Changeset c002cb2
- Timestamp:
- Nov 30, 2010 1:57:05 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 1f6a573
- Parents:
- 822d31b
- Location:
- fedd/federation
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/access.py
r822d31b rc002cb2 47 47 48 48 class parse_error(RuntimeError): pass 49 50 class access_attribute: 51 def __init__(self, attr, value, pri=1): 52 self.attr = attr 53 self.value = value 54 self.priority = pri 49 55 50 56 def __init__(self, config=None, auth=None): … … 138 144 access_obj = lambda(x): "%s" % x 139 145 146 self.access = [] 147 140 148 f = open(fn, 'r') 141 149 try: … … 148 156 m = map_re.match(line) 149 157 if m != None: 150 self.access[m.group(1)] = access_obj(m.group(2)) 158 self.access.append(access_base.access_attribute(m.group(1), 159 access_obj(m.group(2)))) 151 160 continue 152 161 -
fedd/federation/emulab_access.py
r822d31b rc002cb2 104 104 105 105 self.restricted = [ ] 106 self.access = { }107 106 # XXX: this should go? 108 107 #if config.has_option("access", "accessdb"): … … 119 118 # initialize the authorization system 120 119 if self.auth_type == 'legacy': 120 self.access = { } 121 121 if accessdb: 122 122 self.legacy_read_access(accessdb, self.legacy_access_tuple) 123 123 elif self.auth_type == 'abac': 124 124 self.auth = abac_authorizer(load=self.auth_dir) 125 self.access = [ ] 125 126 if accessdb: 126 127 self.read_access(accessdb, self.access_tuple) … … 327 328 [ fid ] 328 329 329 def lookup_access(self, req, fid ):330 def lookup_access(self, req, fid, filter=None, compare=None): 330 331 """ 331 332 Check all the attributes that this controller knows how to map and see 332 333 if the requester is allowed to use any of them. If so return one. 333 """ 334 Filter defined the objects to check - it's a function that returns true 335 for the objects to check - and cmp defines the order to check them in 336 as the cmp field of sorted(). If filter is None, all possibilities are 337 checked. If cmp is None, the choices are sorted by priority. 338 """ 339 # NB: comparison order reversed so numerically larger priorities are 340 # checked first. 341 def prio_cmp(a, b): 342 return cmp(b.priority, a.priority) 343 344 334 345 # Import request credentials into this (clone later??) 335 346 if self.auth.import_credentials( … … 337 348 self.auth.save() 338 349 350 c = compare or prio_cmp 351 if filter: f = filter 352 else: f = lambda(x): True 353 354 check = sorted([ a for a in self.access if f(a)], cmp=c) 355 339 356 # Check every attribute that we know how to map and take the first 340 357 # success. 341 for attr in (self.access.keys()): 342 if self.auth.check_attribute(fid, attr): 358 for attr in check: 359 if self.auth.check_attribute(fid, attr.attr): 360 self.log.debug("Access succeeded for %s %s" % (attr.attr, fid)) 343 361 # XXX: needs to deal with dynamics 344 return copy.copy( self.access[attr]), (False, False, False), \362 return copy.copy(attr.value), (False, False, False), \ 345 363 [ fid ] 346 364 else: 347 self.log.debug("Access failed for %s %s" % (attr , fid))365 self.log.debug("Access failed for %s %s" % (attr.attr, fid)) 348 366 else: 349 367 raise service_error(service_error.access, "Access denied")
Note: See TracChangeset
for help on using the changeset viewer.