- Timestamp:
- Sep 22, 2010 2:33:58 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- d39809f
- Parents:
- 1fc09db
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/authorizer.py
r1fc09db r27d964d 183 183 """ 184 184 185 clean_attr_re = re.compile('[^A-Za-z_]+') 186 cred_file_re = re.compile('.*\.der$') 187 185 188 def __init__(self, certs=None, me=None, key=None): 186 189 self.bad_name = authorizer_base.bad_name … … 199 202 for dir in certs or []: 200 203 self.context.load_directory(dir) 204 205 @staticmethod 206 def clean_attr(attr): 207 return abac_authorizer.clean_attr_re.sub('_', attr) 208 201 209 202 210 def set_attribute(self, name=None, attr=None, cert=None): … … 217 225 # Create the attribute certificate with creddy 218 226 cmd = [self.creddy, '--attribute', '--issuer=%s' % self.me, 219 '--key=%s' % self.key, '--role=%s' % attr,227 '--key=%s' % self.key, '--role=%s' % self.clean_attr(attr), 220 228 '--subject-id=%s' % name, '--out=%s' % fn] 221 229 rv = call(cmd) … … 243 251 if isinstance(name, tuple): 244 252 raise self.bad_name("ABAC doesn't understand three-names") 253 cattr = self.clean_attr(attr) 245 254 self.lock.acquire() 246 255 ctxt = ABAC.Context() … … 252 261 if t.principal() == '%s' % name and \ 253 262 h.principal() == '%s' % self.fedid and \ 254 h.role_name() == attr:263 h.role_name() == cattr: 255 264 continue 256 265 … … 269 278 raise self.bad_name("ABAC doesn't understand three-names") 270 279 else: 271 272 280 # Naked attributes are attested by this principal 273 if attr.find('.') == -1: a = "%s.%s" % (self.fedid, attr) 274 else: a = attr 281 if attr.find('.') == -1: 282 a = "%s.%s" % (self.fedid, self.clean_attr(attr)) 283 else: 284 r, a = attr.split('.',1) 285 a = "%s.%s" ( r, self.clean_attr(a)) 275 286 276 287 self.lock.acquire() … … 288 299 """ 289 300 self.lock.acquire() 290 self.globals.add( attr)301 self.globals.add(self.clean_attr(attr)) 291 302 self.lock.release() 292 303 … … 297 308 298 309 self.lock.acquire() 299 self.globals.discard( attr)310 self.globals.discard(self.clean_attr(attr)) 300 311 self.lock.release() 301 312 … … 330 341 #remove old certs 331 342 for fn in [ f for f in os.listdir("%s/certs" % dir) \ 332 if re.match('.*\.der$',f)]:343 if abac_authorizer.cred_file_re.match(f)]: 333 344 os.unlink('%s/certs/%s' % (dir, fn)) 334 345 ii = 0
Note: See TracChangeset
for help on using the changeset viewer.