Changeset 9e75ff8


Ignore:
Timestamp:
Jan 7, 2011 5:20:41 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
f158ccf
Parents:
454f398 (diff), 490ee21 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'master' of tardis.deterlab.net:/var/local/git/fedd

Location:
fedd
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • fedd/cert_to_fedid.py

    r454f398 r9e75ff8  
    44import subprocess, tempfile
    55import os.path
     6import re
     7
     8from M2Crypto import X509
    69
    710from string import join
     
    1619        self.add_option('--debug', dest='debug', action='store_true',
    1720                default=False, help='Just print command')
     21        self.add_option('--cert', dest='cert',
     22                help='Cretificate to copy subject from')
    1823        self.add_option('--openssl', dest='openssl',
    1924                help='Path to openssl command', default='/usr/bin/openssl')
     
    3742
    3843try:
     44    c = X509.load_cert(opts.cert)
     45    subj = c.get_subject().as_text()
     46    if subj.startswith('/'): i = 1
     47    else: i = 0
     48    subj = '/' + re.sub('/', '\/', subj[i:])
     49
    3950    tf, tn = tempfile.mkstemp(suffix=".pem")
    4051    cmd = [opts.openssl, 'req', '-new', '-nodes', '-subj',
    41             '/CN=users.isi.deterlab.net', '-x509', '-days',  '3650',
     52            subj, '-x509', '-days',  '3650',
    4253            '-key', key, '-out', tn]
    4354    if opts.debug:
  • fedd/federation/ns2topdl.py

    r490ee21 r9e75ff8  
    1111from remote_service import xmlrpc_handler, soap_handler
    1212from service_error import *
    13 from authorizer import authorizer
     13from authorizer import authorizer, abac_authorizer
    1414
    1515
     
    3131        self.tcl_splitter = config.get("ns2topdl", "tcl_splitter",
    3232                "/usr/testbed/lib/ns2ir/parse.tcl")
     33        self.auth_type = config.get('ns2topdl', 'auth_type') or 'legacy'
    3334        access_db = config.get("ns2topdl", "accessdb", None)
    34         allow_any = config.getboolean("ns2topdl", "allow_any", False)
     35        self.allow_any = config.getboolean("ns2topdl", "allow_any", False)
     36        auth_dir = config.get('ns2topdl', 'auth_dir')
    3537
    3638        self.log = logging.getLogger("fedd.ns2topdl")
     
    4749                    "using local one")
    4850
    49         if access_db and allow_any:
     51
     52        if self.auth_type == 'legacy':
     53            if access_db and self.allow_any:
     54                raise service_error(service_error.internal,
     55                        "Cannot specify both an access database and " +
     56                        "allow_any for ns2topdl")
     57           
     58            if access_db:
     59                try:
     60                    read_simple_accessdb(access_db, self.auth, 'ns2topdl')
     61                except EnvironmentError, e:
     62                    raise service_error(service_error.internal,
     63                            "Error reading accessDB %s: %s" % (access_db, e))
     64                except ValueError:
     65                    raise service_error(service_error.internal, "%s" % e)
     66            elif self.allow_any:
     67                auth.set_global_attribute("ns2topdl")
     68        elif self.auth_type == 'abac':
     69            self.auth = abac_authorizer(load=auth_dir)
     70        else:
    5071            raise service_error(service_error.internal,
    51                     "Cannot specify both an access database and allow_any " +\
    52                             "for ns2topdl")
    53        
    54         if access_db:
    55             try:
    56                 read_simple_accessdb(access_db, self.auth, 'ns2topdl')
    57             except EnvironmentError, e:
    58                 raise service_error(service_error.internal,
    59                         "Error reading accessDB %s: %s" % (access_db, e))
    60             except ValueError:
    61                 raise service_error(service_error.internal, "%s" % e)
    62         elif allow_any:
    63             auth.set_global_attribute("ns2topdl")
     72                    "Unknown auth_type: %s" % self.auth_type)
    6473
    6574
     
    8190        """
    8291
    83         if not self.auth.check_attribute(fid, 'ns2topdl'):
    84             raise service_error(service_error.access, "Access Denied")
     92        if self.allow_any:
     93            self.auth.set_attribute(fid, 'ns2topdl')
     94
     95        access_ok, proof = self.auth.check_attribute(fid, 'ns2topdl',
     96            with_proof=True)
     97
     98        if not access_ok:
     99            raise service_error(service_error.access, "Access Denied",
     100                proof=proof)
    85101
    86102        try:
     
    137153                'experimentdescription':  {
    138154                    'topdldescription': top.to_dict(),
    139                     }
     155                    },
     156                'proof': proof.to_dict(),
    140157                }
    141158
Note: See TracChangeset for help on using the changeset viewer.