Changeset 27d964d


Ignore:
Timestamp:
Sep 22, 2010 2:33:58 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
d39809f
Parents:
1fc09db
Message:

Translate attributes into something acceptable to libabac (or creddy)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/authorizer.py

    r1fc09db r27d964d  
    183183    """
    184184
     185    clean_attr_re = re.compile('[^A-Za-z_]+')
     186    cred_file_re = re.compile('.*\.der$')
     187
    185188    def __init__(self, certs=None, me=None, key=None):
    186189        self.bad_name = authorizer_base.bad_name
     
    199202        for dir in certs or []:
    200203            self.context.load_directory(dir)
     204
     205    @staticmethod
     206    def clean_attr(attr):
     207        return abac_authorizer.clean_attr_re.sub('_', attr)
     208
    201209
    202210    def set_attribute(self, name=None, attr=None, cert=None):
     
    217225                # Create the attribute certificate with creddy
    218226                cmd = [self.creddy, '--attribute', '--issuer=%s' % self.me,
    219                     '--key=%s' % self.key, '--role=%s' % attr,
     227                    '--key=%s' % self.key, '--role=%s' % self.clean_attr(attr),
    220228                    '--subject-id=%s' % name, '--out=%s' % fn]
    221229                rv = call(cmd)
     
    243251        if isinstance(name, tuple):
    244252            raise self.bad_name("ABAC doesn't understand three-names")
     253        cattr = self.clean_attr(attr)
    245254        self.lock.acquire()
    246255        ctxt = ABAC.Context()
     
    252261                if t.principal() == '%s' % name and \
    253262                        h.principal() == '%s' % self.fedid and \
    254                         h.role_name() == attr:
     263                        h.role_name() == cattr:
    255264                    continue
    256265
     
    269278            raise self.bad_name("ABAC doesn't understand three-names")
    270279        else:
    271            
    272280            # Naked attributes are attested by this principal
    273             if attr.find('.') == -1: a = "%s.%s" % (self.fedid, attr)
    274             else: a = attr
     281            if attr.find('.') == -1:
     282                a = "%s.%s" % (self.fedid, self.clean_attr(attr))
     283            else:
     284                r, a = attr.split('.',1)
     285                a = "%s.%s" ( r, self.clean_attr(a))
    275286
    276287            self.lock.acquire()
     
    288299        """
    289300        self.lock.acquire()
    290         self.globals.add(attr)
     301        self.globals.add(self.clean_attr(attr))
    291302        self.lock.release()
    292303
     
    297308
    298309        self.lock.acquire()
    299         self.globals.discard(attr)
     310        self.globals.discard(self.clean_attr(attr))
    300311        self.lock.release()
    301312
     
    330341            #remove old certs
    331342            for fn in [ f for f in os.listdir("%s/certs" % dir) \
    332                     if re.match('.*\.der$', f)]:
     343                    if abac_authorizer.cred_file_re.match(f)]:
    333344                os.unlink('%s/certs/%s' % (dir, fn))
    334345            ii = 0
Note: See TracChangeset for help on using the changeset viewer.