#
import sys
+from sfa.util.faults import InsufficientRights, MissingCallerGID, MissingTrustedRoots, PermissionError, \
+ BadRequestHash, ConnectionKeyGIDMismatch, SfaPermissionDenied
+from sfa.util.sfalogging import logger
+from sfa.util.config import Config
+from sfa.util.xrn import get_authority
+
+from sfa.trust.gid import GID
+from sfa.trust.rights import Rights
from sfa.trust.certificate import Keypair, Certificate
from sfa.trust.credential import Credential
-from sfa.trust.trustedroot import TrustedRootList
-from sfa.util.faults import *
+from sfa.trust.trustedroots import TrustedRoots
from sfa.trust.hierarchy import Hierarchy
-from sfa.util.config import *
-from sfa.util.xrn import get_authority
-from sfa.util.sfaticket import *
+from sfa.trust.sfaticket import SfaTicket
-from sfa.util.sfalogging import sfa_logger
class Auth:
"""
self.load_trusted_certs()
def load_trusted_certs(self):
- self.trusted_cert_list = TrustedRootList(self.config.get_trustedroots_dir()).get_list()
- self.trusted_cert_file_list = TrustedRootList(self.config.get_trustedroots_dir()).get_file_list()
+ self.trusted_cert_list = TrustedRoots(self.config.get_trustedroots_dir()).get_list()
+ self.trusted_cert_file_list = TrustedRoots(self.config.get_trustedroots_dir()).get_file_list()
valid = []
if not isinstance(creds, list):
creds = [creds]
- sfa_logger().debug("Auth.checkCredentials with %d creds"%len(creds))
+ logger.debug("Auth.checkCredentials with %d creds"%len(creds))
for cred in creds:
try:
self.check(cred, operation, hrn)
valid.append(cred)
except:
cred_obj=Credential(string=cred)
- sfa_logger().debug("failed to validate credential - dump="+cred_obj.dump_string(dump_parents=True))
+ logger.debug("failed to validate credential - dump=%s"%cred_obj.dump_string(dump_parents=True))
error = sys.exc_info()[:2]
continue
def authenticateCert(self, certStr, requestHash):
cert = Certificate(string=certStr)
- self.validateCert(self, cert)
+ # xxx should be validateCred ??
+ self.validateCred(cert)
def gidNoop(self, gidStr, value, requestHash):
self.authenticateGid(gidStr, [gidStr, value], requestHash)
@param name human readable name to test
"""
object_hrn = self.object_gid.get_hrn()
- if object_hrn == name:
+ strname = str(name).strip("['']")
+
+ if object_hrn == strname:
return
- if name.startswith(object_hrn + "."):
+ if strname.startswith((object_hrn + ".")) is True:
return
#if name.startswith(get_authority(name)):
#return
-
+ print>>sys.stderr, " \r\n \t AUTH.PY verify_object_permission GROSECHECDELENFER "
raise PermissionError(name)
def determine_user_rights(self, caller_hrn, record):
def get_authority(self, hrn):
return get_authority(hrn)
- def filter_creds_by_caller(self, creds, caller_hrn):
+ def filter_creds_by_caller(self, creds, caller_hrn_list):
"""
Returns a list of creds who's gid caller matches the
specified caller hrn
if not isinstance(creds, list):
creds = [creds]
creds = []
+ if not isinstance(caller_hrn_list, list):
+ caller_hrn_list = [caller_hrn_list]
for cred in creds:
try:
tmp_cred = Credential(string=cred)
- if tmp_cred.get_gid_caller().get_hrn() == caller_hrn:
+ if tmp_cred.get_gid_caller().get_hrn() in [caller_hrn_list]:
creds.append(cred)
except: pass
return creds
git://git.onelab.eu / sfa.git / blobdiff