flumotion.twisted.checkers

1 # -*- Mode: Python; test-case-name: flumotion.test.test_checkers -*- 2 # vi:si:et:sw=4:sts=4:ts=4 3 # 4 # Flumotion - a streaming media server 5 # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 6 # All rights reserved. 7 8 # This file may be distributed and/or modified under the terms of 9 # the GNU General Public License version 2 as published by 10 # the Free Software Foundation. 11 # This file is distributed without any warranty; without even the implied 12 # warranty of merchantability or fitness for a particular purpose. 13 # See "LICENSE.GPL" in the source distribution for more information. 14 15 # Licensees having purchased or holding a valid Flumotion Advanced 16 # Streaming Server license may use this file in accordance with the 17 # Flumotion Advanced Streaming Server Commercial License Agreement. 18 # See "LICENSE.Flumotion" in the source distribution for more information. 19 20 # Headers in this file shall remain intact. 21 22 """ 23 Flumotion Twisted credential checkers 24 """ 25 26 from twisted.cred import checkers 27 from twisted.internet import defer 28 from twisted.python import failure 29 from zope.interface import implements 30 31 from flumotion.common import log, errors 32 from flumotion.twisted import credentials 33 34 __version__ = "$Rev: 6638 $" 35 36 37 # FIXME: give the manager's bouncer's checker to the flexcredchecker, 38 # and forward to it

39 -class FlexibleCredentialsChecker(log.Loggable):

40 """ 41 I am an in-memory username/password credentials checker that also 42 allows anonymous logins if instructed to do so. 43 """ 44 logCategory = 'credchecker' 45 implements(checkers.ICredentialsChecker) 46 47 credentialInterfaces = (credentials.IUsernamePassword, 48 credentials.IUsernameHashedPassword) 49

50 - def __init__(self, **users):

51 self.users = users 52 self._passwordless = False # do we allow passwordless logins ?

53

54 - def allowPasswordless(self, wellDoWeQuestionMark):

55 self._passwordless = wellDoWeQuestionMark

56

57 - def addUser(self, username, password):

58 self.users[username] = password

59

60 - def _cbPasswordMatch(self, matched, username, avatarId):

61 if matched: 62 return avatarId or username 63 else: 64 return failure.Failure(errors.NotAuthenticatedError())

65 66 ### ICredentialsChecker interface methods

67 - def requestAvatarId(self, credentials):

68 avatarId = getattr(credentials, 'avatarId', None) 69 70 if self._passwordless: 71 self.debug('allowing passwordless login for user %s', 72 credentials.username) 73 return defer.succeed(avatarId or credentials.username) 74 elif credentials.username in self.users: 75 self.debug('authenticating user %s' % credentials.username) 76 return defer.maybeDeferred( 77 credentials.checkPassword, 78 self.users[credentials.username]).addCallback( 79 self._cbPasswordMatch, str(credentials.username), 80 avatarId) 81 else: 82 return defer.fail(errors.NotAuthenticatedError())

83

84 -class CryptChecker(log.Loggable):

85 """ 86 I check credentials using a crypt-based backend. 87 """ 88 implements(checkers.ICredentialsChecker) 89 credentialInterfaces = (credentials.IUsernameCryptPassword,) 90 91 logCategory = 'cryptchecker' 92

93 - def __init__(self, **users):

94 self.users = users

95

96 - def addUser(self, username, cryptPassword):

97 """ 98 Add the given username and password. 99 100 @param username: name of the user to add 101 @type username: string 102 @param cryptPassword: the crypted password for this user 103 @type cryptPassword: string 104 """ 105 self.debug('added user %s' % username) 106 self.users[username] = cryptPassword

107

108 - def _cbCryptPasswordMatch(self, matched, username):

109 if matched: 110 self.debug('user %s authenticated' % username) 111 return username 112 else: 113 self.debug('user %s refused, password not matched' % username) 114 return failure.Failure(errors.NotAuthenticatedError())

115 116 ### ICredentialsChecker methods

117 - def requestAvatarId(self, credentials):

118 if credentials.username in self.users: 119 return defer.maybeDeferred( 120 credentials.checkCryptPassword, 121 self.users[credentials.username]).addCallback( 122 self._cbCryptPasswordMatch, credentials.username) 123 else: 124 self.debug("user '%s' refused, not in storage backend" % 125 credentials.username) 126 return defer.fail(errors.NotAuthenticatedError())

127

128 -class Sha256Checker(log.Loggable):

129 """ 130 I check credentials using a SHA-256-based backend. 131 """ 132 implements(checkers.ICredentialsChecker) 133 credentialInterfaces = (credentials.IUsernameSha256Password,) 134 135 logCategory = 'sha256checker' 136

137 - def __init__(self, **users):

138 self.users = users

139

140 - def addUser(self, username, salt, sha256Data):

141 """ 142 Add the given username and password. 143 144 @param username: name of the user to add 145 @type username: str 146 @param salt: the salt for this user 147 @type salt: str 148 @param sha256Data: the sha256 data for this user 149 @type sha256Data: str 150 """ 151 self.debug('added user %s' % username) 152 self.users[username] = (salt, sha256Data)

153

154 - def _cbSha256PasswordMatch(self, matched, username):

155 if matched: 156 self.debug('user %s authenticated' % username) 157 return username 158 else: 159 self.debug('user %s refused, password not matched' % username) 160 return failure.Failure(errors.NotAuthenticatedError())

161 162 ### ICredentialsChecker methods

163 - def requestAvatarId(self, credentials):

164 if credentials.username in self.users: 165 salt, data = self.users[credentials.username] 166 password = salt + data 167 return defer.maybeDeferred( 168 credentials.checkSha256Password, 169 password).addCallback( 170 self._cbSha256PasswordMatch, credentials.username) 171 else: 172 self.debug('user %s refused, not in database' % 173 credentials.username) 174 return defer.fail(errors.NotAuthenticatedError())

175

Source Code for Module flumotion.twisted.checkers