X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/python-afs.git/blobdiff_plain/562c4cd06e8c80fe088658a91dd63a3cb9e1fa8b..94a09d55edd7d3c1b53424ee1a39245db751c5e9:/afs/_pts.pyx diff --git a/afs/_pts.pyx b/afs/_pts.pyx index 511e9ee..3c10b70 100644 --- a/afs/_pts.pyx +++ b/afs/_pts.pyx @@ -1,6 +1,8 @@ -from afs cimport * +from afs._util cimport * +from afs._util import pyafs_error +import re -cdef import from "afs/ptuser.h": +cdef extern from "afs/ptuser.h": enum: PR_MAXNAMELEN PRGRP @@ -66,10 +68,30 @@ cdef import from "afs/ptuser.h": int ubik_PR_ListEntries(ubik_client *, afs_int32, afs_int32, afs_int32, prentries *, afs_int32 *) int ubik_PR_SetFieldsEntry(ubik_client *, afs_int32, afs_int32, afs_int32, afs_int32, afs_int32, afs_int32, afs_int32, afs_int32) -cdef import from "afs/pterror.h": +cdef extern from "afs/pterror.h": enum: PRNOENT - PRTOOMANY + +cdef extern from "krb5/krb5.h": + struct _krb5_context: + pass + struct krb5_principal_data: + pass + + ctypedef _krb5_context * krb5_context + ctypedef krb5_principal_data * krb5_principal + + ctypedef long krb5_int32 + ctypedef krb5_int32 krb5_error_code + krb5_error_code krb5_init_context(krb5_context *) + krb5_error_code krb5_parse_name(krb5_context, char *, krb5_principal *) + krb5_error_code krb5_unparse_name(krb5_context, krb5_principal, char **) + krb5_error_code krb5_524_conv_principal(krb5_context, krb5_principal, char *, char *, char *) + krb5_error_code krb5_425_conv_principal(krb5_context, char *, char *, char *, krb5_principal *) + krb5_error_code krb5_get_host_realm(krb5_context, char *, char ***) + void krb5_free_host_realm(krb5_context, char **) + void krb5_free_principal(krb5_context, krb5_principal) + void krb5_free_context(krb5_context) cdef class PTEntry: cdef public afs_int32 flags @@ -117,6 +139,28 @@ cdef int _ptentry_to_c(prcheckentry * c_entry, PTEntry p_entry) except -1: strncpy(c_entry.name, p_entry.name, sizeof(c_entry.name)) return 0 +cdef object kname_re = re.compile(r'^([^.].*?)(? 0: strncpy(prin.cell, info.name, sizeof(prin.cell)) @@ -176,7 +236,7 @@ cdef class PTS: if code != 0: if sec >= 2: # No really - we wanted authentication - raise Exception(code, "Failed to get token for service AFS: %s" % afs_error_message(code)) + pyafs_error(code) sec = 0 else: if sec == 3: @@ -201,8 +261,7 @@ cdef class PTS: sec) code = ubik_ClientInit(serverconns, &self.client) - if code != 0: - raise Exception("Failed to initialize ubik connection to Protection server: %s" % afs_error_message(code)) + pyafs_error(code) code = rxs_Release(sc) @@ -210,24 +269,24 @@ cdef class PTS: ubik_ClientDestroy(self.client) rx_Finalize() - def NameOrId(self, ident): + def _NameOrId(self, ident): """ Given an identifier, convert it to a PTS ID by looking up the name if it's a string, or otherwise just converting it to an integer. """ - if isinstance(ident, (str, unicode)): - return self.NameToId(ident) + if isinstance(ident, basestring): + return self._NameToId(ident) else: return int(ident) - def NameToId(self, name): + def _NameToId(self, name): """ Converts a user or group to an AFS ID. """ cdef namelist lnames cdef idlist lids - cdef afs_int32 code, id + cdef afs_int32 code, id = ANONYMOUSID name = name.lower() lids.idlist_len = 0 @@ -241,11 +300,10 @@ cdef class PTS: free(lids.idlist_val) if id == ANONYMOUSID: code = PRNOENT - if code != 0: - raise Exception("Failed to lookup PTS name: %s" % afs_error_message(code)) + pyafs_error(code) return id - def IdToName(self, id): + def _IdToName(self, id): """ Convert an AFS ID to the name of a user or group. """ @@ -267,11 +325,10 @@ cdef class PTS: free(lids.idlist_val) if name == str(id): code = PRNOENT - if code != 0: - raise Exception("Failed to lookup PTS ID: %s" % afs_error_message(code)) + pyafs_error(code) return name - def CreateUser(self, name, id=None): + def _CreateUser(self, name, id=None): """ Create a new user in the protection database. If an ID is provided, that one will be used. @@ -288,11 +345,10 @@ cdef class PTS: else: code = ubik_PR_NewEntry(self.client, 0, name, 0, 0, &cid) - if code != 0: - raise Exception("Failed to create user: %s" % afs_error_message(code)) + pyafs_error(code) return cid - def CreateGroup(self, name, owner, id=None): + def _CreateGroup(self, name, owner, id=None): """ Create a new group in the protection database. If an ID is provided, that one will be used. @@ -300,7 +356,7 @@ cdef class PTS: cdef afs_int32 code, cid name = name[:PR_MAXNAMELEN].lower() - oid = self.NameOrId(owner) + oid = self._NameOrId(owner) if id is not None: cid = id @@ -308,45 +364,41 @@ cdef class PTS: else: code = ubik_PR_NewEntry(self.client, 0, name, PRGRP, oid, &cid) - if code != 0: - raise Exception("Failed to create group: %s" % afs_error_message(code)) + pyafs_error(code) return cid - def Delete(self, ident): + def _Delete(self, ident): """ Delete the protection database entry with the provided identifier. """ cdef afs_int32 code - cdef afs_int32 id = self.NameOrId(ident) + cdef afs_int32 id = self._NameOrId(ident) code = ubik_PR_Delete(self.client, 0, id) - if code != 0: - raise Exception("Failed to delete user: %s" % afs_error_message(code)) + pyafs_error(code) - def AddToGroup(self, user, group): + def _AddToGroup(self, user, group): """ Add the given user to the given group. """ cdef afs_int32 code - cdef afs_int32 uid = self.NameOrId(user), gid = self.NameOrId(group) + cdef afs_int32 uid = self._NameOrId(user), gid = self._NameOrId(group) code = ubik_PR_AddToGroup(self.client, 0, uid, gid) - if code != 0: - raise Exception("Failed to add user to group: %s" % afs_error_message(code)) + pyafs_error(code) - def RemoveFromGroup(self, user, group): + def _RemoveFromGroup(self, user, group): """ Remove the given user from the given group. """ cdef afs_int32 code - cdef afs_int32 uid = self.NameOrId(user), gid = self.NameOrId(group) + cdef afs_int32 uid = self._NameOrId(user), gid = self._NameOrId(group) code = ubik_PR_RemoveFromGroup(self.client, 0, uid, gid) - if code != 0: - raise Exception("Failed to remove user from group: %s" % afs_error_message(code)) + pyafs_error(code) - def ListMembers(self, ident): + def _ListMembers(self, ident): """ Get the membership of an entity. @@ -363,7 +415,7 @@ cdef class PTS: cdef int i cdef object members = [] - cdef afs_int32 id = self.NameOrId(ident) + cdef afs_int32 id = self._NameOrId(ident) alist.prlist_len = 0 alist.prlist_val = NULL @@ -375,14 +427,11 @@ cdef class PTS: members.append(alist.prlist_val[i]) free(alist.prlist_val) - if over: - code = PRTOOMANY - if code != 0: - raise Exception("Failed to get group membership: %s" % afs_error_message(code)) + pyafs_error(code) return members - def ListOwned(self, owner): + def _ListOwned(self, owner): """ Get all groups owned by an entity. """ @@ -391,7 +440,7 @@ cdef class PTS: cdef int i cdef object owned = [] - cdef afs_int32 oid = self.NameOrId(owner) + cdef afs_int32 oid = self._NameOrId(owner) alist.prlist_len = 0 alist.prlist_val = NULL @@ -403,14 +452,11 @@ cdef class PTS: owned.append(alist.prlist_val[i]) free(alist.prlist_val) - if over: - code = PRTOOMANY - if code != 0: - raise Exception("Failed to get owned entities: %s" % afs_error_message(code)) + pyafs_error(code) return owned - def ListEntry(self, ident): + def _ListEntry(self, ident): """ Load a PTEntry instance with information about the provided entity. @@ -419,16 +465,15 @@ cdef class PTS: cdef prcheckentry centry cdef object entry = PTEntry() - cdef afs_int32 id = self.NameOrId(ident) + cdef afs_int32 id = self._NameOrId(ident) code = ubik_PR_ListEntry(self.client, 0, id, ¢ry) - if code != 0: - raise Exception("Error getting entity info: %s" % afs_error_message(code)) + pyafs_error(code) _ptentry_from_c(entry, ¢ry) return entry - def ChangeEntry(self, ident, newname=None, newid=None, newoid=None): + def _ChangeEntry(self, ident, newname=None, newid=None, newoid=None): """ Change the name, ID, and/or owner of a PTS entity. @@ -439,10 +484,10 @@ cdef class PTS: cdef afs_int32 c_newid = 0, c_newoid = 0 cdef char * c_newname - cdef afs_int32 id = self.NameOrId(ident) + cdef afs_int32 id = self._NameOrId(ident) if newname is None: - newname = self.IdToName(id) + newname = self._IdToName(id) c_newname = newname if newid is not None: c_newid = newid @@ -450,25 +495,23 @@ cdef class PTS: c_newoid = newoid code = ubik_PR_ChangeEntry(self.client, 0, id, c_newname, c_newoid, c_newid) - if code != 0: - raise Exception("Error changing entity info: %s" % afs_error_message(code)) + pyafs_error(code) - def IsAMemberOf(self, user, group): + def _IsAMemberOf(self, user, group): """ Return True if the given user is a member of the given group. """ cdef afs_int32 code cdef afs_int32 flag - cdef afs_int32 uid = self.NameOrId(user), gid = self.NameOrId(group) + cdef afs_int32 uid = self._NameOrId(user), gid = self._NameOrId(group) code = ubik_PR_IsAMemberOf(self.client, 0, uid, gid, &flag) - if code != 0: - raise Exception("Error testing membership: %s" % afs_error_message(code)) + pyafs_error(code) return bool(flag) - def ListMax(self): + def _ListMax(self): """ Return a tuple of the maximum user ID and the maximum group ID currently assigned. @@ -476,12 +519,11 @@ cdef class PTS: cdef afs_int32 code, uid, gid code = ubik_PR_ListMax(self.client, 0, &uid, &gid) - if code != 0: - raise Exception("Error looking up max uid/gid: %s" % afs_error_message(code)) + pyafs_error(code) return (uid, gid) - def SetMaxUserId(self, id): + def _SetMaxUserId(self, id): """ Set the maximum currently assigned user ID (the next automatically assigned UID will be id + 1) @@ -489,10 +531,9 @@ cdef class PTS: cdef afs_int32 code code = ubik_PR_SetMax(self.client, 0, id, 0) - if code != 0: - raise Exception("Error setting max uid: %s" % afs_error_message(code)) + pyafs_error(code) - def SetMaxGroupId(self, id): + def _SetMaxGroupId(self, id): """ Set the maximum currently assigned user ID (the next automatically assigned UID will be id + 1) @@ -500,10 +541,9 @@ cdef class PTS: cdef afs_int32 code code = ubik_PR_SetMax(self.client, 0, id, PRGRP) - if code != 0: - raise Exception("Error setting max gid: %s" % afs_error_message(code)) + pyafs_error(code) - def ListEntries(self, users=None, groups=None): + def _ListEntries(self, users=None, groups=None): """ Return a list of PTEntry instances representing all entries in the PRDB. @@ -535,14 +575,13 @@ cdef class PTS: _ptentry_from_c(e, ¢ries.prentries_val[i]) entries.append(e) free(centries.prentries_val) - if code != 0: - raise Exception("Unable to list entries: %s" % afs_error_message(code)) + pyafs_error(code) startindex = nextstartindex return entries - def SetFields(self, ident, access=None, groups=None, users=None): + def _SetFields(self, ident, access=None, groups=None, users=None): """ Update the fields for an entry. @@ -554,7 +593,7 @@ cdef class PTS: cdef afs_int32 code cdef afs_int32 mask = 0, flags = 0, nusers = 0, ngroups = 0 - cdef afs_int32 id = self.NameOrId(ident) + cdef afs_int32 id = self._NameOrId(ident) if access is not None: flags = access @@ -567,5 +606,91 @@ cdef class PTS: mask |= PR_SF_NGROUPS code = ubik_PR_SetFieldsEntry(self.client, 0, id, mask, flags, ngroups, nusers, 0, 0) - if code != 0: - raise Exception("Unable to set fields: %s" % afs_error_message(code)) + pyafs_error(code) + + def _AfsToKrb5(self, afs_name): + """Convert an AFS principal to a Kerberos v5 one.""" + cdef krb5_context ctx = NULL + cdef krb5_principal princ = NULL + cdef krb5_error_code code = 0 + cdef char * krb5_princ = NULL + cdef char *name = NULL, *inst = NULL, *realm = NULL + cdef object pname, pinst, prealm + + if '@' in afs_name: + pname, prealm = afs_name.rsplit('@', 1) + prealm = prealm.upper() + krb4_name = '%s@%s' % (pname, prealm) + else: + krb4_name = '%s@%s' % (afs_name, self.realm) + + pname, pinst, prealm = kname_parse(krb4_name) + if pname: + name = pname + if pinst: + inst = pinst + if prealm: + realm = prealm + + code = krb5_init_context(&ctx) + try: + pyafs_error(code) + + code = krb5_425_conv_principal(ctx, name, inst, realm, &princ) + try: + pyafs_error(code) + + code = krb5_unparse_name(ctx, princ, &krb5_princ) + try: + pyafs_error(code) + + return krb5_princ + finally: + if krb5_princ is not NULL: + free(krb5_princ) + finally: + if princ is not NULL: + krb5_free_principal(ctx, princ) + finally: + if ctx is not NULL: + krb5_free_context(ctx) + + def _Krb5ToAfs(self, krb5_name): + """Convert a Kerberos v5 principal to an AFS one.""" + cdef krb5_context ctx = NULL + cdef krb5_principal k5_princ = NULL + cdef char *k4_name, *k4_inst, *k4_realm + cdef object afs_princ + cdef object afs_name, afs_realm + + k4_name = malloc(40) + k4_name[0] = '\0' + k4_inst = malloc(40) + k4_inst[0] = '\0' + k4_realm = malloc(40) + k4_realm[0] = '\0' + + code = krb5_init_context(&ctx) + try: + pyafs_error(code) + + code = krb5_parse_name(ctx, krb5_name, &k5_princ) + try: + pyafs_error(code) + + code = krb5_524_conv_principal(ctx, k5_princ, k4_name, k4_inst, k4_realm) + pyafs_error(code) + + afs_princ = kname_unparse(k4_name, k4_inst, k4_realm) + afs_name, afs_realm = afs_princ.rsplit('@', 1) + + if k4_realm == self.realm: + return afs_name + else: + return '%s@%s' % (afs_name, afs_realm.lower()) + finally: + if k5_princ is not NULL: + krb5_free_principal(ctx, k5_princ) + finally: + if ctx is not NULL: + krb5_free_context(ctx)