Ignore:
Timestamp:
Nov 30, 2010 7:20:16 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
c324ad3
Parents:
4692a16
Message:

Looks like internal works now.

Had to add default entries to the access list to accomodate that, and discovered that ABAC requires strings - not unicode.

Moved lookup_access into the aceess class as most should be able to use it directly now.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/authorizer.py

    r4692a16 rdee164e  
    66from threading import Lock
    77
    8 from string import join
     8from string import join, hexdigits
    99
    1010from fedid import fedid
     
    240240        return abac_authorizer.clean_attr_re.sub('_', attr)
    241241
     242
    242243    def import_credentials(self, file_list=None, data_list=None):
    243244        if data_list:
     
    272273            if not isinstance(attr, basestring):
    273274                attr = "%s" % attr
     275
    274276            if self.me and self.key:
    275277                # Create a credential and insert it into context
     
    338340        self.lock.release()
    339341
     342    @staticmethod
     343    def starts_with_fedid(attr):
     344        """
     345        Return true if the first 40 characters of the string are hex digits
     346        followed by a dot.  False otherwise.  Used in check_attribute.
     347        """
     348        if attr.find('.') == 40:
     349            return all([ x in hexdigits for x in attr[0:40]])
     350        else:
     351            return False
     352
    340353
    341354    def check_attribute(self, name, attr):
     
    348361            if not isinstance(attr, basestring):
    349362                attr = "%s" % attr
    350             # Naked attributes are attested by this principal
    351             if attr.find('.') == -1:
    352                 a = "%s.%s" % (self.fedid, self.clean_attr(attr))
    353             else:
     363            # Attributes that start with a fedid only have the part of the
     364            # attribute after the dot cleaned.  Others are completely cleaned
     365            # and have the owner fedid attached.
     366            if self.starts_with_fedid(attr):
    354367                r, a = attr.split('.',1)
    355368                a = "%s.%s" % ( r, self.clean_attr(a))
     369            else:
     370                a = "%s.%s" % (self.fedid, self.clean_attr(attr))
     371
     372            a = str(a)
     373            n = str("%s" % name)
    356374
    357375            self.lock.acquire()
    358             rv, proof = self.context.query(a, "%s" % name)
     376            # Sigh. Unicode vs swig and swig seems to lose.  Make sure
     377            # everything we pass into ABAC is a str not a unicode.
     378            rv, proof = self.context.query(a, n)
    359379            # XXX delete soon
    360380            if not rv and attr in self.globals: rv = True
Note: See TracChangeset for help on using the changeset viewer.