X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/python-afs.git/blobdiff_plain/d6c53efae5d34d8edeba9269312d45c189d2ffdd..8d2728f99cd4e073aac44163f608145c88f0f695:/afs/_pts.pyx diff --git a/afs/_pts.pyx b/afs/_pts.pyx index 43a0f03..85395bd 100644 --- a/afs/_pts.pyx +++ b/afs/_pts.pyx @@ -1,16 +1,223 @@ -cimport afs as a +from afs cimport * + +cdef import from "afs/ptuser.h": + enum: + PR_MAXNAMELEN + PRGRP + ANONYMOUSID + + ctypedef char prname[PR_MAXNAMELEN] + + struct namelist: + unsigned int namelist_len + prname *namelist_val + + struct idlist: + unsigned int idlist_len + afs_int32 *idlist_val + + int ubik_PR_NameToID(ubik_client *, afs_int32, namelist *, idlist *) + int ubik_PR_IDToName(ubik_client *, afs_int32, idlist *, namelist *) + int ubik_PR_INewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32) + int ubik_PR_NewEntry(ubik_client *, afs_int32, char *, afs_int32, afs_int32, afs_int32 *) + int ubik_PR_Delete(ubik_client *, afs_int32, afs_int32) + +cdef import from "afs/pterror.h": + enum: + PRNOENT + + void initialize_PT_error_table() cdef class PTS: - cdef a.ubik_client * client - - def __cinit__(self): - cdef a.afs_int32 code - + cdef ubik_client * client + + def __cinit__(self, cell=None, sec=1): + """ + Open a connection to the protection server. A PTS object is + essentially a handle to talk to the server in a given cell. + + cell defaults to None. If no argument is passed for cell, PTS + connects to the home cell. + + sec is the security level, an integer from 0 to 3: + - 0: unauthenticated connection + - 1: try authenticated, then fall back to unauthenticated + - 2: fail if an authenticated connection can't be established + - 3: same as 2, plus encrypt all traffic to the protection + server + """ + cdef afs_int32 code + cdef afsconf_dir *cdir + cdef afsconf_cell info + cdef char * c_cell + cdef ktc_principal prin + cdef ktc_token token + cdef rx_securityClass *sc + cdef rx_connection *serverconns[MAXSERVERS] + cdef int i + + initialize_PT_error_table() + + if cell is None: + c_cell = NULL + else: + c_cell = cell + self.client = NULL - - code = a.rx_Init(0) + + code = rx_Init(0) + if code != 0: + raise Exception(code, "Error initializing Rx") + + cdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH) + if cdir is NULL: + raise OSError(errno, + "Error opening configuration directory (%s): %s" % \ + (AFSDIR_CLIENT_ETC_DIRPATH, strerror(errno))) + code = afsconf_GetCellInfo(cdir, c_cell, "afsprot", &info) + if code != 0: + raise Exception(code, "GetCellInfo: %s" % afs_error_message(code)) + + if sec > 0: + strncpy(prin.cell, info.name, sizeof(prin.cell)) + prin.instance[0] = 0 + strncpy(prin.name, "afs", sizeof(prin.name)) + + code = ktc_GetToken(&prin, &token, sizeof(token), NULL); + if code != 0: + if sec >= 2: + # No really - we wanted authentication + raise Exception(code, "Failed to get token for service AFS: %s" % afs_error_message(code)) + sec = 0 + else: + if sec == 3: + level = rxkad_crypt + else: + level = rxkad_clear + sc = rxkad_NewClientSecurityObject(level, &token.sessionKey, + token.kvno, token.ticketLen, + token.ticket) + + if sec == 0: + sc = rxnull_NewClientSecurityObject() + else: + sec = 2 + + memset(serverconns, 0, sizeof(serverconns)) + for 0 <= i < info.numServers: + serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, + info.hostAddr[i].sin_port, + PRSRV, + sc, + sec) + + code = ubik_ClientInit(serverconns, &self.client) if code != 0: - raise Exception(str(code)) - + raise Exception("Failed to initialize ubik connection to Protection server: %s" % afs_error_message(code)) + + code = rxs_Release(sc) + def __dealloc__(self): - a.rx_Finalize() + ubik_ClientDestroy(self.client) + rx_Finalize() + + def NameToId(self, name): + """ + Converts a user or group to an AFS ID. + """ + cdef namelist lnames + cdef idlist lids + cdef afs_int32 code, id + name = name.lower() + + lids.idlist_len = 0 + lids.idlist_val = NULL + lnames.namelist_len = 1 + lnames.namelist_val = malloc(PR_MAXNAMELEN) + strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN) + code = ubik_PR_NameToID(self.client, 0, &lnames, &lids) + if lids.idlist_val is not NULL: + id = lids.idlist_val[0] + free(lids.idlist_val) + if id == ANONYMOUSID: + code = PRNOENT + if code != 0: + raise Exception("Failed to lookup PTS name: %s" % afs_error_message(code)) + return id + + def IdToName(self, id): + """ + Convert an AFS ID to the name of a user or group. + """ + cdef namelist lnames + cdef idlist lids + cdef afs_int32 code + cdef char name[PR_MAXNAMELEN] + + lids.idlist_len = 1 + lids.idlist_val = malloc(sizeof(afs_int32)) + lids.idlist_val[0] = id + lnames.namelist_len = 0 + lnames.namelist_val = NULL + code = ubik_PR_IDToName(self.client, 0, &lids, &lnames) + if lnames.namelist_val is not NULL: + strncpy(name, lnames.namelist_val[0], sizeof(name)) + free(lnames.namelist_val) + if lids.idlist_val is not NULL: + free(lids.idlist_val) + if name == str(id): + code = PRNOENT + if code != 0: + raise Exception("Failed to lookup PTS ID: %s" % afs_error_message(code)) + return name + + def CreateUser(self, name, id=None): + """ + Create a new user in the protection database. If an ID is + provided, that one will be used. + """ + cdef afs_int32 code + cdef afs_int32 cid + name = name[:PR_MAXNAMELEN].lower() + + if id is not None: + cid = id + + if id is not None: + code = ubik_PR_INewEntry(self.client, 0, name, cid, 0) + else: + code = ubik_PR_NewEntry(self.client, 0, name, 0, 0, &cid) + + if code != 0: + raise Exception("Failed to create user: %s" % afs_error_message(code)) + return cid + + def CreateGroup(self, name, owner, id=None): + """ + Create a new group in the protection database. If an ID is + provided, that one will be used. + """ + cdef afs_int32 code, cid + + name = name[:PR_MAXNAMELEN].lower() + oid = self.NameToId(owner) + + if id is not None: + cid = id + code = ubik_PR_INewEntry(self.client, 0, name, cid, oid) + else: + code = ubik_PR_NewEntry(self.client, 0, name, PRGRP, oid, &cid) + + if code != 0: + raise Exception("Failed to create group: %s" % afs_error_message(code)) + return cid + + def Delete(self, id): + """ + Delete the protection database entry with the provided ID. + """ + cdef afs_int32 code + + code = ubik_PR_Delete(self.client, 0, id) + if code != 0: + raise Exception("Failed to delete user: %s" % afs_error_message(code))