diff options
Diffstat (limited to 'func/minion/acls.py')
-rw-r--r-- | func/minion/acls.py | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/func/minion/acls.py b/func/minion/acls.py new file mode 100644 index 0000000..786a9c5 --- /dev/null +++ b/func/minion/acls.py @@ -0,0 +1,100 @@ +""" +Copyright 2007, Red Hat, Inc +see AUTHORS + +This software may be freely redistributed under the terms of the GNU +general public license. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +""" + +import fnmatch +import glob +import os + + + +# TODO: need to track which file got which config from + +class Acls(object): + def __init__(self, acldir=None): + self.acldir = acldir + self.acls = {} + + def load(self): + """ + takes a dir of .acl files + returns a dict of hostname+hash = [methods, to, run] + + """ + + if not os.path.exists(self.acldir): + print 'acl dir does not exist: %s' % self.acldir + return self.acls + + # get the set of files + acl_glob = '%s/*.acl' % self.acldir + files = glob.glob(acl_glob) + + for acl_file in files: + + try: + fo = open(acl_file, 'r') + except (IOError, OSError), e: + print 'cannot open acl config file: %s - %s' % (acl_file, e) + continue + + for line in fo.readlines(): + if line.startswith('#'): continue + if line.strip() == '': continue + line = line.replace('\n', '') + (host, methods) = line.split('=') + host = host.strip().lower() + methods = methods.strip() + methods = methods.replace(',',' ') + methods = methods.split() + if not self.acls.has_key(host): + self.acls[host] = [] + self.acls[host].extend(methods) + + return self.acls + + def check(self, cm_cert, cert, ip, method, params): + + # certmaster always gets to run things + ca_cn = cm_cert.get_subject().CN + ca_hash = cm_cert.subject_name_hash() + ca_key = '%s-%s' % (ca_cn, ca_hash) + self.acls[ca_key] = ['*'] + + cn = cert.get_subject().CN + sub_hash = cert.subject_name_hash() + if self.acls: + allow_list = [] + hostkey = '%s-%s' % (cn, sub_hash) + # search all the keys, match to 'cn-subhash' + for hostmatch in self.acls.keys(): + if fnmatch.fnmatch(hostkey, hostmatch): + allow_list.extend(self.acls[hostmatch]) + # go through the allow_list and make sure this method is in there + for methodmatch in allow_list: + if fnmatch.fnmatch(method, methodmatch): + return True + + return False + + def save(self): + for + + def add(self, acl, host): + pass + + def delete(self, acl, host): + pass + + def update(self, acl, host): + pass + + |