Security
Highlighted

Determine currently logged in username

Communicator

How do I determine the username of the currently logged in user from a python script? Elsewhere we are using scripted auth and that python script has several methods that Splunk calls and passes in the username; each method makes a HTTP POST to a REST API running on one of our servers. We need to use a similar approach to what we do in scripted auth's getUserInfo method, but have it be invoked from a custom command (defined in commands.conf), which means that the username won't be passed in. I assume that there is some way to get the current username, just haven't been able to find it yet. Thanks for any pointers,

Tom

Tags (2)
0 Karma
Highlighted

Re: Determine currently logged in username

Communicator

BTW, we are currently on Splunk 4.1.4 in case that changes things

0 Karma
Highlighted

Re: Determine currently logged in username

Splunk Employee
Splunk Employee

Did you try the cherrypy session object?

import cherrypy

user = cherrypy.session['user'].get('name')
Highlighted

Re: Determine currently logged in username

Builder

I tried your method, but received an error. Any ideas on the following?

AttributeError: 'module' object has no attribute 'session'

0 Karma
Highlighted

Re: Determine currently logged in username

Motivator

You can extract it from the auth token.

First, in the definition of your search command in commands.conf, set

[yourcommand]
filename = yourcommand.py
passauth = true



Your script will then receive a token that looks like:

<auth>
    <userId>admin</userId>
    <username>admin</username>
    <authToken>cbd900f3b28014a1e233679d05dcd805</authToken>
</auth>

(Note: The auth token will actually be in a single line with no whitespace. The above formatting is only for readability.)

Once you have that, it's just a matter of extracting the username from the string. For example, if you're using InterSplunk:

import splunk.Intersplunk as si
results, dummyresults, settings = si.getOrganizedResults()
authString = settings.get("authString", None)
if authString != None:
  start = authString.find('<userId>') + 8
  stop = authString.find('</userId>')
  user = authString[start:stop]
Highlighted

Re: Determine currently logged in username

Hi,
Is there any pre-req in order to use the above script? I inserted to my .py and return error code 1.

0 Karma
Highlighted

Re: Determine currently logged in username

New Member

It looks like settings["owner"] will directly gives the user ID.

import splunk.Intersplunk
results, dummyresults, settings = splunk.Intersplunk.getOrganizedResults()
splunk.Intersplunk.outputResults([{"user": settings["owner"]}])

0 Karma