Changeset 547aa3b for fedd


Ignore:
Timestamp:
Nov 19, 2010 5:56:49 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
85f5d11
Parents:
66a8e6d
Message:

various fixes to abac tools to work with the new library

Location:
fedd
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed
  • fedd/access_to_abac.py

    r66a8e6d r547aa3b  
    262262    for i, c in enumerate(creds):
    263263        cmd = [creddy, '--attribute', '--issuer=%s' % cert, '--key=%s' % key,
    264                 '--role=%s' % c.attr, '--out=%s/cred%d' % (dir, i)]
     264                '--role=%s' % c.attr, '--out=%s/cred%d_attr.der' % (dir, i)]
    265265        for r in c.req:
    266266            cmd.extend(attrs(r))
  • fedd/fedd_to_abac.py

    r66a8e6d r547aa3b  
    100100        print >>sys.stderr, 'Cannot open file (%s): %e' % e
    101101
     102if not roles:
     103    print >>sys.stderr, "No roles found.  Did you specify a configuration?"
     104
    102105for k, id in roles.items():
    103106    for i, r in enumerate(id.roles):
  • fedd/federation/authorizer.py

    r66a8e6d r547aa3b  
    55from subprocess import call
    66from threading import Lock
     7
     8from string import join
    79
    810from fedid import fedid
     
    200202        if me:
    201203            self.fedid = fedid(file=self.me)
    202             self.context.load_id_file(self.me)
     204            rv = self.context.load_id_file(self.me)
     205            if rv != 0:
     206                raise abac_authorizer.bad_name(
     207                        'Cannot load identity from %s' % me.cert)
    203208        else:
    204209            self.fedid = None
     
    466471        self.lock.release()
    467472
     473    @staticmethod
     474    def encode_credential(c):
     475        return '%s <- %s' % (c.head().string(), c.tail().string())
     476
     477    def get_creds_for_principal(self, fid):
     478        look_for = set(["%s" % fid])
     479        found_attrs = set()
     480        next_look = set()
     481        found = set([])
     482
     483        self.lock.acquire()
     484        while look_for:
     485            for c in self.context.credentials():
     486                tail = c.tail()
     487                # XXX: This needs to be more aggressive for linked stuff
     488                if tail.string() in look_for and c not in found:
     489                    found.add(c)
     490                    next_look.add(c.head().string())
     491
     492            look_for = next_look
     493            next_look = set()
     494       
     495        return found
     496
    468497    def __str__(self):
    469         def encode_role(r):
    470             if r.is_principal():
    471                 return "%s" % r.principal()
    472             elif r.is_role():
    473                 return "%s.%s" % (r.principal(), r.role_name())
    474             elif r.is_linking():
    475                 return "%s.%s.%s" % \
    476                         (r.principal(), r.linking_role(), r.role_name())
    477498
    478499        self.lock.acquire()
    479500        rv = "%s" % self.fedid
    480         for c in self.context.credentials():
    481             rv += '\n%s <- %s' % (encode_role(c.head()), encode_role(c.tail()))
     501        rv += join([abac_authorizer.encode_credential(c)
     502            for c in self.context.credentials()], '\n');
    482503        self.lock.release()
    483504        return rv
  • fedd/init_abac_authorizer.py

    r66a8e6d r547aa3b  
    66class Parser(OptionParser):
    77    def __init__(self):
    8         OptionParser.__init__(self, usage='%prog [options')
     8        OptionParser.__init__(self, usage='%prog [options]')
    99        self.add_option('--cert', dest='cert', help='Identity certificate')
    1010        self.add_option('--key', dest='key', help='Identity key')
Note: See TracChangeset for help on using the changeset viewer.