Ignore:
Timestamp:
Jan 15, 2011 5:52:15 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
aaf7f41
Parents:
ac15159 (diff), 944b746 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
git-author:
Ted Faber <faber@…> (01/15/11 17:51:40)
git-committer:
Ted Faber <faber@…> (01/15/11 17:52:15)
Message:

merge from current

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/deter_internal_access.py

    rac15159 r0a49bd7  
    142142            }
    143143
    144     def RequestAccess(self, req, fid):
    145         """
    146         Handle the access request.  Proxy if not for us.
    147 
    148         Parse out the fields and make the allocations or rejections if for us,
    149         otherwise, assuming we're willing to proxy, proxy the request out.
    150         """
    151 
    152         # The dance to get into the request body
    153         if req.has_key('RequestAccessRequestBody'):
    154             req = req['RequestAccessRequestBody']
    155         else:
    156             raise service_error(service_error.req, "No request!?")
    157 
    158         found, match, owners = self.lookup_access(req, fid)
    159         # keep track of what's been added
    160         allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log)
    161         aid = unicode(allocID)
    162 
    163         self.state_lock.acquire()
    164         self.state[aid] = { }
    165         self.state[aid]['user'] = found
    166         self.state[aid]['owners'] = owners
    167         self.state[aid]['vlan'] = None
    168         self.write_state()
    169         self.state_lock.release()
    170         self.auth.set_attribute(fid, allocID)
    171         self.auth.set_attribute(allocID, allocID)
    172         self.auth.save()
    173 
    174         try:
    175             f = open("%s/%s.pem" % (self.certdir, aid), "w")
    176             print >>f, alloc_cert
    177             f.close()
    178         except EnvironmentError, e:
    179             raise service_error(service_error.internal,
    180                     "Can't open %s/%s : %s" % (self.certdir, aid, e))
    181         return { 'allocID': { 'fedid': allocID } }
    182 
    183     def ReleaseAccess(self, req, fid):
    184         # The dance to get into the request body
    185         if req.has_key('ReleaseAccessRequestBody'):
    186             req = req['ReleaseAccessRequestBody']
    187         else:
    188             raise service_error(service_error.req, "No request!?")
    189 
    190         # Local request
    191         try:
    192             if req['allocID'].has_key('localname'):
    193                 auth_attr = aid = req['allocID']['localname']
    194             elif req['allocID'].has_key('fedid'):
    195                 aid = unicode(req['allocID']['fedid'])
    196                 auth_attr = req['allocID']['fedid']
    197             else:
    198                 raise service_error(service_error.req,
    199                         "Only localnames and fedids are understood")
    200         except KeyError:
    201             raise service_error(service_error.req, "Badly formed request")
    202 
    203         self.log.debug("[access] deallocation requested for %s", aid)
    204         if not self.auth.check_attribute(fid, auth_attr):
    205             self.log.debug("[access] deallocation denied for %s", aid)
    206             raise service_error(service_error.access, "Access Denied")
    207 
    208         self.state_lock.acquire()
    209         if self.state.has_key(aid):
    210             self.log.debug("Found allocation for %s" %aid)
    211             del self.state[aid]
    212             self.write_state()
    213             self.state_lock.release()
    214             # And remove the access cert
    215             cf = "%s/%s.pem" % (self.certdir, aid)
    216             self.log.debug("Removing %s" % cf)
    217             os.remove(cf)
    218             return { 'allocID': req['allocID'] }
    219         else:
    220             self.state_lock.release()
    221             raise service_error(service_error.req, "No such allocation")
     144    # RequestAccess and ReleaseAccess come from the base
    222145
    223146    def extract_parameters(self, top):
     
    292215        aid = "%s" % auth_attr
    293216        attrs = req.get('fedAttr', [])
    294         if not self.auth.check_attribute(fid, auth_attr):
     217        access_ok, proof = self.auth.check_attribute(fid, auth_attr,
     218                with_proof=True)
     219        if not access_ok:
    295220            raise service_error(service_error.access, "Access denied")
    296221        else:
     
    348273                'allocID': req['allocID'],
    349274                'allocationLog': logv,
    350                 'segmentdescription': { 'topdldescription': rtopo.to_dict() }
     275                'segmentdescription': { 'topdldescription': rtopo.to_dict() },
     276                'proof': proof.to_dict(),
    351277                }
    352278        retval = copy.deepcopy(self.state[aid]['started'])
     
    366292
    367293        self.log.debug("Terminate request for %s" %aid)
    368         if not self.auth.check_attribute(fid, auth_attr):
     294        access_ok, proof = self.auth.check_attribute(fid, auth_attr,
     295                with_proof=True)
     296        if not access_ok:
    369297            raise service_error(service_error.access, "Access denied")
    370298
     
    385313        self.state[aid]['vlan'] = None
    386314        self.state_lock.release()
    387         return { 'allocID': req['allocID'] }
     315        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
Note: See TracChangeset for help on using the changeset viewer.