X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FAuth.py;h=3be444bb7a9c5b8298290437499981db0b57b06e;hb=07fc16415f6c9f1a8e9668f1dd442109bfe9cd15;hp=9fe95fd5f1f14ddf93e75819873aa083e2129de5;hpb=0c1abf0ac34f0d3d13001bc7e03b173de1396cdd;p=plcapi.git

diff --git a/PLC/Auth.py b/PLC/Auth.py
index 9fe95fd..3be444b 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -21,6 +21,7 @@ from PLC.Nodes import Node, Nodes
 from PLC.Interfaces import Interface, Interfaces
 from PLC.Sessions import Session, Sessions
 from PLC.Peers import Peer, Peers
+from PLC.Keys import Keys
 from PLC.Boot import notify_owners
 
 class Auth(Parameter):
@@ -71,25 +72,26 @@ class GPGAuth(Auth):
                     raise PLCAuthenticationFailure, "GPGAuth: Not allowed to call method, missing 'peer' role"
 
                 method.caller = peer = peers[0]
-                keys = [peer['key']]
+                gpg_keys = [ peer['key'] ]
             else:
                 persons = Persons(method.api, {'email': auth['name'], 'enabled': True, 'peer_id': None})
                 if not persons:
                     raise PLCAuthenticationFailure, "GPGAuth: No such user '%s'" % auth['name']
 
+                method.caller = person = persons[0]
                 if not set(person['roles']).intersection(method.roles):
                     raise PLCAuthenticationFailure, "GPGAuth: Not allowed to call method, missing role"
 
-                method.caller = person = persons[0]
                 keys = Keys(method.api, {'key_id': person['key_ids'], 'key_type': "gpg", 'peer_id': None})
+                gpg_keys = [ key['key'] for key in keys ]
 
-            if not keys:
-                raise PLCAuthenticationFailure, "GPGAuth: No GPG key on record for peer or user '%s'"
+            if not gpg_keys:
+                raise PLCAuthenticationFailure, "GPGAuth: No GPG key on record for peer or user '%s'"%auth['name']
 
-            for key in keys:
+            for gpg_key in gpg_keys:
                 try:
                     from PLC.GPG import gpg_verify
-                    gpg_verify(args, key, auth['signature'], method.name)
+                    gpg_verify(args, gpg_key, auth['signature'], method.name)
                     return
                 except PLCAuthenticationFailure, fault:
                     pass
@@ -216,7 +218,6 @@ class BootAuth(Auth):
             if node['key']:
                 key = node['key']
             else:
-                write_debug_line("BootAuth.check: could not get key")
                 raise PLCAuthenticationFailure, "BootAuth: No node key"
 
             # Yes, this is the "canonicalization" method used.