burmatovan/openuds
1
0
Fork 0
forked from shaba/openuds
Code Issues Pull Requests Projects Releases Wiki Activity

Added metapool support for UDS Tickets

Browse Source
This commit is contained in:
Adolfo Gómez García 2021-04-26 11:44:31 +02:00
parent 5355c7e420
commit 84ca0b2e41
3 changed files with 60 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
server/src/uds/REST/methods/tickets.py
View File

@ -129,6 +129,9 @@ class Tickets(Handler):
userIp: typing.Optional[str] = self._params.get('userIp', None) userIp: typing.Optional[str] = self._params.get('userIp', None)
try: try:
servicePoolId = None
transportId = None
authId = self._params.get('authId', None) authId = self._params.get('authId', None)
authName = self._params.get('auth', None) authName = self._params.get('auth', None)
authTag = self._params.get('authTag', self._params.get('authSmallName', None)) authTag = self._params.get('authTag', self._params.get('authSmallName', None))
@ -161,39 +164,61 @@ class Tickets(Handler):
realname: str = self._params.get('realname', self._params['username']) realname: str = self._params.get('realname', self._params['username'])
if 'servicePool' in self._params: if 'servicePool' in self._params:
servicePool: models.ServicePool = models.ServicePool.objects.get(uuid=processUuid(self._params['servicePool'])) # Check if is pool or metapool
poolUuid = processUuid(self._params['servicePool'])
pool : typing.Union[models.ServicePool, models.MetaPool]
# If forced that servicePool must honor groups try:
if force: pool = typing.cast(models.MetaPool, models.MetaPool.objects.get(uuid=poolUuid)) # If not an metapool uuid, will process it as a servicePool
for addGrp in set(groupIds) - set(servicePool.assignedGroups.values_list('uuid', flat=True)): if force:
servicePool.assignedGroups.add(auth.groups.get(uuid=addGrp)) # First, add groups to metapool
for addGrp in set(groupIds) - set(pool.assignedGroups.values_list('uuid', flat=True)):
pool.assignedGroups.add(auth.groups.get(uuid=addGrp))
# And now, to ALL metapool members
for memberPool in pool.members.all():
# First, add groups to metapool
for addGrp in set(groupIds) - set(memberPool.assignedGroups.values_list('uuid', flat=True)):
memberPool.assignedGroups.add(auth.groups.get(uuid=addGrp))
# For metapool, transport is ignored..
if 'transport' in self._params: servicePoolId = 'M' + pool.uuid
transport: models.Transport = models.Transport.objects.get(uuid=processUuid(self._params['transport'])) transportId = 'meta'
try:
servicePool.validateTransport(transport) except models.MetaPool.DoesNotExist:
except Exception: pool = typing.cast(models.ServicePool, models.ServicePool.objects.get(uuid=poolUuid))
logger.error('Transport %s is not valid for Service Pool %s', transport.name, servicePool.name)
raise Exception('Invalid transport for Service Pool')
else:
transport = models.Transport(uuid=None)
if userIp:
for v in servicePool.transports.order_by('priority'):
if v.validForIp(userIp):
transport = v
break
if transport.uuid is None: # If forced that servicePool must honor groups
logger.error('Service pool %s does not has valid transports for ip %s', servicePool.name, userIp) if force:
raise Exception('Service pool does not has any valid transports for ip {}'.format(userIp)) for addGrp in set(groupIds) - set(pool.assignedGroups.values_list('uuid', flat=True)):
pool.assignedGroups.add(auth.groups.get(uuid=addGrp))
servicePool = servicePool.uuid if 'transport' in self._params:
transport = transport.uuid transport: models.Transport = models.Transport.objects.get(uuid=processUuid(self._params['transport']))
try:
pool.validateTransport(transport)
except Exception:
logger.error('Transport %s is not valid for Service Pool %s', transport.name, pool.name)
raise Exception('Invalid transport for Service Pool')
else:
transport = models.Transport(uuid=None)
if userIp:
for v in pool.transports.order_by('priority'):
if v.validForIp(userIp):
transport = v
break
if transport.uuid is None:
logger.error('Service pool %s does not has valid transports for ip %s', pool.name, userIp)
raise Exception('Service pool does not has any valid transports for ip {}'.format(userIp))
servicePoolId = 'F' + pool.uuid
transportId = transport.uuid
except models.Authenticator.DoesNotExist: except models.Authenticator.DoesNotExist:
return Tickets.result(error='Authenticator does not exists') return Tickets.result(error='Authenticator does not exists')
except models.ServicePool.DoesNotExist: except models.ServicePool.DoesNotExist:
return Tickets.result(error='Service pool does not exists') return Tickets.result(error='Service pool (or metapool) does not exists')
except models.Transport.DoesNotExist: except models.Transport.DoesNotExist:
return Tickets.result(error='Transport does not exists') return Tickets.result(error='Transport does not exists')
except Exception as e: except Exception as e:
@ -205,8 +230,8 @@ class Tickets(Handler):
'realname': realname, 'realname': realname,
'groups': groupIds, 'groups': groupIds,
'auth': auth.uuid, 'auth': auth.uuid,
'servicePool': servicePool, 'servicePool': servicePoolId,
'transport': transport, 'transport': transportId,
} }
ticket = models.TicketStore.create(data) ticket = models.TicketStore.create(data)

7
server/src/uds/core/managers/user_service.py
View File

@ -656,13 +656,14 @@ class UserServiceManager:
if meta.isAccessAllowed() is False: if meta.isAccessAllowed() is False:
raise ServiceAccessDeniedByCalendar() raise ServiceAccessDeniedByCalendar()
poolMembers = [p for p in meta.members.all() if p.pool.isVisible() and p.pool.isUsable()]
# Sort pools based on meta selection # Sort pools based on meta selection
if meta.policy == MetaPool.PRIORITY_POOL: if meta.policy == MetaPool.PRIORITY_POOL:
sortPools = [(p.priority, p.pool) for p in meta.members.all()] sortPools = [(p.priority, p.pool) for p in poolMembers]
elif meta.policy == MetaPool.MOST_AVAILABLE_BY_NUMBER: elif meta.policy == MetaPool.MOST_AVAILABLE_BY_NUMBER:
sortPools = [(p.usage(), p) for p in meta.pools.all()] sortPools = [(p.usage(), p) for p in poolMembers]
else: else:
sortPools = [(random.randint(0, 10000), p) for p in meta.pools.all()] # Just shuffle them sortPools = [(random.randint(0, 10000), p) for p in poolMembers] # Just shuffle them
# Sort pools related to policy now, and xtract only pools, not sort keys # Sort pools related to policy now, and xtract only pools, not sort keys
# Remove "full" pools (100%) from result and pools in maintenance mode, not ready pools, etc... # Remove "full" pools (100%) from result and pools in maintenance mode, not ready pools, etc...

8
server/src/uds/web/views/auth.py
View File

@ -183,7 +183,7 @@ def ticketAuth(request: 'HttpRequest', ticketId: str) -> HttpResponse: # pylint
groups = data['groups'] groups = data['groups']
auth = data['auth'] auth = data['auth']
realname = data['realname'] realname = data['realname']
servicePool = data['servicePool'] poolUuid = data['servicePool']
password = cryptoManager().decrypt(data['password']) password = cryptoManager().decrypt(data['password'])
transport = data['transport'] transport = data['transport']
except Exception: except Exception:
@ -220,12 +220,12 @@ def ticketAuth(request: 'HttpRequest', ticketId: str) -> HttpResponse: # pylint
# Override and recalc transport based on current os # Override and recalc transport based on current os
transport = None transport = None
logger.debug("Service & transport: %s, %s", servicePool, transport) logger.debug("Service & transport: %s, %s", poolUuid, transport)
# Check if servicePool is part of the ticket # Check if servicePool is part of the ticket
if servicePool: if poolUuid:
# If service pool is in there, also is transport # If service pool is in there, also is transport
res = userServiceManager().getService(request.user, request.os, request.ip, 'F' + servicePool, transport, False) res = userServiceManager().getService(request.user, request.os, request.ip, poolUuid, transport, False)
_, userService, _, transport, _ = res _, userService, _, transport, _ = res
transportInstance = transport.getInstance() transportInstance = transport.getInstance()