X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/python-afs.git/blobdiff_plain/16d5c40686b30eb0b488df53c8cdaf625cddc173..0130e753fe3d0966d3b9578f12564f4d9e0aec32:/afs/_pts.pyx diff --git a/afs/_pts.pyx b/afs/_pts.pyx index 9ecf0e3..3e04d7d 100644 --- a/afs/_pts.pyx +++ b/afs/_pts.pyx @@ -4,6 +4,12 @@ cdef import from "afs/ptuser.h": enum: PR_MAXNAMELEN + enum: + PRGRP + + enum: + ANONYMOUSID + ctypedef char prname[PR_MAXNAMELEN] struct namelist: @@ -16,11 +22,28 @@ cdef import from "afs/ptuser.h": int ubik_PR_NameToID(ubik_client *, afs_int32, namelist *, idlist *) int ubik_PR_IDToName(ubik_client *, afs_int32, idlist *, namelist *) + int ubik_PR_INewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32) + int ubik_PR_NewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32, afs_int32 *) + int ubik_PR_Delete(ubik_client *, afs_int32, afs_int32) cdef class PTS: cdef ubik_client * client def __cinit__(self, cell=None, sec=1): + """ + Open a connection to the protection server. A PTS object is + essentially a handle to talk to the server in a given cell. + + cell defaults to None. If no argument is passed for cell, PTS + connects to the home cell. + + sec is the security level, an integer from 0 to 3: + - 0: unauthenticated connection + - 1: try authenticated, then fall back to unauthenticated + - 2: fail if an authenticated connection can't be established + - 3: same as 2, plus encrypt all traffic to the protection + server + """ cdef afs_int32 code cdef afsconf_dir *cdir cdef afsconf_cell info @@ -95,6 +118,9 @@ cdef class PTS: rx_Finalize() def NameToId(self, name): + """ + Converts a user or group to an AFS ID. + """ cdef namelist lnames cdef idlist lids cdef afs_int32 code, id @@ -114,6 +140,9 @@ cdef class PTS: return id def IdToName(self, id): + """ + Convert an AFS ID to the name of a user or group. + """ cdef namelist lnames cdef idlist lids cdef afs_int32 code @@ -133,3 +162,56 @@ cdef class PTS: if code != 0: raise Exception("Failed to lookup PTS ID: %s" % afs_error_message(code)) return name + + def CreateUser(self, name, id=None): + """ + Create a new user in the protection database. If an ID is + provided, that one will be used. + """ + cdef afs_int32 code + cdef afs_int32 cid + name = name[:PR_MAXNAMELEN].lower() + + if id is not None: + cid = id + + if id is not None: + code = ubik_PR_INewEntry(self.client, 0, name, cid, 0) + else: + code = ubik_PR_NewEntry(self.client, 0, name, 0, 0, &cid) + + if code != 0: + raise Exception("Failed to create user: %s" % afs_error_message(code)) + return cid + + def CreateGroup(self, name, owner, id=None): + """ + Create a new group in the protection database. If an ID is + provided, that one will be used. + """ + cdef afs_int32 code, cid + + name = name[:PR_MAXNAMELEN].lower() + oid = self.NameToId(owner) + if oid == ANONYMOUSID: + raise Exception("Error creating group: owner does not exist") + + if id is not None: + cid = id + code = ubik_PR_INewEntry(self.client, 0, name, cid, oid) + else: + code = ubik_PR_NewEntry(self.client, 0, name, PRGRP, oid, &cid) + + if code != 0: + raise Exception("Failed to create group: %s" % afs_error_message(code)) + return cid + + def Delete(self, id): + """ + Delete the protection database entry with the provided ID. + """ + cdef afs_int32 code + + code = ubik_PR_Delete(self.client, 0, id) + if code != 0: + raise Exception("Failed to delete user: %s" % afs_error_message(code))