Trees | Indices | Help |
---|
|
1 # -*- Mode: Python -*- 2 # vi:si:et:sw=4:sts=4:ts=4 3 # 4 # Flumotion - a streaming media server 5 # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 6 # All rights reserved. 7 8 # This file may be distributed and/or modified under the terms of 9 # the GNU General Public License version 2 as published by 10 # the Free Software Foundation. 11 # This file is distributed without any warranty; without even the implied 12 # warranty of merchantability or fitness for a particular purpose. 13 # See "LICENSE.GPL" in the source distribution for more information. 14 15 # Licensees having purchased or holding a valid Flumotion Advanced 16 # Streaming Server license may use this file in accordance with the 17 # Flumotion Advanced Streaming Server Commercial License Agreement. 18 # See "LICENSE.Flumotion" in the source distribution for more information. 19 20 # Headers in this file shall remain intact. 21 22 import os 23 import base64 24 import binascii 25 26 from twisted.conch import error, manhole 27 from twisted.conch.insults import insults 28 from twisted.conch.ssh import keys 29 from twisted.cred import credentials 30 from twisted.cred.checkers import ICredentialsChecker 31 from twisted.cred.error import UnauthorizedLogin 32 from twisted.internet import defer, reactor 33 from twisted.cred import portal 34 from twisted.python import failure 35 from zope import interface 36 37 from flumotion.common import log 38 39 40 # This class is from twisted.conch.checkers, copyright 2001-2007 Paul 41 # Swartz, Jp Calderone, and others. Original license: 42 # 43 # Permission is hereby granted, free of charge, to any person obtaining 44 # a copy of this software and associated documentation files (the 45 # "Software"), to deal in the Software without restriction, including 46 # without limitation the rights to use, copy, modify, merge, publish, 47 # distribute, sublicense, and/or sell copies of the Software, and to 48 # permit persons to whom the Software is furnished to do so, subject to 49 # the following conditions: 50 51 # The above copyright notice and this permission notice shall be 52 # included in all copies or substantial portions of the Software. 53 54 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 55 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 56 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 57 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 58 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 59 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 60 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 61 62 # It has been modified to check a particular authorized_keys file 63 # instead of poking in users' ~/.ssh directories.65 try: 66 credentialInterfaces = credentials.ISSHPrivateKey, 67 except AttributeError: 68 log.warning('manhole', 'ssh manhole unavailable (old twisted)') 69 # you won't be able to log anything in 70 credentialInterfaces = () 71 72 interface.implements(ICredentialsChecker) 73 76121 127 checker = SSHPublicKeyChecker(authorizedKeysFile) 128 sshRealm = manhole_ssh.TerminalRealm() 129 sshRealm.chainedProtocolFactory = makeProtocol 130 sshPortal = portal.Portal(sshRealm, [checker]) 131 sshFactory = manhole_ssh.ConchFactory(sshPortal) 132 port = reactor.listenTCP(portNum, sshFactory, interface='localhost') 133 return port 134 143 144 telnetFactory = protocol.ServerFactory() 145 telnetFactory.protocol = makeProtocol 146 port = reactor.listenTCP(portNum, telnetFactory, 147 interface='localhost') 148 return port 14978 d = defer.maybeDeferred(self.checkKey, credentials) 79 d.addCallback(self._cbRequestAvatarId, credentials) 80 d.addErrback(self._ebRequestAvatarId) 81 return d8284 if not validKey: 85 return failure.Failure(UnauthorizedLogin()) 86 if not credentials.signature: 87 return failure.Failure(error.ValidPublicKey()) 88 else: 89 try: 90 pubKey = keys.getPublicKeyObject(data = credentials.blob) 91 if keys.verifySignature(pubKey, credentials.signature, 92 credentials.sigData): 93 return credentials.username 94 except: # any error should be treated as a failed login 95 f = failure.Failure() 96 log.warning('error checking signature: %r', credentials) 97 return f 98 return failure.Failure(UnauthorizedLogin())99101 filename = self.authorizedKeysFile 102 if not os.path.exists(filename): 103 return 0 104 lines = open(filename).xreadlines() 105 for l in lines: 106 l2 = l.split() 107 if len(l2) < 2: 108 continue 109 try: 110 if base64.decodestring(l2[1]) == credentials.blob: 111 return 1 112 except binascii.Error: 113 continue 114 return 0115
Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Thu Aug 7 15:45:45 2008 | http://epydoc.sourceforge.net |