Ignore:
Timestamp:
Jan 15, 2011 5:52:15 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
aaf7f41
Parents:
ac15159 (diff), 944b746 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
git-author:
Ted Faber <faber@…> (01/15/11 17:51:40)
git-committer:
Ted Faber <faber@…> (01/15/11 17:52:15)
Message:

merge from current

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/ns2topdl.py

    rac15159 r0a49bd7  
    1111from remote_service import xmlrpc_handler, soap_handler
    1212from service_error import *
    13 from authorizer import authorizer
     13from authorizer import authorizer, abac_authorizer
    1414
    1515
     
    3131        self.tcl_splitter = config.get("ns2topdl", "tcl_splitter",
    3232                "/usr/testbed/lib/ns2ir/parse.tcl")
     33        self.auth_type = config.get('ns2topdl', 'auth_type') or 'legacy'
    3334        access_db = config.get("ns2topdl", "accessdb", None)
    34         allow_any = config.getboolean("ns2topdl", "allow_any", False)
     35        self.allow_any = config.getboolean("ns2topdl", "allow_any", False)
     36        auth_dir = config.get('ns2topdl', 'auth_dir')
    3537
    3638        self.log = logging.getLogger("fedd.ns2topdl")
     
    4749                    "using local one")
    4850
    49         if access_db and allow_any:
     51
     52        if self.auth_type == 'legacy':
     53            if access_db and self.allow_any:
     54                raise service_error(service_error.internal,
     55                        "Cannot specify both an access database and " +
     56                        "allow_any for ns2topdl")
     57           
     58            if access_db:
     59                try:
     60                    read_simple_accessdb(access_db, self.auth, 'ns2topdl')
     61                except EnvironmentError, e:
     62                    raise service_error(service_error.internal,
     63                            "Error reading accessDB %s: %s" % (access_db, e))
     64                except ValueError:
     65                    raise service_error(service_error.internal, "%s" % e)
     66            elif self.allow_any:
     67                auth.set_global_attribute("ns2topdl")
     68        elif self.auth_type == 'abac':
     69            self.auth = abac_authorizer(load=auth_dir)
     70        else:
    5071            raise service_error(service_error.internal,
    51                     "Cannot specify both an access database and allow_any " +\
    52                             "for ns2topdl")
    53        
    54         if access_db:
    55             try:
    56                 read_simple_accessdb(access_db, self.auth, 'ns2topdl')
    57             except EnvironmentError, e:
    58                 raise service_error(service_error.internal,
    59                         "Error reading accessDB %s: %s" % (access_db, e))
    60             except ValueError:
    61                 raise service_error(service_error.internal, "%s" % e)
    62         elif allow_any:
    63             auth.set_global_attribute("ns2topdl")
     72                    "Unknown auth_type: %s" % self.auth_type)
    6473
    6574
     
    8190        """
    8291
    83         if not self.auth.check_attribute(fid, 'ns2topdl'):
    84             raise service_error(service_error.access, "Access Denied")
     92        if self.allow_any:
     93            self.auth.set_attribute(fid, 'ns2topdl')
     94
     95        access_ok, proof = self.auth.check_attribute(fid, 'ns2topdl',
     96            with_proof=True)
     97
     98        if not access_ok:
     99            raise service_error(service_error.access, "Access Denied",
     100                proof=proof)
    85101
    86102        try:
     
    137153                'experimentdescription':  {
    138154                    'topdldescription': top.to_dict(),
    139                     }
     155                    },
     156                'proof': proof.to_dict(),
    140157                }
    141158
Note: See TracChangeset for help on using the changeset viewer.