Package pyGlobus :: Module security
[show private | hide private]
[frames | no frames]

Module pyGlobus.security

A module to provide some of the shared GSI functionality.
Classes
ContextRequests Simple class that keeps track of requests made to security contexts The context can be requested to do the following:
EVP_Key A class for the underlying EVP_PKEY* objects.
GSICredential A class for the underlying globus_gsi_cred_handle_t
GSICredentialAttr A class for the underlying globus_gsi_cred_handle_attr_t
GSSBuffer A class for the underlying gss_buffer_t object
GSSContext A class for the underlying gss_ctx_id_t object.
GSSCred A class for the underlying gss_cred_id_t object.
GSSMechs A class for the underlying gss_OID_set object.
GSSName A class for the underlying gss_name_t object.
GSSUsage A class for the underlying gss_cred_usage_t object.
STACK_X509  
STACK_X509_Factory Creates STACK_X509 instances
X509 A class for underlying X509 objects
X509_Request A simple class for the underlying X509_REQ* objects.

Exceptions
EVP_KeyException A subclass of GSIException.
GSICredentialAttrException A subclass of GSIException.
GSICredentialException A subclass of GSIException.
GSIException A subclass of GlobusException.
GSSBufferException A subclass of GSIException.
GSSContextException A subclass of GSIException.
GSSCredException A subclass of GSIException.
GSSMechsException A subclass of GSIException.
GSSNameException A subclass of GSSContextException.
X509Exception A subclass of GSIException.

Function Summary
  check_certfile(filename)
Checks the status of a certificate file.
  check_keyfile(filename)
Checks the status of a private key file.
  get_cert_dir()
Returns the certificate dir.
  get_host_cert_filename()
Returns the location of the hosts cert and key.
  get_proxy_filename(proxy_type)
Returns the proxy cert filename
  get_service_cert_filename(service_name)
Returns the location of the services cert and key.
  get_user_cert_filename()
Returns the location of the users cert and key.
  grid_proxy_destroy(proxyFile)
Destroys the user proxy in the default location or in the X509_USER_PROXY
  grid_proxy_info(verbose, proxyFile)
Retrieves information about the user proxy
  grid_proxy_init(lifetime, verbose, verify, outFile, passphrase, debugCB, certDir, certFile, keyFile, bits, proxyType)
Generates a user proxy
  gridmap(globusid)
Returns the userid if it is in the grid-mapfile
  map_local_user(local_user)
Returns the *first* DN in the gridmap file that maps to the local user's account.
  userok(globusid, userid)
Returns 0 if the globusid maps to the userid in the ~/.gridmap file Returns 1 if authorization fails

Variable Summary
int FILE_BAD_PERMISSIONS = 5                                                                     
int FILE_DIR = 2                                                                     
int FILE_DOES_NOT_EXIST = 3                                                                     
int FILE_INVALID = 1                                                                     
int FILE_NOT_OWNED = 4                                                                     
int FILE_VALID = 0                                                                     
int FILE_ZERO_LENGTH = 6                                                                     

Function Details

check_certfile(filename)

Checks the status of a certificate file.

This is a convenience function used to check the status of a certificate file. The desired status is the current user has ownership and read/write permissions, while group and others only have read permissions.
Parameters:
filename - The full path to the certificate file to be checked.
Returns:
One of the file status values from this module are returned indicating the state of the certificate file.
Raises:
GISException - AGISException is raised if unable to check the status of the certificate file.

check_keyfile(filename)

Checks the status of a private key file.

Convenience function that checks that a private key file is only readable and writeable by the user.
Parameters:
filename - The full path to the private key file to be checked.
Returns:
One of the file status values from this module are returned indicating the state of the private key file.
Raises:
GISException - AGISException is raised if unable to check the status of the private key file.

get_cert_dir()

Returns the certificate dir.

Returns the full path to the trusted certificate directory.
Returns:
A string containg the full path to the cert dir.
Raises:
GSIException - AGSIException is raised if unable to locate the certificate directory.

get_host_cert_filename()

Returns the location of the hosts cert and key.

Convenience function to return the full path to both the hosts certificate and private key files.
Returns:
A tuple containing the full path to the hosts certificate and private key files.
Raises:
GSIException - AGSIException is raised if unable to get the location of the certificate or key files.

get_proxy_filename(proxy_type=1)

Returns the proxy cert filename

Returns the full path to the proxy cert.

proxy_type A int constant switch describing whether to return an existing proxy filename, or a new filename suitable for creating a new proxy is returned.
Returns:
A string containg the full path to the proxy cert.
Raises:
GSIException - AGSIException is raised if unable to locate the proxy cert.

get_service_cert_filename(service_name)

Returns the location of the services cert and key.

Convenience function to return the full path to both the services certificate and private key files.

service_name A string containing the name of the service, e.g., 'ldap'.
Returns:
A tuple containing the full path to the services certificate and private key files.
Raises:
GSIException - AGSIException is raised if unable to get the location of the certificate or key files.

get_user_cert_filename()

Returns the location of the users cert and key.

Convenience function to return the full path to both the users certificate and private key files.
Returns:
A tuple containing the full path to the users certificate and private key files.
Raises:
GSIException - AGSIException is raised if unable to get the location of the certificate or key files.

grid_proxy_destroy(proxyFile=None)

Destroys the user proxy in the default location or in the X509_USER_PROXY
Returns:
None
Raises:
GSIException - AGSIException is raised if the user proxy cannot be destroyed

grid_proxy_info(verbose=1, proxyFile=None)

Retrieves information about the user proxy
Parameters:
verbose - - Print information to stdout and stderr
proxyFile - - specify the proxyfile to get information about, if unspecified the default is picked up
Returns:
a string with all of the user proxy information
Raises:
GSIException - AGSIException is raised if information about the user proxy cannot be retrieved

grid_proxy_init(lifetime=720, verbose=1, verify=1, outFile=None, passphrase=None, debugCB=None, certDir=None, certFile=None, keyFile=None, bits=1024, proxyType=2)

Generates a user proxy
Parameters:
lifetime - an int which is the number of minutest the proxy is valid
verbose - print out information while generating the proxy
verify - verify the certificate chain
outFile - a string of the name of the file where the proxy is written. Defaults to /tmp/x509up_uuid
passphrase - a python function that has the signature func(rwflag) this function returns a passphrase that will be used to create a proxy
debugCB - a python function that has the signature func(message), which can be used for debuging.
certDir - give the location of the certicate directory the default is ~/.globus/certificates
certFile - give the location of the certificate file usually ~/.globus/usercert.pem
keyFile - give the location of the key file usually ~/.globus/userkey.pem
bits - the strength of the private key {512|1024|2048|4096}
proxyType - the kind of proxy you'd like to create
Returns:
None
Raises:
GSIException - AGSIException is raised if the user proxy cannot be created

gridmap(globusid)

Returns the userid if it is in the grid-mapfile

If you are a non-root user it will look in ~/.gridmap first
Parameters:
globusid - a string of Subject: line in a usercert
Returns:
the userid that globusid maps to
Raises:
GSIException - AGSIException is raised if the globusid is not in the gridmap file

map_local_user(local_user)

Returns the *first* DN in the gridmap file that maps to the local user's account. Note an account might have more than one DN associated with it.
Raises:
GSIException - AGSIException is raised if the argument is malformed

userok(globusid, userid)

Returns 0 if the globusid maps to the userid in the ~/.gridmap file Returns 1 if authorization fails
Raises:
GSIException - AGSIException is raised if bad arguments are given to the this function, ie if the DN is malformed

Variable Details

FILE_BAD_PERMISSIONS

Type:
int
Value:
5                                                                     

FILE_DIR

Type:
int
Value:
2                                                                     

FILE_DOES_NOT_EXIST

Type:
int
Value:
3                                                                     

FILE_INVALID

Type:
int
Value:
1                                                                     

FILE_NOT_OWNED

Type:
int
Value:
4                                                                     

FILE_VALID

Type:
int
Value:
0                                                                     

FILE_ZERO_LENGTH

Type:
int
Value:
6                                                                     

Generated by Epydoc 2.1 on Tue Apr 4 14:32:57 2006 http://epydoc.sf.net