1 files changed, 100 insertions, 0 deletions

diff --git a/func/minion/acls.py b/func/minion/acls.py
new file mode 100644
index 0000000..786a9c5
--- /dev/null
+++ b/func/minion/acls.py
@@ -0,0 +1,100 @@
+"""
+Copyright 2007, Red Hat, Inc
+see AUTHORS
+
+This software may be freely redistributed under the terms of the GNU
+general public license.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+"""
+
+import fnmatch
+import glob
+import os
+
+
+
+# TODO: need to track which file got which config from
+
+class Acls(object):
+    def __init__(self, acldir=None):
+        self.acldir = acldir
+        self.acls = {}
+
+    def load(self): 
+        """
+        takes a dir of .acl files
+        returns a dict of hostname+hash =  [methods, to, run]
+        
+        """
+    
+        if not os.path.exists(self.acldir):
+            print 'acl dir does not exist: %s' % self.acldir
+            return self.acls
+    
+        # get the set of files
+        acl_glob = '%s/*.acl' % self.acldir
+        files = glob.glob(acl_glob)
+    
+        for acl_file in files:
+        
+            try:
+                fo = open(acl_file, 'r')
+            except (IOError, OSError), e:
+                print 'cannot open acl config file: %s - %s' % (acl_file, e)
+                continue
+    
+            for line in fo.readlines():
+                if line.startswith('#'): continue
+                if line.strip() == '': continue
+                line = line.replace('\n', '')
+                (host, methods) = line.split('=')
+                host = host.strip().lower()
+                methods = methods.strip()
+                methods = methods.replace(',',' ')
+                methods = methods.split()
+                if not self.acls.has_key(host):
+                    self.acls[host] = []
+                self.acls[host].extend(methods)
+    
+        return self.acls
+
+    def check(self, cm_cert, cert, ip, method, params):
+
+        # certmaster always gets to run things
+        ca_cn = cm_cert.get_subject().CN
+        ca_hash = cm_cert.subject_name_hash()
+        ca_key = '%s-%s' % (ca_cn, ca_hash)
+        self.acls[ca_key] = ['*']
+
+        cn = cert.get_subject().CN
+        sub_hash = cert.subject_name_hash()
+        if self.acls:
+            allow_list = []
+            hostkey = '%s-%s' % (cn, sub_hash)
+            # search all the keys, match to 'cn-subhash'
+            for hostmatch in self.acls.keys():
+                if fnmatch.fnmatch(hostkey, hostmatch):
+                    allow_list.extend(self.acls[hostmatch])
+            # go through the allow_list and make sure this method is in there
+            for methodmatch in allow_list:
+                if fnmatch.fnmatch(method, methodmatch):
+                    return True
+                    
+        return False
+
+    def save(self):
+        for 
+
+    def add(self, acl, host):
+        pass
+
+    def delete(self, acl, host):
+        pass
+
+    def update(self, acl, host):
+        pass
+
+