def dispatch(self, message, incomingmessageid): """ Unwrappes the message and tries to deliver directly, or if not possible through another routing hop. """ ## print "\tRouting Dispatcher: Received something to pass on." from g4dslogging import getDefaultLogger, COMMUNICATION_INCOMING_MSG_DETAILS getDefaultLogger().newMessage(COMMUNICATION_INCOMING_MSG_DETAILS, '-- Control Msg - SS: Routing Engine') from messagewrapper import getControlMessageWrapper action, sucess, args, unwrapped = getControlMessageWrapper().unwrapSSRoutingMessage(message) destination = args['destination'] protocol = args['protocol'] community = args['community'] from authorisationcontroller import getAuthorisationController from messagehandler import getMessageContextController sourceCommunity = getMessageContextController().getValue(incomingmessageid, 'communityid') ## # let's check, whether the sender of this message is allowed to route into the community ## if not getAuthorisationController().validate(getMessageContextController().getValue(incomingmessageid, 'senderid'), ## sourceCommunity, 'g4ds.routing.route'): ## return from communitymanager import getMemberManager # check first, whether we are the final receipient if getMemberManager().getLocalMember().getId() == destination: # great stuff - pass it to the global dispatcher from messagehandler import getGlobalDispatcher getGlobalDispatcher().dispatch(protocol, unwrapped) else: args = {} args['destination'] = destination args['protocol'] = protocol args['community'] = community from messagewrapper import getControlMessageWrapper wrapped, doc, element = getControlMessageWrapper().wrapSSRoutingMessage('1', args = args, data = unwrapped) from g4dsconfigurationcontroller import getOutgoingControlMessagesHandler, CONTROL_ROUTER # check, whether we can reach the dest community directly try: getMemberManager().getLocalMember().getCommunityIds().index(community) # great to know; but are we allowed this action? if not getAuthorisationController().validate(getMemberManager().getLocalMember().getId(), community, 'g4ds.routing.route'): raise ValueError('I am in the dest community; but I am not allowed to route into it. Let us try to find somebody else.') # unfortunately, we can only check the dest tc with the access control - let's check for scr / dest combination additionally for gw in getMemberManager().getLocalMember().getGateways(): if gw.getSourceCommunityId() == sourceCommunity and gw.getDestinationCommunityId() == community: getOutgoingControlMessagesHandler().sendMessage(destination, CONTROL_ROUTER, "Routing message", wrapped, communityid = community) raise ValueError('I am in the dest community; but I am not allowed to route into it. Let us try to find somebody else.') except ValueError, msg: # ok - looks like we can only pass it on to the next hop gateway_member_id, peercommunity, hops = getRoutingTableManager().getNexthopForCommunity(community) # are we allowed this action then? if not getAuthorisationController().validate(getMemberManager().getLocalMember().getId(), peercommunity, 'g4ds.routing.route'): return # ah, fair enough - is it also allowed for the combination src TC / dst TC? for gw in getMemberManager().getLocalMember().getGateways(): if gw.getSourceCommunityId() == sourceCommunity and gw.getDestinationCommunityId() == peercommunity: getOutgoingControlMessagesHandler().sendMessage(gateway_member_id, CONTROL_ROUTER, "Routing message", wrapped, communityid = peercommunity)
def testPermissionStuff(): from authorisationcontroller import getAuthorisationController getAuthorisationController() #.printMatrix() ata = [] ata.append(['M111','C12345','g4ds.control.community.write.updatetcdl']) ata.append(['M001','C12345','g4ds.control.community.write.updatetcdl']) ata.append(['M111','S0001','g4ds.control.service.read.requestksdl']) ata.append(['M111','S0001','g4ds.control.service.write.pushksdl']) ata.append(['M001','M002','g4ds.service']) for actor, target, action in ata: print ("%s -> %s: %s " %(actor, target, action)).ljust(60,'.') + " %d" %getAuthorisationController().validate(actor, target, action)
_printAction(1, "Start up protocols and listeners") from protocolcontroller import getProtocolController import socket try: getProtocolController() # start listening on all endpoints _finishActionLine() except socket.error, msg: _finishActionLine(SUCESS_NEG) _printAction(2, str(msg)) _finishActionLine(SUCESS_NEG) _printAction(1, "Load up permission policies into memory") from authorisationcontroller import getAuthorisationController ## getAuthorisationController() try: getAuthorisationController() # start listening on all endpoints _finishActionLine() ## except Exception, msg: except KeyError, msg: _finishActionLine(SUCESS_NEG) _printAction(2, str(msg)) _finishActionLine(SUCESS_NEG) _printAction(1, "Loading routing table into memory") from routingtablemanager import getRoutingTableManager getRoutingTableManager() _finishActionLine() _printAction(1, "Enable dynamic routing") from dynamicrouting import getRoutingTableUpdater from errorhandling import G4dsRuntimeException