added tickets

[sfa.git] / util / geniserver.py

diff --git a/util/geniserver.py b/util/geniserver.py
index c4cd60a..b58080d 100644 (file)
--- a/util/geniserver.py
+++ b/util/geniserver.py
@@ -9,6 +9,8 @@
 
 import SimpleXMLRPCServer
 
+import sys
+import traceback
 import SocketServer
 import BaseHTTPServer\r
 import SimpleHTTPServer\r
@@ -84,7 +86,7 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
         """\r
         self.logRequests = logRequests\r
 \r
-        SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self, None, None)\r
+        SimpleXMLRPCServer.SimpleXMLRPCDispatcher.__init__(self, True, None)\r
         SocketServer.BaseServer.__init__(self, server_address, HandlerClass)\r
         ctx = SSL.Context(SSL.SSLv23_METHOD)\r
         ctx.use_privatekey_file(key_file)\r
@@ -96,6 +98,20 @@ class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLR
         self.server_bind()\r
         self.server_activate()\r
 \r
+    # _dispatch\r
+    #
+    # Convert an exception on the server to a full stack trace and send it to
+    # the client.
+
+    def _dispatch(self, method, params):\r
+        try:\r
+            return SimpleXMLRPCServer.SimpleXMLRPCDispatcher._dispatch(self, method, params)\r
+        except:\r
+            # can't use format_exc() as it is not available in jython yet (even\r
+            # in trunk).\r
+            type, value, tb = sys.exc_info()\r
+            raise xmlrpclib.Fault(1,''.join(traceback.format_exception(type, value, tb)))\r
+\r
 # SecureXMLRpcRequestHandler\r
 #\r
 # taken from the web (XXX find reference). Implents HTTPS xmlrpc request handler\r
@@ -130,6 +146,7 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
         except: # This should only happen if the module is buggy\r
             # internal error, report as HTTP server error\r
             self.send_response(500)\r
+\r
             self.end_headers()\r
         else:\r
             # got a valid XML RPC response\r
@@ -158,9 +175,10 @@ class GeniServer():
         self.key = Keypair(filename = key_file)
         self.cert = Certificate(filename = cert_file)
         self.server = SecureXMLRPCServer((ip, port), SecureXMLRpcRequestHandler, key_file, cert_file)
+        self.trusted_cert_list = None
         self.register_functions()
 
-    def decode_authentication(self, cred_string):
+    def decode_authentication(self, cred_string, operation):
         self.client_cred = Credential(string = cred_string)
         self.client_gid = self.client_cred.get_gid_caller()
         self.object_gid = self.client_cred.get_gid_object()
@@ -174,6 +192,17 @@ class GeniServer():
         if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
             raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
 
+        # make sure the client is allowed to perform the operation
+        if not self.client_cred.can_perform(operation):
+            raise InsufficientRights(operation)
+
+        if self.trusted_cert_list:
+            self.client_cred.verify_chain(self.trusted_cert_list)
+            if self.client_gid:
+                self.client_gid.verify_chain(self.trusted_cert_list)
+            if self.object_gid:
+                self.object_gid.verify_chain(self.trusted_cert_list)
+
     # register_functions override this to add more functions
     def register_functions(self):
         self.server.register_function(self.noop)