Context Navigation

-                      r71461a4
+                      r09b1e9d
 from fedid import fedid
 from remote_service import service_caller
-from abac_remote_service import abac_service_caller
 from service_error import service_error
 …
     clean_attr_re = re.compile('[^A-Za-z_]+')
     cred_file_re = re.compile('.*\.der$')
+    bad_name = authorizer_base.bad_name
+    attribute_error = authorizer_base.attribute_error
     ABAC.libabac_init()
     def __init__(self, certs=None, me=None, key=None, loadfile=None):
-        self.bad_name = authorizer_base.bad_name
-        self.attribute_error = authorizer_base.attribute_error
         self.creddy = '/usr/local/bin/creddy'
         self.globals = set()
 …
             self.fedid = fedid(file=self.me)
             self.context.load_id_file(self.me)
+        else:
+            self.fedid = None
         if isinstance(certs, basestring):
 …
         if name and attr:
             if isinstance(name, tuple):
+                raise self.bad_name("ABAC doesn't understand three-names")
+                raise abac_authorizer.bad_name(
+                        "ABAC doesn't understand three-names")
             if self.me and self.key:
                 # Create a credential and insert it into context
 …
                     os.close(f)
                 except EnvironmentError, e:
                     raise self.attribute_error(
+                    raise abac_authorizer.attribute_error(
                             "Cannot create temp file: %s" %e)
 …
                 else:
                     os.unlink(fn)
+                    raise self.attribute_error("creddy returned %s" % rv)
+                    raise abac_authorizer.attribute_error(
+                            "creddy returned %s" % rv)
             else:
                 raise self.attribute_error(
+                raise abac_authorizer.attribute_error(
                         "Identity and key not specified on creation")
         elif cert:
 …
             self.lock.release()
         else:
+            raise self.attribute_error("Neither name/attr nor cert is set")
+            raise abac_authorizer.attribute_error(
+                    "Neither name/attr nor cert is set")
     def unset_attribute(self, name, attr):
         if isinstance(name, tuple):
+            raise self.bad_name("ABAC doesn't understand three-names")
+            raise abac_authorizer.bad_name(
+                    "ABAC doesn't understand three-names")
         cattr = self.clean_attr(attr)
         self.lock.acquire()
 …
         # XXX proof soon
         if isinstance(name, tuple):
+            raise self.bad_name("ABAC doesn't understand three-names")
+            raise abac_authorizer.bad_name(
+                    "ABAC doesn't understand three-names")
         else:
             # Naked attributes are attested by this principal
 …
             if not os.access(dir, os.F_OK):
                 os.mkdir(dir)
+            f = open("%s/globals" % dir, "w")
+            pickle.dump(self.globals, f)
+            # These are unpicklable, so set them aside
+            context = self.context
+            lock = self.lock
+            self.context = None
+            self.lock = None
+            f = open("%s/state" % dir, "w")
+            pickle.dump(self, f)
             f.close()
-            if self.me and self.key:
-                f = open("%s/me" % dir, "w")
-                pickle.dump(self.me, f)
-                f.close()
-                f = open("%s/key" % dir, "w")
-                pickle.dump(self.key, f)
-                f.close()
             if not os.access("%s/certs" %dir, os.F_OK):
                 os.mkdir("%s/certs" % dir)
             seenit = set()
+            #restore unpicklable state
+            self.context = context
+            self.lock = lock
             #remove old certs
             for fn in [ f for f in os.listdir("%s/certs" % dir) \
 …
                     ai += 1
         except EnvironmentError, e:
+            self.lock.release()
+            # If we've mislaid self.lock, release lock (they're the same object)
+            if self.lock: self.lock.release()
+            elif lock: lock.release()
             raise e
         except pickle.PickleError, e:
+            self.lock.release()
+            # If we've mislaid self.lock, release lock (they're the same object)
+            if self.lock: self.lock.release()
+            elif lock: lock.release()
             raise e
         self.lock.release()
 …
         self.lock.acquire()
         try:
             if os.access("%s/me" % dir, os.R_OK):
                 f = open("%s/me" % dir, "r")
                 self.me = pickle.load(f)
+            if os.access("%s/state" % dir, os.R_OK):
+                f = open("%s/state" % dir, "r")
+                st = pickle.load(f)
                 f.close()
+                if self.me:
+                    self.fedid = fedid(file=self.me)
+            else:
+                self.me = None
+            if os.access("%s/key" % dir, os.R_OK):
+                f = open("%s/key" % dir, "r")
+                self.key = pickle.load(f)
+                f.close()
+            else:
+                self.key = None
+            f = open("%s/globals" % dir, "r")
+            self.globals = pickle.load(f)
+            f.close()
+                # Cpoy the useful attributes from the pickled state
+                for a in ('globals', 'key', 'me', 'cert', 'fedid'):
+                    setattr(self, a, getattr(st, a, None))
+            # Initialize the new context with the new identity
             self.context = ABAC.Context()
+            if self.me:
+                self.context.load_id_file(self.me)
             self.context.load_directory("%s/certs" % dir)
         except EnvironmentError, e:

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 09b1e9d

Legend:

fedd/federation/authorizer.py

Download in other formats: