Ignore:
Timestamp:
Dec 14, 2010 6:58:28 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
c092b7f
Parents:
2627eb3
Message:

Move proofs around. Lots of changes, including fault handling.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/access.py

    r2627eb3 re83f2f2  
    301301        # Check every attribute that we know how to map and take the first
    302302        # success.
     303        fail_proofs = [ ]
    303304        for attr in check:
    304             if self.auth.check_attribute(fid, attr.attr):
     305            access_ok, proof = self.auth.check_attribute(fid, attr.attr,
     306                    with_proof=True)
     307            if access_ok:
    305308                self.log.debug("Access succeeded for %s %s" % (attr.attr, fid))
    306309                # XXX: needs to deal with dynamics
    307310                return copy.copy(attr.value), (False, False, False), \
    308                         [ fid ]
     311                        [ fid ], proof
    309312            else:
     313                fail_proofs.append(proof)
    310314                self.log.debug("Access failed for %s %s" % (attr.attr, fid))
    311315        else:
    312             raise service_error(service_error.access, "Access denied")
     316            raise service_error(service_error.access, "Access denied",
     317                    proof=fail_proofs)
    313318
    314319
     
    448453        return (exp, state)
    449454
    450     def build_access_response(self, alloc_id, ap, services):
     455    def build_access_response(self, alloc_id, ap, services, proof):
    451456        """
    452457        Create the SOAP response.
     
    461466        msg = {
    462467                'allocID': alloc_id,
     468                'proof': proof.to_dict(),
    463469                'fedAttr': [
    464470                    { 'attribute': 'domain', 'value': self.domain } ,
     
    789795        # exception denying access that triggers a fault response back to the
    790796        # caller.
    791         found, match, owners = self.lookup_access(req, fid)
     797        found, match, owners, proof = self.lookup_access(req, fid)
    792798        self.log.info(
    793799                "[RequestAccess] Access granted to %s with local creds %s" % \
     
    819825                    "Can't open %s/%s : %s" % (self.certdir, aid, e))
    820826        self.log.debug('[RequestAccess] Returning allocation ID: %s' % allocID)
    821         return { 'allocID': { 'fedid': allocID } }
     827        return { 'allocID': { 'fedid': allocID }, 'proof': proof.to_dict() }
    822828
    823829    def ReleaseAccess(self, req, fid):
     
    849855        self.log.debug("[ReleaseAccess] deallocation requested for %s", aid)
    850856        #  Confirm access
    851         if not self.auth.check_attribute(fid, auth_attr):
     857        access_ok, proof = self.auth.check_attribute(fid, auth_attr,
     858                with_proof=True)
     859        if not access_ok:
    852860            self.log.debug("[ReleaseAccess] deallocation denied for %s", aid)
    853             raise service_error(service_error.access, "Access Denied")
     861            raise service_error(service_error.access, "Access Denied",
     862                    proof=proof)
    854863
    855864        # If there is an allocation in the state, delete it.  Note the locking.
     
    865874            self.log.debug("[ReleaseAccess] Removing %s" % cf)
    866875            os.remove(cf)
    867             return { 'allocID': req['allocID'] }
     876            return { 'allocID': req['allocID'], 'proof': proof.to_dict() }
    868877        else:
    869878            self.state_lock.release()
Note: See TracChangeset for help on using the changeset viewer.