flumotion.common.keycards

1 # -*- Mode: Python; test-case-name: flumotion.test.test_keycards -*- 2 # vi:si:et:sw=4:sts=4:ts=4 3 # 4 # Flumotion - a streaming media server 5 # Copyright (C) 2004,2005,2006,2007,2008 Fluendo, S.L. (www.fluendo.com). 6 # All rights reserved. 7 8 # This file may be distributed and/or modified under the terms of 9 # the GNU General Public License version 2 as published by 10 # the Free Software Foundation. 11 # This file is distributed without any warranty; without even the implied 12 # warranty of merchantability or fitness for a particular purpose. 13 # See "LICENSE.GPL" in the source distribution for more information. 14 15 # Licensees having purchased or holding a valid Flumotion Advanced 16 # Streaming Server license may use this file in accordance with the 17 # Flumotion Advanced Streaming Server Commercial License Agreement. 18 # See "LICENSE.Flumotion" in the source distribution for more information. 19 20 # Headers in this file shall remain intact. 21 22 """ 23 serializable keycards used for authentication 24 """ 25 26 from twisted.cred.credentials import ICredentials 27 from twisted.spread import pb 28 from zope.interface import implements 29 30 from flumotion.twisted import credentials 31 32 __version__ = "$Rev: 6968 $" 33 _statesEnum = ['REFUSED', 'REQUESTING', 'AUTHENTICATED'] 34 # state enum values 35 (REFUSED, 36 REQUESTING, 37 AUTHENTICATED) = range(3) 38 39

40 -class Keycard(pb.Copyable, pb.RemoteCopy):

41 """ 42 I am the base class for keycards which together with credentials are 43 a serializable object used in authentication inside Flumotion. 44 45 @ivar bouncerName: name of the bouncer to authenticate against; set by 46 requester 47 @type bouncerName: str 48 @ivar requesterId: avatarId of the requester 49 @type requesterId: str 50 @ivar avatarId: avatarId preferred by requester 51 @type avatarId: str 52 @ivar id: id of keycard decided by bouncer after authenticating 53 @type id: object 54 @ivar duration: duration for which the keycard is valid, or 0 for 55 unlimited 56 @type duration: int 57 @ivar domain: requester can pass a domain id to the bouncer 58 @type domain: str 59 @ivar state: state the keycard is in 60 @type state: int 61 """ 62 implements(ICredentials) 63

64 - def __init__(self):

65 self.bouncerName = None 66 self.requesterId = None 67 self.avatarId = None 68 self.id = None 69 self.duration = 0 70 self.domain = None 71 self.state = REQUESTING

72 73 # F0.8

74 - def setDomain(self, domain):

75 """ 76 Set the domain of the requester on the keycard. 77 78 @type domain: string 79 """ 80 import warnings 81 warnings.warn('Set the domain on the keycard directly.', 82 DeprecationWarning, stacklevel=2) 83 84 self.domain = domain

85

86 - def getData(self):

87 """ 88 Return a dictionary of the viewable data on the keycard that can be 89 used to identify the keycard. 90 It doesn't include sensitive information though. 91 92 Subclasses should override to add additional information. 93 """ 94 return { 95 'id': self.id, 96 'requester': self.requesterId, 97 'domain': self.domain 98 }

99

100 - def __repr__(self):

101 return "<%s for requesterId %r in state %s>" % (self.__class__.__name__, 102 self.requesterId, _statesEnum[self.state])

103

104 -class KeycardGeneric(Keycard, object):

105 pass

106 107 pb.setUnjellyableForClass(KeycardGeneric, KeycardGeneric) 108 # class KeycardUACCP: username, address, crypt password 109 # from UsernameCryptPasswordCrypt 110 111 112 UCPP = credentials.UsernameCryptPasswordPlaintext

113 -class KeycardUACPP(Keycard, UCPP):

114 """ 115 I am a keycard with a username, plaintext password and IP address. 116 I get authenticated against a crypt password. 117 """

118 - def __init__(self, username, password, address):

119 UCPP.__init__(self, username, password) 120 Keycard.__init__(self) 121 self.address = address

122

123 - def getData(self):

124 d = Keycard.getData(self) 125 d['username'] = self.username 126 d['address'] = self.address 127 return d

128

129 - def __repr__(self):

130 return "<%s %s %s@%s for requesterId %r in state %s>" % ( 131 self.__class__.__name__, self.id, self.username, self.address, 132 self.requesterId, _statesEnum[self.state])

133 134 pb.setUnjellyableForClass(KeycardUACPP, KeycardUACPP) 135 136 # username, address, crypt password 137 # from UsernameCryptPasswordCrypt 138 139 140 UCPCC = credentials.UsernameCryptPasswordCryptChallenger

141 -class KeycardUACPCC(Keycard, UCPCC):

142 """ 143 I am a keycard with a username and IP address. 144 I get authenticated through challenge/response on a crypt password. 145 """

146 - def __init__(self, username, address):

147 UCPCC.__init__(self, username) 148 Keycard.__init__(self) 149 self.address = address

150

151 - def getData(self):

152 d = Keycard.getData(self) 153 d['username'] = self.username 154 d['address'] = self.address 155 return d

156

157 - def __repr__(self):

158 return "<%s %s %s@%s for requesterId %r in state %s>" % ( 159 self.__class__.__name__, self.id, self.username, self.address, 160 self.requesterId, _statesEnum[self.state])

161 162 pb.setUnjellyableForClass(KeycardUACPCC, KeycardUACPCC) 163 164

165 -class KeycardToken(Keycard, credentials.Token):

166 """ 167 I am a keycard with a token and IP address and a path (optional). 168 I get authenticated by token and maybe IP address. 169 """ 170

171 - def __init__(self, token, address, path=None):

172 credentials.Token.__init__(self, token) 173 Keycard.__init__(self) 174 self.address = address 175 self.path = path

176

177 - def getData(self):

178 d = Keycard.getData(self) 179 d['token'] = self.token 180 d['address'] = self.address 181 d['path'] = self.path 182 return d

183

184 - def __repr__(self):

185 return "<%s %s token %s for path %s @%s for requesterId %r in state %s>" % ( 186 self.__class__.__name__, self.id, self.token, self.path, 187 self.address, self.requesterId, _statesEnum[self.state])

188 189 pb.setUnjellyableForClass(KeycardToken, KeycardToken) 190 191 192 USPCC = credentials.UsernameSha256PasswordCryptChallenger

193 -class KeycardUASPCC(Keycard, USPCC):

194 """ 195 I am a keycard with a username and IP address. 196 I get authenticated through challenge/response on a SHA-256 password. 197 """

198 - def __init__(self, username, address):

199 USPCC.__init__(self, username) 200 Keycard.__init__(self) 201 self.address = address

202

203 - def getData(self):

204 d = Keycard.getData(self) 205 d['username'] = self.username 206 d['address'] = self.address 207 return d

208

209 - def __repr__(self):

210 return "<%s %s %s@%s for requesterId %r in state %s>" % ( 211 self.__class__.__name__, self.id, self.username, self.address, 212 self.requesterId, _statesEnum[self.state])

213 214 pb.setUnjellyableForClass(KeycardUASPCC, KeycardUASPCC) 215 216

217 -class KeycardHTTPDigest(Keycard, credentials.HTTPDigestChallenger):

218 - def __init__(self, username):

219 credentials.HTTPDigestChallenger.__init__(self, username) 220 Keycard.__init__(self)

221

222 - def getData(self):

223 d = Keycard.getData(self) 224 d['username'] = self.username 225 # Realm? Uri? 226 return d

227

228 - def __repr__(self):

229 return "<%s %s %s for requesterId %r in state %s>" % ( 230 self.__class__.__name__, self.id, self.username, 231 self.requesterId, _statesEnum[self.state])

232 233 pb.setUnjellyableForClass(KeycardHTTPDigest, KeycardHTTPDigest) 234 235 236 # F0.8

237 -class HTTPDigestKeycard(KeycardHTTPDigest):

238 - def __init__(self, username):

239 import warnings 240 warnings.warn('Use KeycardHTTPDigest instead.', DeprecationWarning, 241 stacklevel=2) 242 KeycardHTTPDigest.__init__(self, username)

243 244 pb.setUnjellyableForClass(HTTPDigestKeycard, HTTPDigestKeycard) 245

Source Code for Module flumotion.common.keycards