re-organize config file load

bin/pyntlm_auth/config_loader.py

@@ -128,14 +128,19 @@ def get_int_value(v):
 
 
 def config_load():
-    global_vars.c_listen_port = os.getenv("LISTEN")
-    global_vars.c_domain_identifier = socket.gethostname() + " " + os.getenv("IDENTIFIER")
+    _LISTEN = os.getenv("LISTEN")
+    if _LISTEN is None or _LISTEN == "":
+        print("parameter LISTEN not found in system environment. unable to start ntlm-auth-api.")
+        sys.exit(1)
+    global_vars.c_listen_port = _LISTEN
 
-    if global_vars.c_domain_identifier == "" or global_vars.c_listen_port == "":
-        print("Unable to start ntlm-auth-api: 'IDENTIFIER' or 'LISTEN' is missing.")
-        exit(1)
+    _IDENTIFIER = os.getenv("IDENTIFIER")
+    if _IDENTIFIER is None or _IDENTIFIER == "":
+        print("parameter IDENTIFIER not found in system environment. unable to start ntlm-auth-api.")
+        sys.exit(1)
+    global_vars.c_domain_identifier = socket.gethostname() + " " + _IDENTIFIER
 
-    print(f"ntlm-auth-api@{global_vars.c_domain_identifier} on port {global_vars.c_listen_port}...")
+    print(f"ntlm-auth-api@{_IDENTIFIER} is starting on port {global_vars.c_listen_port}.")
 
     identifier = global_vars.c_domain_identifier
 
@@ -179,7 +184,7 @@ def config_load():
 
     if additional_machine_accounts < 0 or additional_machine_accounts > 10:
         additional_machine_accounts = 0
-        print(f"invalid additional machine account range, using 0 as default.")
+        print(f"  invalid additional machine account range, using 0 as default.")
 
     server_name_or_hostname = server_name_raw
     if "%h" in server_name_or_hostname.strip():

bin/pyntlm_auth/entrypoint.py

@@ -1,17 +1,21 @@
+import logging
 import os
 import time
 
+import request
 from flask import Flask
+from flaskext.mysql import MySQL
 
 import config_loader
+import global_vars
+import handlers
 
 app = Flask(__name__)
 
 time.sleep(1)
 worker_pid = os.getpid()
 master_pid = os.getppid()
 
-config_loader.config_load()
 config_loader.cleanup_machine_account_binding()
 
 while True:
@@ -24,11 +28,59 @@
 
 print(f"---- worker {worker_pid} successfully registered with machine account '{m}', ready to handle requests.")
 
+werkzeug_logger = logging.getLogger('werkzeug')
 
-@app.route('/')
-def index():
-    return f"Hello, this is a Flask app running with Gunicorn! (handled by pid {worker_pid} ......\n"
 
+@app.before_request
+def register_logger():
+    if request.path.startswith("/ping"):
+        werkzeug_logger.setLevel(logging.CRITICAL)
+    else:
+        werkzeug_logger.setLevel(logging.INFO)
+
+
+for i in range(1):
+    if not global_vars.c_nt_key_cache_enabled:
+        break
+
+    c_db_port, err = config_loader.get_int_value(global_vars.c_db_port)
+    if err is not None:
+        global_vars.c_nt_key_cache_enabled = False
+        break
+
+    app.config['MYSQL_DATABASE_HOST'] = global_vars.c_db_host
+    app.config['MYSQL_DATABASE_PORT'] = int(global_vars.c_db_port)
+    app.config['MYSQL_DATABASE_USER'] = global_vars.c_db_user
+    app.config['MYSQL_DATABASE_PASSWORD'] = global_vars.c_db_pass
+    app.config['MYSQL_DATABASE_DB'] = global_vars.c_db
+    app.config['MYSQL_DATABASE_CHARSET'] = 'utf8mb4'
+    app.config['MYSQL_DATABASE_SOCKET'] = global_vars.c_db_unix_socket
+
+    mysql = MySQL(autocommit=True, cursorclass=pymysql.cursors.DictCursor)
+    mysql.init_app(app)
+
+
+    @app.before_request
+    def before_request():
+        try:
+            g.db = mysql.get_db().cursor()
+        except Exception as e:
+            e_code = e.args[0]
+            e_msg = str(e)
+            print(f"  error while init database: {e_code}, {e_msg}. Started without NT Key cache capability.")
+
+
+    @app.teardown_request
+    def teardown_request(exception=None):
+        if hasattr(g, 'db'):
+            g.db.close()
+
+app.route('/ntlm/auth', methods=['POST'])(handlers.ntlm_auth_handler)
+app.route('/ntlm/expire', methods=['POST'])(handlers.ntlm_expire_handler)
+app.route('/event/report', methods=['POST'])(handlers.event_report_handler)
+app.route('/ntlm/connect', methods=['GET'])(handlers.ntlm_connect_handler)
+app.route('/ntlm/connect', methods=['POST'])(handlers.test_password_handler)
+app.route('/ping', methods=['GET'])(handlers.ping_handler)
 
 if __name__ == '__main__':
     app.run()

bin/pyntlm_auth/gunicorn.conf.py

@@ -2,11 +2,15 @@
 import sys
 from threading import Thread
 
+import config_loader
+import global_vars
 import t_sdnotify
 import t_worker_register
 
 NAME = "NTLM Auth API"
 
+config_loader.config_load()
+
 try:
     LISTEN = os.getenv("LISTEN")
     bind_port = int(LISTEN)
@@ -17,15 +21,7 @@
     print(f"failed to extract parameter 'LISTEN' from environment variable: {str(e)}. {NAME} terminated.")
     sys.exit(1)
 
-try:
-    WORKERS = os.getenv("WORKERS")
-    worker_num = int(WORKERS)
-except ValueError:
-    print(f"invalid value for 'WORKERS'. WORKERS is set to 1.")
-    worker_num = 1
-except Exception as e:
-    print(f"failed to extract parameter 'WORKERS' from environment variables: {str(e)}. WORKERS is set to 1.")
-    worker_num = 1
+worker_num = global_vars.c_additional_machine_accounts + 1
 
 wsgi_app = 'entrypoint:app'
 
@@ -61,7 +57,7 @@
 def post_fork(server, worker):
     master_pid = os.getppid()
     worker_pid = os.getpid()
-    worker.log.info(f"---- worker spawned with PID of {worker_pid} by master process {master_pid}")
+    worker.log.info(f"  worker spawned with PID of {worker_pid} by master process {master_pid}")
 
     background_jobs = (
         Thread(target=t_worker_register.primary_worker_register, daemon=True, args=(worker,)),