X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/python-afs.git/blobdiff_plain/2d2104b92ce4f472ade76c8fbb737b1c9028f8ea..51b6154866aaf16653af673b9a3dedd5c244eb28:/afs/_pts.pyx diff --git a/afs/_pts.pyx b/afs/_pts.pyx index 49ee9b6..cce9256 100644 --- a/afs/_pts.pyx +++ b/afs/_pts.pyx @@ -1,24 +1,275 @@ -cdef extern from "afs/stds.h": - ctypedef long afs_int32 +from afs cimport * -cdef extern from "ubik.h": +cdef import from "afs/ptuser.h": enum: - MAXSERVERS - - struct ubik_client: - pass + PR_MAXNAMELEN + PRGRP + ANONYMOUSID -cdef extern from "rx/rx.h": - int rx_Init(int port) + ctypedef char prname[PR_MAXNAMELEN] + + struct namelist: + unsigned int namelist_len + prname *namelist_val + + struct prlist: + unsigned int prlist_len + afs_int32 *prlist_val + + struct idlist: + unsigned int idlist_len + afs_int32 *idlist_val + + int ubik_PR_NameToID(ubik_client *, afs_int32, namelist *, idlist *) + int ubik_PR_IDToName(ubik_client *, afs_int32, idlist *, namelist *) + int ubik_PR_INewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32) + int ubik_PR_NewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32, afs_int32 *) + int ubik_PR_Delete(ubik_client *, afs_int32, afs_int32) + int ubik_PR_AddToGroup(ubik_client *, afs_int32, afs_int32, afs_int32) + int ubik_PR_RemoveFromGroup(ubik_client *, afs_int32, afs_int32, afs_int32) + int ubik_PR_ListElements(ubik_client *, afs_int32, afs_int32, prlist *, afs_int32 *) + +cdef import from "afs/pterror.h": + enum: + PRNOENT + + void initialize_PT_error_table() cdef class PTS: cdef ubik_client * client - - def __cinit__(self): + + def __cinit__(self, cell=None, sec=1): + """ + Open a connection to the protection server. A PTS object is + essentially a handle to talk to the server in a given cell. + + cell defaults to None. If no argument is passed for cell, PTS + connects to the home cell. + + sec is the security level, an integer from 0 to 3: + - 0: unauthenticated connection + - 1: try authenticated, then fall back to unauthenticated + - 2: fail if an authenticated connection can't be established + - 3: same as 2, plus encrypt all traffic to the protection + server + """ cdef afs_int32 code - + cdef afsconf_dir *cdir + cdef afsconf_cell info + cdef char * c_cell + cdef ktc_principal prin + cdef ktc_token token + cdef rx_securityClass *sc + cdef rx_connection *serverconns[MAXSERVERS] + cdef int i + + initialize_PT_error_table() + + if cell is None: + c_cell = NULL + else: + c_cell = cell + self.client = NULL - + code = rx_Init(0) if code != 0: - raise Exception(str(code)) + raise Exception(code, "Error initializing Rx") + + cdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH) + if cdir is NULL: + raise OSError(errno, + "Error opening configuration directory (%s): %s" % \ + (AFSDIR_CLIENT_ETC_DIRPATH, strerror(errno))) + code = afsconf_GetCellInfo(cdir, c_cell, "afsprot", &info) + if code != 0: + raise Exception(code, "GetCellInfo: %s" % afs_error_message(code)) + + if sec > 0: + strncpy(prin.cell, info.name, sizeof(prin.cell)) + prin.instance[0] = 0 + strncpy(prin.name, "afs", sizeof(prin.name)) + + code = ktc_GetToken(&prin, &token, sizeof(token), NULL); + if code != 0: + if sec >= 2: + # No really - we wanted authentication + raise Exception(code, "Failed to get token for service AFS: %s" % afs_error_message(code)) + sec = 0 + else: + if sec == 3: + level = rxkad_crypt + else: + level = rxkad_clear + sc = rxkad_NewClientSecurityObject(level, &token.sessionKey, + token.kvno, token.ticketLen, + token.ticket) + + if sec == 0: + sc = rxnull_NewClientSecurityObject() + else: + sec = 2 + + memset(serverconns, 0, sizeof(serverconns)) + for 0 <= i < info.numServers: + serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, + info.hostAddr[i].sin_port, + PRSRV, + sc, + sec) + + code = ubik_ClientInit(serverconns, &self.client) + if code != 0: + raise Exception("Failed to initialize ubik connection to Protection server: %s" % afs_error_message(code)) + + code = rxs_Release(sc) + + def __dealloc__(self): + ubik_ClientDestroy(self.client) + rx_Finalize() + + def NameToId(self, name): + """ + Converts a user or group to an AFS ID. + """ + cdef namelist lnames + cdef idlist lids + cdef afs_int32 code, id + name = name.lower() + + lids.idlist_len = 0 + lids.idlist_val = NULL + lnames.namelist_len = 1 + lnames.namelist_val = malloc(PR_MAXNAMELEN) + strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN) + code = ubik_PR_NameToID(self.client, 0, &lnames, &lids) + if lids.idlist_val is not NULL: + id = lids.idlist_val[0] + free(lids.idlist_val) + if id == ANONYMOUSID: + code = PRNOENT + if code != 0: + raise Exception("Failed to lookup PTS name: %s" % afs_error_message(code)) + return id + + def IdToName(self, id): + """ + Convert an AFS ID to the name of a user or group. + """ + cdef namelist lnames + cdef idlist lids + cdef afs_int32 code + cdef char name[PR_MAXNAMELEN] + + lids.idlist_len = 1 + lids.idlist_val = malloc(sizeof(afs_int32)) + lids.idlist_val[0] = id + lnames.namelist_len = 0 + lnames.namelist_val = NULL + code = ubik_PR_IDToName(self.client, 0, &lids, &lnames) + if lnames.namelist_val is not NULL: + strncpy(name, lnames.namelist_val[0], sizeof(name)) + free(lnames.namelist_val) + if lids.idlist_val is not NULL: + free(lids.idlist_val) + if name == str(id): + code = PRNOENT + if code != 0: + raise Exception("Failed to lookup PTS ID: %s" % afs_error_message(code)) + return name + + def CreateUser(self, name, id=None): + """ + Create a new user in the protection database. If an ID is + provided, that one will be used. + """ + cdef afs_int32 code + cdef afs_int32 cid + name = name[:PR_MAXNAMELEN].lower() + + if id is not None: + cid = id + + if id is not None: + code = ubik_PR_INewEntry(self.client, 0, name, cid, 0) + else: + code = ubik_PR_NewEntry(self.client, 0, name, 0, 0, &cid) + + if code != 0: + raise Exception("Failed to create user: %s" % afs_error_message(code)) + return cid + + def CreateGroup(self, name, owner, id=None): + """ + Create a new group in the protection database. If an ID is + provided, that one will be used. + """ + cdef afs_int32 code, cid + + name = name[:PR_MAXNAMELEN].lower() + oid = self.NameToId(owner) + + if id is not None: + cid = id + code = ubik_PR_INewEntry(self.client, 0, name, cid, oid) + else: + code = ubik_PR_NewEntry(self.client, 0, name, PRGRP, oid, &cid) + + if code != 0: + raise Exception("Failed to create group: %s" % afs_error_message(code)) + return cid + + def Delete(self, id): + """ + Delete the protection database entry with the provided ID. + """ + cdef afs_int32 code + + code = ubik_PR_Delete(self.client, 0, id) + if code != 0: + raise Exception("Failed to delete user: %s" % afs_error_message(code)) + + def AddToGroup(self, uid, gid): + """ + Add the user with the given ID to the group with the given ID. + """ + cdef afs_int32 code + + code = ubik_PR_AddToGroup(self.client, 0, uid, gid) + if code != 0: + raise Exception("Failed to add user to group: %s" % afs_error_message(code)) + + def RemoveFromGroup(self, uid, gid): + """ + Remove the user with the given ID from the group with the given ID. + """ + cdef afs_int32 code + + code = ubik_PR_RemoveFromGroup(self.client, 0, uid, gid) + if code != 0: + raise Exception("Failed to remove user from group: %s" % afs_error_message(code)) + + def ListMembers(self, gid): + """ + Get the membership of the list with the given ID. + + This returns a list of PTS IDs. + """ + cdef afs_int32 code, over + cdef prlist alist + cdef int i + cdef object members = [] + + alist.prlist_len = 0 + alist.prlist_val = NULL + + code = ubik_PR_ListElements(self.client, 0, gid, &alist, &over) + if code != 0: + raise Exception("Failed to get group membership: %s" % afs_error_message(code)) + + for i in range(alist.prlist_len): + members.append(alist.prlist_val[i]) + if alist.prlist_val is not NULL: + free(alist.prlist_val) + + return members