- don't try to guess what kind of authentication we want to use in ClientSession.login() - allow clients to call login() (for user/password), krb_login() (for Kerberos), or ssl_login() (for client certificates)
- update all clients to call ssl_login() directly when appropriate - rename references to NotAllowed -> ActionNotAllowed, because NotAllowed had already been renamed - raise an error in CreateSSLContext instead of immediately exiting
This commit is contained in:
Michael Bonnet
parent
2cb2f3684d
commit
20ca1a8f84
7 changed files with 44 additions and 35 deletions
|
|
@ -1077,19 +1077,11 @@ class ClientSession(object):
|
|||
self.proxy = self.proxyClass(url,**self.proxyOpts)
|
||||
|
||||
def login(self,opts=None):
|
||||
if self.opts.get('cert') and \
|
||||
os.path.isfile(self.opts['cert']):
|
||||
return self.ssl_login(self.opts['cert'],
|
||||
self.opts['ca'],
|
||||
self.opts['serverca'])
|
||||
elif self.opts.get('user') and self.opts.get('password'):
|
||||
sinfo = self.callMethod('login',self.opts['user'], self.opts['password'],opts)
|
||||
if not sinfo:
|
||||
return False
|
||||
self.setSession(sinfo)
|
||||
return True
|
||||
else:
|
||||
raise AuthError, 'no credentials provided'
|
||||
sinfo = self.callMethod('login',self.opts['user'], self.opts['password'],opts)
|
||||
if not sinfo:
|
||||
return False
|
||||
self.setSession(sinfo)
|
||||
return True
|
||||
|
||||
def subsession(self):
|
||||
"Create a subsession"
|
||||
|
|
@ -1186,14 +1178,17 @@ class ClientSession(object):
|
|||
certs['key_and_cert'] = cert
|
||||
certs['ca_cert'] = ca
|
||||
certs['peer_ca_cert'] = serverca
|
||||
|
||||
# only use a timeout during login
|
||||
self.proxy = ssl.XMLRPCServerProxy.PlgXMLRPCServerProxy(self.baseurl, certs, timeout=60, **self.proxyOpts)
|
||||
sinfo = self.callMethod('sslLogin', proxyuser)
|
||||
if not sinfo:
|
||||
return False
|
||||
raise AuthError, 'unable to obtain a session'
|
||||
|
||||
self.proxyClass = ssl.XMLRPCServerProxy.PlgXMLRPCServerProxy
|
||||
self.proxyOpts['certs'] = certs
|
||||
self.setSession(sinfo)
|
||||
|
||||
return True
|
||||
|
||||
def logout(self):
|
||||
|
|
|
|||
|
|
@ -358,7 +358,7 @@ class Session(object):
|
|||
user_id, status = result
|
||||
else:
|
||||
if context.opts['LoginCreatesUser'].lower() in ('yes', 'on', 'true', '1'):
|
||||
user_id = self.createUser(username, koji.USERTYPES['NORMAL'], '')
|
||||
user_id = self.createUser(username, koji.USERTYPES['NORMAL'], None)
|
||||
status = None
|
||||
else:
|
||||
raise koji.AuthError, 'Unknown user: %s' % username
|
||||
|
|
@ -493,7 +493,7 @@ class Session(object):
|
|||
|
||||
def assertPerm(self, name):
|
||||
if not self.hasPerm(name) and not self.hasPerm('admin'):
|
||||
raise koji.NotAllowed, "%s permission required" % name
|
||||
raise koji.ActionNotAllowed, "%s permission required" % name
|
||||
|
||||
def hasGroup(self, group_id):
|
||||
if not self.logged_in:
|
||||
|
|
@ -508,7 +508,7 @@ class Session(object):
|
|||
|
||||
def assertUser(self, user_id):
|
||||
if not self.isUser(user_id) and not self.hasPerm('admin'):
|
||||
raise koji.NotAllowed, "not owner"
|
||||
raise koji.ActionNotAllowed, "not owner"
|
||||
|
||||
def _getHostId(self):
|
||||
'''Using session data, find host id (if there is one)'''
|
||||
|
|
|
|||
|
|
@ -35,8 +35,7 @@ def CreateSSLContext(certs):
|
|||
peer_ca_cert = certs['peer_ca_cert']
|
||||
for f in key_and_cert, ca_cert, peer_ca_cert:
|
||||
if f and not os.access(f, os.R_OK):
|
||||
print "%s does not exist or is not readable." % f
|
||||
os._exit(1)
|
||||
raise StandardError, "%s does not exist or is not readable" % f
|
||||
|
||||
ctx = SSL.Context(SSL.SSLv3_METHOD) # SSLv3 only
|
||||
ctx.use_certificate_file(key_and_cert)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue