git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Generalize credentials argument
[sfa.git] / sfa / trust / auth.py
diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index b88a472..449f1cf 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -35,7 +35,6 @@ class Auth:
         self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
 
         
         self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
 
         
-        
     def checkCredentials(self, creds, operation, xrns=[]):
         if not isinstance(xrns, list):
             xrns = [xrns]
     def checkCredentials(self, creds, operation, xrns=[]):
         if not isinstance(xrns, list):
             xrns = [xrns]
@@ -43,14 +42,17 @@ class Auth:
         valid = []
         if not isinstance(creds, list):
             creds = [creds]
         valid = []
         if not isinstance(creds, list):
             creds = [creds]
-        logger.debug("Auth.checkCredentials with %d creds"%len(creds))
+        logger.debug("Auth.checkCredentials with %d creds on hrns=%s"%(len(creds),hrns))
+        # won't work if either creds or hrns is empty - let's make it more explicit
+        if not creds: raise InsufficientRights("Access denied - no credential provided")
+        if not hrns: hrns = [None]
         for cred in creds:
             for hrn in hrns:
                 try:
                     self.check(cred, operation, hrn)
                     valid.append(cred)
                 except:
         for cred in creds:
             for hrn in hrns:
                 try:
                     self.check(cred, operation, hrn)
                     valid.append(cred)
                 except:
-                    cred_obj=Credential(string=cred)
+                    cred_obj=Credential(cred=cred)
                     logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
                     error = sys.exc_info()[:2]
                     continue
                     logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
                     error = sys.exc_info()[:2]
                     continue
@@ -61,7 +63,7 @@ class Auth:
         return valid
         
         
         return valid
         
         
-    def check(self, cred, operation, hrn = None):
+    def check(self, credential, operation, hrn = None):
         """
         Check the credential against the peer cert (callerGID included 
         in the credential matches the caller that is connected to the 
         """
         Check the credential against the peer cert (callerGID included 
         in the credential matches the caller that is connected to the 
@@ -69,7 +71,10 @@ class Auth:
         trusted cert and check if the credential is allowed to perform 
         the specified operation.    
         """
         trusted cert and check if the credential is allowed to perform 
         the specified operation.    
         """
-        self.client_cred = Credential(string = cred)
+        cred = Credential(cred=credential)    
+        self.client_cred = cred
+        logger.debug("Auth.check: handling hrn=%s and credential=%s"%\
+                         (hrn,cred.get_summary_tostring()))
         self.client_gid = self.client_cred.get_gid_caller()
         self.object_gid = self.client_cred.get_gid_object()
         
         self.client_gid = self.client_cred.get_gid_caller()
         self.object_gid = self.client_cred.get_gid_object()
         
sfa