X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FAuth.py;fp=PLC%2FAuth.py;h=a15bff260b28527b1798a0936c91ee1cc7770606;hb=41b097a10c1ac6dcd493b030d33194003369bdf1;hp=50e8b8e33afe6b76f448e29a55550909ad45ffc6;hpb=b3a391490764be17194820147b1cf47fff17b69a;p=plcapi.git

diff --git a/PLC/Auth.py b/PLC/Auth.py
index 50e8b8e..a15bff2 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -132,7 +132,9 @@ class SessionAuth(Auth):
                 node = nodes[0]
 
                 if 'node' not in method.roles:
-                    raise PLCAuthenticationFailure, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
+                    # using PermissionDenied rather than AuthenticationFailure here because
+                    # if that fails we don't want to delete the session..
+                    raise PLCPermissionDenied, "SessionAuth: Not allowed to call method %s, missing 'node' role"%method.name
 
                 method.caller = node
 
@@ -210,37 +212,11 @@ class BootAuth(Auth):
                 raise PLCAuthenticationFailure, "BootAuth: No such node"
             node = nodes[0]
 
+            # Jan 2011 : removing support for old boot CDs
             if node['key']:
                 key = node['key']
-            elif node['boot_nonce']:
-                # Allow very old nodes that do not have a node key in
-                # their configuration files to use their "boot nonce"
-                # instead. The boot nonce is a random value generated
-                # by the node itself and POSTed by the Boot CD when it
-                # requests the Boot Manager. This is obviously not
-                # very secure, so we only allow it to be used if the
-                # requestor IP is the same as the IP address we have
-                # on record for the node.
-                key = node['boot_nonce']
-
-                interface = None
-                if node['interface_ids']:
-                    interfaces = Interfaces(method.api, node['interface_ids'])
-                    for interface in interfaces:
-                        if interface['is_primary']:
-                            break
-
-                if not interface or not interface['is_primary']:
-                    raise PLCAuthenticationFailure, "BootAuth: No primary network interface on record"
-
-                if method.source is None:
-                    raise PLCAuthenticationFailure, "BootAuth: Cannot determine IP address of requestor"
-
-                if interface['ip'] != method.source[0]:
-                    raise PLCAuthenticationFailure, "BootAuth: Requestor IP %s does not match node IP %s" % \
-                          (method.source[0], interface['ip'])
             else:
-                raise PLCAuthenticationFailure, "BootAuth: No node key or boot nonce"
+                raise PLCAuthenticationFailure, "BootAuth: No node key"
 
             # Yes, this is the "canonicalization" method used.
             args = self.canonicalize(args)