return int( a ) , int( b )
def _simplifyRange( value ) :
- if isinstance( value , tuple ) and len( tuple ) == 2 and value[ 0 ] == value[ 1 ] :
+ if isinstance( value , tuple ) and len( value ) == 2 and value[ 0 ] == value[ 1 ] :
return value[ 0 ]
else :
return value
def _toRange( value ) :
range = _g_range
- if isinstance( value , ( int , long ) ) :
- range.first = range.last = value
- elif isinstance( value , tuple ) :
- range.first , range.last = value
+ if isinstance( value , tuple ) :
+ range.first , range.last = map( int , value )
else :
- raise RuntimeError
+ value = int( value )
+ range.first = range.last = value
return range
def addProcessAuthCapList( pid , type , range , ttl = unlimitedTtl ) :
a , b ,
n ) ,
32 )
- return [ ( _range( r ) , intToTtl( ttl ) ) for r , ttl in zip( ranges , ttls ) ]
+ return [ ( _fromRange( r ) , intToTtl( ttl ) ) for r , ttl in zip( ranges , ttls ) ]
def getProcessAuthCapList( pid , type ) :
ranges , ttls = \
else :
raise RuntimeError , 'unexpected object %r' % ( target , )
+_g_typeNames = {
+ headers.ACT_real : 'Auth capabilities' ,
+ headers.ACT_eff : 'Auth effective capabilities' ,
+ headers.ACT_fs : 'Auth FS capabilities' ,
+ headers.ACT_group_real : 'Auth group capabilities' ,
+ headers.ACT_group_eff : 'Auth group effective capabilities' ,
+ headers.ACT_group_fs : 'Auth group FS capabilities'
+ }
+
class AuthCapDictProxyBase( object ) :
__slots__ = ()
def keys( self ) :
return [ i[ 0 ] for i in self.items() ]
def values( self ) :
return [ i[ 1 ] for i in self.items() ]
+ def add( self , range , ttl = unlimitedTtl ) :
+ self[ range ] = ttl
+ def discard( self , range ) :
+ del self[ range ]
def __getitem__( self , range ) :
range = _simplifyRange( range )
for k , v in self.items() :
return v or True
else :
return False
+ def __delitem__( self , range ) :
+ self[ range ] = False
+ def __repr__( self ) :
+ return '<%s for %s: %d items>' \
+ % ( _g_typeNames[ self._type ] ,
+ self._name() , len( self.items() ) )
class AuthCapDictProxyProcess( AuthCapDictProxyBase ) :
__slots__ = ( '_target' , '_type' )
- def __init__( self , target , type ) :
+ def __init__( self , type , target ) :
super( AuthCapDictProxyProcess , self ).__init__()
self._target = target
self._type = type
- def __setitem__( self , range , value ) :
+ def __setitem__( self , range , ttl ) :
range = _simplifyRange( range )
- if value is True :
- value = None
- addProcessAuthCapList( self._target , self._type , range , value )
+ addProcessAuthCapList( self._target , self._type , range , ttl )
+ def _name( self ) :
+ return 'Process %d' % ( self._target , )
def items( self ) :
return getProcessAuthCapList( self._target , self._type )
class AuthCapDictProxyFd( AuthCapDictProxyBase ) :
__slots__ = ( '_target' , '_type' )
- def __init__( self , target , type ) :
+ def __init__( self , type , target ) :
super( AuthCapDictProxyFd , self ).__init__()
self._target = target
self._type = type
+ def __setitem__( self , range , ttl ) :
+ range = _simplifyRange( range )
+ addFdAuthCapList( self._target , self._type , range , ttl )
+ def _name( self ) :
+ return 'FD %r' % ( self._target , )
def items( self ) :
return getFdAuthCapList( self._target , self._type )
"""Base class for FD hierarchy.
"""
- __slots__ = ( '_id' , 'acl' , 'eff_acl' )
+ __slots__ = ( '_id' , 'acl' , 'eff_acl' ,
+ 'authCapability' , 'authEffectiveCapability' , 'authFsCapability' ,
+ 'authGroupCapability' , 'authGroupEffectiveCapability' , 'authGroupFsCapability' )
type = headers.T_FD
def __new__( cls , id ) :
if id is None :
self._id = id
self.acl = acl.AclByName( self )
self.eff_acl = acl.EffectiveAclByName( self )
+ self.authCapability = \
+ auth.AuthCapDictProxyFd( headers.ACT_real , id )
+ self.authEffectiveCapability = \
+ auth.AuthCapDictProxyFd( headers.ACT_eff , id )
+ self.authFsCapability = \
+ auth.AuthCapDictProxyFd( headers.ACT_fs , id )
+ self.authGroupCapability = \
+ auth.AuthCapDictProxyFd( headers.ACT_group_real , id )
+ self.authGroupEffectiveCapability = \
+ auth.AuthCapDictProxyFd( headers.ACT_group_eff , id )
+ self.authGroupFsCapability = \
+ auth.AuthCapDictProxyFd( headers.ACT_group_fs , id )
def __eq__( self , other ) :
return self is other or ( isinstance( other , FDBase )
and self.type == other.type
#--[ Process ]----------------------------------------------------------------
class ProcessBase( ObjectWithAttributes ) :
- __slots__ = ( 'pid' , '_id' , 'acl' , 'eff_acl' )
- def __init__( self , process ) :
+ __slots__ = ( 'pid' , '_id' , 'acl' , 'eff_acl' ,
+ 'authCapability' , 'authEffectiveCapability' , 'authFsCapability' ,
+ 'authGroupCapability' , 'authGroupEffectiveCapability' , 'authGroupFsCapability' )
+ def __init__( self , pid ) :
super( ProcessBase , self ).__init__()
id = headers.rsbac_target_id_t()
- id.process = process
- self.pid = process
+ id.process = pid
+ self.pid = pid
self._id = byref( id )
self.acl = acl.AclById( self )
self.eff_acl = acl.EffectiveAclById( self )
+ self.authCapability = \
+ auth.AuthCapDictProxyProcess( headers.ACT_real , pid )
+ self.authEffectiveCapability = \
+ auth.AuthCapDictProxyProcess( headers.ACT_eff , pid )
+ self.authFsCapability = \
+ auth.AuthCapDictProxyProcess( headers.ACT_fs , pid )
+ self.authGroupCapability = \
+ auth.AuthCapDictProxyProcess( headers.ACT_group_real , pid )
+ self.authGroupEffectiveCapability = \
+ auth.AuthCapDictProxyProcess( headers.ACT_group_eff , pid )
+ self.authGroupFsCapability = \
+ auth.AuthCapDictProxyProcess( headers.ACT_group_fs , pid )
def __int__( self ) :
return int( self.pid )
def __long__( self ) :
lambda n , a : lib.rsbac_list_all_group( transaction._t , a , n ) )
return map( User , sorted( arr ) )
-from rsbac import acl
+from rsbac import acl, auth
defaultFd = FD( None )
defaultFile = File( None )
projects / py-rsbac / commitdiff