[CalendarServer-changes] [13911] twext/trunk

source_changes at macosforge.org source_changes at macosforge.org
Thu Aug 21 11:45:29 PDT 2014 

Revision: 13911
          http://trac.calendarserver.org//changeset/13911
Author:   sagen at apple.com
Date:     2014-08-21 11:45:29 -0700 (Thu, 21 Aug 2014)
Log Message:
-----------
Move sacl to twext.python

Modified Paths:
--------------
    twext/trunk/setup.py

Added Paths:
-----------
    twext/trunk/twext/python/sacl.py

Modified: twext/trunk/setup.py
===================================================================
--- twext/trunk/setup.py	2014-08-21 17:46:43 UTC (rev 13910)
+++ twext/trunk/setup.py	2014-08-21 18:45:29 UTC (rev 13911)
@@ -181,13 +181,11 @@
 
 if sys.platform == "darwin":
     try:
-        print("XYZZY about to import launchd", sys.path)
         from twext.python import launchd
-        print("XYZZY imported launchd", launchd)
         extensions.append(launchd.ffi.verifier.get_extension())
-        print("XYZZY extensions", extensions)
-    except ImportError as e:
-        print("XYZZY import failed", e)
+        from twext.python import sacl
+        extensions.append(sacl.ffi.verifier.get_extension())
+    except ImportError:
         pass
 
 

Added: twext/trunk/twext/python/sacl.py
===================================================================
--- twext/trunk/twext/python/sacl.py	                        (rev 0)
+++ twext/trunk/twext/python/sacl.py	2014-08-21 18:45:29 UTC (rev 13911)
@@ -0,0 +1,86 @@
+##
+# Copyright (c) 2005-2014 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from __future__ import print_function
+
+__all__ = [
+    "checkSACL"
+]
+
+from cffi import FFI, VerificationError
+
+ffi = FFI()
+
+definitions = """
+    typedef unsigned char uuid_t[16];
+    int mbr_check_service_membership(const uuid_t user, const char* servicename, int* ismember);
+    int mbr_user_name_to_uuid(const char* name, uuid_t uu);
+    int mbr_group_name_to_uuid(const char* name, uuid_t uu);
+"""
+
+ffi.cdef(definitions)
+
+try:
+    lib = ffi.verify(definitions, libraries=[])
+except VerificationError as ve:
+    raise ImportError(ve)
+
+
+
+def checkSACL(userOrGroupName, serviceName):
+    """
+    Check to see if a given user or group is a member of an OS X Server
+    service's access group.  If userOrGroupName is an empty string, we
+    want to know if unauthenticated access is allowed for the given service.
+
+    @param userOrGroupName: the name of the user or group
+    @type userOrGroupName: C{unicode}
+
+    @param serviceName: the name of the service (e.g. calendar, addressbook)
+    @type serviceName: C{str}
+
+    @return: True if the user or group is allowed access to service
+    @rtype: C{bool}
+    """
+
+    userOrGroupName = userOrGroupName.encode("utf-8")
+    prefix = "com.apple.access_"
+    uu = ffi.new("uuid_t")
+
+    # See if the access group exists.  If it does not, then there are no
+    # restrictions
+    groupName = prefix + serviceName
+    groupMissing = lib.mbr_group_name_to_uuid(groupName, uu)
+    if groupMissing:
+        return True
+
+    # See if userOrGroupName matches a user
+    result = lib.mbr_user_name_to_uuid(userOrGroupName, uu)
+    if result:
+        # Not a user, try looking up a group of that name
+        result = lib.mbr_group_name_to_uuid(userOrGroupName, uu)
+
+    if result:
+        # Neither a user nor a group matches the name
+        return False
+
+    # See if the uuid is a member of the service access group
+    isMember = ffi.new("int *")
+    result = lib.mbr_check_service_membership(uu, serviceName, isMember)
+    if not result and isMember[0]:
+        return True
+
+    return False
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140821/3c4e8673/attachment.html>

More information about the calendarserver-changes mailing list