- Timestamp:
- Nov 30, 2010 4:45:00 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 4692a16
- Parents:
- c002cb2
- Location:
- fedd/federation
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/access.py
rc002cb2 r1f6a573 53 53 self.value = value 54 54 self.priority = pri 55 def __str__(self): 56 return "%s: %s (%d)" % (self.attr, self.value, self.priority) 55 57 56 58 def __init__(self, config=None, auth=None): … … 140 142 """ 141 143 142 map_re = re.compile("(\S+)\s+->\s+(.*)"); 144 map_re = re.compile("(\S+)\s+->\s+(.*)") 145 priority_re = re.compile("([^,]+),\s*(\d+)") 146 143 147 if access_obj is None: 144 148 access_obj = lambda(x): "%s" % x 145 149 146 150 self.access = [] 151 priorities = { } 147 152 148 153 f = open(fn, 'r') … … 160 165 continue 161 166 167 # If a priority is found, collect them 168 m = priority_re.match(line) 169 if m: 170 try: 171 priorities[m.group(1)] = int(m.group(2)) 172 except ValueError, e: 173 if self.log: 174 self.log.debug("Bad priority in %s line %d" % \ 175 (fn, lineno)) 176 continue 177 162 178 # Nothing matched to here: unknown line - raise exception 163 179 # (finally will close f) … … 167 183 finally: 168 184 if f: f.close() 185 186 # Set priorities 187 for a in self.access: 188 if a.attr in priorities: 189 a.priority = priorities[a.attr] 169 190 170 191 def write_state(self): -
fedd/federation/emulab_access.py
rc002cb2 r1f6a573 488 488 s.get('visibility', '') == 'export': 489 489 if not rv: 490 for a in s.get('fed dAttr', []):490 for a in s.get('fedAttr', []): 491 491 if a.get('attribute', '') == 'project' \ 492 492 and 'value' in a: … … 504 504 raise service_error(service_error.req, "No request!?") 505 505 506 alog = open("./auth.log", 'w') 507 print >>alog, self.auth 508 print >> alog, "after" 506 # if this includes a project export request, construct a filter such 507 # that only the ABAC attributes mapped to that project are checked for 508 # access. 509 if 'service' in req: 510 ep = get_export_project(req['service']) 511 pf = lambda(a): a.value[0] == ep 512 else: 513 ep = None 514 pf = None 515 509 516 if self.auth.import_credentials( 510 517 data_list=req.get('abac_credential', [])): 511 518 self.auth.save() 512 print >>alog, self.auth513 alog.close()514 519 515 520 if self.auth_type == "legacy": 516 521 found, dyn, owners = self.legacy_lookup_access(req, fid) 517 522 elif self.auth_type == 'abac': 518 found, dyn, owners = self.lookup_access(req, fid )523 found, dyn, owners = self.lookup_access(req, fid, filter=pf) 519 524 else: 520 525 raise service_error(service_error.internal, … … 522 527 ap = None 523 528 524 # if this includes a project export request and the exported 525 # project is not the access project, access denied. 526 if 'service' in req: 527 ep = get_export_project(req['service']) 528 if ep and ep != found[0]: 529 raise service_error(service_error.access, 530 "Cannot export %s" % ep) 529 # This only happens in legacy lookups, but if this user has access to 530 # the testbed but not the project to be exported, raise the error. 531 if ep and ep != found[0]: 532 raise service_error(service_error.access, 533 "Cannot export %s" % ep) 531 534 532 535 if self.ssh_pubkey_file:
Note: See TracChangeset
for help on using the changeset viewer.