Changeset 1129 for TI12-security


Ignore:
Timestamp:
07/06/06 15:10:33 (14 years ago)
Author:
pjkersha
Message:

setup.py: new version for testing with MOLES browse

NDG/SecurityCGI.py: fixes for use with MOLES Browse.

NDG/CredWallet.py: prevent infinite loop in reqAuthorisation - if an extAttCertList has been created and
access is denied for any of the ACs in the list DON'T recreate the list, instead increment to the next element
until the list is exhausted. Then if, none of the ACs are accepted return access denied exception.

Location:
TI12-security/trunk/python
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/NDG/CredWallet.py

    r930 r1129  
    923923 
    924924 
    925         # Repeat authorisation attempts until succeed or means are exhausted         
     925        # Repeat authorisation attempts until succeed or means are exhausted 
    926926        while True: 
    927927             
     
    941941                # List has been emptied without authorisation succeeding - 
    942942                # give up 
    943                 raise CredWalletAuthorisationDenied(\ 
    944                     "Attempting to obtained a mapped certificate: " + \ 
    945                     "no external attribute certificates are available") 
    946  
    947  
     943                errMsg = "Attempting to obtained a mapped certificate: " + \ 
     944                    "no external attribute certificates are available" 
     945                     
     946                # Add the exception form the last call to the Attribute 
     947                # Authority if an error exists 
     948                try: 
     949                    errMsg += ": %s" % authorisationDenied 
     950                except NameError: 
     951                    pass 
     952 
     953                raise CredWalletAuthorisationDenied, errMsg 
     954                                                     
     955                 
    948956            # Request Authorisation from Attribute Authority 
    949957            try: 
     
    975983 
    976984 
     985                if isinstance(extAttCertList, list): 
     986                    # An list of attribute certificates from trusted hosts 
     987                    # is present continue cycling through this until one of 
     988                    # them is accepted and a mapped certificate can be derived 
     989                    continue 
     990                 
     991                 
    977992                #  Use the input required role and the AA's trusted host list 
    978993                # to identify attribute certificates from other hosts which 
  • TI12-security/trunk/python/NDG/SecurityCGI.py

    r1125 r1129  
    5757                 passPhrase=None, 
    5858                 scriptName=None, 
    59                  returnURI=None,  
    6059                 trustedHostInfo=None, 
    6160                 cookieLifetimeHrs=8, 
     
    6968        aaWSDL:               URI for Attribute Authority WSDL used to get a 
    7069                              list of login URI for trusted hosts 
    71         returnURI:            the address to redirect back to following a 
    72                               redirect 
    73                               to the user's home site to obtain their  
    74                               credentials 
    7570        trustedHostInfo:      dictionary of URIs for trusted hosts indexed by 
    7671                              hostname 
    7772        cookieLifetimeHrs:    cookie lifetime in hours 
    7873        wsDebug:              print output from WS transactions to stderr""" 
    79          
     74 
    8075        self.smWSDL = smWSDL 
    8176        self.smClnt = None 
     
    9792        else: 
    9893            self.scriptName = __file__ 
    99              
    100         self.returnURI = returnURI 
     94 
    10195        self.trustedHostInfo = trustedHostInfo 
    10296        self.cookieLifetimeHrs = cookieLifetimeHrs 
     
    182176    def requestCreds(self, 
    183177                     requestURI=None, 
     178                     returnURI=None, 
    184179                     pageTitle='', 
    185180                     headTags='', 
     
    196191        redirectMsg:  Message to put on redirect page.  Can be plain text or 
    197192                      formatted HTML""" 
    198          
     193 
     194        if returnURI is None: 
     195            returnURI = self['returnURI'].value 
     196 
    199197        if requestURI is None: 
    200198            requestURI = self['requestURI'].value 
     
    212210</body> 
    213211</html>""" % \ 
    214     (pageTitle, delayTime, requestURI, self.returnURI, headTags, redirectMsg) 
     212    (pageTitle, delayTime, requestURI, returnURI, headTags, redirectMsg) 
    215213 
    216214 
     
    331329        else: 
    332330            cookieTxt = '' 
    333              
    334         output = """Content-type: text/html 
     331 
     332 
     333        # Allow for case where return URI already includes some args 
     334        if '?' in returnURI: 
     335            argSeparator = '&' 
     336        else: 
     337            argSeparator = '?' 
     338 
     339 
     340        print """Content-type: text/html 
    335341%s 
    336342<html> 
     
    338344<title>%s</title> 
    339345<meta http-equiv="REFRESH" 
    340 content="%d; url=%s?NDG-ID1=%s&NDG-ID2=%s&expires=%s"> 
     346content="%d; url=%s%sNDG-ID1=%s&NDG-ID2=%s&expires=%s"> 
    341347%s 
    342348</head> 
     
    348354               delayTime, 
    349355               returnURI, 
     356               argSeparator, 
    350357               sessCookie['NDG-ID1'].value, 
    351358               sessCookie['NDG-ID2'].value, 
     
    353360               hdrTxt, 
    354361               redirectMsg) 
    355         print output 
    356362 
    357363 
     
    628634     
    629635        if bodyTag: print "<body>" 
    630      
     636 
     637 
     638        if returnURI is None and 'returnURI' in self: 
     639            returnURI = self['returnURI'].value 
     640 
    631641        if returnURI: 
    632642            returnURIfield = \ 
  • TI12-security/trunk/python/README

    r1037 r1129  
    1 NDG Prototype version 0.67 26/05/06 
     1NDG Prototype version 0.68 07/06/06 
    22___________________________________ 
    33 
  • TI12-security/trunk/python/setup.py

    r1037 r1129  
    1818{ 
    1919    'name':           'NDG-Security', 
    20     'version':        '0.67', 
     20    'version':        '0.68', 
    2121    'description':    'NERC DataGrid Security Utilities', 
    2222    'author':         'P J Kershaw', 
Note: See TracChangeset for help on using the changeset viewer.