git://git.onelab.eu
/
sfa.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
98f5ae2
)
fix some bugs regarding sub authority implementaiton
author
Tony Mack
<tmack@cs.princeton.edu>
Thu, 20 Aug 2009 17:33:58 +0000
(17:33 +0000)
committer
Tony Mack
<tmack@cs.princeton.edu>
Thu, 20 Aug 2009 17:33:58 +0000
(17:33 +0000)
sfa/methods/get_credential.py
patch
|
blob
|
history
sfa/plc/api.py
patch
|
blob
|
history
sfa/plc/sfa-import-plc.py
patch
|
blob
|
history
sfa/plc/sfaImport.py
patch
|
blob
|
history
sfa/trust/auth.py
patch
|
blob
|
history
sfa/trust/hierarchy.py
patch
|
blob
|
history
diff --git
a/sfa/methods/get_credential.py
b/sfa/methods/get_credential.py
index
4e7a790
..
ff5c1a2
100644
(file)
--- a/
sfa/methods/get_credential.py
+++ b/
sfa/methods/get_credential.py
@@
-39,7
+39,9
@@
class get_credential(Method):
self.api.auth.check(cred, 'getcredential')
self.api.auth.verify_object_belongs_to_me(hrn)
auth_hrn = self.api.auth.get_authority(hrn)
self.api.auth.check(cred, 'getcredential')
self.api.auth.verify_object_belongs_to_me(hrn)
auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
+
+ # Is this a root or sub authority
+ if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = self.api.auth.get_auth_info(auth_hrn)
table = self.api.auth.get_auth_table(auth_hrn)
auth_hrn = hrn
auth_info = self.api.auth.get_auth_info(auth_hrn)
table = self.api.auth.get_auth_table(auth_hrn)
@@
-91,10
+93,12
@@
class get_credential(Method):
@return string representation of a credential object
"""
self.api.auth.verify_object_belongs_to_me(hrn)
@return string representation of a credential object
"""
self.api.auth.verify_object_belongs_to_me(hrn)
-
auth_hrn = self.api.auth.get_authority(hrn)
auth_hrn = self.api.auth.get_authority(hrn)
- if not auth_hrn:
+
+ # is this a root or sub authority
+ if not auth_hrn or hrn == self.api.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_hrn = hrn
+
auth_info = self.api.auth.get_auth_info(auth_hrn)
# find a record that matches
auth_info = self.api.auth.get_auth_info(auth_hrn)
# find a record that matches
diff --git
a/sfa/plc/api.py
b/sfa/plc/api.py
index
46bf239
..
2ac66e9
100644
(file)
--- a/
sfa/plc/api.py
+++ b/
sfa/plc/api.py
@@
-18,7
+18,6
@@
from sfa.util.debug import *
from sfa.trust.rights import *
from sfa.trust.credential import *
from sfa.util.misc import *
from sfa.trust.rights import *
from sfa.trust.credential import *
from sfa.util.misc import *
-
from sfa.util.sfalogging import *
# See "2.2 Characters" in the XML specification:
from sfa.util.sfalogging import *
# See "2.2 Characters" in the XML specification:
@@
-189,7
+188,9
@@
class GeniAPI:
hrn = self.hrn
auth_hrn = self.auth.get_authority(hrn)
hrn = self.hrn
auth_hrn = self.auth.get_authority(hrn)
- if not auth_hrn:
+
+ # is this a root or sub authority
+ if not auth_hrn or hrn == self.config.SFA_INTERFACE_HRN:
auth_hrn = hrn
auth_info = self.auth.get_auth_info(auth_hrn)
table = self.auth.get_auth_table(auth_hrn)
auth_hrn = hrn
auth_info = self.auth.get_auth_info(auth_hrn)
table = self.auth.get_auth_table(auth_hrn)
diff --git
a/sfa/plc/sfa-import-plc.py
b/sfa/plc/sfa-import-plc.py
index
260a743
..
9b12379
100755
(executable)
--- a/
sfa/plc/sfa-import-plc.py
+++ b/
sfa/plc/sfa-import-plc.py
@@
-58,18
+58,18
@@
def main():
level1_auth = None
print "Import: creating top level authorities"
level1_auth = None
print "Import: creating top level authorities"
- sfaImporter.create_top_level_auth_records(root_auth)
- if level1_auth:
+ if not level1_auth:
+ sfaImporter.create_top_level_auth_records(root_auth)
+ import_auth = root_auth
+ else:
if not AuthHierarchy.auth_exists(level1_auth):
AuthHierarchy.create_auth(level1_auth)
sfaImporter.create_top_level_auth_records(level1_auth)
import_auth = level1_auth
if not AuthHierarchy.auth_exists(level1_auth):
AuthHierarchy.create_auth(level1_auth)
sfaImporter.create_top_level_auth_records(level1_auth)
import_auth = level1_auth
- else:
- import_auth = root_auth
- print "Import: adding",
roo
t_auth, "to trusted list"
-
root = AuthHierarchy.get_auth_info(roo
t_auth)
- TrustedRoots.add_gid(
root
.get_gid_object())
+ print "Import: adding",
impor
t_auth, "to trusted list"
+
authority = AuthHierarchy.get_auth_info(impor
t_auth)
+ TrustedRoots.add_gid(
authority
.get_gid_object())
sites = shell.GetSites(plc_auth, {'peer_id': None})
# create a fake internet2 site first
sites = shell.GetSites(plc_auth, {'peer_id': None})
# create a fake internet2 site first
diff --git
a/sfa/plc/sfaImport.py
b/sfa/plc/sfaImport.py
index
8a567d7
..
71fbce7
100644
(file)
--- a/
sfa/plc/sfaImport.py
+++ b/
sfa/plc/sfaImport.py
@@
-102,20
+102,22
@@
class sfaImport:
def create_top_level_auth_records(self, hrn):
AuthHierarchy = self.AuthHierarchy
def create_top_level_auth_records(self, hrn):
AuthHierarchy = self.AuthHierarchy
- # if
root does
nt exist, create it
+ # if
auth records for this hrn do
nt exist, create it
if not AuthHierarchy.auth_exists(hrn):
AuthHierarchy.create_auth(hrn)
if not AuthHierarchy.auth_exists(hrn):
AuthHierarchy.create_auth(hrn)
- # get the parent hrn
- parent_hrn = get_authority(hrn)
- if not parent_hrn:
- parent_hrn = hrn
# get the auth info of the newly created root auth (parent)
# or level1_auth if it exists
# get the auth info of the newly created root auth (parent)
# or level1_auth if it exists
- auth_info = AuthHierarchy.get_auth_info(parent_hrn)
if self.level1_auth:
auth_info = AuthHierarchy.get_auth_info(hrn)
if self.level1_auth:
auth_info = AuthHierarchy.get_auth_info(hrn)
+ parent_hrn = hrn
+ else:
+ parent_hrn = get_authority(hrn)
+ if not parent_hrn:
+ parent_hrn = hrn
+ auth_info = AuthHierarchy.get_auth_info(parent_hrn)
+
table = self.get_auth_table(parent_hrn)
auth_record = table.resolve("authority", hrn)
table = self.get_auth_table(parent_hrn)
auth_record = table.resolve("authority", hrn)
diff --git
a/sfa/trust/auth.py
b/sfa/trust/auth.py
index
3b0af02
..
34cbddc
100644
(file)
--- a/
sfa/trust/auth.py
+++ b/
sfa/trust/auth.py
@@
-118,7
+118,7
@@
class Auth:
@param name human readable name of object
"""
auth_name = self.get_authority(name)
@param name human readable name of object
"""
auth_name = self.get_authority(name)
- if not auth_name:
+ if not auth_name
or name == self.config.SFA_INTERFACE_HRN
:
# the root authority belongs to the registry by default?
# TODO: is this true?
return
# the root authority belongs to the registry by default?
# TODO: is this true?
return
diff --git
a/sfa/trust/hierarchy.py
b/sfa/trust/hierarchy.py
index
c73d858
..
8f4f9fc
100644
(file)
--- a/
sfa/trust/hierarchy.py
+++ b/
sfa/trust/hierarchy.py
@@
-110,8
+110,8
@@
class Hierarchy:
def __init__(self, basedir = None):
if not basedir:
def __init__(self, basedir = None):
if not basedir:
- config = Config()
- basedir = os.path.join(config.SFA_BASE_DIR, "authorities")
+
self.
config = Config()
+ basedir = os.path.join(
self.
config.SFA_BASE_DIR, "authorities")
self.basedir = basedir
##
# Given a hrn, return the filenames of the GID, private key, and dbinfo
self.basedir = basedir
##
# Given a hrn, return the filenames of the GID, private key, and dbinfo
@@
-226,7
+226,7
@@
class Hierarchy:
gid = GID(subject=hrn, uuid=uuid, hrn=hrn)
parent_hrn = get_authority(hrn)
gid = GID(subject=hrn, uuid=uuid, hrn=hrn)
parent_hrn = get_authority(hrn)
- if not parent_hrn:
+ if not parent_hrn
or hrn == self.config.SFA_INTERFACE_HRN
:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, hrn)
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
gid.set_issuer(pkey, hrn)
@@
-289,7
+289,7
@@
class Hierarchy:
cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
cred.set_pubkey(auth_info.get_gid_object().get_pubkey())
parent_hrn = get_authority(hrn)
- if not parent_hrn:
+ if not parent_hrn
or hrn == self.config.SFA_INTERFACE_HRN
:
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
cred.set_issuer(auth_info.get_pkey_object(), hrn)
# if there is no parent hrn, then it must be self-signed. this
# is where we terminate the recursion
cred.set_issuer(auth_info.get_pkey_object(), hrn)