- Timestamp:
- Nov 24, 2010 10:36:28 AM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c573278
- Parents:
- e62245e
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/access_to_abac.py
re62245e rde7cb08 7 7 from string import join 8 8 from federation.fedid import fedid 9 from federation.util import abac_split_cert, abac_pem_type 9 10 from optparse import OptionParser, OptionValueError 10 11 … … 287 288 opts, args = p.parse_args() 288 289 290 cert, key = None, None 291 delete_certs = False 292 289 293 if opts.file: 290 294 args.append(opts.file) … … 293 297 if len(args) < 1: 294 298 sys.exit('No filenames given to parse') 299 300 if opts.key: 301 if not os.access(opts.key, os.R_OK): 302 key = opts.key 303 else: 304 sys.exit('Cannot read key (%s)' % opts.key) 305 306 if opts.dir: 307 if not os.path.isdir(opts.dir): 308 sys.exit('%s is not a directory' % opts.dir) 309 elif not os.access(opts.dir, os.W_OK): 310 sys.exit('%s is not writable' % opts.dir) 311 312 if opts.delegate: delegation_link = 'acting_for' 313 else: delegation_link = None 314 315 mapper = opts.mapper 295 316 296 317 if opts.cert: … … 299 320 except EnvironmentError, e: 300 321 sys.exit('Bad --cert: %s (%s)' % (e.strerror, e.filename or '?!')) 322 323 if not opts.key: 324 if abac_pem_type(opts.cert) == 'both': 325 key, cert = abac_split_cert(opts.cert) 326 delete_certs = True 327 else: 328 cert = opts.cert 301 329 else: 302 330 print >>sys.stderr, 'No --cert, using dummy fedid' 303 331 me = fedid(hexstr='0123456789012345678901234567890123456789') 304 305 if opts.key and not os.access(opts.key, os.R_OK): 306 sys.exit('Cannot read key (%s)' % opts.key) 307 308 if opts.dir: 309 if not os.path.isdir(opts.dir): 310 sys.exit('%s is not a directory' % opts.dir) 311 elif not os.access(opts.dir, os.W_OK): 312 sys.exit('%s is not writable' % opts.dir) 313 314 if opts.delegate: delegation_link = 'acting_for' 315 else: delegation_link = None 316 317 mapper = opts.mapper 318 319 # Do the parsing 320 for fn in args: 321 creds = set() 322 to_id = { } 323 try: 324 f = open(fn, "r") 325 for i, l in enumerate(f): 332 cert = None 333 334 # The try block makes sure that credentials split into tmp files are deleted 335 try: 336 # Do the parsing 337 for fn in args: 338 creds = set() 339 to_id = { } 340 try: 341 f = open(fn, "r") 342 for i, l in enumerate(f): 343 try: 344 if comment_re.match(l): 345 continue 346 else: 347 m = line_re.match(l) 348 if m: 349 p, da = m.group(1, 4) 350 gp, gu = m.group(2, 3) 351 if gp == '<any>': gp = None 352 if gu == '<any>': gu = None 353 354 creds.add(credential(me, da, 355 [attribute(p, x, delegation_link) \ 356 for x in (gp, gu) \ 357 if x is not None])) 358 if m.group(5) and mapper: 359 mapper(m.group(5), creds, me, to_id, p, gp, gu, 360 delegation_link) 361 else: 362 raise parse_error('Syntax error') 363 except parse_error, e: 364 f.close() 365 raise parse_error('Error on line %d of %s: %s' % \ 366 (i, fn, e.message)) 367 368 f.close() 369 except parse_error, e: 370 print >> sys.stderr, "%s" % e 371 continue 372 373 except EnvironmentError, e: 374 print >>sys.stderr, "File error %s: %s" % \ 375 (e.filename or '!?', e.strerror) 376 continue 377 378 # Credential output 379 if opts.create_creds: 380 if all([cert, key, opts.dir]): 381 try: 382 create_creds([c for c in creds if c.principal == me], 383 cert, key, opts.dir, opts.debug) 384 except credential_error, e: 385 sys.exit('Credential creation failed: %s' % e) 386 else: 387 print >>sys.stderr, 'Cannot create credentials. Missing parameter' 388 389 # Local map output 390 if opts.map or opts.debug: 326 391 try: 327 if comment_re.match(l):328 continue392 if opts.map and opts.map != '-' and not opts.debug: 393 f = open(opts.map, 'w') 329 394 else: 330 m = line_re.match(l) 331 if m: 332 p, da = m.group(1, 4) 333 gp, gu = m.group(2, 3) 334 if gp == '<any>': gp = None 335 if gu == '<any>': gu = None 336 337 creds.add(credential(me, da, 338 [attribute(p, x, delegation_link) \ 339 for x in (gp, gu) \ 340 if x is not None])) 341 if m.group(5) and mapper: 342 mapper(m.group(5), creds, me, to_id, p, gp, gu, 343 delegation_link) 344 else: 345 raise parse_error('Syntax error') 346 except parse_error, e: 347 f.close() 348 raise parse_error('Error on line %d of %s: %s' % \ 349 (i, fn, e.message)) 350 351 f.close() 352 except parse_error, e: 353 print >> sys.stderr, "%s" % e 354 continue 355 356 except EnvironmentError, e: 357 print >>sys.stderr, "File error %s: %s" % \ 358 (e.filename or '!?', e.strerror) 359 continue 360 361 # Credential output 362 if opts.create_creds: 363 if all([opts.cert, opts.key, opts.dir]): 364 try: 365 create_creds([c for c in creds if c.principal == me], 366 opts.cert, opts.key, opts.dir, opts.debug) 367 except credential_error, e: 368 sys.exit('Credential creation failed: %s' % e) 369 else: 370 print >>sys.stderr, 'Cannot create credentials. Missing parameter' 371 372 # Local map output 373 if opts.map or opts.debug: 374 try: 375 if opts.map and opts.map != '-' and not opts.debug: 376 f = open(opts.map, 'w') 377 else: 378 f = sys.stdout 379 for k, c in to_id.items(): 380 for a in set(["%s.%s" % (x.principal, x.attr) for x in c]): 381 print >>f, "%s -> (%s)" % ( a, join(k, ', ')) 382 except EnvironmentError, e: 383 sys.exit("Cannot open %s: %s" % (e.filename or '!?', e.strerror)) 395 f = sys.stdout 396 for k, c in to_id.items(): 397 for a in set(["%s.%s" % (x.principal, x.attr) for x in c]): 398 print >>f, "%s -> (%s)" % ( a, join(k, ', ')) 399 except EnvironmentError, e: 400 sys.exit("Cannot open %s: %s" % (e.filename or '!?', e.strerror)) 401 finally: 402 if delete_certs: 403 if cert: os.unlink(cert) 404 if key: os.unlink(key)
Note: See TracChangeset
for help on using the changeset viewer.