git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'master' into eucalyptus-devel
[sfa.git] / sfa / trust / auth.py
diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py
index 8570c78..218783e 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -1,10 +1,7 @@
 #
 # SfaAPI authentication 
 #
-### $Id$
-### $URL$
-#
-
+import sys
 
 from sfa.trust.certificate import Keypair, Certificate
 from sfa.trust.credential import Credential
@@ -12,26 +9,10 @@ from sfa.trust.trustedroot import TrustedRootList
 from sfa.util.faults import *
 from sfa.trust.hierarchy import Hierarchy
 from sfa.util.config import *
-from sfa.util.namespace import *
+from sfa.util.xrn import get_authority
 from sfa.util.sfaticket import *
-from sfa.util.sfalogging import logger
-import sys
-
-def filter_creds_by_caller(self, creds, caller_hrn):
-        """
-        Returns a list of creds who's gid caller matches the
-        specified caller hrn
-        """
-        if not isinstance(creds, list): creds = [creds]
-        caller_creds = []
-        for cred in creds:
-            try:
-                tmp_cred = Credential(string=cred)
-                if tmp_cred.get_gid_caller().get_hrn() == caller_hrn:
-                    caller_creds.append(cred)
-            except: pass
-        return caller_creds
 
+from sfa.util.sfalogging import sfa_logger
 
 class Auth:
     """
@@ -55,11 +36,14 @@ class Auth:
         valid = []
         if not isinstance(creds, list):
             creds = [creds]
+        sfa_logger().debug("Auth.checkCredentials with %d creds"%len(creds))
         for cred in creds:
             try:
                 self.check(cred, operation, hrn)
                 valid.append(cred)
             except:
+                cred_obj=Credential(string=cred)
+                sfa_logger().debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
                 error = sys.exc_info()[:2]
                 continue
             
@@ -74,7 +58,7 @@ class Auth:
         Check the credential against the peer cert (callerGID included 
         in the credential matches the caller that is connected to the 
         HTTPS connection, check if the credential was signed by a 
-        trusted cert and check if the credential is allowd to perform 
+        trusted cert and check if the credential is allowed to perform 
         the specified operation.    
         """
         self.client_cred = Credential(string = cred)
@@ -95,7 +79,7 @@ class Auth:
                 raise InsufficientRights(operation)
 
         if self.trusted_cert_list:
-            self.client_cred.verify(self.trusted_cert_file_list)
+            self.client_cred.verify(self.trusted_cert_file_list, self.config.SFA_CREDENTIAL_SCHEMA)
         else:
            raise MissingTrustedRoots(self.config.get_trustedroots_dir())
        
@@ -254,7 +238,7 @@ class Auth:
         verify_cancreate_credential()
         """
 
-        rl = RightList()
+        rl = Rights()
         type = record['type']
 
 
sfa