Changeset 547aa3b

Timestamp:

Nov 19, 2010 5:56:49 PM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

85f5d11

Parents:

66a8e6d

Message:

various fixes to abac tools to work with the new library

Location:

fedd

Files:

• access_to_abac.py (modified) (1 diff)
• dump_abac_authorizer.py (added)
• fedd_to_abac.py (modified) (1 diff)
• federation/authorizer.py (modified) (3 diffs)
• init_abac_authorizer.py (modified) (1 diff)

fedd/access_to_abac.py

@@ -262 +262 @@
     for i, c in enumerate(creds):
         cmd = [creddy, '--attribute', '--issuer=%s' % cert, '--key=%s' % key,
-                '--role=%s' % c.attr, '--out=%s/cred%d' % (dir, i)]
+                '--role=%s' % c.attr, '--out=%s/cred%d_attr.der' % (dir, i)]
         for r in c.req:
             cmd.extend(attrs(r))

fedd/fedd_to_abac.py

@@ -100 +100 @@
         print >>sys.stderr, 'Cannot open file (%s): %e' % e
 
+if not roles:
+    print >>sys.stderr, "No roles found.  Did you specify a configuration?"
+
 for k, id in roles.items():
     for i, r in enumerate(id.roles):

fedd/federation/authorizer.py

@@ -5 +5 @@
 from subprocess import call
 from threading import Lock
+
+from string import join
 
 from fedid import fedid
@@ -200 +202 @@
         if me:
             self.fedid = fedid(file=self.me)
-            self.context.load_id_file(self.me)
+            rv = self.context.load_id_file(self.me)
+            if rv != 0:
+                raise abac_authorizer.bad_name(
+                        'Cannot load identity from %s' % me.cert)
         else:
             self.fedid = None
@@ -466 +471 @@
         self.lock.release()
 
+    @staticmethod
+    def encode_credential(c):
+        return '%s <- %s' % (c.head().string(), c.tail().string())
+
+    def get_creds_for_principal(self, fid):
+        look_for = set(["%s" % fid])
+        found_attrs = set()
+        next_look = set()
+        found = set([])
+
+        self.lock.acquire()
+        while look_for:
+            for c in self.context.credentials():
+                tail = c.tail()
+                # XXX: This needs to be more aggressive for linked stuff
+                if tail.string() in look_for and c not in found:
+                    found.add(c)
+                    next_look.add(c.head().string())
+
+            look_for = next_look
+            next_look = set()
+        
+        return found
+
     def __str__(self):
-        def encode_role(r):
-            if r.is_principal(): 
-                return "%s" % r.principal()
-            elif r.is_role(): 
-                return "%s.%s" % (r.principal(), r.role_name())
-            elif r.is_linking():
-                return "%s.%s.%s" % \
-                        (r.principal(), r.linking_role(), r.role_name())
 
         self.lock.acquire()
         rv = "%s" % self.fedid
-        for c in self.context.credentials():
-            rv += '\n%s <- %s' % (encode_role(c.head()), encode_role(c.tail()))
+        rv += join([abac_authorizer.encode_credential(c)
+            for c in self.context.credentials()], '\n');
         self.lock.release()
         return rv

fedd/init_abac_authorizer.py

@@ -6 +6 @@
 class Parser(OptionParser):
     def __init__(self):
-        OptionParser.__init__(self, usage='%prog [options')
+        OptionParser.__init__(self, usage='%prog [options]')
         self.add_option('--cert', dest='cert', help='Identity certificate')
         self.add_option('--key', dest='key', help='Identity key')