Package flumotion :: Package twisted :: Module checkers
[hide private]

Source Code for Module flumotion.twisted.checkers

  1  # -*- Mode: Python; test-case-name: flumotion.test.test_checkers -*- 
  2  # vi:si:et:sw=4:sts=4:ts=4 
  3  # 
  4  # Flumotion - a streaming media server 
  5  # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 
  6  # All rights reserved. 
  7   
  8  # This file may be distributed and/or modified under the terms of 
  9  # the GNU General Public License version 2 as published by 
 10  # the Free Software Foundation. 
 11  # This file is distributed without any warranty; without even the implied 
 12  # warranty of merchantability or fitness for a particular purpose. 
 13  # See "LICENSE.GPL" in the source distribution for more information. 
 14   
 15  # Licensees having purchased or holding a valid Flumotion Advanced 
 16  # Streaming Server license may use this file in accordance with the 
 17  # Flumotion Advanced Streaming Server Commercial License Agreement. 
 18  # See "LICENSE.Flumotion" in the source distribution for more information. 
 19   
 20  # Headers in this file shall remain intact. 
 21   
 22  """ 
 23  Flumotion Twisted credential checkers 
 24  """ 
 25   
 26  from twisted.cred import checkers, error 
 27  from twisted.internet import defer 
 28  from twisted.python import failure 
 29   
 30  from flumotion.common import log 
 31  from flumotion.twisted import credentials 
 32  from flumotion.twisted.compat import implements 
 33   
 34  # FIXME: give the manager's bouncer's checker to the flexcredchecker, 
 35  # and forward to it 
 36  parent = checkers.InMemoryUsernamePasswordDatabaseDontUse 
37 -class FlexibleCredentialsChecker(parent, log.Loggable):
38 """ 39 I am an in-memory username/password credentials checker that also 40 allows anonymous logins if instructed to do so. 41 """ 42 logCategory = 'credchecker'
43 - def __init__(self, **users):
44 parent.__init__(self, **users) 45 self._passwordless = False # do we allow passwordless logins ?
46
47 - def allowPasswordless(self, wellDoWeQuestionMark):
48 self._passwordless = wellDoWeQuestionMark
49 50 ### ICredentialsChecker interface methods
51 - def requestAvatarId(self, credentials):
52 avatarId = getattr(credentials, 'avatarId', None) 53 54 d = None 55 if not self._passwordless: 56 self.debug('authenticating user %s' % credentials.username) 57 d = parent.requestAvatarId(self, credentials) 58 else: 59 self.debug('allowing passwordless login for user %s' % 60 credentials.username) 61 d = defer.succeed(credentials.username) 62 63 d.addCallback(self._requestCallback, avatarId) 64 return d
65
66 - def _requestCallback(self, result, avatarId):
67 if avatarId: 68 self.debug("assigned requested avatarId %s" % avatarId) 69 return avatarId 70 else: 71 self.debug("assigned avatarId %s" % result) 72 return result
73
74 -class CryptChecker(log.Loggable):
75 """ 76 I check credentials using a crypt-based backend. 77 """ 78 implements(checkers.ICredentialsChecker) 79 credentialInterfaces = (credentials.IUsernameCryptPassword, ) 80 81 logCategory = 'cryptchecker' 82
83 - def __init__(self, **users):
84 self.users = users
85
86 - def addUser(self, username, cryptPassword):
87 """ 88 Add the given username and password. 89 90 @param username: name of the user to add 91 @type username: string 92 @param cryptPassword: the crypted password for this user 93 @type cryptPassword: string 94 """ 95 self.debug('added user %s' % username) 96 self.users[username] = cryptPassword
97
98 - def _cbCryptPasswordMatch(self, matched, username):
99 if matched: 100 self.debug('user %s authenticated' % username) 101 return username 102 else: 103 self.debug('user %s refused, password not matched' % username) 104 return failure.Failure(error.UnauthorizedLogin())
105 106 ### ICredentialsChecker methods
107 - def requestAvatarId(self, credentials):
108 if credentials.username in self.users: 109 return defer.maybeDeferred( 110 credentials.checkCryptPassword, 111 self.users[credentials.username]).addCallback( 112 self._cbCryptPasswordMatch, credentials.username) 113 else: 114 self.debug("user '%s' refused, not in storage backend" % 115 credentials.username) 116 return defer.fail(error.UnauthorizedLogin())
117
118 -class Sha256Checker(log.Loggable):
119 """ 120 I check credentials using a SHA-256-based backend. 121 """ 122 implements(checkers.ICredentialsChecker) 123 credentialInterfaces = (credentials.IUsernameSha256Password, ) 124 125 logCategory = 'sha256checker' 126
127 - def __init__(self, **users):
128 self.users = users
129
130 - def addUser(self, username, salt, sha256Data):
131 """ 132 Add the given username and password. 133 134 @param username: name of the user to add 135 @type username: str 136 @param salt: the salt for this user 137 @type salt: str 138 @param sha256Data: the sha256 data for this user 139 @type sha256Data: str 140 """ 141 self.debug('added user %s' % username) 142 self.users[username] = (salt, sha256Data)
143
144 - def _cbSha256PasswordMatch(self, matched, username):
145 if matched: 146 self.debug('user %s authenticated' % username) 147 return username 148 else: 149 self.debug('user %s refused, password not matched' % username) 150 return failure.Failure(error.UnauthorizedLogin())
151 152 ### ICredentialsChecker methods
153 - def requestAvatarId(self, credentials):
154 if credentials.username in self.users: 155 salt, data = self.users[credentials.username] 156 password = salt + data 157 return defer.maybeDeferred( 158 credentials.checkSha256Password, 159 password).addCallback( 160 self._cbSha256PasswordMatch, credentials.username) 161 else: 162 self.debug('user %s refused, not in database' % 163 credentials.username) 164 return defer.fail(error.UnauthorizedLogin())
165