Changeset e83f2f2 for fedd/federation/access.py
- Timestamp:
- Dec 14, 2010 6:58:28 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c092b7f
- Parents:
- 2627eb3
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/access.py
r2627eb3 re83f2f2 301 301 # Check every attribute that we know how to map and take the first 302 302 # success. 303 fail_proofs = [ ] 303 304 for attr in check: 304 if self.auth.check_attribute(fid, attr.attr): 305 access_ok, proof = self.auth.check_attribute(fid, attr.attr, 306 with_proof=True) 307 if access_ok: 305 308 self.log.debug("Access succeeded for %s %s" % (attr.attr, fid)) 306 309 # XXX: needs to deal with dynamics 307 310 return copy.copy(attr.value), (False, False, False), \ 308 [ fid ] 311 [ fid ], proof 309 312 else: 313 fail_proofs.append(proof) 310 314 self.log.debug("Access failed for %s %s" % (attr.attr, fid)) 311 315 else: 312 raise service_error(service_error.access, "Access denied") 316 raise service_error(service_error.access, "Access denied", 317 proof=fail_proofs) 313 318 314 319 … … 448 453 return (exp, state) 449 454 450 def build_access_response(self, alloc_id, ap, services ):455 def build_access_response(self, alloc_id, ap, services, proof): 451 456 """ 452 457 Create the SOAP response. … … 461 466 msg = { 462 467 'allocID': alloc_id, 468 'proof': proof.to_dict(), 463 469 'fedAttr': [ 464 470 { 'attribute': 'domain', 'value': self.domain } , … … 789 795 # exception denying access that triggers a fault response back to the 790 796 # caller. 791 found, match, owners = self.lookup_access(req, fid)797 found, match, owners, proof = self.lookup_access(req, fid) 792 798 self.log.info( 793 799 "[RequestAccess] Access granted to %s with local creds %s" % \ … … 819 825 "Can't open %s/%s : %s" % (self.certdir, aid, e)) 820 826 self.log.debug('[RequestAccess] Returning allocation ID: %s' % allocID) 821 return { 'allocID': { 'fedid': allocID } }827 return { 'allocID': { 'fedid': allocID }, 'proof': proof.to_dict() } 822 828 823 829 def ReleaseAccess(self, req, fid): … … 849 855 self.log.debug("[ReleaseAccess] deallocation requested for %s", aid) 850 856 # Confirm access 851 if not self.auth.check_attribute(fid, auth_attr): 857 access_ok, proof = self.auth.check_attribute(fid, auth_attr, 858 with_proof=True) 859 if not access_ok: 852 860 self.log.debug("[ReleaseAccess] deallocation denied for %s", aid) 853 raise service_error(service_error.access, "Access Denied") 861 raise service_error(service_error.access, "Access Denied", 862 proof=proof) 854 863 855 864 # If there is an allocation in the state, delete it. Note the locking. … … 865 874 self.log.debug("[ReleaseAccess] Removing %s" % cf) 866 875 os.remove(cf) 867 return { 'allocID': req['allocID'] }876 return { 'allocID': req['allocID'], 'proof': proof.to_dict() } 868 877 else: 869 878 self.state_lock.release()
Note: See TracChangeset
for help on using the changeset viewer.