:
|
|
uri = splunk.mergeHostPath(hostPath) + uri
|
|
|
|
try:
|
|
serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey)
|
|
return True
|
|
except:
|
|
return False
|
|
|
|
|
|
def listUsers(**kwargs):
|
|
'''
|
|
Returns a list of users.
|
|
'''
|
|
uri = 'authentication/users'
|
|
return en.getEntities(uri, **kwargs)
|
|
|
|
|
|
def getUser(name=None, id=None, **kwargs):
|
|
'''
|
|
Returns a dictionary of user info for a specific user ID.
|
|
'''
|
|
uri = 'authentication/users'
|
|
if name:
|
|
try:
|
|
info = en.getEntity(uri, name, **kwargs)
|
|
info['name'] = name
|
|
return info
|
|
except splunk.ResourceNotFound:
|
|
return None
|
|
|
|
elif id:
|
|
raise Exception('User IDs are no longer available; all users must be identified by name')
|
|
|
|
else:
|
|
raise TypeError('No arguments specified')
|
|
|
|
|
|
def getCurrentUser():
|
|
'''
|
|
Retrieves current user info from cherrypy session
|
|
'''
|
|
cherryname = None
|
|
if hasattr(__main__, 'IS_CHERRYPY'):
|
|
import cherrypy
|
|
cherryname = cherrypy.session.get('user', {}).get('name')
|
|
if cherryname:
|
|
cherryname = cherryname.strip().lower()
|
|
|
|
return {
|
|
'userid': '-1',
|
|
'name': cherryname or splunk.getDefault('username') or 'UNDEFINED_USERNAME',
|
|
'realname': 'UNDEFINED_REALNAME',
|
|
'roles': ['UNDEFINED_ROLES']
|
|
}
|
|
|
|
|
|
|
|
def listRoles(**kwargs):
|
|
'''
|
|
Returns a list of roles.
|
|
'''
|
|
uri = 'authorization/roles'
|
|
return en.getEntities(uri, **kwargs)
|
|
|
|
|
|
def getRole(name, **kwargs):
|
|
'''
|
|
Returns a dictionary of role info.
|
|
'''
|
|
if not name:
|
|
raise TypeError('Name argument is missing')
|
|
|
|
uri = 'authorization/roles'
|
|
try:
|
|
return en.getEntity(uri, name, **kwargs)
|
|
except splunk.ResourceNotFound:
|
|
return {}
|
|
|
|
def is_current_user_admin():
|
|
current_user = getCurrentUser().get('name')
|
|
current_user_info = en.getEntity('authentication/users', current_user)
|
|
current_user_capabilities = None
|
|
if current_user_info and hasattr(current_user_info, 'properties'):
|
|
current_user_capabilities = current_user_info.properties.get('capabilities')
|
|
return current_user_capabilities and 'admin_all_objects' in current_user_capabilities
|