def delegate_cred(self, object_cred, hrn, type='authority'): # the gid and hrn of the object we are delegating if isinstance(object_cred, str): # XXX Yes here we give a string... object_cred = Credential(string=object_cred) object_gid = object_cred.get_gid_object() object_hrn = object_gid.get_hrn() if not object_cred.get_privileges().get_all_delegate(): self.logger.error( "Object credential %s does not have delegate bit set" % object_hrn) return # the delegating user's gid # XXX done in bootstrap caller_gidfile = self.my_gid # already a string # XXX ERROR tell thierry # the gid of the user who will be delegated to delegee_gid = self.bootstrap.gid( hrn, 'user') # XXX bootstrap ERROR tell thierry delegee_hrn = GID(delegee_gid).get_hrn() # XXX pkey done in bootstrap dcred = object_cred.delegate(delegee_gid, self.private_key, caller_gidfile) return dcred.save_to_string(save_parents=True)
def delegate_credential_string (self, original_credential, to_hrn, to_type='authority'): """ sign a delegation credential to someone else original_credential : typically one's user- or slice- credential to be delegated to s/b else to_hrn : the hrn of the person that will be allowed to do stuff on our behalf to_type : goes with to_hrn, usually 'user' or 'authority' returns a string with the delegated credential this internally uses self.my_gid() it also retrieves the gid for to_hrn/to_type and uses Credential.delegate()""" # the gid and hrn of the object we are delegating if isinstance (original_credential, str): original_credential = Credential (string=original_credential) original_gid = original_credential.get_gid_object() original_hrn = original_gid.get_hrn() if not original_credential.get_privileges().get_all_delegate(): self.logger.error("delegate_credential_string: original credential %s does not have delegate bit set"%original_hrn) return # the delegating user's gid my_gid = self.my_gid() # retrieve the GID for the entity that we're delegating to to_gidfile = self.gid (to_hrn,to_type) # to_gid = GID ( to_gidfile ) # to_hrn = delegee_gid.get_hrn() # print 'to_hrn',to_hrn delegated_credential = original_credential.delegate(to_gidfile, self.private_key(), my_gid) return delegated_credential.save_to_string(save_parents=True)
def delegate_cred(self, object_cred, hrn): # the gid and hrn of the object we are delegating if isinstance(object_cred, str): object_cred = Credential(string=object_cred) object_gid = object_cred.get_gid_object() object_hrn = object_gid.get_hrn() if not object_cred.get_privileges().get_all_delegate(): self.logger.error("Object credential %s does not have delegate bit set"%object_hrn) return # the delegating user's gid caller_gid = self._get_gid(self.user) caller_gidfile = os.path.join(self.options.sfi_dir, self.user + ".gid") # the gid of the user who will be delegated to delegee_gid = self._get_gid(hrn) delegee_hrn = delegee_gid.get_hrn() delegee_gidfile = os.path.join(self.options.sfi_dir, delegee_hrn + ".gid") delegee_gid.save_to_file(filename=delegee_gidfile) dcred = object_cred.delegate(delegee_gidfile, self.get_key_file(), caller_gidfile) return dcred.save_to_string(save_parents=True)
def delegate_credential_string(self, original_credential, to_hrn, to_type='authority'): """ sign a delegation credential to someone else original_credential : typically one's user- or slice- credential to be delegated to s/b else to_hrn : the hrn of the person that will be allowed to do stuff on our behalf to_type : goes with to_hrn, usually 'user' or 'authority' returns a string with the delegated credential this internally uses self.my_gid() it also retrieves the gid for to_hrn/to_type and uses Credential.delegate()""" # the gid and hrn of the object we are delegating if isinstance(original_credential, str): original_credential = Credential(string=original_credential) original_gid = original_credential.get_gid_object() original_hrn = original_gid.get_hrn() if not original_credential.get_privileges().get_all_delegate(): #self.logger.error("delegate_credential_string: original credential %s does not have delegate bit set"%original_hrn) return # the delegating user's gid my_gid = self.my_gid() # retrieve the GID for the entity that we're delegating to to_gidfile = self.gid(to_hrn, to_type) # to_gid = GID ( to_gidfile ) # to_hrn = delegee_gid.get_hrn() # print 'to_hrn',to_hrn delegated_credential = original_credential.delegate( to_gidfile, self.private_key(), my_gid) return delegated_credential.save_to_string(save_parents=True)