Merge branch 'feature/cookie-auth' into develop

Author: Shakeel Mohamed

CONTRIBUTING.md

@@ -0,0 +1,46 @@
+# Contributing Guidelines
+
+## How to contribute
+
+If you would like to contribute to this project, go here for more information:
+
+* [Splunk and open source][contributions]
+* [Individual contributions][indivcontrib]
+* [Company contributions][companycontrib]
+
+## Issues & Bug Reports
+
+If you're seeing some unexpected behavior with this project, please create an [issue on GitHub][issues] with the following information:
+
+0. Version of this project you're using (ex: 1.3.1)
+0. Platform version (ex: Windows Server 2012)
+0. Framework version (ex: Python 2.7.8)
+0. Splunk version (ex: 6.2.2)
+0. Other relevant information (ex: local/remote environment, Splunk network configuration)
+
+Alternatively, if you have a Splunk question please ask on [Splunk Answers][answers]
+
+## Pull requests
+
+We love to see pull requests!
+
+To create a pull request:
+
+0. Fill out the [Individual Contributor Agreement][indivcontrib].
+0. Fork [the repository][repo].
+0. Make changes to the **`develop`** branch, preferably with tests.
+0. Create a [pull request][pulls] against the **`develop`** branch.
+
+## Contact us
+
+You can reach Splunk support at _[email protected]_ if you have Splunk related questions.
+
+You can reach the Developer Platform team at _[email protected]_.
+
+[contributions]:            http://dev.splunk.com/view/opensource/SP-CAAAEDM
+[indivcontrib]:             http://dev.splunk.com/goto/individualcontributions
+[companycontrib]:           http://dev.splunk.com/view/companycontributions/SP-CAAAEDR
+[answers]:                  http://answers.splunk.com/
+[repo]:                     https://github.com/splunk/splunk-sdk-python
+[issues]:                   https://github.com/splunk/splunk-sdk-python/issues
+[pulls]:                    https://github.com/splunk/splunk-sdk-python/pulls

setup.py

@@ -14,7 +14,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-from distutils.core import setup, Command
+from setuptools import setup, Command
 from contextlib import closing
 from fnmatch import fnmatch
 

splunklib/binding.py

@@ -31,6 +31,7 @@
 import urllib
 import io
 import sys
+import Cookie
 
 from datetime import datetime
 from functools import wraps
@@ -67,6 +68,45 @@ def new_f(*args, **kwargs):
     return new_f
 
 
+def _parse_cookies(cookie_str, dictionary):
+    """Tries to parse any key-value pairs of cookies in a string,
+    then updates the the dictionary with any key-value pairs found.
+
+    **Example**::
+        dictionary = {}
+        _parse_cookies('my=value', dictionary)
+        # Now the following is True
+        dictionary['my'] == 'value'
+
+    :param cookie_str: A string containing "key=value" pairs from an HTTP "Set-Cookie" header.
+    :type cookie_str: ``str``
+    :param dictionary: A dictionary to update with any found key-value pairs.
+    :type dictionary: ``dict``
+    """
+    parsed_cookie = Cookie.SimpleCookie(cookie_str)
+    for cookie in parsed_cookie.values():
+        dictionary[cookie.key] = cookie.coded_value
+
+
+def _make_cookie_header(cookies):
+    """
+    Takes a list of 2-tuples of key-value pairs of
+    cookies, and returns a valid HTTP ``Cookie``
+    header.
+
+    **Example**::
+
+        header = _make_cookie_header([("key", "value"), ("key_2", "value_2")])
+        # Now the following is True
+        header == "key=value; key_2=value_2"
+
+    :param cookies: A list of 2-tuples of cookie key-value pairs.
+    :type cookies: ``list`` of 2-tuples
+    :return: ``str` An HTTP header cookie string.
+    :rtype: ``str``
+    """
+    return "; ".join("%s=%s" % (key, value) for key, value in cookies)
+
 # Singleton values to eschew None
 class _NoAuthenticationToken(object):
     """The value stored in a :class:`Context` or :class:`splunklib.client.Service`
@@ -224,7 +264,8 @@ def f():
     """
     @wraps(request_fun)
     def wrapper(self, *args, **kwargs):
-        if self.token is _NoAuthenticationToken:
+        if self.token is _NoAuthenticationToken and \
+                not self.has_cookies():
             # Not yet logged in.
             if self.autologin and self.username and self.password:
                 # This will throw an uncaught
@@ -390,6 +431,10 @@ class Context(object):
     :param app: The app context of the namespace (optional, the default is "None").
     :type app: ``string``
     :param token: A session token. When provided, you don't need to call :meth:`login`.
+    :type token: ``string``
+    :param cookie: A session cookie. When provided, you don't need to call :meth:`login`.
+        This parameter is only supported for Splunk 6.2+.
+    :type cookie: ``string``
     :param username: The Splunk account username, which is used to
         authenticate the Splunk instance.
     :type username: ``string``
@@ -405,8 +450,10 @@ class Context(object):
         c.login()
         # Or equivalently
         c = binding.connect(username="boris", password="natasha")
-        # Of if you already have a session token
+        # Or if you already have a session token
         c = binding.Context(token="atg232342aa34324a")
+        # Or if you already have a valid cookie
+        c = binding.Context(cookie="splunkd_8089=...")
     """
     def __init__(self, handler=None, **kwargs):
         self.http = HttpLib(handler)
@@ -422,18 +469,41 @@ def __init__(self, handler=None, **kwargs):
         self.password = kwargs.get("password", "")
         self.autologin = kwargs.get("autologin", False)
 
+        # Store any cookies in the self.http._cookies dict
+        if kwargs.has_key("cookie") and kwargs['cookie'] not in [None, _NoAuthenticationToken]:
+            _parse_cookies(kwargs["cookie"], self.http._cookies)
+
+    def get_cookies(self):
+        """Gets the dictionary of cookies from the ``HttpLib`` member of this instance.
+
+        :return: Dictionary of cookies stored on the ``self.http``.
+        :rtype: ``dict``
+        """
+        return self.http._cookies
+
+    def has_cookies(self):
+        """Returns true if the ``HttpLib` member of this instance has at least
+        one cookie stored.
+
+        :return: ``True`` if there is at least one cookie, else ``False``
+        :rtype: ``bool``
+        """
+        return len(self.get_cookies()) > 0
+
     # Shared per-context request headers
     @property
     def _auth_headers(self):
         """Headers required to authenticate a request.
 
-        Assumes your ``Context`` already has a authentication token,
-        either provided explicitly or obtained by logging into the
-        Splunk instance.
+        Assumes your ``Context`` already has a authentication token or
+        cookie, either provided explicitly or obtained by logging
+        into the Splunk instance.
 
         :returns: A list of 2-tuples containing key and value
         """
-        if self.token is _NoAuthenticationToken:
+        if self.has_cookies():
+            return [("Cookie", _make_cookie_header(self.get_cookies().items()))]
+        elif self.token is _NoAuthenticationToken:
             return []
         else:
             # Ensure the token is properly formatted
@@ -749,17 +819,29 @@ def login(self):
             c = binding.Context(...).login()
             # Then issue requests...
         """
+
+        if self.has_cookies() and \
+                (not self.username and not self.password):
+            # If we were passed session cookie(s), but no username or
+            # password, then login is a nop, since we're automatically
+            # logged in.
+            return
+
         if self.token is not _NoAuthenticationToken and \
                 (not self.username and not self.password):
             # If we were passed a session token, but no username or
             # password, then login is a nop, since we're automatically
             # logged in.
             return
+
+        # Only try to get a token and updated cookie if username & password are specified
         try:
             response = self.http.post(
                 self.authority + self._abspath("/services/auth/login"),
                 username=self.username,
-                password=self.password)
+                password=self.password,
+                cookie="1") # In Splunk 6.2+, passing "cookie=1" will return the "set-cookie" header
+
             body = response.body.read()
             session = XML(body).findtext("./sessionKey")
             self.token = "Splunk %s" % session
@@ -771,8 +853,9 @@ def login(self):
                 raise
 
     def logout(self):
-        """Forgets the current session token."""
+        """Forgets the current session token, and cookies."""
         self.token = _NoAuthenticationToken
+        self.http._cookies = {}
         return self
 
     def _abspath(self, path_segment,
@@ -859,6 +942,9 @@ def connect(**kwargs):
     :param token: The current session token (optional). Session tokens can be
         shared across multiple service instances.
     :type token: ``string``
+    :param cookie: A session cookie. When provided, you don't need to call :meth:`login`.
+        This parameter is only supported for Splunk 6.2+.
+    :type cookie: ``string``
     :param username: The Splunk account username, which is used to
         authenticate the Splunk instance.
     :type username: ``string``
@@ -1003,6 +1089,7 @@ class HttpLib(object):
     """
     def __init__(self, custom_handler=None):
         self.handler = handler() if custom_handler is None else custom_handler
+        self._cookies = {}
 
     def delete(self, url, headers=None, **kwargs):
         """Sends a DELETE request to a URL.
@@ -1112,6 +1199,18 @@ def request(self, url, message, **kwargs):
         response = record(response)
         if 400 <= response.status:
             raise HTTPError(response)
+
+        # Update the cookie with any HTTP request
+        # Initially, assume list of 2-tuples
+        key_value_tuples = response.headers
+        # If response.headers is a dict, get the key-value pairs as 2-tuples
+        # this is the case when using urllib2
+        if isinstance(response.headers, dict):
+            key_value_tuples = response.headers.items()
+        for key, value in key_value_tuples:
+            if key.lower() == "set-cookie":
+                _parse_cookies(value, self._cookies)
+
         return response
 
 

splunklib/client.py

@@ -67,7 +67,7 @@
 import socket
 import contextlib
 
-from binding import Context, HTTPError, AuthenticationError, namespace, UrlEncoded, _encode
+from binding import Context, HTTPError, AuthenticationError, namespace, UrlEncoded, _encode, _make_cookie_header
 from data import record
 import data
 
@@ -273,7 +273,6 @@ def _parse_atom_metadata(content):
 
     return record({'access': access, 'fields': fields})
 
-
 # kwargs: scheme, host, port, app, owner, username, password
 def connect(**kwargs):
     """This function connects and logs in to a Splunk instance.
@@ -296,6 +295,9 @@ def connect(**kwargs):
     :param `token`: The current session token (optional). Session tokens can be
                     shared across multiple service instances.
     :type token: ``string``
+    :param cookie: A session cookie. When provided, you don't need to call :meth:`login`.
+        This parameter is only supported for Splunk 6.2+.
+    :type cookie: ``string``
     :param autologin: When ``True``, automatically tries to log in again if the
         session terminates.
     :type autologin: ``boolean``
@@ -313,7 +315,9 @@ def connect(**kwargs):
         a = s.apps["my_app"]
         ...
     """
-    return Service(**kwargs).login()
+    s = Service(**kwargs)
+    s.login()
+    return s
 
 
 # In preparation for adding Storm support, we added an
@@ -356,6 +360,9 @@ class Service(_BaseService):
     :param `token`: The current session token (optional). Session tokens can be
                     shared across multiple service instances.
     :type token: ``string``
+    :param cookie: A session cookie. When provided, you don't need to call :meth:`login`.
+        This parameter is only supported for Splunk 6.2+.
+    :type cookie: ``string``
     :param `username`: The Splunk account username, which is used to
                        authenticate the Splunk instance.
     :type username: ``string``
@@ -373,6 +380,8 @@ class Service(_BaseService):
         s = client.connect(username="boris", password="natasha")
         # Or if you already have a session token
         s = client.Service(token="atg232342aa34324a")
+        # Or if you already have a valid cookie
+        s = client.Service(cookie="splunkd_8089=...")
     """
     def __init__(self, **kwargs):
         super(Service, self).__init__(**kwargs)
@@ -1911,16 +1920,23 @@ def attach(self, host=None, source=None, sourcetype=None):
         if sourcetype is not None: args['sourcetype'] = sourcetype
         path = UrlEncoded(PATH_RECEIVERS_STREAM + "?" + urllib.urlencode(args), skip_encode=True)
 
+        cookie_or_auth_header = "Authorization: %s\r\n" % self.service.token
+
+        # If we have cookie(s), use them instead of "Authorization: ..."
+        if self.service.has_cookies():
+            cookie_or_auth_header = "Cookie: %s\r\n" % _make_cookie_header(self.service.get_cookies().items())
+
         # Since we need to stream to the index connection, we have to keep
         # the connection open and use the Splunk extension headers to note
         # the input mode
         sock = self.service.connect()
         headers = ["POST %s HTTP/1.1\r\n" % self.service._abspath(path),
                    "Host: %s:%s\r\n" % (self.service.host, int(self.service.port)),
                    "Accept-Encoding: identity\r\n",
-                   "Authorization: %s\r\n" % self.service.token,
+                   cookie_or_auth_header,
                    "X-Splunk-Input-Mode: Streaming\r\n",
                    "\r\n"]
+        
         for h in headers:
             sock.write(h)
         return sock