X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fauth.py;h=9cb905d1c38046ad427bc55c8c743599467e3263;hb=b1775bb47ea5e242d337dbd34f5d58d10a57a028;hp=303705104e16ba3f87dde1232a7c51de98a2d3b9;hpb=c885bfba493fb7cce645e6a3c3c43e59806852d3;p=sfa.git diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py index 30370510..9cb905d1 100644 --- a/sfa/trust/auth.py +++ b/sfa/trust/auth.py @@ -6,6 +6,7 @@ # +from sfa.trust.certificate import Keypair, Certificate from sfa.trust.credential import Credential from sfa.trust.trustedroot import TrustedRootList from sfa.util.faults import * @@ -13,8 +14,6 @@ from sfa.trust.hierarchy import Hierarchy from sfa.util.config import * from sfa.util.namespace import * from sfa.util.sfaticket import * -from sfa.util.sfalogging import logger - import sys class Auth: @@ -87,9 +86,10 @@ class Auth: # This check does not apply to trusted peers trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list] if hrn and self.client_gid.get_hrn() not in trusted_peers: - if not hrn == self.object_gid.get_hrn(): + target_hrn = self.object_gid.get_hrn() + if not hrn == target_hrn: raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \ - (self.object_gid.get_hrn(), hrn) ) + (target_hrn, hrn) ) return True def check_ticket(self, ticket): @@ -301,3 +301,20 @@ class Auth: def get_authority(self, hrn): return get_authority(hrn) + + def filter_creds_by_caller(self, creds, caller_hrn): + """ + Returns a list of creds who's gid caller matches the + specified caller hrn + """ + if not isinstance(creds, list): + creds = [creds] + creds = [] + for cred in creds: + try: + tmp_cred = Credential(string=cred) + if tmp_cred.get_gid_caller().get_hrn() == caller_hrn: + creds.append(cred) + except: pass + return creds +