Package flumotion :: Package component :: Package bouncers :: Package algorithms :: Module ipbouncer
[hide private]

Source Code for Module flumotion.component.bouncers.algorithms.ipbouncer

 1  # -*- Mode: Python; test-case-name: flumotion.test.test_bouncers_ipbouncer -*- 
 2  # vi:si:et:sw=4:sts=4:ts=4 
 3   
 4  # Flumotion - a streaming media server 
 5  # Copyright (C) 2004,2005,2006,2007,2008,2009 Fluendo, S.L. 
 6  # Copyright (C) 2010,2011 Flumotion Services, S.A. 
 7  # All rights reserved. 
 8  # 
 9  # This file may be distributed and/or modified under the terms of 
10  # the GNU Lesser General Public License version 2.1 as published by 
11  # the Free Software Foundation. 
12  # This file is distributed without any warranty; without even the implied 
13  # warranty of merchantability or fitness for a particular purpose. 
14  # See "LICENSE.LGPL" in the source distribution for more information. 
15  # 
16  # Headers in this file shall remain intact. 
17   
18  """ 
19  A bouncer that authenticates based on the IP address of the remote side, 
20  as seen by the bouncer. 
21  """ 
22   
23  from flumotion.common import keycards, messages, errors, log, netutils 
24  from flumotion.common.i18n import N_, gettexter 
25  from flumotion.component.bouncers.algorithms import base 
26   
27  __all__ = ['IPBouncerAlgorithm'] 
28  __version__ = "$Rev$" 
29  T_ = gettexter() 
30   
31   
32 -class IPBouncerAlgorithm(base.BouncerAlgorithm):
33 34 logCategory = 'ip-bouncer' 35 volatile = False 36
37 - def get_namespace(self):
38 return 'ipbouncer'
39
40 - def start(self, component):
41 self.props = self.args['properties'] 42 self.deny_default = self.props.get('deny-default', True) 43 44 self.allows = netutils.RoutingTable() 45 self.denies = netutils.RoutingTable() 46 for p, t in (('allow', self.allows), ('deny', self.denies)): 47 for s in self.props.get(p, []): 48 try: 49 ip, mask = s.split('/') 50 t.addSubnet(True, ip, int(mask)) 51 except Exception, e: 52 m = messages.Error( 53 T_(N_("Invalid value for property %r: %s"), p, s), 54 log.getExceptionMessage(e), 55 mid='match-type') 56 component.addMessage(m) 57 raise errors.ComponentSetupHandledError()
58
59 - def authenticate(self, keycard):
60 ip = keycard.getData()['address'] 61 self.debug('authenticating keycard from requester %s', ip) 62 63 if ip is None: 64 self.warning('could not get address of remote') 65 allowed = False 66 elif self.deny_default: 67 allowed = (self.allows.route(ip) 68 and not self.denies.route(ip)) 69 else: 70 allowed = (self.allows.route(ip) 71 or not self.denies.route(ip)) 72 73 if not allowed: 74 self.info('denied login from ip address %s', 75 keycard.address) 76 return None 77 else: 78 keycard.state = keycards.AUTHENTICATED 79 self.debug('allowed login from ip address %s', 80 keycard.address) 81 return keycard
82