Changeset 09b1e9d for fedd/federation
- Timestamp:
- Sep 22, 2010 6:26:04 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 7206e5a
- Parents:
- 71461a4
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/authorizer.py
r71461a4 r09b1e9d 8 8 from fedid import fedid 9 9 from remote_service import service_caller 10 from abac_remote_service import abac_service_caller11 10 from service_error import service_error 12 11 … … 185 184 clean_attr_re = re.compile('[^A-Za-z_]+') 186 185 cred_file_re = re.compile('.*\.der$') 186 bad_name = authorizer_base.bad_name 187 attribute_error = authorizer_base.attribute_error 187 188 ABAC.libabac_init() 188 189 189 190 def __init__(self, certs=None, me=None, key=None, loadfile=None): 190 self.bad_name = authorizer_base.bad_name191 self.attribute_error = authorizer_base.attribute_error192 191 self.creddy = '/usr/local/bin/creddy' 193 192 self.globals = set() … … 199 198 self.fedid = fedid(file=self.me) 200 199 self.context.load_id_file(self.me) 200 else: 201 self.fedid = None 201 202 202 203 if isinstance(certs, basestring): … … 216 217 if name and attr: 217 218 if isinstance(name, tuple): 218 raise self.bad_name("ABAC doesn't understand three-names") 219 raise abac_authorizer.bad_name( 220 "ABAC doesn't understand three-names") 219 221 if self.me and self.key: 220 222 # Create a credential and insert it into context … … 225 227 os.close(f) 226 228 except EnvironmentError, e: 227 raise self.attribute_error(229 raise abac_authorizer.attribute_error( 228 230 "Cannot create temp file: %s" %e) 229 231 … … 241 243 else: 242 244 os.unlink(fn) 243 raise self.attribute_error("creddy returned %s" % rv) 245 raise abac_authorizer.attribute_error( 246 "creddy returned %s" % rv) 244 247 else: 245 raise self.attribute_error(248 raise abac_authorizer.attribute_error( 246 249 "Identity and key not specified on creation") 247 250 elif cert: … … 251 254 self.lock.release() 252 255 else: 253 raise self.attribute_error("Neither name/attr nor cert is set") 256 raise abac_authorizer.attribute_error( 257 "Neither name/attr nor cert is set") 254 258 255 259 def unset_attribute(self, name, attr): 256 260 if isinstance(name, tuple): 257 raise self.bad_name("ABAC doesn't understand three-names") 261 raise abac_authorizer.bad_name( 262 "ABAC doesn't understand three-names") 258 263 cattr = self.clean_attr(attr) 259 264 self.lock.acquire() … … 281 286 # XXX proof soon 282 287 if isinstance(name, tuple): 283 raise self.bad_name("ABAC doesn't understand three-names") 288 raise abac_authorizer.bad_name( 289 "ABAC doesn't understand three-names") 284 290 else: 285 291 # Naked attributes are attested by this principal … … 329 335 if not os.access(dir, os.F_OK): 330 336 os.mkdir(dir) 331 332 f = open("%s/globals" % dir, "w") 333 pickle.dump(self.globals, f) 337 # These are unpicklable, so set them aside 338 context = self.context 339 lock = self.lock 340 self.context = None 341 self.lock = None 342 343 f = open("%s/state" % dir, "w") 344 pickle.dump(self, f) 334 345 f.close() 335 346 336 if self.me and self.key:337 f = open("%s/me" % dir, "w")338 pickle.dump(self.me, f)339 f.close()340 f = open("%s/key" % dir, "w")341 pickle.dump(self.key, f)342 f.close()343 347 if not os.access("%s/certs" %dir, os.F_OK): 344 348 os.mkdir("%s/certs" % dir) 345 349 seenit = set() 350 351 #restore unpicklable state 352 self.context = context 353 self.lock = lock 346 354 #remove old certs 347 355 for fn in [ f for f in os.listdir("%s/certs" % dir) \ … … 367 375 ai += 1 368 376 except EnvironmentError, e: 369 self.lock.release() 377 # If we've mislaid self.lock, release lock (they're the same object) 378 if self.lock: self.lock.release() 379 elif lock: lock.release() 370 380 raise e 371 381 except pickle.PickleError, e: 372 self.lock.release() 382 # If we've mislaid self.lock, release lock (they're the same object) 383 if self.lock: self.lock.release() 384 elif lock: lock.release() 373 385 raise e 374 386 self.lock.release() … … 377 389 self.lock.acquire() 378 390 try: 379 if os.access("%s/ me" % dir, os.R_OK):380 f = open("%s/ me" % dir, "r")381 s elf.me= pickle.load(f)391 if os.access("%s/state" % dir, os.R_OK): 392 f = open("%s/state" % dir, "r") 393 st = pickle.load(f) 382 394 f.close() 383 if self.me: 384 self.fedid = fedid(file=self.me) 385 else: 386 self.me = None 387 if os.access("%s/key" % dir, os.R_OK): 388 f = open("%s/key" % dir, "r") 389 self.key = pickle.load(f) 390 f.close() 391 else: 392 self.key = None 393 f = open("%s/globals" % dir, "r") 394 self.globals = pickle.load(f) 395 f.close() 395 # Cpoy the useful attributes from the pickled state 396 for a in ('globals', 'key', 'me', 'cert', 'fedid'): 397 setattr(self, a, getattr(st, a, None)) 398 399 # Initialize the new context with the new identity 396 400 self.context = ABAC.Context() 401 if self.me: 402 self.context.load_id_file(self.me) 397 403 self.context.load_directory("%s/certs" % dir) 398 404 except EnvironmentError, e:
Note: See TracChangeset
for help on using the changeset viewer.