Changeset 7125
- Timestamp:
- 30/06/10 11:24:36 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/MyProxyClient/myproxy/script.py
r7036 r7125 1 1 2 """ 2 3 Lightweight command-line interface to MyProxyClient. 4 5 Sub commands 6 ------------ 7 8 ``myproxyclient logon`` a replacement for myproxy-logon. It understands most of the same options and tries to behave the same with a few exceptions: 9 10 1. -C/--cadir allows you to override the CA directory 11 2. It will not write the credentials to /tmp. You must either set 12 X509_USER_PROXY or specify the ``-o`` option. 3 13 4 14 """ … … 28 38 29 39 def make_optparser(): 30 usage = "usage: %prog [options] [proxyfile]" 40 usage = """\ 41 usage: %prog [command] [options] 42 43 commands: 44 logon Retrieve credentials from a MyProxy service 45 """ 46 31 47 op = optparse.OptionParser(usage=usage) 32 48 33 op.add_option('- C', '--cacertdir', dest='cacertdir',49 op.add_option('-o', '--out', dest='outfile', 34 50 action='store', type='string', 35 help='Set location of trusted certificates') 36 op.add_option('-H', '--hostname', dest='hostname', 51 help='''\ 52 Set the file to store the retrieved creentials. 53 If not specified credentials will be stored in X509_USER_PROXY environment 54 variable. To write the credential tostdout use -o -. 55 ''') 56 op.add_option('-C', '--cadir', dest='cadir', 57 action='store', type='string', 58 help='''\ 59 Set location of trusted certificates. By default this is the X509_CERT_DIR 60 environment variable or ~/.globus/certificates or /etc/grid-security. 61 ''') 62 op.add_option('-s', '--pshost', dest='hostname', 37 63 action='store', type='string', 38 64 help='Set hostname of myproxy server') 39 op.add_option('-p', '--p ort', dest='port',65 op.add_option('-p', '--psport', dest='port', 40 66 action='store', type='int', 41 67 help='Set port of myproxy server') 42 op.add_option('-l', '--lifetime', dest='lifetime', 43 action='store', type='int', 68 #!NOTE: convert hours to minutes 69 def set_lifetime(opt, opt_str, val, op): 70 op.values.lifetime = val * 60 71 op.add_option('-t', '--proxy_lifetime', type='int', 72 action='callback', callback=set_lifetime, 44 73 help='Set proxy certificate Lifetime') 45 op.add_option('-m', '--maxlifetime', dest='maxlifetime', 46 action='store', type='int', 47 help='Set proxy certificate Lifetime') 74 op.add_option('-S', '--stdin_pass', dest='stdin_pass', 75 action='store_true', 76 help='Read the password directly from stdin') 77 #!TODO: What is the myproxy-logon equivilent of this option? 78 #op.add_option('-m', '--maxlifetime', dest='maxlifetime', 79 # action='store', type='int', 80 # help='Set proxy certificate Lifetime') 48 81 op.add_option('-b', '--bootstrap', dest='bootstrap', 49 82 action='store_true', 50 83 help='Download trusted CA certificates') 51 op.add_option('-k', '--keyfile', dest='keyfile', 52 action='store', type='string', metavar='KEYFILE', 53 help='Write the private key to KEYFILE rather than proxyfile') 54 op.add_option('-c', '--certfile', dest='certfile', 55 action='store', type='string', metavar='CERTFILE', 56 help='Write the proxy certificate to CERTFILE rather than proxyfile') 57 op.add_option('-O', '--openid', dest='openid', 58 action='store', type='string', metavar='OPENID', 59 help='Shortcut for ESG Security login. The myproxy server is calculated as myproxy.<OPENID-hostname>') 60 op.add_option('-u', '--username', dest='username', 84 op.add_option('-T', '--trustroots', dest='trustroots', 85 action='store_true', 86 help='Update trustroots') 87 op.add_option('-l', '--username', dest='username', 61 88 action='store', type='string', 62 89 help='Set username') 63 90 64 91 65 op.set_defaults(cacertdir=MyProxyClient.PROPERTY_DEFAULTS['caCertDir'], 66 hostname=MyProxyClient.PROPERTY_DEFAULTS['hostname'], 67 port=MyProxyClient.PROPERTY_DEFAULTS['port'], 68 lifetime=MyProxyClient.PROPERTY_DEFAULTS['proxyCertLifetime'], 69 maxlifetime=MyProxyClient.PROPERTY_DEFAULTS['proxyCertMaxLifetime'], 70 bootstrap=False, 71 keyfile=None, 72 certfile=None, 73 openid=None, 74 username=None, 75 ) 92 93 94 op.set_defaults( 95 outfile=None, 96 cadir=MyProxyClient.PROPERTY_DEFAULTS['caCertDir'], 97 hostname=MyProxyClient.PROPERTY_DEFAULTS['hostname'], 98 port=MyProxyClient.PROPERTY_DEFAULTS['port'], 99 lifetime=MyProxyClient.PROPERTY_DEFAULTS['proxyCertLifetime'], 100 #maxlifetime=MyProxyClient.PROPERTY_DEFAULTS['proxyCertMaxLifetime'], 101 bootstrap=False, 102 trustroots=False, 103 openid=None, 104 username=None, 105 stdin_pass=False, 106 ) 76 107 77 108 return op … … 81 112 op = make_optparser() 82 113 83 options, args = op.parse_args(argv[1:]) 84 if args: 85 outfile = args[0] 114 logname = os.environ.get('LOGNAME') 115 116 command = argv[1] 117 # Catch example of just specifying --help or '-h' 118 if command in ['--help', '-h']: 119 argl = argv[1:2] 120 command = None 86 121 else: 87 outfile = None 122 argl = argv[2:] 123 options, args = op.parse_args(argl) 88 124 89 if options.openid: 90 username = options.openid 91 hostname = 'myproxy.%s' % urlparse.urlparse(options.openid)[1] 125 if options.outfile is None: 126 if 'X509_USER_PROXY' in os.environ: 127 options.outfile = os.environ['X509_USER_PROXY'] 128 else: 129 op.error("Credential output file must be specified or X509_USER_PROXY set") 130 131 if options.username is None: 132 options.username = logname 133 134 if options.cadir: 135 cadir = options.cadir 136 elif 'X509_CERT_DIR' in os.environ: 137 cadir = os.environ['X509_CERT_DIR'] 138 elif logname == 'root': 139 cadir = '/etc/grid-security' 92 140 else: 93 username = options.username 94 hostname = options.hostname 141 cadir = os.path.join(os.path.expanduser('~'),'.globus/certificates') 95 142 96 if username is None:97 username = os.getlogin()98 143 99 client_props = dict(caCertDir= options.cacertdir,100 hostname= hostname,144 client_props = dict(caCertDir=cadir, 145 hostname=options.hostname, 101 146 port=options.port, 102 147 proxyCertLifetime=options.lifetime, 103 proxyCertMaxLifetime=options.maxlifetime) 104 #!FIXME: caCertDir must be unset and not just None. 105 # This bug exists in MyProxyClient and the underlying SSL package. 106 if client_props['caCertDir'] is None: 107 del client_props['caCertDir'] 148 #proxyCertMaxLifetime=options.maxlifetime, 149 ) 108 150 109 151 myproxy = MyProxyClient(**client_props) 110 152 111 password = getpass.getpass('Enter password for user %s on myproxy %s:' 112 % (username, options.hostname)) 153 if command == 'logon': 154 do_logon(myproxy, options) 155 else: 156 op.error('Command %s not supported' % command) 113 157 114 creds = myproxy.logon(username, password, bootstrap=options.bootstrap)115 158 116 #!TODO: Confirm order of creds117 cert, key = creds118 159 119 if outfile: 120 fout = open(outfile, 'w') 160 def do_logon(myproxy, options): 161 if options.stdin_pass: 162 #!TODO: Is this right to read just the first line of stdin? 163 password = sys.stdin.readline().rstrip() 121 164 else: 165 password = getpass.getpass('Enter password for user %s on myproxy %s:' 166 % (options.username, options.hostname)) 167 168 creds = myproxy.logon(options.username, password, 169 bootstrap=options.bootstrap, 170 updateTrustRoots=options.trustroots) 171 172 if options.outfile == '-': 122 173 fout = sys.stdout 123 124 if options.certfile:125 fh = open(options.certfile, 'w')126 fh.write(cert)127 fh.close()128 174 else: 129 fout.write(cert) 130 131 if options.keyfile: 132 fh = open(options.keyfile, 'w') 133 fh.write(key) 134 fh.close() 135 else: 136 fout.write(key) 175 fout = open(options.outfile, 'w') 176 177 for cred in creds: 178 fout.write(cred) 179 180 #!TODO: Would we want to close stdout? 181 fout.close() 137 182 138 183
Note: See TracChangeset
for help on using the changeset viewer.