Changeset e83f2f2 for fedd

Timestamp:

Dec 14, 2010 6:58:28 PM (14 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

c092b7f

Parents:

2627eb3

Message:

Move proofs around. Lots of changes, including fault handling.

Location:

fedd

Files:

• fedd_create.py (modified) (5 diffs)
• fedd_ftopo.py (modified) (3 diffs)
• fedd_image.py (modified) (4 diffs)
• fedd_info.py (modified) (3 diffs)
• fedd_multiinfo.py (modified) (3 diffs)
• fedd_multistatus.py (modified) (3 diffs)
• fedd_new.py (modified) (3 diffs)
• fedd_ns2topdl.py (modified) (3 diffs)
• fedd_spewlog.py (modified) (2 diffs)
• fedd_terminate.py (modified) (3 diffs)
• federation/access.py (modified) (7 diffs)
• federation/authorizer.py (modified) (7 diffs)
• federation/client_lib.py (modified) (7 diffs)
• federation/deter_internal_access.py (modified) (4 diffs)
• federation/dragon_access.py (modified) (6 diffs)
• federation/emulab_access.py (modified) (11 diffs)
• federation/experiment_control.py (modified) (32 diffs)
• federation/proof.py (added)
• federation/protogeni_access.py (modified) (12 diffs)
• federation/remote_service.py (modified) (4 diffs)
• federation/server.py (modified) (2 diffs)
• federation/service_error.py (modified) (1 diff)
• federation/skeleton_access.py (modified) (4 diffs)
• federation/thread_pool.py (modified) (1 diff)

fedd/fedd_create.py

@@ -9 +9 @@
 from string import join
 
+from federation.proof import proof
 from federation.fedid import fedid, generate_fedid
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
         wrangle_standard_options, do_rpc, get_experiment_names, save_certfile,\
-        get_abac_certs
+        get_abac_certs, log_authentication
 from federation.util import abac_split_cert, abac_context_to_creds
 from federation import topdl
@@ -247 +248 @@
             caller=service_caller('New'), responseBody="NewResponseBody")
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'New (create)', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -253 +254 @@
 if opts.debug > 1: print >>sys.stderr, resp_dict
 
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'New (create)', 'succeeded', proof)
 # Save the experiment ID certificate if we need it
 try:
@@ -303 +307 @@
             serialize_only=opts.serialize_only,
             tracefile=opts.tracefile,
-            caller=service_caller('Create'), responseBody="CreateResponseBody")
+            caller=service_caller('Create', max_retries=1), responseBody="CreateResponseBody")
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'Create', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -318 +322 @@
 if e_fedid: print "fedid: %s" % e_fedid
 if st: print "status: %s" % st
-
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'Create', 'succeeded', proof)

fedd/fedd_ftopo.py

@@ -4 +4 @@
 
 from federation import topdl
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException,\
-        wrangle_standard_options, do_rpc, get_experiment_names, info_format
+        wrangle_standard_options, do_rpc, get_experiment_names, info_format, \
+        log_authentication
 
 class ftopo_opts(client_opts):
@@ -42 +44 @@
             caller=service_caller('Info'), responseBody='InfoResponseBody')
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'Ftopo', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -65 +67 @@
 else:
     sys.exit("Badly formatted response (no experiment descrption)!?")
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'Ftopo', 'succeeded', proof)

fedd/fedd_image.py

@@ -8 +8 @@
 
 from federation import topdl
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
-        wrangle_standard_options, do_rpc, get_experiment_names, save_certfile
+        wrangle_standard_options, do_rpc, get_experiment_names, save_certfile,\
+        log_authentication
 
 
@@ -296 +298 @@
             caller=service_caller('Info'), responseBody="InfoResponseBody")
 
+    proof = proof.from_dict(resp_dict.get('proof', {}))
+    if proof and opts.auth_log:
+        log_authentication(opts.auth_log, 'Image', 'succeeded', proof)
     return extract_topo_from_message(resp_dict, opts.serialize_only)
 
@@ -374 +379 @@
         top = get_experiment_topo(opts, cert, url)
     except RPCException, e:
-        exit_with_fault(e)
+        exit_with_fault(e, 'image', opts)
     except RuntimeError, e:
         sys.exit("%s" % e)
@@ -386 +391 @@
     except RPCException, e:
         print >>sys.stderr, "Cannot extract a topology from %s" % opts.file
-        exit_with_fault(e)
+        exit_with_fault(e, 'image', opts)
     except RuntimeError, e:
         sys.exit("Cannot extract a topology from %s: %s" % (opts.file, e))

fedd/fedd_info.py

@@ -3 +3 @@
 import sys
 
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException,\
-        wrangle_standard_options, do_rpc, get_experiment_names, info_format
+        wrangle_standard_options, do_rpc, get_experiment_names, info_format, \
+        log_authentication
 
 class exp_data_opts(client_opts):
@@ -43 +45 @@
             caller=service_caller('Info'), responseBody='InfoResponseBody')
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'Info', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -53 +55 @@
     except RuntimeError, e:
         print >>sys.stderr, "Warning: %s" % e
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'Info', 'succeeded', proof)

fedd/fedd_multiinfo.py

@@ -10 +10 @@
 import time
 
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException,\
-        wrangle_standard_options, do_rpc, info_format
+        wrangle_standard_options, do_rpc, info_format, log_authentication
 
 class exp_data_opts(client_opts):
@@ -38 +39 @@
             responseBody='MultiInfoResponseBody')
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'MultiInfo', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -47 +48 @@
         formatter(i, d)
     print "---"
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'MultiInfo', 'succeeded', proof)

fedd/fedd_multistatus.py

@@ -3 +3 @@
 import sys
 
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
-        wrangle_standard_options, do_rpc, get_experiment_names
+        wrangle_standard_options, do_rpc, get_experiment_names, \
+        log_authentication
 
 parser = client_opts()
@@ -22 +24 @@
             responseBody='MultiInfoResponseBody')
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'MultiInfo', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -33 +35 @@
     print ":".join([ l or "" , "%s" % (f or "") , 
         exp.get('experimentStatus', "") ])
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'MultiInfo', 'succeeded', proof)

fedd/fedd_new.py

@@ -2 +2 @@
 
 import sys
+from datetime import datetime
 
 from federation.fedid import fedid, generate_fedid
 from federation.remote_service import service_caller
+from federation.proof import proof
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
         wrangle_standard_options, do_rpc, get_experiment_names, \
-        save_certfile, get_abac_certs
-
+        save_certfile, get_abac_certs, log_authentication
 
 class new_opts(client_opts):
@@ -58 +59 @@
             caller=service_caller("New"), responseBody='NewResponseBody')
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'New', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -75 +76 @@
 e_fedid, e_local = get_experiment_names(resp_dict.get('experimentID', None))
 st = resp_dict.get('experimentStatus', None)
+proof = proof.from_dict(resp_dict.get('proof', {}))
 
 if e_local: print "localname: %s" % e_local
 if e_fedid: print "fedid: %s" % e_fedid
 if st: print "status: %s" % st
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'New', 'succeeded', proof)

fedd/fedd_ns2topdl.py

@@ -4 +4 @@
 
 from federation import topdl
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
@@ -45 +46 @@
             responseBody="Ns2TopdlResponseBody")
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'Ns2Topdl', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -69 +70 @@
 else:
     print topdl.topology_to_xml(top, top="experiment")
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'New (create)', 'succeeded', proof)

fedd/fedd_spewlog.py

@@ -4 +4 @@
 import time
 
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
@@ -63 +64 @@
                 caller=service_caller('Info'), responseBody="InfoResponseBody")
     except RPCException, e:
-        exit_with_fault(e)
+        exit_with_fault(e, 'Info (spewlog)', opts)
     except RuntimeError, e:
         sys.exit("Error processing RPC: %s" % e)
+
+    proof = proof.from_dict(resp_dict.get('proof', {}))
+    if proof and opts.auth_log:
+        log_authentication(opts.auth_log, 'Info (spewlog)', 'succeeded', proof)
 
     if not opts.serialize_only:

fedd/fedd_terminate.py

@@ -4 +4 @@
 
 from federation.fedid import fedid
+from federation.proof import proof
 from federation.remote_service import service_caller
 from federation.client_lib import client_opts, exit_with_fault, RPCException, \
-        wrangle_standard_options, do_rpc
+        wrangle_standard_options, do_rpc, log_authentication
 
 class terminate_opts(client_opts):
@@ -66 +67 @@
             responseBody='TerminateResponseBody')
 except RPCException, e:
-    exit_with_fault(e)
+    exit_with_fault(e, 'Terminate', opts)
 except RuntimeError, e:
     sys.exit("Error processing RPC: %s" % e)
@@ -78 +79 @@
         out.close()
         sys.exit("No log returned")
+proof = proof.from_dict(resp_dict.get('proof', {}))
+if proof and opts.auth_log:
+    log_authentication(opts.auth_log, 'Terminate', 'succeeded', proof)

fedd/federation/access.py

@@ -301 +301 @@
         # Check every attribute that we know how to map and take the first
         # success.
+        fail_proofs = [ ]
         for attr in check:
-            if self.auth.check_attribute(fid, attr.attr):
+            access_ok, proof = self.auth.check_attribute(fid, attr.attr,
+                    with_proof=True)
+            if access_ok:
                 self.log.debug("Access succeeded for %s %s" % (attr.attr, fid))
                 # XXX: needs to deal with dynamics
                 return copy.copy(attr.value), (False, False, False), \
-                        [ fid ]
+                        [ fid ], proof
             else:
+                fail_proofs.append(proof)
                 self.log.debug("Access failed for %s %s" % (attr.attr, fid))
         else:
-            raise service_error(service_error.access, "Access denied")
+            raise service_error(service_error.access, "Access denied",
+                    proof=fail_proofs)
 
 
@@ -448 +453 @@
         return (exp, state)
 
-    def build_access_response(self, alloc_id, ap, services):
+    def build_access_response(self, alloc_id, ap, services, proof):
         """
         Create the SOAP response.
@@ -461 +466 @@
         msg = { 
                 'allocID': alloc_id,
+                'proof': proof.to_dict(),
                 'fedAttr': [
                     { 'attribute': 'domain', 'value': self.domain } , 
@@ -789 +795 @@
         # exception denying access that triggers a fault response back to the
         # caller.
-        found, match, owners = self.lookup_access(req, fid)
+        found, match, owners, proof = self.lookup_access(req, fid)
         self.log.info(
                 "[RequestAccess] Access granted to %s with local creds %s" % \
@@ -819 +825 @@
                     "Can't open %s/%s : %s" % (self.certdir, aid, e))
         self.log.debug('[RequestAccess] Returning allocation ID: %s' % allocID)
-        return { 'allocID': { 'fedid': allocID } }
+        return { 'allocID': { 'fedid': allocID }, 'proof': proof.to_dict() }
 
     def ReleaseAccess(self, req, fid):
@@ -849 +855 @@
         self.log.debug("[ReleaseAccess] deallocation requested for %s", aid)
         #  Confirm access
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             self.log.debug("[ReleaseAccess] deallocation denied for %s", aid)
-            raise service_error(service_error.access, "Access Denied")
+            raise service_error(service_error.access, "Access Denied",
+                    proof=proof)
 
         # If there is an allocation in the state, delete it.  Note the locking.
@@ -865 +874 @@
             self.log.debug("[ReleaseAccess] Removing %s" % cf)
             os.remove(cf)
-            return { 'allocID': req['allocID'] } 
+            return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 
         else:
             self.state_lock.release()

fedd/federation/authorizer.py

@@ -1 +1 @@
 #/usr/local/bin/python
 
-from string import join
 from tempfile import mkstemp
 from subprocess import call
@@ -12 +11 @@
 from service_error import service_error
 from util import abac_pem_type, abac_split_cert
+from proof import proof
 
 
@@ -116 +116 @@
         if attrs: attrs.discard(attr)
 
-    def check_attribute(self, name, attr):
+    def check_attribute(self, name, attr, with_proof=False):
         """
         Return True if name has attr (or if attr is global).  Tuple names match
@@ -130 +130 @@
         self.valid_name(name)
         if attr in self.globals:
-            return True
+            if with_proof: return True, proof("me", name, attr)
+            else: return True
 
         if isinstance(name, tuple):
@@ -137 +138 @@
                 if self.attrs.has_key(lookup):
                     if attr in self.attrs[lookup]:
-                        return True
-        else:
-            return  attr in self.attrs.get(self.auth_name(name), set())
+                        if with_proof: return True, proof("me", name, attr)
+                        else: return True
+                # Drop through
+                if with_proof: return False, proof("me", name, attr)
+                else: return False
+        else:
+            if with_proof:
+                return attr in self.attrs.get(self.auth_name(name), set()), \
+                        proof("me", name, attr)
+            else:
+                return attr in self.attrs.get(self.auth_name(name), set())
 
     def set_global_attribute(self, attr):
@@ -375 +384 @@
 
 
-    def check_attribute(self, name, attr):
-        # XXX proof soon
+    def check_attribute(self, name, attr, with_proof=False):
         if isinstance(name, tuple):
             raise abac_authorizer.bad_name(
@@ -399 +407 @@
             # Sigh. Unicode vs swig and swig seems to lose.  Make sure
             # everything we pass into ABAC is a str not a unicode.
-            rv, proof = self.context.query(a, n)
+            rv, p = self.context.query(a, n)
             # XXX delete soon
-            if not rv and attr in self.globals: rv = True
-            self.lock.release()
-
-            return rv
+            if not rv and attr in self.globals: 
+                rv = True
+                p = None
+            self.lock.release()
+            if with_proof: return rv, proof(self.fedid, name, a, p)
+            else: return rv
 
     def set_global_attribute(self, attr):

fedd/federation/client_lib.py

@@ -7 +7 @@
 
 from string import join
+from datetime import datetime
 
 
@@ -31 +32 @@
                 callback=self.expand_file,
                 type="string", help="my certificate file")
+        self.add_option("--auth_log", action="callback", dest="auth_log",
+                callback=self.expand_file, default=None,
+                type="string", help="Log authentication decisions to this file")
         self.add_option("--abac", action="callback", dest="abac_dir",
                 callback=self.expand_file,
@@ -53 +57 @@
                 const=sys.stderr, help="Print SOAP exchange to stderr")
 
-def exit_with_fault(exc, out=sys.stderr):
+def log_authentication(fn, action, outcome, proof):
+    f = open(fn, 'a')
+    print >>f, '%s %s at %s' % (action, outcome, datetime.now())
+    if isinstance(proof, list):
+        for p in proof:
+            print >>f, p.to_xml()
+    else:
+        print >>f, proof.to_xml()
+    f.close()
+
+
+def exit_with_fault(exc, action, opts, out=sys.stderr):
     """
     Print an error message and exit.  exc is the RPCException that caused the
@@ -72 +87 @@
         code = -1
 
+    if exc.code == service_error.access and opts.auth_log:
+        try:
+            log_authentication(opts.auth_log, action, 'failed', exc.proof)
+        except EnvironmentError, e:
+            print >>sys.stderr, "Failed to log to %s: %s" % \
+                    (e.filename, e.strerror)
+
     print>>out, codestr
     print>>out, "Description: %s" % exc.desc
@@ -81 +103 @@
     XMLPRC calls.
     """
-    def __init__(self, desc=None, code=None, errstr=None):
+    def __init__(self, desc=None, code=None, errstr=None, proof=None):
         RuntimeError.__init__(self)
         self.desc = desc
@@ -87 +109 @@
         else: self.code = -1
         self.errstr = errstr
+        self.proof = proof
 
 class CertificateMismatchError(RuntimeError): pass
@@ -208 +231 @@
             except service_error, e:
                 raise RPCException(desc=e.desc, code=e.code, 
-                        errstr=e.code_string())
+                        errstr=e.code_string(), proof=e.proof)
     elif transport == "xmlrpc":
         if serialize_only:

fedd/federation/deter_internal_access.py

@@ -215 +215 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -271 +273 @@
                 'allocID': req['allocID'],
                 'allocationLog': logv,
-                'segmentdescription': { 'topdldescription': rtopo.to_dict() }
+                'segmentdescription': { 'topdldescription': rtopo.to_dict() },
+                'proof': proof.to_dict(),
                 }
         retval = copy.deepcopy(self.state[aid]['started'])
@@ -289 +292 @@
 
         self.log.debug("Terminate request for %s" %aid)
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -308 +313 @@
         self.state[aid]['vlan'] = None
         self.state_lock.release()
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }

fedd/federation/dragon_access.py

@@ -418 +418 @@
         return (repo, alloc_log)
 
-    def finalize_experiment(self, topo, vlan_no, gri, aid, alloc_id):
+    def finalize_experiment(self, topo, vlan_no, gri, aid, alloc_id, proof):
         """
         Place the relevant information in the global state block, and prepare
@@ -442 +442 @@
                     'topdldescription': rtopo.to_dict()
                     },
+                'proof': proof.to_dict(),
                 }
         retval = copy.deepcopy(self.state[aid]['started'])
@@ -462 +463 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -508 +511 @@
         if gri:
             return self.finalize_experiment(topo, vlan_no, gri, aid, 
-                    req['allocID'])
+                    req['allocID'], proof)
         elif err:
             raise service_error(service_error.federant,
@@ -526 +529 @@
         self.log.debug("Terminate request for %s" %aid)
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -549 +554 @@
         self.log.debug("Stop segment for GRI: %s" %gri)
         self.stop_segment(user, gri)
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }

fedd/federation/emulab_access.py

@@ -24 +24 @@
 from service_error import service_error
 from remote_service import xmlrpc_handler, soap_handler, service_caller
+from proof import proof as access_proof
 
 import httplib
@@ -480 +481 @@
 
         if self.auth_type == "legacy":
-            found, dyn, owners = self.legacy_lookup_access(req, fid)
+            found, dyn, owners= self.legacy_lookup_access(req, fid)
+            proof = access_proof("me", fid, "create")
         elif self.auth_type == 'abac':
-            found, dyn, owners = self.lookup_access(req, fid, filter=pf)
+            found, dyn, owners, proof = self.lookup_access(req, fid, filter=pf)
         else:
             raise service_error(service_error.internal, 
@@ -523 +525 @@
                     "Can't open %s/%s : %s" % (self.certdir, aid, e))
         resp = self.build_access_response({ 'fedid': allocID } ,
-                ap, services)
+                ap, services, proof)
         return resp
 
@@ -570 +572 @@
         self.log.debug("[access] deallocation requested for %s by %s" % \
                 (aid, fid))
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             self.log.debug("[access] deallocation denied for %s", aid)
             raise service_error(service_error.access, "Access Denied")
@@ -624 +628 @@
             self.log.debug("Removing %s" % cf)
             os.remove(cf)
-            return { 'allocID': req['allocID'] } 
+            return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 
         else:
             self.state_lock.release()
@@ -997 +1001 @@
         return (ename, proj, user, pubkey_base, secretkey_base, alloc_log)
 
-    def finalize_experiment(self, starter, topo, aid, alloc_id):
+    def finalize_experiment(self, starter, topo, aid, alloc_id, proof):
         """
         Store key bits of experiment state in the global repository, including
@@ -1022 +1026 @@
                     'topdldescription': topo.clone().to_dict()
                     },
-                'embedding': embedding
+                'embedding': embedding,
+                'proof': proof.to_dict(),
                 }
         retval = copy.copy(self.allocation[aid]['started'])
@@ -1046 +1051 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -1112 +1120 @@
 
         if rv:
-            return self.finalize_experiment(starter, topo, aid, req['allocID'])
+            return self.finalize_experiment(starter, topo, aid, req['allocID'],
+                    proof)
         elif err:
             raise service_error(service_error.federant,
@@ -1128 +1137 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -1157 +1169 @@
                 debug=self.create_debug, boss=self.boss, cert=self.xmlrpc_cert)
         stopper(self, user, proj, ename)
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }

fedd/federation/experiment_control.py

@@ -801 +801 @@
             self.response = None
             self.node = { }
+            self.proof = None
 
         def make_map(self, resp):
@@ -850 +851 @@
                             self.log_collector.write(line)
                     self.make_map(r['StartSegmentResponseBody'])
+                    if 'proof' in r: self.proof = r['proof']
                     self.response = r
                 else:
@@ -1021 +1023 @@
             # mapping.
             embedding = [ ]
+            proofs = { }
             for s in starters:
                 for k, v in s.node.items():
@@ -1028 +1031 @@
                         'testbed': s.testbed
                         })
+                if s.proof:
+                    proofs[s.testbed] = s.proof
             log.info("[start_segment]: Experiment %s active" % eid)
 
@@ -1044 +1049 @@
                 top.to_dict()
         self.state[eid]['embedding'] = embedding
+        # Append startup proofs
+        for f in self.state[eid]['federant']:
+            if 'name' in f and 'localname' in f['name']:
+                if f['name']['localname'] in proofs:
+                    f['proof'].append(proofs[f['name']['localname']])
+
         if self.state_filename: self.write_state()
         self.state_lock.release()
@@ -1326 +1337 @@
             raise service_error(service_error.protocol,
                         "Bad proxy response")
+        if 'proof' not in r:
+            raise service_error(service_error.protocol,
+                        "Bad access response (no access proof)")
         
         tbparam[tb] = { 
                 "allocID" : r['allocID'],
                 "uri": uri,
+                "proof": [ r['proof'] ],
                 }
 
@@ -1498 +1513 @@
             self.auth.save()
 
-        if not self.auth.check_attribute(fid, 'new'):
-            raise service_error(service_error.access, "New access denied")
+        access_ok, proof = self.auth.check_attribute(fid, 'new', 
+                with_proof=True)
+
+        if not access_ok:
+            raise service_error(service_error.access, "New access denied",
+                    proof=[proof])
 
         try:
@@ -1543 +1562 @@
                 ],
                 'experimentStatus': 'empty',
-                'experimentAccess': { 'X509' : expcert }
+                'experimentAccess': { 'X509' : expcert },
+                'proof': proof.to_dict(),
             }
 
@@ -1814 +1834 @@
             raise service_error(service_error.req, "No request?")
 
-        self.check_experiment_access(fid, key)
+        proof = self.check_experiment_access(fid, key)
 
         self.state_lock.acquire()
         if self.state.has_key(key):
             if self.state[key].has_key('vtopo'):
-                rv = { 'experiment' : {keytype: key },\
-                        'vtopo': self.state[key]['vtopo'],\
+                rv = { 'experiment' : {keytype: key },
+                        'vtopo': self.state[key]['vtopo'],
+                        'proof': proof.to_dict(), 
                     }
             else:
@@ -1858 +1879 @@
             raise service_error(service_error.req, "No request?")
 
-        self.check_experiment_access(fid, key)
+        proof = self.check_experiment_access(fid, key)
 
         self.state_lock.acquire()
         if self.state.has_key(key):
             if self.state[key].has_key('vis'):
-                rv =  { 'experiment' : {keytype: key },\
-                        'vis': self.state[key]['vis'],\
+                rv =  { 'experiment' : {keytype: key },
+                        'vis': self.state[key]['vis'],
+                        'proof': proof.to_dict(), 
                         }
             else:
@@ -1885 +1907 @@
         between when it was started and the beginning of resource allocation.
         This is basically the information about each local allocation.  This
-        fills in the values of the placeholder allocation in the state.
+        fills in the values of the placeholder allocation in the state.  It
+        also collects the access proofs and returns them as dicts for a
+        response message.
         """
         # save federant information
@@ -1893 +1917 @@
                     'allocID' : tbparams[k]['allocID'],
                     'uri': tbparams[k]['uri'],
+                    'proof': tbparams[k]['proof'],
                 }
 
@@ -1903 +1928 @@
                 [ tbparams[tb]['federant'] for tb in tbparams.keys() \
                     if tbparams[tb].has_key('federant') ]
+        # Access proofs for the response message
+        proofs = [copy.deepcopy(p) for k in tbparams.keys()\
+                    for p in tbparams[k]['federant']['proof']]
         if self.state_filename: 
             self.write_state()
         self.state_lock.release()
+        return proofs
 
     def clear_placeholder(self, eid, expid, tmpdir):
@@ -1945 +1974 @@
 
         # Make sure that the caller can talk to us
-        self.check_experiment_access(fid, key)
+        proof = self.check_experiment_access(fid, key)
 
         # Install the testbed map entries supplied with the request into a copy
@@ -2030 +2059 @@
             vtopo = topdl.topology_to_vtopo(top)
             vis = self.genviz(vtopo)
-            self.save_federant_information(allocated, tbparams, eid, vtopo, 
-                    vis, top)
+            proofs = self.save_federant_information(allocated, tbparams, 
+                    eid, vtopo, vis, top)
         except service_error, e:
             # If something goes wrong in the parse (usually an access error)
@@ -2042 +2071 @@
         # Start the background swapper and return the starting state.  From
         # here on out, the state will stick around a while.
-
-        # XXX: I think this is redundant
-        # Let users touch the state
-        # self.auth.set_attribute(fid, expid)
-        # self.auth.set_attribute(expid, expid)
-        # Override fedids can manipulate state as well
-        # for o in self.overrides:
-            # self.auth.set_attribute(o, expid)
-        # self.auth.save()
 
         # Create a logger that logs to the experiment's state object as well as
@@ -2076 +2096 @@
                 ],
                 'experimentStatus': 'starting',
+                'proof': [ proof.to_dict() ] + proofs,
             }
 
@@ -2121 +2142 @@
             key = self.get_experiment_fedid(key)
 
-        if self.auth.check_attribute(fid, key):
-            return True
+        access_ok, proof = self.auth.check_attribute(fid, key, with_proof=True)
+
+        if access_ok:
+            return proof
         else:
-            raise service_error(service_error.access, "Access Denied")
+            raise service_error(service_error.access, "Access Denied",
+                proof)
 
 
@@ -2133 +2157 @@
         """
         self.log.info("Get handler %s %s" % (path, fid))
+        # XXX: log proofs?
         if self.auth.check_attribute(fid, path):
             return ("%s/%s" % (self.repodir, path), "application/binary")
@@ -2138 +2163 @@
             return (None, None)
 
-    def clean_info_response(self, rv):
+    def clean_info_response(self, rv, proof):
         """
         Remove the information in the experiment's state object that is not in
@@ -2162 +2187 @@
                 if f.has_key('allocID'): del f['allocID']
                 if f.has_key('uri'): del f['uri']
+        rv['proof'] = proof.to_dict()
 
         return rv
@@ -2188 +2214 @@
             raise service_error(service_error.req, "No request?")
 
-        self.check_experiment_access(fid, key)
+        proof = self.check_experiment_access(fid, key)
 
         # The state may be massaged by the service function that called
@@ -2199 +2225 @@
 
         if rv:
-            return self.clean_info_response(rv)
+            return self.clean_info_response(rv, proof)
         else:
             raise service_error(service_error.req, "No such experiment")
@@ -2207 +2233 @@
         Return all the stored info that this fedid can access
         """
-        rv = { 'info': [ ] }
+        rv = { 'info': [ ], 'proof': [ ] }
 
         self.state_lock.acquire()
         for key in [ k for k in self.state.keys() if isinstance(k, fedid)]:
             try:
-                self.check_experiment_access(fid, key)
+                proof = self.check_experiment_access(fid, key)
             except service_error, e:
                 if e.code == service_error.access:
@@ -2222 +2248 @@
             if self.state.has_key(key):
                 e = copy.deepcopy(self.state[key])
-                e = self.clean_info_response(e)
+                e = self.clean_info_response(e, proof)
                 rv['info'].append(e)
+                rv['proof'].append(proof.to_dict())
         self.state_lock.release()
         return rv
@@ -2351 +2378 @@
             if tmpdir: self.remove_dirs(tmpdir)
 
-
     def terminate_experiment(self, req, fid):
         """
@@ -2364 +2390 @@
 
         key = self.get_experiment_key(req, 'experiment')
-        self.check_experiment_access(fid, key)
+        proof = self.check_experiment_access(fid, key)
         exp = req.get('experiment', False)
         force = req.get('force', False)
@@ -2416 +2442 @@
             if repo:
                 self.remove_dirs("%s/%s" % (self.repodir, repo))
-                
+        
             return { 
                     'experiment': exp , 
                     'deallocationLog': string.join(dealloc_list, ''),
+                    'proof': [proof.to_dict()],
                     }
         else:
@@ -2438 +2465 @@
         rv = { 'name': name }
 
-        if name and self.auth.check_attribute(fid, name):
+        if not name:
+            raise service_error(service_error.req, "No name?")
+
+        access_ok, proof = self.auth.check_attribute(fid, name, with_proof=True)
+
+        if access_ok:
             self.log.debug("[GetValue] asking for %s " % name)
             try:
@@ -2448 +2480 @@
             if v is not None:
                 rv['value'] = v
+            rv['proof'] = proof.to_dict()
             self.log.debug("[GetValue] got %s from %s" % (v, name))
             return rv
         else:
-            raise service_error(service_error.access, "Access Denied")
+            raise service_error(service_error.access, "Access Denied",
+                    proof=proof)
         
 
@@ -2466 +2500 @@
         v = req.get('value', '')
 
-        if name and self.auth.check_attribute(fid, name):
+        if not name:
+            raise service_error(service_error.req, "No name?")
+
+        access_ok, proof = self.auth.check_attribute(fid, name, with_proof=True)
+
+        if access_ok:
             try:
                 self.synch_store.set_value(name, v)
@@ -2479 +2518 @@
                 raise service_error(service_error.federant, 
                         "Synch key %s revoked" % name)
-            return { 'name': name, 'value': v }
+                return { 'name': name, 'value': v, 'proof': proof.to_dict() }
         else:
-            raise service_error(service_error.access, "Access Denied")
+            raise service_error(service_error.access, "Access Denied",
+                    proof=proof)

fedd/federation/protogeni_access.py

@@ -215 +215 @@
             return (None, None)
 
-    def build_access_response(self, alloc_id, services):
+    def build_access_response(self, alloc_id, services, proof):
         """
         Create the SOAP response.
@@ -230 +230 @@
                 'fedAttr': [
                     { 'attribute': 'domain', 'value': self.domain } , 
-                ]
+                ],
+                'proof': proof.to_dict()
             }
         if self.dragon_endpoint:
@@ -262 +263 @@
 
         # Request for this fedd
-        found, match, owners = self.lookup_access(req, fid)
+        found, match, owners, proof = self.lookup_access(req, fid)
         services, svc_state = self.export_services(req.get('service',[]),
                 None, None)
@@ -288 +289 @@
             raise service_error(service_error.internal, 
                     "Can't open %s/%s : %s" % (self.certdir, aid, e))
-        return self.build_access_response({ 'fedid': allocID }, None)
+        return self.build_access_response({ 'fedid': allocID }, None, proof)
 
 
@@ -312 +313 @@
 
         self.log.debug("[access] deallocation requested for %s", aid)
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok , proof = self.auth.check_attribute(fid, auth_attr,
+                with_proof=True)
+        if not access_ok:
             self.log.debug("[access] deallocation denied for %s", aid)
             raise service_error(service_error.access, "Access Denied")
@@ -327 +330 @@
             self.log.debug("Removing %s" % cf)
             os.remove(cf)
-            return { 'allocID': req['allocID'] } 
+            return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 
         else:
             self.state_lock.release()
@@ -1251 +1254 @@
                 cpw, alloc_log)
 
-    def finalize_experiment(self, topo, nodes, aid, alloc_id):
+    def finalize_experiment(self, topo, nodes, aid, alloc_id, proof):
         # Copy the assigned names into the return topology
         rvtopo = topo.clone()
@@ -1273 +1276 @@
                     'topdldescription': rvtopo.to_dict() },
                 'embedding': embedding,
+                'proof': proof.to_dict(),
                 }
         retval = copy.deepcopy(self.allocation[aid]['started'])
@@ -1295 +1299 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
         else:
@@ -1356 +1362 @@
 
         if rv:
-            return self.finalize_experiment(topo, nodes, aid, req['allocID'])
+            return self.finalize_experiment(topo, nodes, aid, req['allocID'],
+                    proof)
         elif err:
             raise service_error(service_error.federant,
@@ -1392 +1399 @@
         aid = "%s" % auth_attr
         attrs = req.get('fedAttr', [])
-        if not self.auth.check_attribute(fid, auth_attr):
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
             raise service_error(service_error.access, "Access denied")
 
@@ -1419 +1428 @@
         self.stop_segment(segment_commands, user, staging, slice_cred,
                 slice_urn, cf, cpw)
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
 
     def renew_segment(self, segment_commands, name, scred, slice_urn, interval, 

fedd/federation/remote_service.py

@@ -16 +16 @@
 import httplib
 
+from proof import proof
 from service_error import service_error
 from xmlrpclib import ServerProxy, dumps, loads, Fault, Error, Binary
@@ -66 +67 @@
     # A map used to encapsulate fedids into xmlrpclib.Binary objects
     encap_fedids = (('fedid', to_binary),)
+
+    # fields that are never unicoded, because they represent non strings.
+    do_not_unicode = set(['credential'])
 
     @staticmethod
@@ -172 +176 @@
         if isinstance(obj, dict):
             for k in obj.keys():
-                obj[k] = remote_service_base.make_unicode(obj[k])
+                if k not in remote_service_base.do_not_unicode:
+                    obj[k] = remote_service_base.make_unicode(obj[k])
             return obj
         elif isinstance(obj, basestring) and not isinstance(obj, unicode):
@@ -513 +518 @@
                             'desc': e.fault.string or "Something Weird" }
                 if ee:
+                    if 'proof' in ee: 
+                        pl = [ proof.from_dict(p) for p in ee['proof']]
+                    else: 
+                        pl = None
                     raise service_error(ee.get('code', 'no code'), 
-                            ee.get('desc','no desc'))
+                            ee.get('desc','no desc'), proof=pl)
                 else:
                     raise service_error(service_error.internal,

fedd/federation/server.py

@@ -136 +136 @@
             self.send_fault(f)
             resp = None
-        
+
         if resp != None:
             sw = SoapWriter()
@@ -201 +201 @@
                 de._errstr=e.code_string()
                 de._desc=e.desc
+                for p in e.proof:
+                    dp = ns0.proofType_Def(ns0.proofType_Def.schema, 
+                            "proof").pyclass()
+                    dp._prover = p.prover
+                    dp._principal = p.principal
+                    dp._attribute = p.attribute
+                    dp._credential = p.creds_to_certs()
+                    if de._proof: de._proof.append(dp)
+                    else: de._proof = [dp]
                 if  e.is_server_error():
                     raise Fault(Fault.Server, e.code_string(), detail=de)

fedd/federation/service_error.py

@@ -28 +28 @@
             federant, connect)
 
-    def __init__(self, code=None, desc=None, from_string=None):
+    def __init__(self, code=None, desc=None, from_string=None, proof=None):
         self.code = code
         self.desc = desc
+        self.proof = proof or []
+        if not isinstance (self.proof, list): self.proof = [ proof ]
         if code == None:
             self.set_code_from_string(from_string)

fedd/federation/skeleton_access.py

@@ -183 +183 @@
         aid = "%s" % auth_attr
         # Authorization check
-        if not self.auth.check_attribute(fid, auth_attr):
-            raise service_error(service_error.access, "Access denied")
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
+            raise service_error(service_error.access, "Access denied", 
+                    proof=proof)
         else:
             # See if this is a replay of an earlier succeeded StartSegment -
@@ -242 +245 @@
                 'allocID': req['allocID'],
                 'allocationLog': "Allocatation complete",
-                'segmentdescription': { 'topdldescription': topo.to_dict() }
+                'segmentdescription': { 'topdldescription': topo.to_dict() },
+                'proof': proof.to_dict(),
                 }
         retval = copy.deepcopy(self.state[aid]['started'])
@@ -266 +270 @@
         self.log.debug("Terminate request for %s" %aid)
         # Check authorization
-        if not self.auth.check_attribute(fid, auth_attr):
-            raise service_error(service_error.access, "Access denied")
+        access_ok, proof = self.auth.check_attribute(fid, auth_attr, 
+                with_proof=True)
+        if not access_ok:
+            raise service_error(service_error.access, "Access denied", 
+                    proof=proof)
 
         # Authorized: remove the integer from the allocation.  A more complex
@@ -281 +288 @@
         self.state_lock.release()
    
-        return { 'allocID': req['allocID'] }
+        return { 'allocID': req['allocID'], 'proof': proof.to_dict() }

fedd/federation/thread_pool.py

@@ -4 +4 @@
 import time
 from threading import Lock, Thread, Condition
+from service_error import service_error
 
 class thread_pool: