- Timestamp:
- Jan 7, 2011 5:20:41 PM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- f158ccf
- Parents:
- 454f398 (diff), 490ee21 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)links above to see all the changes relative to each parent. - Location:
- fedd
- Files:
-
- 2 edited
-
cert_to_fedid.py (modified) (3 diffs)
-
federation/ns2topdl.py (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
fedd/cert_to_fedid.py
r454f398 r9e75ff8 4 4 import subprocess, tempfile 5 5 import os.path 6 import re 7 8 from M2Crypto import X509 6 9 7 10 from string import join … … 16 19 self.add_option('--debug', dest='debug', action='store_true', 17 20 default=False, help='Just print command') 21 self.add_option('--cert', dest='cert', 22 help='Cretificate to copy subject from') 18 23 self.add_option('--openssl', dest='openssl', 19 24 help='Path to openssl command', default='/usr/bin/openssl') … … 37 42 38 43 try: 44 c = X509.load_cert(opts.cert) 45 subj = c.get_subject().as_text() 46 if subj.startswith('/'): i = 1 47 else: i = 0 48 subj = '/' + re.sub('/', '\/', subj[i:]) 49 39 50 tf, tn = tempfile.mkstemp(suffix=".pem") 40 51 cmd = [opts.openssl, 'req', '-new', '-nodes', '-subj', 41 '/CN=users.isi.deterlab.net', '-x509', '-days', '3650',52 subj, '-x509', '-days', '3650', 42 53 '-key', key, '-out', tn] 43 54 if opts.debug: -
fedd/federation/ns2topdl.py
r490ee21 r9e75ff8 11 11 from remote_service import xmlrpc_handler, soap_handler 12 12 from service_error import * 13 from authorizer import authorizer 13 from authorizer import authorizer, abac_authorizer 14 14 15 15 … … 31 31 self.tcl_splitter = config.get("ns2topdl", "tcl_splitter", 32 32 "/usr/testbed/lib/ns2ir/parse.tcl") 33 self.auth_type = config.get('ns2topdl', 'auth_type') or 'legacy' 33 34 access_db = config.get("ns2topdl", "accessdb", None) 34 allow_any = config.getboolean("ns2topdl", "allow_any", False) 35 self.allow_any = config.getboolean("ns2topdl", "allow_any", False) 36 auth_dir = config.get('ns2topdl', 'auth_dir') 35 37 36 38 self.log = logging.getLogger("fedd.ns2topdl") … … 47 49 "using local one") 48 50 49 if access_db and allow_any: 51 52 if self.auth_type == 'legacy': 53 if access_db and self.allow_any: 54 raise service_error(service_error.internal, 55 "Cannot specify both an access database and " + 56 "allow_any for ns2topdl") 57 58 if access_db: 59 try: 60 read_simple_accessdb(access_db, self.auth, 'ns2topdl') 61 except EnvironmentError, e: 62 raise service_error(service_error.internal, 63 "Error reading accessDB %s: %s" % (access_db, e)) 64 except ValueError: 65 raise service_error(service_error.internal, "%s" % e) 66 elif self.allow_any: 67 auth.set_global_attribute("ns2topdl") 68 elif self.auth_type == 'abac': 69 self.auth = abac_authorizer(load=auth_dir) 70 else: 50 71 raise service_error(service_error.internal, 51 "Cannot specify both an access database and allow_any " +\ 52 "for ns2topdl") 53 54 if access_db: 55 try: 56 read_simple_accessdb(access_db, self.auth, 'ns2topdl') 57 except EnvironmentError, e: 58 raise service_error(service_error.internal, 59 "Error reading accessDB %s: %s" % (access_db, e)) 60 except ValueError: 61 raise service_error(service_error.internal, "%s" % e) 62 elif allow_any: 63 auth.set_global_attribute("ns2topdl") 72 "Unknown auth_type: %s" % self.auth_type) 64 73 65 74 … … 81 90 """ 82 91 83 if not self.auth.check_attribute(fid, 'ns2topdl'): 84 raise service_error(service_error.access, "Access Denied") 92 if self.allow_any: 93 self.auth.set_attribute(fid, 'ns2topdl') 94 95 access_ok, proof = self.auth.check_attribute(fid, 'ns2topdl', 96 with_proof=True) 97 98 if not access_ok: 99 raise service_error(service_error.access, "Access Denied", 100 proof=proof) 85 101 86 102 try: … … 137 153 'experimentdescription': { 138 154 'topdldescription': top.to_dict(), 139 } 155 }, 156 'proof': proof.to_dict(), 140 157 } 141 158
Note: See TracChangeset
for help on using the changeset viewer.
