1 # Copyright 2008 LShift Ltd

     2 # Author(s):

     3 # Paul Crowley <paul@lshift.net>

     4 #

     5 # This software may be used and distributed according to the terms

     6 # of the GNU General Public License, incorporated herein by reference.

     7 

     8 import re

     9 

    10 allowedchars = "A-Za-z0-9_-"

    11 

    12 goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))

    13 def goodpath(path):

    14     return goodpathre.match(path) is not None:

    15 

    16 goodglobre = re.compile("[*/%s]+$" % allowedchars)

    17 

    18 def goodglob(pattern):

    19     return goodglobre.match(pattern) is not None

    20 

    21 # Don't put anything except *A-Za-z0-9_- in rule globs or   

    22 # it will match nothing.  No regexp metachars, not even .

    23 # We may fix this later.

    24 def globmatcher(pattern):

    25     if not goodglob(pattern):

    26         #fail("Bad glob pattern in auth config: %s" % pattern)

    27         # FIXME: report it somehow

    28         return lambda x: False

    29     # Substitution cunning so ** can be different from *

    30     pattern = pattern.replace("*", "[]")

    31     pattern = pattern.replace("[][]", "[/%s]*" % allowedchars)

    32     pattern = pattern.replace("[]", "[%s]*" % allowedchars)

    33     rex = re.compile(pattern + "$")

    34     # None matches everything

    35     return lambda x: x is None or rex.match(x) is not None

    36 

    37 def rule(pairs):

    38     matchers = [(k, globmatcher(v)) for k, v in pairs]

    39     def c(**kw):

    40         for k, m in matchers:

    41             if k not in kw or not m(kw[k]):

    42                 return False

    43         return True

    44     return c

    45 

    46 class Ruleset(object):

    47     '''Class representing the rules in a rule file'''

    48     

    49     levels = ["init", "write", "read", "deny"]

    50 

    51     def __init__(self):

    52         self.rules = []

    53 

    54     def add(self, action, conditions):

    55         self.rules.append((action, conditions))

    56 

    57     def matchrule(self, **kw):

    58         for a, c in self.rules:

    59             if c(**kw):

    60                 return a

    61         return None

    62 

    63     def allow(self, level, **kw):

    64         a = matchrule(self, **kw)

    65         return a in self.levels and self.levels.index(a) <= self.levels.index(level)

    66     

    67     @classmethod

    68     def read_rules(cls, fn):

    69         res = cls()

    70         f = open(fn)

    71         try:

    72             for l in f:

    73                 l = l.strip()

    74                 if len(l) == 0 or l.startswith["#"]:

    75                     continue

    76                 res.add(l[0], rule([c.split("=", 1) for c in l[1:]]))

    77         finally:

    78             f.close()

    79         return res

    80 

    81