Changeset 8cf2c507


Ignore:
Timestamp:
Dec 10, 2010 10:28:52 AM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
f4f036f
Parents:
ddf0903
Message:

Remove a race condition in the save member. The authorizer's lock was being nulled to work around a pickling issue (my limited understanding of pickling). The pickling process has been made cleaner, and as a result the save cleaner and safer.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/authorizer.py

    rddf0903 r8cf2c507  
    223223            if rv != 0:
    224224                raise abac_authorizer.bad_name(
    225                         'Cannot load identity from %s' % me.cert)
     225                        'Cannot load identity from %s' % me)
    226226        else:
    227227            self.fedid = None
     
    235235        if load:
    236236            self.load(load)
     237
     238    # Modify the pickling operations so that the context and lock are not
     239    # pickled
     240
     241    def __getstate__(self):
     242        d = self.__dict__.copy()
     243        del d['lock']
     244        del d['context']
     245        return d
     246
     247    def __setstate__(self, d):
     248        # Import everything from the pickle dict (except what we excluded in
     249        # __getstate__)
     250        self.__dict__.update(d)
     251        # Initialize the unpicklables
     252        self.context = ABAC.Context()
     253        self.lock = Lock()
    237254
    238255    @staticmethod
     
    421438            if not os.access(dir, os.F_OK):
    422439                os.mkdir(dir)
    423             # These are unpicklable, so set them aside
    424             context = self.context
    425             lock = self.lock
    426             self.context = None
    427             self.lock = None
    428440
    429441            f = open("%s/state" % dir, "w")
     
    433445            if not os.access("%s/certs" %dir, os.F_OK):
    434446                os.mkdir("%s/certs" % dir)
    435             seenid = set()
    436             seenattr = set()
    437 
    438             #restore unpicklable state
    439             self.context = context
    440             self.lock = lock
    441             #remove old certs
     447
     448            # Clear the certs subdir
    442449            for fn in [ f for f in os.listdir("%s/certs" % dir) \
    443450                    if abac_authorizer.cred_file_re.match(f)]:
    444451                os.unlink('%s/certs/%s' % (dir, fn))
     452
     453            # Save the context
    445454            ii = 0
    446455            ai = 0
     456            seenid = set()
     457            seenattr = set()
    447458            for c in self.context.credentials():
    448459                id = c.issuer_cert()
     
    463474                    seenattr.add(attr)
    464475        except EnvironmentError, e:
    465             # If we've mislaid self.lock, release lock (they're the same object)
    466             if self.lock: self.lock.release()
    467             elif lock: lock.release()
     476            self.lock.release()
    468477            raise e
    469478        except pickle.PickleError, e:
    470             # If we've mislaid self.lock, release lock (they're the same object)
    471             if self.lock: self.lock.release()
    472             elif lock: lock.release()
     479            self.lock.release()
    473480            raise e
    474481        self.lock.release()
Note: See TracChangeset for help on using the changeset viewer.