def add_file(self, ks_file):
        
        h = rhnSQL.prepare("alter session set nls_date_format = 'YYYY-MM-DD HH24:MI:SS'")
        h.execute()
        
        log_debug(3, 'trying to insert ' + str(self.id) + ' , ' + ks_file['relative_path'] + \
                     ' , ' + str(ks_file['checksum_type']) + ':'
                     ' , ' + str(ks_file['checksum']) + ' , ' + str(ks_file['file_size']) + \
                     ' , ' + ks_file['last_modified'])

        insert_file_q = rhnSQL.prepare("""
            insert into rhnKSTreeFile
            (kstree_id, relative_filename, checksum_id, file_size, last_modified)
            values (:kstree_id, :relative_filename, lookup_checksum(:checksum_type, :checksum),
                    :file_size, :last_modified)
        """)
        insert_file_q.execute(kstree_id = self.id,
                              relative_filename = ks_file['relative_path'],
                              checksum_type = ks_file['checksum_type'],
                              checksum = ks_file['checksum'],
                              file_size = ks_file['file_size'],
                              last_modified = ks_file['last_modified'])

        update_channel = rhnSQL.Procedure('rhn_channel.update_channel')
        invalidate_ss = 0

        update_channel(self.channel_id, invalidate_ss)

def __reserve_user_db(user, password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, user, CFG.disallow_user_creation, encrypted_password, CFG.pam_auth_service)
    user = str(user)
    h = rhnSQL.prepare("""
    select w.id, w.password, w.old_password, w.org_id, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:p1)
    and w.id = ui.user_id
    """)
    h.execute(p1=user)
    data = h.fetchone_dict()
    if data and data["id"]:
        # contact exists, check password
        if data['use_pam_authentication'] == 'Y' and CFG.pam_auth_service:
            # We use PAM for authentication
            import rhnAuthPAM
            if rhnAuthPAM.check_password(user, password, CFG.pam_auth_service) > 0:
                return 1
            return -1

        if check_password(password, data['password'], data['old_password']) > 0:
            return 1
        return -1

    # user doesn't exist.  now we fail, instead of reserving user.
    if CFG.disallow_user_creation:
        raise rhnFault(2001)

    # now check the reserved table
    h = rhnSQL.prepare("""
    select r.login, r.password from rhnUserReserved r
    where r.login_uc = upper(:p1)
    """)
    h.execute(p1=user)
    data = h.fetchone_dict()   
    if data and data["login"]:
        # found already reserved
        if check_password(password, data["password"], None) > 0: 
            return 1
        return -2

    validate_new_username(user)
    log_debug(3, "calling validate_new_password" )
    validate_new_password(password)

    # this is not reserved either, register it
    if encrypted_password:
        # Encrypt the password, let the function pick the salt
        password = encrypt_password(password)

    h = rhnSQL.prepare("""
    insert into rhnUserReserved (login, password)
    values (:username, :password)
    """)
    h.execute(username=user, password=password)
    rhnSQL.commit()
    
    # all should be dandy
    return 0

def __new_user_db(username, password, email, org_id, org_password):
    encrypted_password = CFG.encrypted_passwords
    log_debug(3, username, email, encrypted_password)

    # now search it in the database
    h = rhnSQL.prepare("""
    select w.id, w.password, ui.use_pam_authentication
    from web_contact w, rhnUserInfo ui
    where w.login_uc = upper(:username)
    and w.id = ui.user_id
    """)
    h.execute(username=username)
    data = h.fetchone_dict()

    pre_existing_user = 0

    if not data:
        # the username is not there, check the reserved user table
        h = rhnSQL.prepare("""
        select login, password from rhnUserReserved
        where login_uc = upper(:username)
        """)
        h.execute(username=username)
        data = h.fetchone_dict()
        if not data:  # nope, not reserved either
            raise rhnFault(1, _("Username `%s' has not been reserved") % username)
    else:
        pre_existing_user = 1

    if not pre_existing_user and not email:
        # New accounts have to specify an e-mail address
        raise rhnFault(30, _("E-mail address not specified"))

    # we have to perform PAM authentication if data has a field called
    # 'use_pam_authentication' and its value is 'Y', and we do have a PAM
    # service set in the config file.
    # Note that if the user is only reserved we don't do PAM authentication
    if data.get('use_pam_authentication') == 'Y' and CFG.pam_auth_service:
        # Check the password with PAM
        import rhnAuthPAM
        if rhnAuthPAM.check_password(username, password, CFG.pam_auth_service) <= 0:
            # Bad password
            raise rhnFault(2)
        # We don't care about the password anymore, replace it with something
        import time
        password = 'pam:%.8f' % time.time()
    else:
        # Regular authentication
        if check_password(password, data["password"]) == 0:
            # Bad password
            raise rhnFault(2)

    # creation of user was never supported in spacewalk but this call was mis-used
    # to check username/password in the past
    # so let's skip other checks and return now
    return 0

    def clear_files(self):

        clear_files_q = rhnSQL.prepare("""
            delete from rhnKSTreeFile where kstree_id = :kstree_id
        """)

        clear_files_q.execute(kstree_id = self.id)

def create_tree(ks_label, channel_label, path, boot_image, kstree_type, install_type, pkgs):
    
    channel = rhnChannel.channel_info(channel_label)

    if channel is '':
        raise rhnFault(40, 'Could not lookup channel ' + channel_label)

    channel_id = channel['id']
    
    create_ks_query = rhnSQL.prepare("""
        insert into rhnKickstartableTree (
            id, org_id, label, base_path, channel_id, boot_image, kstree_type,
            install_type)
        values (
            sequence_nextval('rhn_kstree_id_seq'), :org_id, :label, :base_path, :channel_id, 
            :boot_image, 
            (select id from rhnKSTreeType where label = :kstree_type),
            (select id from rhnKSInstallType where label = :install_type))
    """)
    create_ks_query.execute(org_id = None,
                            label = ks_label,
                            base_path = path,
                            channel_id = channel_id,
                            boot_image = boot_image,
                            kstree_type = kstree_type,
                            install_type = install_type)

    return lookup_tree(ks_label, pkgs)

 def check_password(self, password):
     """ simple check for a password that might become more complex sometime """
     good_pwd = str(self.contact["password"])
     old_pwd = str(self.contact["old_password"])
     if CFG.pam_auth_service:
         # a PAM service is defined
         # We have to check the user's rhnUserInfo.use_pam_authentication
         # XXX Should we create yet another __init_blah function?
         # since it's the first time we had to lool at rhnUserInfo,
         # I'll assume it's not something to happen very frequently,
         # so I'll use a query for now
         # - misa
         #
         h = rhnSQL.prepare("""
             select ui.use_pam_authentication
             from web_contact w, rhnUserInfo ui
             where w.login_uc = UPPER(:login)
             and w.id = ui.user_id""")
         h.execute(login=self.contact["login"])
         data = h.fetchone_dict()
         if not data:
             # This should not happen
             raise rhnException("No entry found for user %s" %
                 self.contact["login"])
         if data['use_pam_authentication'] == 'Y':
             # use PAM
             import rhnAuthPAM
             return rhnAuthPAM.check_password(self.contact["login"],
                 password, CFG.pam_auth_service)
         # If the entry in rhnUserInfo is 'N', perform regular
         # authentication
     return check_password(password, good_pwd, old_pwd)

def solve_dependencies(server_id, deps, version, nvre=None):
    """ The unchanged version of solve_dependencies.
        IN:
           server_id := id info of the server
           deps := list of filenames that are needed by the caller
           version := version of the client

        OUT:
           Dictionary with key values being the filnames in deps and the values being a list of lists of package info.
           Example :=  {'filename1'    :   [['name', 'version', 'release', 'epoch'],
                                            ['name2', 'version2', 'release2', 'epoch2']]}
    """
    if not nvre:
        # list of the keys to the values in each row of the recordset.
        nvre = ['name', 'version', 'release', 'epoch']

    # first, uniquify deps
    deplist = set(deps)

    # SQL statement.  It is a union of 3 statements:
    #  - Lookup by package name
    #  - Lookup by provides
    #  - Lookup by file name

    statement = "%s UNION ALL %s UNION ALL %s" % (
        __packages_sql, __provides_sql, __files_sql)
    h = rhnSQL.prepare(statement)

    # prepare return value
    packages = {}
    # Iterate through the dependency problems
    for dep in deplist:
        dict = {}
        h.execute(server_id=server_id, dep=dep)
        rs = h.fetchall_dict() or []
        if not rs:  # test shortcut
            log_error("Unable to solve dependency", server_id, dep)
            packages[dep] = []
            continue

        for p in rs:
            if p['epoch'] is None:
                p['epoch'] = ""
            entry = []
            list(map(lambda f, e=entry, p=p: e.append(p[f]), nvre))

            name_key = entry[0]
            if name_key in dict and dict[name_key][1] < p['preference']:
                # Already have it with a lower preference
                continue
            # The first time we see this package.
            dict[name_key] = (entry, p['preference'])

        packages[dep] = _avoid_compat_packages(dict)

    # v2 clients are done
    if version > 1:
        return packages
    else:
        return _v2packages_to_v1list(packages, deplist)

def lookup_tree(ks_label, pkgs):    
    
    ks_label_query = rhnSQL.prepare ("""
        SELECT KT.id, KT.label, KT.base_path, KT.channel_id, KT.boot_image,
               KT.org_id, KTT.id AS TREE_TYPE, KTT.label AS TREE_TYPE_LABEL, KTT.name AS TREE_TYPE_NAME,
               KIT.id AS install_type, KIT.label AS install_type_label, KIT.name AS install_type_name,
               C.channel_arch_id, CA.label AS CHANNEL_ARCH_LABEL, CA.name AS CHANNEL_ARCH_NAME
          FROM rhnKSTreeType KTT,
               rhnKSInstallType KIT,
               rhnChannel C,
               rhnChannelArch CA,
               rhnKickstartableTree KT
         WHERE KT.label = :ks_label
           AND KTT.id = KT.kstree_type
           AND KIT.id = KT.install_type
           AND C.id = KT.channel_id
           AND CA.id = C.channel_arch_id
    """)

    ks_label_query.execute(ks_label = ks_label)

    ks_row = ks_label_query.fetchone_dict()

    if ks_row:
        kickstart = Kickstart(ks_row, pkgs)
        return kickstart
    else:
        return None

    def load(self, session):
        arr = string.split(session, "x", 1)
        if len(arr) != 2:
            raise InvalidSessionError("Invalid session string")

        digest = arr[1]
        if len(digest) != 64:
            raise InvalidSessionError("Invalid session string (wrong length)")

        try:
            self.session_id = int(arr[0])
        except ValueError:
            raise_with_tb(InvalidSessionError("Invalid session identifier"), sys.exc_info()[2])

        if digest != self.digest():
            raise InvalidSessionError("Bad session checksum")

        h = rhnSQL.prepare(
            """
            select web_user_id, expires, value
              from pxtSessions
             where id = :session_id
        """
        )
        h.execute(session_id=self.session_id)

        row = h.fetchone_dict()
        if row:
            # Session is stored in the DB
            if time.time() < row["expires"]:
                # And it's not expired yet - good to go
                self.expires = row["expires"]
                self.uid = row["web_user_id"]
                return self

            # Old session - clean it up
            h = rhnSQL.prepare(
                """
                    delete from pxtSessions where id = :session_id
            """
            )
            h.execute(session_id=self.session_id)
            rhnSQL.commit()

        raise ExpiredSessionError("Session not found")

def __single_query_with_arch_and_id(server_id, deps, query):
    """ Run one of the queries and return the results along with the arch. """
    ret = {}
    h = rhnSQL.prepare(query)
    for dep in deps:
        h.execute(server_id=server_id, dep=dep)
        data = h.fetchall() or []
        ret[dep] = [a[:6] for a in data]
    return ret

def get_user_id(username):
    username = str(username)
    h = rhnSQL.prepare("""
    select w.id from web_contact w
    where w.login_uc = upper(:username)
    """)
    h.execute(username=username)
    data = h.fetchone_dict()
    if data:
        return data["id"]
    return None

    def save(self):
        expires = int(time.time()) + self.duration

        h = rhnSQL.prepare("""
                insert into PXTSessions (id, web_user_id, expires, value)
                values (:id, :web_user_id, :expires, :value)
        """)
        h.execute(id=self.session_id, web_user_id=self.uid,
                  expires=expires, value='RHNAPP')
        rhnSQL.commit()
        return self

    def delete_tree(self):

        delete_query = rhnSQL.prepare("""
            delete from rhnKickstartableTree
            where id = :id
        """)
        delete_query.execute(id = self.id)

        update_channel = rhnSQL.Procedure('rhn_channel.update_channel')
        invalidate_ss = 0

        update_channel(self.channel_id, invalidate_ss)

def is_user_disabled(user):
    log_debug(3, user)
    username = str(user)
    h = rhnSQL.prepare("""
    select 1 from rhnWebContactDisabled
    where login_uc = upper(:username)
    """)
    h.execute(username=username)
    row = h.fetchone_dict()
    if row:
        return 1
    return 0

def is_user_read_only(user):
    log_debug(3, user)
    username = str(user)
    h = rhnSQL.prepare("""
    select 1 from web_contact
    where login_uc = upper(:username)
    and read_only = 'Y'
    """)
    h.execute(username=username)
    row = h.fetchone_dict()
    if row:
        return 1
    return 0

    def get_roles(self):
        user_id = self.getid()

        h = rhnSQL.prepare("""
            select ugt.label as role
              from rhnUserGroup ug,
                   rhnUserGroupType ugt,
                   rhnUserGroupMembers ugm
             where ugm.user_id = :user_id
               and ugm.user_group_id = ug.id
               and ug.group_type = ugt.id
        """)
        h.execute(user_id=user_id)
        return map(lambda x: x['role'], h.fetchall_dict() or [])

    def handler(self, req):
        """ main Apache handler """
        log_debug(2)
        ret = apacheSession.handler(self, req)
        if ret != apache.OK:
            return ret

        if not CFG.SEND_MESSAGE_TO_ALL:
            # Need to get any string template overrides here, before any app
            # code gets executed, as the rhnFault error messages use the
            # templates
            # If send_message_to_all, we don't have DB connectivity though
            h = rhnSQL.prepare("select label, value from rhnTemplateString")
            h.execute()

            templateStrings = {}
            while 1:
                row = h.fetchone_dict()
                if not row:
                    break

                templateStrings[row['label']] = row['value']

            if templateStrings:
                rhnFlags.set('templateOverrides', templateStrings)

            log_debug(4, "template strings:  %s" % templateStrings)

        if not CFG.SECRET_KEY:
            # Secret key not defined, complain loudly
            try:
                raise rhnException("Secret key not found!")
            except:
                rhnTB.Traceback(mail=1, req=req, severity="schema")
                req.status = 500
                req.send_http_header()
                return apache.OK


        # Try to authenticate the proxy if it this request passed
        # through a proxy.
        if self.proxyVersion:
            try:
                ret = self._req_processor.auth_proxy()
            except rhnFault, f:
                return self._req_processor.response(f.getxml())

    def _get_files(self, tree_id):

        files_query = rhnSQL.prepare("""
            SELECT 
                relative_filename, 
                file_size, 
                c.checksum_type,
                c.checksum,
                TO_CHAR(last_modified, 'YYYY-MM-DD HH24:MI:SS') AS LAST_MODIFIED 
            FROM rhnKSTreeFile, rhnChecksumViev c
           WHERE kstree_id = :tree_id
             AND checksum_id = c.id
        """)
        files_query.execute(tree_id = tree_id)

        file_list = files_query.fetchall_dict()
        if file_list:
            return file_list
        else:
            return []

def get_db_client_capabilities(server_id):
    h = rhnSQL.prepare("""
        select cc.capability_name_id, ccn.name capability, cc.version
        from rhnClientCapability cc, rhnClientCapabilityName ccn
        where cc.server_id = :server_id
        and cc.capability_name_id = ccn.id
    """)
    h.execute(server_id=server_id)
    ret = {}
    while 1:
        row = h.fetchone_dict()
        if not row:
            break
        name = row['capability']
        version = row['version']
        value = None
        ret[name] = {
            'version'   : version,
            'value'     : value,
        }
    return ret

    def check_password(self, password, allow_read_only=False):
        """ simple check for a password that might become more complex sometime """
        if not allow_read_only and is_user_read_only(self.contact["login"]):
            raise rhnFault(702)
        good_pwd = str(self.contact["password"])
        if CFG.pam_auth_service:
            # a PAM service is defined
            # We have to check the user's rhnUserInfo.use_pam_authentication
            # XXX Should we create yet another __init_blah function?
            # since it's the first time we had to lool at rhnUserInfo,
            # I'll assume it's not something to happen very frequently,
            # so I'll use a query for now
            # - misa
            #
            h = rhnSQL.prepare(
                """
                select ui.use_pam_authentication
                from web_contact w, rhnUserInfo ui
                where w.login_uc = UPPER(:login)
                and w.id = ui.user_id"""
            )
            h.execute(login=self.contact["login"])
            data = h.fetchone_dict()
            if not data:
                # This should not happen
                raise rhnException("No entry found for user %s" % self.contact["login"])
            if data["use_pam_authentication"] == "Y":
                # use PAM
                import rhnAuthPAM

                return rhnAuthPAM.check_password(self.contact["login"], password, CFG.pam_auth_service)
        # If the entry in rhnUserInfo is 'N', perform regular authentication
        ret = check_password(password, good_pwd)
        if ret and CFG.encrypted_passwords and self.contact["password"].find("$1$") == 0:
            # If successfully authenticated and the current password is
            # MD5 encoded, convert the password to SHA-256 and save it in the DB.
            self.contact["password"] = encrypt_password(password)
            self.contact.save()
            rhnSQL.commit()
        return ret