import SimpleXMLRPCServer
+import sys
+import traceback
import SocketServer
import BaseHTTPServer\r
import SimpleHTTPServer\r
"""\r
self.logRequests = logRequests\r
\r
- SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self, None, None)\r
+ SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self, True, None)\r
SocketServer.BaseServer.__init__(self, server_address, HandlerClass)\r
ctx = SSL.Context(SSL.SSLv23_METHOD)\r
ctx.use_privatekey_file(key_file)\r
self.server_bind()\r
self.server_activate()\r
\r
+ # _dispatch\r
+ #
+ # Convert an exception on the server to a full stack trace and send it to
+ # the client.
+
+ def _dispatch(self, method, params):\r
+ try:\r
+ return SimpleXMLRPCServer.SimpleXMLRPCDispatcher._dispatch(self, method, params)\r
+ except:\r
+ # can't use format_exc() as it is not available in jython yet (even\r
+ # in trunk).\r
+ type, value, tb = sys.exc_info()\r
+ raise xmlrpclib.Fault(1,''.join(traceback.format_exception(type, value, tb)))\r
+\r
# SecureXMLRpcRequestHandler\r
#\r
# taken from the web (XXX find reference). Implents HTTPS xmlrpc request handler\r
except: # This should only happen if the module is buggy\r
# internal error, report as HTTP server error\r
self.send_response(500)\r
+\r
self.end_headers()\r
else:\r
# got a valid XML RPC response\r
self.key = Keypair(filename = key_file)
self.cert = Certificate(filename = cert_file)
self.server = SecureXMLRPCServer((ip, port), SecureXMLRpcRequestHandler, key_file, cert_file)
+ self.trusted_cert_list = None
self.register_functions()
- def decode_authentication(self, cred_string):
+ def decode_authentication(self, cred_string, operation):
self.client_cred = Credential(string = cred_string)
self.client_gid = self.client_cred.get_gid_caller()
self.object_gid = self.client_cred.get_gid_object()
if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
+ # make sure the client is allowed to perform the operation
+ if not self.client_cred.can_perform(operation):
+ raise InsufficientRights(operation)
+
+ if self.trusted_cert_list:
+ self.client_cred.verify_chain(self.trusted_cert_list)
+ if self.client_gid:
+ self.client_gid.verify_chain(self.trusted_cert_list)
+ if self.object_gid:
+ self.object_gid.verify_chain(self.trusted_cert_list)
+
# register_functions override this to add more functions
def register_functions(self):
self.server.register_function(self.noop)