git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
4b61ad8
)
check the specified hrn against the target hrn
author
Tony Mack
<tmack@cs.princeton.edu>
Mon, 19 Apr 2010 20:49:27 +0000
(20:49 +0000)
committer
Tony Mack
<tmack@cs.princeton.edu>
Mon, 19 Apr 2010 20:49:27 +0000
(20:49 +0000)
sfa/trust/auth.py
patch
|
blob
|
history
diff --git
a/sfa/trust/auth.py
b/sfa/trust/auth.py
index
7a92959
..
2663417
100644
(file)
--- a/
sfa/trust/auth.py
+++ b/
sfa/trust/auth.py
@@
-32,7
+32,7
@@
class Auth:
def load_trusted_certs(self):
self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
def load_trusted_certs(self):
self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
- def check(self, cred, operation):
+ def check(self, cred, operation
, hrn = None
):
"""
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
"""
Check the credential against the peer cert (callerGID included
in the credential matches the caller that is connected to the
@@
-66,6
+66,13
@@
class Auth:
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
else:
raise MissingTrustedRoots(self.config.get_trustedroots_dir())
+ # Make sure the credential's target matches the specified hrn.
+ # This check does not apply to trusted peers
+ trusted_peers = [gid.get_hrn() for gid in self.trusted_cert_list.get_list()]
+ if hrn and client_gid.get_hrn() not in trusted_peers:
+ if not hrn == object_gid.get_hrn():
+ raise PermissionError("Target hrn: %s doesn't match specified hrn: %s " % \
+ (object_gid.get_hrn(), hrn) )
return True
def check_ticket(self, ticket):
return True
def check_ticket(self, ticket):