Ignore:
Timestamp:
Dec 14, 2010 6:58:28 PM (9 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
c092b7f
Parents:
2627eb3
Message:

Move proofs around. Lots of changes, including fault handling.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/authorizer.py

    re65150a re83f2f2  
    11#/usr/local/bin/python
    22
    3 from string import join
    43from tempfile import mkstemp
    54from subprocess import call
     
    1211from service_error import service_error
    1312from util import abac_pem_type, abac_split_cert
     13from proof import proof
    1414
    1515
     
    116116        if attrs: attrs.discard(attr)
    117117
    118     def check_attribute(self, name, attr):
     118    def check_attribute(self, name, attr, with_proof=False):
    119119        """
    120120        Return True if name has attr (or if attr is global).  Tuple names match
     
    130130        self.valid_name(name)
    131131        if attr in self.globals:
    132             return True
     132            if with_proof: return True, proof("me", name, attr)
     133            else: return True
    133134
    134135        if isinstance(name, tuple):
     
    137138                if self.attrs.has_key(lookup):
    138139                    if attr in self.attrs[lookup]:
    139                         return True
    140         else:
    141             return  attr in self.attrs.get(self.auth_name(name), set())
     140                        if with_proof: return True, proof("me", name, attr)
     141                        else: return True
     142                # Drop through
     143                if with_proof: return False, proof("me", name, attr)
     144                else: return False
     145        else:
     146            if with_proof:
     147                return attr in self.attrs.get(self.auth_name(name), set()), \
     148                        proof("me", name, attr)
     149            else:
     150                return attr in self.attrs.get(self.auth_name(name), set())
    142151
    143152    def set_global_attribute(self, attr):
     
    375384
    376385
    377     def check_attribute(self, name, attr):
    378         # XXX proof soon
     386    def check_attribute(self, name, attr, with_proof=False):
    379387        if isinstance(name, tuple):
    380388            raise abac_authorizer.bad_name(
     
    399407            # Sigh. Unicode vs swig and swig seems to lose.  Make sure
    400408            # everything we pass into ABAC is a str not a unicode.
    401             rv, proof = self.context.query(a, n)
     409            rv, p = self.context.query(a, n)
    402410            # XXX delete soon
    403             if not rv and attr in self.globals: rv = True
    404             self.lock.release()
    405 
    406             return rv
     411            if not rv and attr in self.globals:
     412                rv = True
     413                p = None
     414            self.lock.release()
     415            if with_proof: return rv, proof(self.fedid, name, a, p)
     416            else: return rv
    407417
    408418    def set_global_attribute(self, attr):
Note: See TracChangeset for help on using the changeset viewer.