Package flumotion :: Package twisted :: Module checkers
[hide private]

Source Code for Module flumotion.twisted.checkers

  1  # -*- Mode: Python; test-case-name: flumotion.test.test_checkers -*- 
  2  # vi:si:et:sw=4:sts=4:ts=4 
  3  # 
  4  # Flumotion - a streaming media server 
  5  # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 
  6  # All rights reserved. 
  7   
  8  # This file may be distributed and/or modified under the terms of 
  9  # the GNU General Public License version 2 as published by 
 10  # the Free Software Foundation. 
 11  # This file is distributed without any warranty; without even the implied 
 12  # warranty of merchantability or fitness for a particular purpose. 
 13  # See "LICENSE.GPL" in the source distribution for more information. 
 14   
 15  # Licensees having purchased or holding a valid Flumotion Advanced 
 16  # Streaming Server license may use this file in accordance with the 
 17  # Flumotion Advanced Streaming Server Commercial License Agreement. 
 18  # See "LICENSE.Flumotion" in the source distribution for more information. 
 19   
 20  # Headers in this file shall remain intact. 
 21   
 22  """ 
 23  Flumotion Twisted credential checkers 
 24  """ 
 25   
 26  from twisted.cred import checkers 
 27  from twisted.internet import defer 
 28  from twisted.python import failure 
 29  from zope.interface import implements 
 30   
 31  from flumotion.common import log, errors 
 32  from flumotion.twisted import credentials 
 33   
 34  __version__ = "$Rev: 6638 $" 
 35   
 36   
 37  # FIXME: give the manager's bouncer's checker to the flexcredchecker, 
 38  # and forward to it 
39 -class FlexibleCredentialsChecker(log.Loggable):
40 """ 41 I am an in-memory username/password credentials checker that also 42 allows anonymous logins if instructed to do so. 43 """ 44 logCategory = 'credchecker' 45 implements(checkers.ICredentialsChecker) 46 47 credentialInterfaces = (credentials.IUsernamePassword, 48 credentials.IUsernameHashedPassword) 49
50 - def __init__(self, **users):
51 self.users = users 52 self._passwordless = False # do we allow passwordless logins ?
53
54 - def allowPasswordless(self, wellDoWeQuestionMark):
55 self._passwordless = wellDoWeQuestionMark
56
57 - def addUser(self, username, password):
58 self.users[username] = password
59
60 - def _cbPasswordMatch(self, matched, username, avatarId):
61 if matched: 62 return avatarId or username 63 else: 64 return failure.Failure(errors.NotAuthenticatedError())
65 66 ### ICredentialsChecker interface methods
67 - def requestAvatarId(self, credentials):
68 avatarId = getattr(credentials, 'avatarId', None) 69 70 if self._passwordless: 71 self.debug('allowing passwordless login for user %s', 72 credentials.username) 73 return defer.succeed(avatarId or credentials.username) 74 elif credentials.username in self.users: 75 self.debug('authenticating user %s' % credentials.username) 76 return defer.maybeDeferred( 77 credentials.checkPassword, 78 self.users[credentials.username]).addCallback( 79 self._cbPasswordMatch, str(credentials.username), 80 avatarId) 81 else: 82 return defer.fail(errors.NotAuthenticatedError())
83
84 -class CryptChecker(log.Loggable):
85 """ 86 I check credentials using a crypt-based backend. 87 """ 88 implements(checkers.ICredentialsChecker) 89 credentialInterfaces = (credentials.IUsernameCryptPassword,) 90 91 logCategory = 'cryptchecker' 92
93 - def __init__(self, **users):
94 self.users = users
95
96 - def addUser(self, username, cryptPassword):
97 """ 98 Add the given username and password. 99 100 @param username: name of the user to add 101 @type username: string 102 @param cryptPassword: the crypted password for this user 103 @type cryptPassword: string 104 """ 105 self.debug('added user %s' % username) 106 self.users[username] = cryptPassword
107
108 - def _cbCryptPasswordMatch(self, matched, username):
109 if matched: 110 self.debug('user %s authenticated' % username) 111 return username 112 else: 113 self.debug('user %s refused, password not matched' % username) 114 return failure.Failure(errors.NotAuthenticatedError())
115 116 ### ICredentialsChecker methods
117 - def requestAvatarId(self, credentials):
118 if credentials.username in self.users: 119 return defer.maybeDeferred( 120 credentials.checkCryptPassword, 121 self.users[credentials.username]).addCallback( 122 self._cbCryptPasswordMatch, credentials.username) 123 else: 124 self.debug("user '%s' refused, not in storage backend" % 125 credentials.username) 126 return defer.fail(errors.NotAuthenticatedError())
127
128 -class Sha256Checker(log.Loggable):
129 """ 130 I check credentials using a SHA-256-based backend. 131 """ 132 implements(checkers.ICredentialsChecker) 133 credentialInterfaces = (credentials.IUsernameSha256Password,) 134 135 logCategory = 'sha256checker' 136
137 - def __init__(self, **users):
138 self.users = users
139
140 - def addUser(self, username, salt, sha256Data):
141 """ 142 Add the given username and password. 143 144 @param username: name of the user to add 145 @type username: str 146 @param salt: the salt for this user 147 @type salt: str 148 @param sha256Data: the sha256 data for this user 149 @type sha256Data: str 150 """ 151 self.debug('added user %s' % username) 152 self.users[username] = (salt, sha256Data)
153
154 - def _cbSha256PasswordMatch(self, matched, username):
155 if matched: 156 self.debug('user %s authenticated' % username) 157 return username 158 else: 159 self.debug('user %s refused, password not matched' % username) 160 return failure.Failure(errors.NotAuthenticatedError())
161 162 ### ICredentialsChecker methods
163 - def requestAvatarId(self, credentials):
164 if credentials.username in self.users: 165 salt, data = self.users[credentials.username] 166 password = salt + data 167 return defer.maybeDeferred( 168 credentials.checkSha256Password, 169 password).addCallback( 170 self._cbSha256PasswordMatch, credentials.username) 171 else: 172 self.debug('user %s refused, not in database' % 173 credentials.username) 174 return defer.fail(errors.NotAuthenticatedError())
175