-cimport afs as a
+from afs cimport *
+
+cdef import from "afs/ptuser.h":
+ enum:
+ PR_MAXNAMELEN
+ PRGRP
+ ANONYMOUSID
+
+ ctypedef char prname[PR_MAXNAMELEN]
+
+ struct namelist:
+ unsigned int namelist_len
+ prname *namelist_val
+
+ struct prlist:
+ unsigned int prlist_len
+ afs_int32 *prlist_val
+
+ struct idlist:
+ unsigned int idlist_len
+ afs_int32 *idlist_val
+
+ int ubik_PR_NameToID(ubik_client *, afs_int32, namelist *, idlist *)
+ int ubik_PR_IDToName(ubik_client *, afs_int32, idlist *, namelist *)
+ int ubik_PR_INewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32)
+ int ubik_PR_NewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32, afs_int32 *)
+ int ubik_PR_Delete(ubik_client *, afs_int32, afs_int32)
+ int ubik_PR_AddToGroup(ubik_client *, afs_int32, afs_int32, afs_int32)
+ int ubik_PR_RemoveFromGroup(ubik_client *, afs_int32, afs_int32, afs_int32)
+ int ubik_PR_ListElements(ubik_client *, afs_int32, afs_int32, prlist *, afs_int32 *)
+
+cdef import from "afs/pterror.h":
+ enum:
+ PRNOENT
+ PRTOOMANY
+
+ void initialize_PT_error_table()
cdef class PTS:
- cdef a.ubik_client * client
-
+ cdef ubik_client * client
+
def __cinit__(self, cell=None, sec=1):
- cdef a.afs_int32 code
- cdef a.afsconf_dir *cdir
- cdef a.afsconf_cell info
+ """
+ Open a connection to the protection server. A PTS object is
+ essentially a handle to talk to the server in a given cell.
+
+ cell defaults to None. If no argument is passed for cell, PTS
+ connects to the home cell.
+
+ sec is the security level, an integer from 0 to 3:
+ - 0: unauthenticated connection
+ - 1: try authenticated, then fall back to unauthenticated
+ - 2: fail if an authenticated connection can't be established
+ - 3: same as 2, plus encrypt all traffic to the protection
+ server
+ """
+ cdef afs_int32 code
+ cdef afsconf_dir *cdir
+ cdef afsconf_cell info
cdef char * c_cell
-
+ cdef ktc_principal prin
+ cdef ktc_token token
+ cdef rx_securityClass *sc
+ cdef rx_connection *serverconns[MAXSERVERS]
+ cdef int i
+
+ initialize_PT_error_table()
+
if cell is None:
c_cell = NULL
else:
c_cell = cell
-
+
self.client = NULL
-
- code = a.rx_Init(0)
+
+ code = rx_Init(0)
if code != 0:
raise Exception(code, "Error initializing Rx")
-
- cdir = a.afsconf_Open(a.AFSDIR_CLIENT_ETC_DIRPATH)
+
+ cdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)
if cdir is NULL:
- raise OSError(a.errno,
+ raise OSError(errno,
"Error opening configuration directory (%s): %s" % \
- (a.AFSDIR_CLIENT_ETC_DIRPATH, a.strerror(a.errno)))
- code = a.afsconf_GetCellInfo(cdir, c_cell, "afsprot", &info)
+ (AFSDIR_CLIENT_ETC_DIRPATH, strerror(errno)))
+ code = afsconf_GetCellInfo(cdir, c_cell, "afsprot", &info)
+ if code != 0:
+ raise Exception(code, "GetCellInfo: %s" % afs_error_message(code))
+
+ if sec > 0:
+ strncpy(prin.cell, info.name, sizeof(prin.cell))
+ prin.instance[0] = 0
+ strncpy(prin.name, "afs", sizeof(prin.name))
+
+ code = ktc_GetToken(&prin, &token, sizeof(token), NULL);
+ if code != 0:
+ if sec >= 2:
+ # No really - we wanted authentication
+ raise Exception(code, "Failed to get token for service AFS: %s" % afs_error_message(code))
+ sec = 0
+ else:
+ if sec == 3:
+ level = rxkad_crypt
+ else:
+ level = rxkad_clear
+ sc = rxkad_NewClientSecurityObject(level, &token.sessionKey,
+ token.kvno, token.ticketLen,
+ token.ticket)
+
+ if sec == 0:
+ sc = rxnull_NewClientSecurityObject()
+ else:
+ sec = 2
+
+ memset(serverconns, 0, sizeof(serverconns))
+ for 0 <= i < info.numServers:
+ serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
+ info.hostAddr[i].sin_port,
+ PRSRV,
+ sc,
+ sec)
+
+ code = ubik_ClientInit(serverconns, &self.client)
if code != 0:
- raise Exception(code, "GetCellInfo: %s" % a.error_message(code))
-
+ raise Exception("Failed to initialize ubik connection to Protection server: %s" % afs_error_message(code))
+
+ code = rxs_Release(sc)
+
def __dealloc__(self):
- a.rx_Finalize()
+ ubik_ClientDestroy(self.client)
+ rx_Finalize()
+
+ def NameToId(self, name):
+ """
+ Converts a user or group to an AFS ID.
+ """
+ cdef namelist lnames
+ cdef idlist lids
+ cdef afs_int32 code, id
+ name = name.lower()
+
+ lids.idlist_len = 0
+ lids.idlist_val = NULL
+ lnames.namelist_len = 1
+ lnames.namelist_val = <prname *>malloc(PR_MAXNAMELEN)
+ strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN)
+ code = ubik_PR_NameToID(self.client, 0, &lnames, &lids)
+ if lids.idlist_val is not NULL:
+ id = lids.idlist_val[0]
+ free(lids.idlist_val)
+ if id == ANONYMOUSID:
+ code = PRNOENT
+ if code != 0:
+ raise Exception("Failed to lookup PTS name: %s" % afs_error_message(code))
+ return id
+
+ def IdToName(self, id):
+ """
+ Convert an AFS ID to the name of a user or group.
+ """
+ cdef namelist lnames
+ cdef idlist lids
+ cdef afs_int32 code
+ cdef char name[PR_MAXNAMELEN]
+
+ lids.idlist_len = 1
+ lids.idlist_val = <afs_int32 *>malloc(sizeof(afs_int32))
+ lids.idlist_val[0] = id
+ lnames.namelist_len = 0
+ lnames.namelist_val = NULL
+ code = ubik_PR_IDToName(self.client, 0, &lids, &lnames)
+ if lnames.namelist_val is not NULL:
+ strncpy(name, lnames.namelist_val[0], sizeof(name))
+ free(lnames.namelist_val)
+ if lids.idlist_val is not NULL:
+ free(lids.idlist_val)
+ if name == str(id):
+ code = PRNOENT
+ if code != 0:
+ raise Exception("Failed to lookup PTS ID: %s" % afs_error_message(code))
+ return name
+
+ def CreateUser(self, name, id=None):
+ """
+ Create a new user in the protection database. If an ID is
+ provided, that one will be used.
+ """
+ cdef afs_int32 code
+ cdef afs_int32 cid
+ name = name[:PR_MAXNAMELEN].lower()
+
+ if id is not None:
+ cid = id
+
+ if id is not None:
+ code = ubik_PR_INewEntry(self.client, 0, name, cid, 0)
+ else:
+ code = ubik_PR_NewEntry(self.client, 0, name, 0, 0, &cid)
+
+ if code != 0:
+ raise Exception("Failed to create user: %s" % afs_error_message(code))
+ return cid
+
+ def CreateGroup(self, name, owner, id=None):
+ """
+ Create a new group in the protection database. If an ID is
+ provided, that one will be used.
+ """
+ cdef afs_int32 code, cid
+
+ name = name[:PR_MAXNAMELEN].lower()
+ oid = self.NameToId(owner)
+
+ if id is not None:
+ cid = id
+ code = ubik_PR_INewEntry(self.client, 0, name, cid, oid)
+ else:
+ code = ubik_PR_NewEntry(self.client, 0, name, PRGRP, oid, &cid)
+
+ if code != 0:
+ raise Exception("Failed to create group: %s" % afs_error_message(code))
+ return cid
+
+ def Delete(self, id):
+ """
+ Delete the protection database entry with the provided ID.
+ """
+ cdef afs_int32 code
+
+ code = ubik_PR_Delete(self.client, 0, id)
+ if code != 0:
+ raise Exception("Failed to delete user: %s" % afs_error_message(code))
+
+ def AddToGroup(self, uid, gid):
+ """
+ Add the user with the given ID to the group with the given ID.
+ """
+ cdef afs_int32 code
+
+ code = ubik_PR_AddToGroup(self.client, 0, uid, gid)
+ if code != 0:
+ raise Exception("Failed to add user to group: %s" % afs_error_message(code))
+
+ def RemoveFromGroup(self, uid, gid):
+ """
+ Remove the user with the given ID from the group with the given ID.
+ """
+ cdef afs_int32 code
+
+ code = ubik_PR_RemoveFromGroup(self.client, 0, uid, gid)
+ if code != 0:
+ raise Exception("Failed to remove user from group: %s" % afs_error_message(code))
+
+ def ListMembers(self, gid):
+ """
+ Get the membership of the list with the given ID.
+
+ This returns a list of PTS IDs.
+ """
+ cdef afs_int32 code, over
+ cdef prlist alist
+ cdef int i
+ cdef object members = []
+
+ alist.prlist_len = 0
+ alist.prlist_val = NULL
+
+ code = ubik_PR_ListElements(self.client, 0, gid, &alist, &over)
+
+ if alist.prlist_val is not NULL:
+ for i in range(alist.prlist_len):
+ members.append(alist.prlist_val[i])
+ free(alist.prlist_val)
+
+ if over:
+ code = PRTOOMANY
+ if code != 0:
+ raise Exception("Failed to get group membership: %s" % afs_error_message(code))
+
+ return members