Changeset c65b7e4 for fedd/federation


Ignore:
Timestamp:
Dec 10, 2010 6:25:50 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
9973d57
Parents:
b16cfc0
Message:

Access controllers delete (some) unused ABAC attrs.

Location:
fedd/federation
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/access.py

    rb16cfc0 rc65b7e4  
    233233                self.log.warning(("[read_state]: No saved state: " + \
    234234                        "Unpickling failed: %s") % e)
     235
     236    def append_allocation_authorization(self, aid, attrs,
     237            need_state_lock=False, write_state_file=False, state_attr='state'):
     238        """
     239        Append the authorization information to system state.  By default we
     240        assume this is called with the state lock and with a write of the state
     241        file in the near future, need_state_lock and write_state_file can
     242        override this.  The state_attr is the attribute in the access class
     243        that holds the per allocation information.  Some complex classes use
     244        different names for the dict.
     245        """
     246
     247        for p, a in attrs:
     248            self.auth.set_attribute(p, a)
     249        self.auth.save()
     250
     251        if need_state_lock: self.state_lock.acquire()
     252        d = getattr(self, state_attr)
     253        if aid in d and 'auth' in d[aid]:
     254            d[aid]['auth'].update(attrs)
     255        if write_state_file: self.write_state()
     256        if need_state_lock: self.state_lock.release()
     257
     258    def clear_allocation_authorization(self, aid, need_state_lock=False,
     259            write_state_file=False, state_attr='state'):
     260        """
     261        Attrs is a set of attribute principal pairs that need to be removed
     262        from the authenticator.  Remove them and save the authenticator.  See
     263        append_allocation_authorization for the various overrides.
     264        """
     265
     266        if need_state_lock: self.state_lock.acquire()
     267        d = getattr(self, state_attr)
     268        if aid in d and 'auth' in d[aid]:
     269            for p, a in d[aid]['auth']:
     270                self.auth.unset_attribute(p, a)
     271            d[aid]['auth'] = set()
     272        if write_state_file: self.write_state()
     273        if need_state_lock: self.state_lock.release()
     274        self.auth.save()
    235275
    236276    def lookup_access(self, req, fid, filter=None, compare=None):
  • fedd/federation/deter_internal_access.py

    rb16cfc0 rc65b7e4  
    166166        self.state[aid]['owners'] = owners
    167167        self.state[aid]['vlan'] = None
     168        self.state[aid]['auth'] = set()
     169        self.append_allocation_authorization(aid,
     170                ((fid, allocID),(allocID, allocID)))
    168171        self.write_state()
    169172        self.state_lock.release()
    170         self.auth.set_attribute(fid, allocID)
    171         self.auth.set_attribute(allocID, allocID)
    172         self.auth.save()
    173173
    174174        try:
     
    209209        if self.state.has_key(aid):
    210210            self.log.debug("Found allocation for %s" %aid)
     211            self.clear_allocation_authorization(aid)
    211212            del self.state[aid]
    212213            self.write_state()
  • fedd/federation/dragon_access.py

    rb16cfc0 rc65b7e4  
    149149        self.state[aid]['user'] = found
    150150        self.state[aid]['owners'] = owners
     151        self.state[aid]['auth'] = set()
     152        self.append_allocation_authorization(aid,
     153                ((fid, allocID),(allocID, allocID)))
    151154        self.write_state()
    152155        self.state_lock.release()
    153         self.auth.set_attribute(fid, allocID)
    154         self.auth.set_attribute(allocID, allocID)
    155         self.auth.save()
    156156
    157157        try:
     
    191191        if self.state.has_key(aid):
    192192            self.log.debug("Found allocation for %s" %aid)
     193            self.clear_allocation_authorization(aid)
    193194            del self.state[aid]
    194195            self.write_state()
  • fedd/federation/emulab_access.py

    rb16cfc0 rc65b7e4  
    254254                    'Bad mapping (unbalanced parens or more than 1 comma)')
    255255
    256 
    257256    # RequestAccess support routines
    258257
     
    384383        self.state_lock.acquire()
    385384        self.allocation[aid] = { }
     385        self.allocation[aid]['auth'] = set()
    386386        try:
    387387            pname = ap['project']['name']['localname']
     
    511511        for k, v in svc_state.items():
    512512            self.allocation[aid][k] = v
     513        self.append_allocation_authorization(aid,
     514                set([(o, allocID) for o in owners]), state_attr='allocation')
    513515        self.write_state()
    514516        self.state_lock.release()
    515         # Give the owners the right to change this allocation
    516         for o in owners:
    517             self.auth.set_attribute(o, allocID)
    518         self.auth.save()
    519517        try:
    520518            f = open("%s/%s.pem" % (self.certdir, aid), "w")
     
    591589        if aid in self.allocation:
    592590            self.log.debug("Found allocation for %s" %aid)
     591            self.clear_allocation_authorization(aid, state_attr='allocation')
    593592            for k in self.allocation[aid]['keys']:
    594593                kk = "%s:%s" % k
  • fedd/federation/protogeni_access.py

    rb16cfc0 rc65b7e4  
    275275        # The list of owner FIDs
    276276        self.allocation[aid]['owners'] = owners
     277        self.allocation[aid]['auth'] = set()
     278        self.append_allocation_authorization(aid,
     279                ((fid, allocID), (allocID, allocID)), state_attr='allocation')
    277280        self.write_state()
    278281        self.state_lock.release()
    279         self.auth.set_attribute(fid, allocID)
    280         self.auth.set_attribute(allocID, allocID)
    281         self.auth.save()
    282282
    283283        try:
     
    319319        if self.allocation.has_key(aid):
    320320            self.log.debug("Found allocation for %s" %aid)
     321            self.clear_allocation_authorization(aid, state_attr='allocation')
    321322            del self.allocation[aid]
    322323            self.write_state()
  • fedd/federation/skeleton_access.py

    rb16cfc0 rc65b7e4  
    194194        self.state[aid]['user'] = found
    195195        self.state[aid]['owners'] = owners
     196        self.state[aid]['auth'] = set()
     197        # Authorize the creating fedid and the principal representing the
     198        # allocation to manipulate it.
     199        self.append_allocation_authorization(aid,
     200                ((fid, allocID), (allocID, allocID)))
    196201        self.write_state()
    197202        self.state_lock.release()
    198         # Authorize the creating fedid and the principal representing the
    199         # allocation to manipulate it.
    200         self.auth.set_attribute(fid, allocID)
    201         self.auth.set_attribute(allocID, allocID)
    202         self.auth.save()
    203203
    204204        # Create a directory to stash the certificate in, ans stash it.
     
    249249        if aid in self.state:
    250250            self.log.debug("[ReleaseAccess] Found allocation for %s" %aid)
     251            self.clear_allocation_authorization(aid)
    251252            del self.state[aid]
    252253            self.write_state()
Note: See TracChangeset for help on using the changeset viewer.