#!/usr/bin/python2 import sys if sys.platform == "darwin": # OSX: pyGlobus/globus need to be loaded before modules such as socket. import pyGlobus.ioc import os import cmd from optparse import Option from AccessGrid import Toolkit from AccessGrid.Venue import VenueIW from AccessGrid.Security.AuthorizationManager import AuthorizationManagerIW from AccessGrid.Security.X509Subject import X509Subject from AccessGrid.Security.Action import Action class CmdProcessor(cmd.Cmd): def __init__(self, authManager, log): cmd.Cmd.__init__(self) self.authManager = authManager self.log = log self.prompt = "venueacls> " def emptyline(self): """ Method to process empty lines. """ pass def do_allow(self,line): self._addToRole('AllowedEntry') def do_disallow(self,line): self._removeFromRole('AllowedEntry') def do_roles(self,line): roles = self.authManager.ListRoles() for role in roles: print role.name def do_list_allowed(self,line): self._listSubjectsInRole('AllowedEntry') def do_list_admins(self,line): self._listSubjectsInRole('Administrators') def do_add_admin(self,line): self._addToRole('Administrators') def do_del_admin(self,line): self._removeFromRole('Administrators') def do_everybody(self,line): role = self.authManager.FindRole('Everybody') action = Action('Enter') self.authManager.AddRoleToAction(role,action) def do_noteverybody(self,line): role = self.authManager.FindRole('Everybody') action = Action('Enter') self.authManager.RemoveRoleFromAction(role,action) def do_status(self,line): print "-- Administrators" self._listSubjectsInRole('Administrators') print "-- Allowed in venue" self._listSubjectsInRole('AllowedEntry') enterAction = Action('Enter') roles = self.authManager.ListRolesInAction(enterAction) isEverybodyAllowed = 0 for role in roles: if role.name == 'Everybody': isEverybodyAllowed = 1 break print "Everybody else? ", isEverybodyAllowed def do_quit(self,line): # Just do what the man says and everything'll be cool os._exit(0) def _addToRole(self,rolename): subjname = raw_input('DN to add: ') if not subjname: return subjList = subjname.split(',') oSubjList = [] for subj in subjList: oSubjList.append(X509Subject(subj)) role = self.authManager.FindRole(rolename) self.authManager.AddSubjectsToRole(oSubjList,role) def _removeFromRole(self,rolename): role = self.authManager.FindRole(rolename) subjects = self.authManager.ListSubjects(role) for i in range(len(subjects)): print i,' ',subjects[i].name subjIndex = raw_input('Select from list: ') if not subjIndex: return if subjIndex == 'all': self.authManager.RemoveSubjectsFromRole(subjects,role) elif subjIndex.find(',') >=0: subjIndexes = subjIndex.split(',') for index in subjIndexes: self._removeSubjectByIndex(subjects,index,role) else: self._removeSubjectByIndex(subjects,subjIndex,role) def _removeSubjectByIndex(self,subjects,index,role): try: index = int(index) except: print "Invalid index:", index return if index not in range(len(subjects)): print "Invalid index:", index return self.authManager.RemoveSubjectFromRole(subjects[index],role) def _listSubjectsInRole(self,rolename): role = self.authManager.FindRole(rolename) subjects = self.authManager.ListSubjects(role) for subject in subjects: print subject.name def main(): """ The main routine. """ # Instantiate the app app = Toolkit.CmdlineApplication() # Handle command-line arguments urlOption = Option("-u","--url", dest = "url", default = 0, help = "URL of the venue for ACL editing.") app.AddCmdLineOption(urlOption) # Initialize the application try: app.Initialize("VenueAcls") except Exception, e: print "Exception: ", e sys.exit(0) url = app.GetOption('url') if not url: print "* * Error: No Venue URL given" sys.exit(1) venue = VenueIW(url) authManagerUrl = venue.GetAuthorizationManager() authManager = AuthorizationManagerIW(authManagerUrl) cmd = CmdProcessor(authManager, app.GetLog()) # Loop forever (or until we're told to quit) cmd.cmdloop() if __name__ == "__main__": main()