Changeset 7206e5a for fedd/federation/authorizer.py
- Timestamp:
- Sep 23, 2010 5:44:47 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 835cf55
- Parents:
- 09b1e9d
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/authorizer.py
r09b1e9d r7206e5a 152 152 self.globals.discard(attr) 153 153 154 def import_credentials(self, file_list=None, data_list=None): 155 return False 156 154 157 def __str__(self): 155 158 rv = "" … … 182 185 """ 183 186 184 clean_attr_re = re.compile('[^A-Za-z _]+')187 clean_attr_re = re.compile('[^A-Za-z0-9_]+') 185 188 cred_file_re = re.compile('.*\.der$') 186 189 bad_name = authorizer_base.bad_name 187 190 attribute_error = authorizer_base.attribute_error 188 ABAC.libabac_init()189 190 def __init__(self, certs=None, me=None, key=None, load file=None):191 class no_file(RuntimeError): pass 192 193 def __init__(self, certs=None, me=None, key=None, load=None): 191 194 self.creddy = '/usr/local/bin/creddy' 192 195 self.globals = set() … … 207 210 self.context.load_directory(dir) 208 211 209 if loadfile: 210 self.load(loadfile) 212 if load: 213 self.save_dir = load 214 self.load(load) 215 else: 216 self.save_dir = None 211 217 212 218 @staticmethod 213 219 def clean_attr(attr): 214 220 return abac_authorizer.clean_attr_re.sub('_', attr) 221 222 def import_credentials(self, file_list=None, data_list=None): 223 if data_list: 224 return any([self.import_credential(data=d) for d in data_list]) 225 elif file_list: 226 return any([self.import_credential(file=f) for f in file_list]) 227 else: 228 return False 229 230 def import_credential(self, file=None, data=None): 231 if data: 232 if self.context.load_id_chunk(data) != ABAC.ABAC_CERT_SUCCESS: 233 return self.context.load_attribute_chunk(data) == \ 234 ABAC.ABAC_CERT_SUCCESS 235 else: 236 return True 237 elif file: 238 if self.context.load_id_file(file) != ABAC.ABAC_CERT_SUCCESS: 239 return self.context.load_attribute_file(file) == \ 240 ABAC.ABAC_CERT_SUCCESS 241 else: 242 return True 243 else: 244 return False 215 245 216 246 def set_attribute(self, name=None, attr=None, cert=None): … … 219 249 raise abac_authorizer.bad_name( 220 250 "ABAC doesn't understand three-names") 251 # Convert non-string attributes to strings 252 if not isinstance(attr, basestring): 253 attr = "%s" % attr 221 254 if self.me and self.key: 222 255 # Create a credential and insert it into context … … 261 294 raise abac_authorizer.bad_name( 262 295 "ABAC doesn't understand three-names") 296 # Convert non-string attributes to strings 297 if not isinstance(attr, basestring): 298 attr = "%s" % attr 263 299 cattr = self.clean_attr(attr) 264 300 self.lock.acquire() … … 289 325 "ABAC doesn't understand three-names") 290 326 else: 327 # Convert non-string attributes to strings 328 if not isinstance(attr, basestring): 329 attr = "%s" % attr 291 330 # Naked attributes are attested by this principal 292 331 if attr.find('.') == -1: … … 297 336 298 337 self.lock.acquire() 299 proof, rv = self.context.query(a,name)338 rv, proof = self.context.query(a, "%s" % name) 300 339 # XXX delete soon 301 340 if not rv and attr in self.globals: rv = True … … 330 369 return rv 331 370 332 def save(self, dir): 333 self.lock.acquire() 371 def save(self, dir=None): 372 self.lock.acquire() 373 if dir: 374 self.save_dir = dir 375 else: 376 dir = self.save_dir 377 if dir is None: 378 self.lock.release() 379 raise abac_authorizer.no_file_error("No load directory specified") 334 380 try: 335 381 if not os.access(dir, os.F_OK): … … 347 393 if not os.access("%s/certs" %dir, os.F_OK): 348 394 os.mkdir("%s/certs" % dir) 349 seenit = set() 395 seenid = set() 396 seenattr = set() 350 397 351 398 #restore unpicklable state … … 363 410 # NB: file naming conventions matter here. The trailing_ID and 364 411 # _attr are required by ABAC.COntext.load_directory() 365 if id not in seenit:412 if id and id not in seenid: 366 413 f = open("%s/certs/ID_%03d_ID.der" % (dir, ii), "w") 367 print >>f, id414 f.write(id) 368 415 f.close() 369 416 ii += 1 370 seeni t.add(id)371 if attr :417 seenid.add(id) 418 if attr and attr not in seenattr: 372 419 f = open("%s/certs/attr_%03d_attr.der" % (dir, ai), "w") 373 print >>f, attr420 f.write(attr) 374 421 f.close() 375 422 ai += 1 423 seenattr.add(attr) 376 424 except EnvironmentError, e: 377 425 # If we've mislaid self.lock, release lock (they're the same object) … … 386 434 self.lock.release() 387 435 388 def load(self, dir): 389 self.lock.acquire() 436 def load(self, dir=None): 437 self.lock.acquire() 438 if dir: 439 self.save_dir = dir 440 else: 441 dir = self.save_dir 442 if dir is None: 443 self.lock.release() 444 raise abac_authorizer.no_file_error("No load directory specified") 390 445 try: 391 446 if os.access("%s/state" % dir, os.R_OK): … … 402 457 self.context.load_id_file(self.me) 403 458 self.context.load_directory("%s/certs" % dir) 459 self.save_dir = dir 404 460 except EnvironmentError, e: 405 461 self.lock.release()
Note: See TracChangeset
for help on using the changeset viewer.