[CalendarServer-changes] [13911] twext/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Thu Aug 21 11:45:29 PDT 2014
Revision: 13911
http://trac.calendarserver.org//changeset/13911
Author: sagen at apple.com
Date: 2014-08-21 11:45:29 -0700 (Thu, 21 Aug 2014)
Log Message:
-----------
Move sacl to twext.python
Modified Paths:
--------------
twext/trunk/setup.py
Added Paths:
-----------
twext/trunk/twext/python/sacl.py
Modified: twext/trunk/setup.py
===================================================================
--- twext/trunk/setup.py 2014-08-21 17:46:43 UTC (rev 13910)
+++ twext/trunk/setup.py 2014-08-21 18:45:29 UTC (rev 13911)
@@ -181,13 +181,11 @@
if sys.platform == "darwin":
try:
- print("XYZZY about to import launchd", sys.path)
from twext.python import launchd
- print("XYZZY imported launchd", launchd)
extensions.append(launchd.ffi.verifier.get_extension())
- print("XYZZY extensions", extensions)
- except ImportError as e:
- print("XYZZY import failed", e)
+ from twext.python import sacl
+ extensions.append(sacl.ffi.verifier.get_extension())
+ except ImportError:
pass
Added: twext/trunk/twext/python/sacl.py
===================================================================
--- twext/trunk/twext/python/sacl.py (rev 0)
+++ twext/trunk/twext/python/sacl.py 2014-08-21 18:45:29 UTC (rev 13911)
@@ -0,0 +1,86 @@
+##
+# Copyright (c) 2005-2014 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from __future__ import print_function
+
+__all__ = [
+ "checkSACL"
+]
+
+from cffi import FFI, VerificationError
+
+ffi = FFI()
+
+definitions = """
+ typedef unsigned char uuid_t[16];
+ int mbr_check_service_membership(const uuid_t user, const char* servicename, int* ismember);
+ int mbr_user_name_to_uuid(const char* name, uuid_t uu);
+ int mbr_group_name_to_uuid(const char* name, uuid_t uu);
+"""
+
+ffi.cdef(definitions)
+
+try:
+ lib = ffi.verify(definitions, libraries=[])
+except VerificationError as ve:
+ raise ImportError(ve)
+
+
+
+def checkSACL(userOrGroupName, serviceName):
+ """
+ Check to see if a given user or group is a member of an OS X Server
+ service's access group. If userOrGroupName is an empty string, we
+ want to know if unauthenticated access is allowed for the given service.
+
+ @param userOrGroupName: the name of the user or group
+ @type userOrGroupName: C{unicode}
+
+ @param serviceName: the name of the service (e.g. calendar, addressbook)
+ @type serviceName: C{str}
+
+ @return: True if the user or group is allowed access to service
+ @rtype: C{bool}
+ """
+
+ userOrGroupName = userOrGroupName.encode("utf-8")
+ prefix = "com.apple.access_"
+ uu = ffi.new("uuid_t")
+
+ # See if the access group exists. If it does not, then there are no
+ # restrictions
+ groupName = prefix + serviceName
+ groupMissing = lib.mbr_group_name_to_uuid(groupName, uu)
+ if groupMissing:
+ return True
+
+ # See if userOrGroupName matches a user
+ result = lib.mbr_user_name_to_uuid(userOrGroupName, uu)
+ if result:
+ # Not a user, try looking up a group of that name
+ result = lib.mbr_group_name_to_uuid(userOrGroupName, uu)
+
+ if result:
+ # Neither a user nor a group matches the name
+ return False
+
+ # See if the uuid is a member of the service access group
+ isMember = ffi.new("int *")
+ result = lib.mbr_check_service_membership(uu, serviceName, isMember)
+ if not result and isMember[0]:
+ return True
+
+ return False
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140821/3c4e8673/attachment.html>
More information about the calendarserver-changes
mailing list