Package flumotion :: Package twisted :: Module checkers
[hide private]

Source Code for Module flumotion.twisted.checkers

  1  # -*- Mode: Python; test-case-name: flumotion.test.test_checkers -*- 
  2  # vi:si:et:sw=4:sts=4:ts=4 
  3  # 
  4  # Flumotion - a streaming media server 
  5  # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 
  6  # All rights reserved. 
  7   
  8  # This file may be distributed and/or modified under the terms of 
  9  # the GNU General Public License version 2 as published by 
 10  # the Free Software Foundation. 
 11  # This file is distributed without any warranty; without even the implied 
 12  # warranty of merchantability or fitness for a particular purpose. 
 13  # See "LICENSE.GPL" in the source distribution for more information. 
 14   
 15  # Licensees having purchased or holding a valid Flumotion Advanced 
 16  # Streaming Server license may use this file in accordance with the 
 17  # Flumotion Advanced Streaming Server Commercial License Agreement. 
 18  # See "LICENSE.Flumotion" in the source distribution for more information. 
 19   
 20  # Headers in this file shall remain intact. 
 21   
 22  """ 
 23  Flumotion Twisted credential checkers 
 24  """ 
 25   
 26  from twisted.cred import checkers 
 27  from twisted.internet import defer 
 28  from twisted.python import failure 
 29  from zope.interface import implements 
 30   
 31  from flumotion.common import log, errors 
 32  from flumotion.twisted import credentials 
 33   
 34  # FIXME: give the manager's bouncer's checker to the flexcredchecker, 
 35  # and forward to it 
36 -class FlexibleCredentialsChecker(log.Loggable):
37 """ 38 I am an in-memory username/password credentials checker that also 39 allows anonymous logins if instructed to do so. 40 """ 41 logCategory = 'credchecker' 42 implements(checkers.ICredentialsChecker) 43 44 credentialInterfaces = (credentials.IUsernamePassword, 45 credentials.IUsernameHashedPassword) 46
47 - def __init__(self, **users):
48 self.users = users 49 self._passwordless = False # do we allow passwordless logins ?
50
51 - def allowPasswordless(self, wellDoWeQuestionMark):
52 self._passwordless = wellDoWeQuestionMark
53
54 - def addUser(self, username, password):
55 self.users[username] = password
56
57 - def _cbPasswordMatch(self, matched, username, avatarId):
58 if matched: 59 return avatarId or username 60 else: 61 return failure.Failure(errors.NotAuthenticatedError())
62 63 ### ICredentialsChecker interface methods
64 - def requestAvatarId(self, credentials):
65 avatarId = getattr(credentials, 'avatarId', None) 66 67 if self._passwordless: 68 self.debug('allowing passwordless login for user %s', 69 credentials.username) 70 return defer.succeed(avatarId or credentials.username) 71 elif credentials.username in self.users: 72 self.debug('authenticating user %s' % credentials.username) 73 return defer.maybeDeferred( 74 credentials.checkPassword, 75 self.users[credentials.username]).addCallback( 76 self._cbPasswordMatch, str(credentials.username), 77 avatarId) 78 else: 79 return defer.fail(errors.NotAuthenticatedError())
80
81 -class CryptChecker(log.Loggable):
82 """ 83 I check credentials using a crypt-based backend. 84 """ 85 implements(checkers.ICredentialsChecker) 86 credentialInterfaces = (credentials.IUsernameCryptPassword, ) 87 88 logCategory = 'cryptchecker' 89
90 - def __init__(self, **users):
91 self.users = users
92
93 - def addUser(self, username, cryptPassword):
94 """ 95 Add the given username and password. 96 97 @param username: name of the user to add 98 @type username: string 99 @param cryptPassword: the crypted password for this user 100 @type cryptPassword: string 101 """ 102 self.debug('added user %s' % username) 103 self.users[username] = cryptPassword
104
105 - def _cbCryptPasswordMatch(self, matched, username):
106 if matched: 107 self.debug('user %s authenticated' % username) 108 return username 109 else: 110 self.debug('user %s refused, password not matched' % username) 111 return failure.Failure(errors.NotAuthenticatedError())
112 113 ### ICredentialsChecker methods
114 - def requestAvatarId(self, credentials):
115 if credentials.username in self.users: 116 return defer.maybeDeferred( 117 credentials.checkCryptPassword, 118 self.users[credentials.username]).addCallback( 119 self._cbCryptPasswordMatch, credentials.username) 120 else: 121 self.debug("user '%s' refused, not in storage backend" % 122 credentials.username) 123 return defer.fail(errors.NotAuthenticatedError())
124
125 -class Sha256Checker(log.Loggable):
126 """ 127 I check credentials using a SHA-256-based backend. 128 """ 129 implements(checkers.ICredentialsChecker) 130 credentialInterfaces = (credentials.IUsernameSha256Password, ) 131 132 logCategory = 'sha256checker' 133
134 - def __init__(self, **users):
135 self.users = users
136
137 - def addUser(self, username, salt, sha256Data):
138 """ 139 Add the given username and password. 140 141 @param username: name of the user to add 142 @type username: str 143 @param salt: the salt for this user 144 @type salt: str 145 @param sha256Data: the sha256 data for this user 146 @type sha256Data: str 147 """ 148 self.debug('added user %s' % username) 149 self.users[username] = (salt, sha256Data)
150
151 - def _cbSha256PasswordMatch(self, matched, username):
152 if matched: 153 self.debug('user %s authenticated' % username) 154 return username 155 else: 156 self.debug('user %s refused, password not matched' % username) 157 return failure.Failure(errors.NotAuthenticatedError())
158 159 ### ICredentialsChecker methods
160 - def requestAvatarId(self, credentials):
161 if credentials.username in self.users: 162 salt, data = self.users[credentials.username] 163 password = salt + data 164 return defer.maybeDeferred( 165 credentials.checkSha256Password, 166 password).addCallback( 167 self._cbSha256PasswordMatch, credentials.username) 168 else: 169 self.debug('user %s refused, not in database' % 170 credentials.username) 171 return defer.fail(errors.NotAuthenticatedError())
172