Changeset cbe0570 for fedd/federation
- Timestamp:
- Sep 19, 2011 11:27:46 AM (13 years ago)
- Branches:
- compt_changes, info-ops, master
- Children:
- 5f51dc1
- Parents:
- 36f642f
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/authorizer.py
r36f642f rcbe0570 15 15 16 16 import ABAC 17 import Creddy 17 18 import pickle 18 19 … … 208 209 209 210 def __init__(self, certs=None, me=None, key=None, load=None, save=None): 210 self.creddy = '/usr/local/bin/creddy'211 self.creddy_id = None 211 212 self.globals = set() 212 213 self.lock = Lock() … … 230 231 self.key, self.me = abac_split_cert(self.me, keyfile, certfile) 231 232 self.local_files = True 233 self.init_libcreddy_id() 232 234 else: 233 235 raise abac_authorizer.bad_cert_error("Combination " + \ … … 254 256 self.load(load) 255 257 258 def init_libcreddy_id(self): 259 self.creddy_id = None 260 try: 261 self.creddy_id = Creddy.ID(self.me) 262 except: 263 raise abac_authorizer.bad_cert_error('Cannot load cert %s: %s' \ 264 % self.me) 265 266 try: 267 self.creddy_id.load_privkey(self.key) 268 except: 269 self.creddy_id = None 270 raise abac_authorized_bad_cert_error('Cannot load key %s' \ 271 % self.key) 272 273 274 256 275 # Modify the pickling operations so that the context and lock are not 257 276 # pickled … … 261 280 del d['lock'] 262 281 del d['context'] 282 del d['creddy_id'] 263 283 return d 264 284 … … 310 330 attr = "%s" % attr 311 331 312 if self. me and self.key:332 if self.creddy_id: 313 333 # Create a credential and insert it into context 314 334 # This will simplify when we have libcreddy 315 335 try: 316 # create temp file 317 f, fn = mkstemp() 318 os.close(f) 319 except EnvironmentError, e: 320 raise abac_authorizer.attribute_error( 321 "Cannot create temp file: %s" %e) 322 323 # Create the attribute certificate with creddy 324 cmd = [self.creddy, '--attribute', '--issuer=%s' % self.me, 325 '--key=%s' % self.key, '--role=%s' % self.clean_attr(attr), 326 '--subject-id=%s' % name, '--out=%s' % fn] 327 rv = call(cmd) 328 if rv == 0: 329 self.lock.acquire() 330 # load it to context and remove the file 331 rv = self.context.load_attribute_file(fn) 332 self.lock.release() 333 os.unlink(fn) 334 else: 335 os.unlink(fn) 336 raise abac_authorizer.attribute_error( 337 "creddy returned %s" % rv) 336 attrcert = Creddy.Attribute(self.creddy_id, 337 self.clean_attr(attr), 3600 * 24 * 365 * 10) 338 attrcert.principal("%s" % name) 339 attrcert.bake() 340 except: 341 raise abac_authorized_bad_cert_error( 342 "Cannot create attribute cert") 343 self.lock.acquire() 344 # load it to context and remove the file 345 rv = self.context.load_attribute_chunk(attrcert.cert_chunk()) 346 self.lock.release() 347 return rv 338 348 else: 339 349 raise abac_authorizer.attribute_error( … … 342 352 # Insert this credential into the context 343 353 self.lock.acquire() 344 self.context.load_attribute_chunk(cert) 345 self.lock.release() 354 rv = self.context.load_attribute_chunk(cert) 355 self.lock.release() 356 return rv 346 357 else: 347 358 raise abac_authorizer.attribute_error( … … 552 563 if self.me: 553 564 self.context.load_id_file(self.me) 565 if self.key: 566 self.init_libcreddy_id() 554 567 self.context.load_directory("%s/certs" % dir) 555 568 self.save_dir = dir
Note: See TracChangeset
for help on using the changeset viewer.