From 49d6c2d9783c1037564f60430c5341bd7385fb1f Mon Sep 17 00:00:00 2001
From: Tony Mack <tmack@cs.princeton.edu>
Date: Fri, 16 Oct 2009 01:58:37 +0000
Subject: [PATCH] added request_hash argumet some more calls

---
 sfa/client/sfi.py       | 34 ++++++++++++++++++++--------------
 sfa/methods/register.py |  4 ++--
 sfa/methods/remove.py   | 13 ++++++++++---
 sfa/methods/update.py   | 21 ++++++++++++++-------
 4 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/sfa/client/sfi.py b/sfa/client/sfi.py
index 4d4870dd..c93449fb 100755
--- a/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@ -508,11 +508,14 @@ class Sfi:
     # removed named registry record
     #   - have to first retrieve the record to be removed
     def remove(self,opts, args):
-       auth_cred = self.get_auth_cred()
+       auth_cred = self.get_auth_cred().save_to_string(save_parents=True)
+       hrn = args[0]
        type = opts.type 
        if type in ['all']:
-           type = '*'                   
-       return self.registry.remove(auth_cred, type, args[0])
+           type = '*'
+       arg_list = [auth_cred, type, hrn]
+       request_hash = self.key.compute_hash(arg_list)                   
+       return self.registry.remove(auth_cred, type, hrn, request_hash)
     
     # add named registry record
     def add(self,opts, args):
@@ -520,8 +523,8 @@ class Sfi:
        record_filepath = args[0]
        rec_file = self.get_record_file(record_filepath)
        record = self.load_record_from_file(rec_file).as_dict()
-       request_hash = self.key.compute_hash([auth_cred, record])
-   
+       arg_list = [auth_cred]
+       request_hash = self.key.compute_hash(arg_list)
        return self.registry.register(auth_cred, record, request_hash)
     
     # update named registry entry
@@ -529,28 +532,31 @@ class Sfi:
        user_cred = self.get_user_cred()
        rec_file = self.get_record_file(args[0])
        record = self.load_record_from_file(rec_file)
-       if record.get_type() == "user":
+       if record['type'] == "user":
            if record.get_name() == user_cred.get_gid_object().get_hrn():
-              cred = user_cred
+              cred = user_cred.save_to_string(save_parents=True)
            else:
-              cred = self.get_auth_cred()
-       elif record.get_type() in ["slice"]:
+              cred = self.get_auth_cred().save_to_string(save_parents=True)
+       elif record['type'] in ["slice"]:
            try:
-               cred = self.get_slice_cred(record.get_name())
+               cred = self.get_slice_cred(record.get_name()).save_to_string(save_parents=True)
            except ServerException, e:
                # XXX smbaker -- once we have better error return codes, update this
                # to do something better than a string compare
                if "Permission error" in e.args[0]:
-                   cred = self.get_auth_cred()
+                   cred = self.get_auth_cred().save_to_string(save_parents=True)
                else:
                    raise
        elif record.get_type() in ["authority"]:
-           cred = self.get_auth_cred()
+           cred = self.get_auth_cred().save_to_string(save_parents=True)
        elif record.get_type() == 'node':
-            cred = self.get_auth_cred()
+           cred = self.get_auth_cred().save_to_string(save_parents=True)
        else:
            raise "unknown record type" + record.get_type()
-       return self.registry.update(cred, record)
+       record = record.as_dict()
+       arg_list = [cred]  
+       request_hash = self.key.compute_hash(arg_list)
+       return self.registry.update(cred, record, request_hash)
    
     
     def aggregates(self, opts, args):
diff --git a/sfa/methods/register.py b/sfa/methods/register.py
index 36680d0d..1a91398b 100644
--- a/sfa/methods/register.py
+++ b/sfa/methods/register.py
@@ -42,8 +42,8 @@ class register(Method):
         # authenticate the caller's request_hash. Let just get the caller's gid
         # from the cred and authenticate using that 
         client_gid = Credential(string=cred).get_gid_caller()
-        client_gid_str = client_gid.save_to_string()
-        self.api.auth.authenticateGid(cred, [cred, record_dict], request_hash)
+        client_gid_str = client_gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(client_gid_str, [cred], request_hash)
         self.api.auth.check(cred, "register")
         if caller_cred==None:
 	        caller_cred=cred
diff --git a/sfa/methods/remove.py b/sfa/methods/remove.py
index 58d0706b..0321bdb2 100644
--- a/sfa/methods/remove.py
+++ b/sfa/methods/remove.py
@@ -28,17 +28,24 @@ class remove(Method):
     accepts = [
         Parameter(str, "Credential string"),
         Parameter(str, "Record type"),
-        Parameter(str, "Human readable name (hrn) of record to be removed")
+        Parameter(str, "Human readable name (hrn) of record to be removed"),
+        Parameter(str, "Request hash")
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, type, hrn, caller_cred=None):
+    def call(self, cred, type, hrn, request_hash, caller_cred=None):
+
         if caller_cred==None:
             caller_cred=cred
         #log the call
         self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), hrn, self.name))
-
+        # This cred will be an authority cred, not a user, so we cant use it to 
+        # authenticate the caller's request_hash. Let just get the caller's gid
+        # from the cred and authenticate using that
+        client_gid = Credential(string=cred).get_gid_caller()
+        client_gid_str = client_gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(client_gid_str, [cred, type, hrn], request_hash)
         self.api.auth.check(cred, "remove")
         self.api.auth.verify_object_permission(hrn)
         table = GeniTable()
diff --git a/sfa/methods/update.py b/sfa/methods/update.py
index 7d9e0073..ddaaf182 100644
--- a/sfa/methods/update.py
+++ b/sfa/methods/update.py
@@ -29,18 +29,25 @@ class update(Method):
     
     accepts = [
         Parameter(str, "Credential string"),
-        Parameter(dict, "Record dictionary to be updated")
+        Parameter(dict, "Record dictionary to be updated"),
+        Parameter(str, "Request hash")
         ]
 
     returns = Parameter(int, "1 if successful")
     
-    def call(self, cred, record_dict, caller_cred=None):
+    def call(self, cred, record_dict, request_hash, caller_cred=None):
+        if caller_cred==None:
+	        caller_cred=cred
+
+	    #log the call
+        self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), None, self.name))
+        # This cred might be an authority cred, not a user, so we cant use it to 
+        # authenticate the caller's request_hash. Let just get the caller's gid
+        # from the cred and authenticate using that
+        client_gid = Credential(string=cred).get_gid_caller()
+        client_gid_str = client_gid.save_to_string(save_parents=True)
+        self.api.auth.authenticateGid(client_gid_str, [cred], request_hash)
         self.api.auth.check(cred, "update")
-	if caller_cred==None:
-	   caller_cred=cred
-
-	#log the call
-	self.api.logger.info("interface: %s\tcaller-hrn: %s\ttarget-hrn: %s\tmethod-name: %s"%(self.api.interface, Credential(string=caller_cred).get_gid_caller().get_hrn(), None, self.name))
         new_record = GeniRecord(dict = record_dict)
         type = new_record['type']
         hrn = new_record['hrn']
-- 
2.47.0