Changeset 843 for TI12-security


Ignore:
Timestamp:
27/04/06 09:44:44 (14 years ago)
Author:
pjkersha
Message:

NDG/SessionClient.py: ! Will be moved to SecurityClient?.py !
NDG/Session.py:

  • SessionMgr?.addUser now DOES NOT add a record into the Credential Repository for a new user.

This is to keep the CredentialRepository? and MyProxy? separate. MyProxy? add user method may
be removed from SessionMgr? WS or moved to its own MyProxy? WS for extra security.

table used by Postgres. Mike Grant came across this problem with the PML installation.

UserID entry, add one. Previously a UserID entry was made when the user first registers but
see above. Note, userName field is probably now superfluous.

Location:
TI12-security/trunk/python/NDG
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/NDG/Session.py

    r784 r843  
    1616# SQLObject Database interface 
    1717from sqlobject import * 
    18  
    19 # MYSQL exceptions have no error message associated with them so include here 
    20 # to allow an explicit trap around database calls 
    21 import _mysql_exceptions 
    2218 
    2319# Placing of session ID on client 
     
    558554        try: 
    559555            # Add new user certificate to MyProxy Repository 
     556            # 
     557            # Changed so that record is NOT added to UserID table of  
     558            # CredentialRepository.  Instead, a check can be made when a new 
     559            # Attribute Certificate credential is added: if no entry is  
     560            # present for the user, add them into the UserID table at this  
     561            # point. 
     562            # 
     563            # By removing the add record call, MyProxy and Credential 
     564            # Repository can be independent of one another 
    560565            user = self.__myPx.addUser(reqKeys['userName'], 
    561566                                       reqKeys['pPhrase'], 
    562567                                       caConfigFilePath=caConfigFilePath, 
    563568                                       caPassPhrase=caPassPhrase, 
    564                                        retDN=True) 
    565              
    566             # Add to user database 
    567             self.__credRepos.addUser(reqKeys['userName'], user['dn']) 
    568              
     569                                       retDN=True)            
    569570        except Exception, e: 
    570571            return AddUserResp(errMsg=str(e)) 
     
    11011102            try: 
    11021103                self.__con.makeConnection() 
    1103             except _mysql_exceptions.OperationalError, (errNum, errMsg): 
    1104                 raise CredReposError(\ 
    1105                     "Error connecting to Credential Repository: %s" % errMsg) 
    11061104                 
    11071105            except Exception, e: 
     
    11111109             
    11121110        # Copy the connection object into the table classes 
    1113         SessionMgrCredRepos.User._connection = self.__con 
     1111        SessionMgrCredRepos.UserID._connection = self.__con 
    11141112        SessionMgrCredRepos.UserCredential._connection = self.__con 
    11151113           
     
    11841182        """A new user to Credentials Repository""" 
    11851183        try: 
    1186             self.User(userName=userName, dn=dn) 
     1184            self.UserID(userName=userName, dn=dn) 
    11871185 
    11881186        except Exception, e: 
     
    12551253         
    12561254        try: 
    1257             userCred = self.User.selectBy(dn=dn) 
     1255            userCred = self.UserID.selectBy(dn=dn) 
    12581256             
    12591257            if userCred.count() == 0: 
    1260                 raise CredReposError("User \"%s\" is not registered" % dn) 
    1261  
    1262         # Make explicit trap for MySQL interface error since it has no error 
    1263         # message associated with it 
    1264         except _mysql_exceptions.InterfaceError, e: 
    1265             raise CredReposError("Checking for user \"%s\": %s" % \ 
    1266                                  (dn, "MySQL interface error")) 
    1267          
    1268         except Exception, e: 
    1269             raise CredReposError("Checking for user \"%s\":" % (dn, e)) 
     1258                # Add a new user record HERE instead of at user registration 
     1259                # time.  This decouples CredentialRepository from MyProxy and 
     1260                # user registration process. Previously, a user not recognised 
     1261                # exception would have been raised here.  'userName' field 
     1262                # of UserID table is now perhaps superfluous. 
     1263                # 
     1264                # P J Kershaw 26/04/06  
     1265                self.addUser(X500DN(dn)['CN'], dn) 
     1266 
     1267        except Exception, e: 
     1268            raise CredReposError("Checking for user \"%s\": %s"%(dn, str(e))) 
    12701269 
    12711270         
     
    12821281                self.UserCredential(dn=dn, attCert=attCert.asString()) 
    12831282 
    1284         except _mysql_exceptions.InterfaceError, e: 
     1283        except Exception, e: 
    12851284            raise CredReposError("Adding new user credentials for " + \ 
    1286                                  "user %s: %s" % (dn,"MySQL interface error")) 
    1287         except Exception, e: 
    1288             raise CredReposError("Adding new user credentials for " + \ 
    1289                                  "user %s: %s" % (dn, e)) 
     1285                                 "user %s: %s" % (dn, str(e))) 
    12901286 
    12911287 
     
    12961292        if prompt: 
    12971293            resp = raw_input(\ 
    1298         "Are you sure you want to initialise the database tables? (yes/no)") 
     1294        "Are you sure you want to initialise the database tables? (yes/no) ") 
    12991295     
    13001296            if resp.upper() != "YES": 
     
    13021298                return 
    13031299         
    1304         self.User.createTable() 
     1300        self.UserID.createTable() 
    13051301        self.UserCredential.createTable() 
    13061302        print "Tables created" 
     
    13101306    # Database tables defined using SQLObject derived classes 
    13111307    # Nb. These are class variables of the SessionMgrCredRepos class 
    1312     class User(SQLObject): 
     1308    class UserID(SQLObject): 
    13131309        """SQLObject derived class to define Credentials Repository db table 
    13141310        to store user information""" 
     
    13181314 
    13191315        # Force table name 
    1320         _table = "User" 
     1316        _table = "UserID" 
    13211317 
    13221318        userName = StringCol(dbName='userName', length=30) 
  • TI12-security/trunk/python/NDG/SessionClient.py

    r784 r843  
    451451         
    452452        except Exception, e: 
    453             raise SessionClientError("Error retrieving public key: " + str(e)) 
    454                                  
     453            raise SessionClientError("Error retrieving public key: " + str(e))                                 
Note: See TracChangeset for help on using the changeset viewer.