1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 """
23 serializable keycards used for authentication
24 """
25
26 from twisted.cred.credentials import ICredentials
27 from twisted.spread import pb
28 from zope.interface import implements
29
30 from flumotion.twisted import credentials
31
32 __version__ = "$Rev$"
33 _statesEnum = ['REFUSED', 'REQUESTING', 'AUTHENTICATED']
34
35 (REFUSED,
36 REQUESTING,
37 AUTHENTICATED) = range(3)
38
39
40 -class Keycard(pb.Copyable, pb.RemoteCopy):
41 """
42 I am the base class for keycards which together with credentials are
43 a serializable object used in authentication inside Flumotion.
44
45 @ivar bouncerName: name of the bouncer to authenticate against; set by
46 requester
47 @type bouncerName: str
48 @ivar requesterId: avatarId of the requester
49 @type requesterId: str
50 @ivar avatarId: avatarId preferred by requester
51 @type avatarId: str
52 @ivar id: id of keycard decided by bouncer after authenticating
53 @type id: object
54 @ivar duration: duration for which the keycard is valid, or 0 for
55 unlimited
56 @type duration: int
57 @ivar domain: requester can pass a domain id to the bouncer
58 @type domain: str
59 @ivar state: state the keycard is in
60 @type state: int
61 @ivar address: IP address of requester (optional)
62 @type address: str
63 @ivar username: username of requester (optional)
64 @type username: str
65 @ivar password: password of requester (optional)
66 @type password: str
67 @ivar path: path of request (optional)
68 @type path: str
69 @type token: token for request (optional)
70 @type token: str
71 @ivar arguments: arguments passed with request (optional)
72 @type arguments: dict of str->str
73 """
74 implements(ICredentials)
75
76 address = None
77 username = None
78 password = None
79 path = None
80 token = ''
81 arguments = {}
82
92
94 """
95 Return a dictionary of the viewable data on the keycard that can be
96 used to identify the keycard.
97 It doesn't include sensitive information though.
98
99 Subclasses should override to add additional information.
100 """
101 return {'id': self.id,
102 'requester': self.requesterId,
103 'domain': self.domain,
104 'username': self.username,
105 'address': self.address,
106 'path': self.path,
107 'token': self.token,
108 'arguments': self.arguments}
109
111 return "<%s for requesterId %r in state %s>" % (
112 self.__class__.__name__,
113 self.requesterId, _statesEnum[self.state])
114
115
118
119 pb.setUnjellyableForClass(KeycardGeneric, KeycardGeneric)
120
121
122
123
124 UCPP = credentials.UsernameCryptPasswordPlaintext
125
126
128 """
129 I am a keycard with a username, plaintext password and IP address.
130 I get authenticated against a crypt password.
131 """
132
133 - def __init__(self, username, password, address):
137
143
148
149 pb.setUnjellyableForClass(KeycardUACPP, KeycardUACPP)
150
151
152
153
154
155 UCPCC = credentials.UsernameCryptPasswordCryptChallenger
156
157
159 """
160 I am a keycard with a username and IP address.
161 I get authenticated through challenge/response on a crypt password.
162 """
163
168
174
179
180 pb.setUnjellyableForClass(KeycardUACPCC, KeycardUACPCC)
181
182
184 """
185 I am a keycard with a token and IP address and a path (optional).
186 I get authenticated by token and maybe IP address.
187 """
188
189 - def __init__(self, token, address, path=None):
194
201
206
207 pb.setUnjellyableForClass(KeycardToken, KeycardToken)
208
209
211 """
212 I am a keycard with a token and IP address and a path (optional).
213 I get authenticated by HTTP request GET parameters and maybe IP address.
214
215 @type address: C{str}
216 @ivar address: The HTTP client IP address.
217 @type path: C{str}
218 @ivar path: The path requested by the HTTP client.
219 """
220
221 - def __init__(self, arguments, address, path=None):
226
233
235 return "<%s %s for path %s @%s for reqId %r in state %s>" % (
236 self.__class__.__name__, self.id, self.path,
237 self.address, self.requesterId, _statesEnum[self.state])
238
239 pb.setUnjellyableForClass(KeycardHTTPGetArguments, KeycardHTTPGetArguments)
240
241
242 USPCC = credentials.UsernameSha256PasswordCryptChallenger
243
244
246 """
247 I am a keycard with a username and IP address.
248 I get authenticated through challenge/response on a SHA-256 password.
249 """
250
255
261
266
267 pb.setUnjellyableForClass(KeycardUASPCC, KeycardUASPCC)
268
269
286
287 pb.setUnjellyableForClass(KeycardHTTPDigest, KeycardHTTPDigest)
288