1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 """
19 serializable keycards used for authentication
20 """
21
22 from twisted.cred.credentials import ICredentials
23 from twisted.spread import pb
24 from zope.interface import implements
25
26 from flumotion.twisted import credentials
27
28 __version__ = "$Rev$"
29 _statesEnum = ['REFUSED', 'REQUESTING', 'AUTHENTICATED']
30
31 (REFUSED,
32 REQUESTING,
33 AUTHENTICATED) = range(3)
34
35
36 -class Keycard(pb.Copyable, pb.RemoteCopy):
37 """
38 I am the base class for keycards which together with credentials are
39 a serializable object used in authentication inside Flumotion.
40
41 @ivar bouncerName: name of the bouncer to authenticate against; set by
42 requester
43 @type bouncerName: str
44 @ivar requesterId: avatarId of the requester
45 @type requesterId: str
46 @ivar avatarId: avatarId preferred by requester
47 @type avatarId: str
48 @ivar id: id of keycard decided by bouncer after authenticating
49 @type id: object
50 @ivar duration: duration for which the keycard is valid, or 0 for
51 unlimited
52 @type duration: int
53 @ivar domain: requester can pass a domain id to the bouncer
54 @type domain: str
55 @ivar state: state the keycard is in
56 @type state: int
57 @ivar address: IP address of requester (optional)
58 @type address: str
59 @ivar username: username of requester (optional)
60 @type username: str
61 @ivar password: password of requester (optional)
62 @type password: str
63 @ivar path: path of request (optional)
64 @type path: str
65 @type token: token for request (optional)
66 @type token: str
67 @ivar arguments: arguments passed with request (optional)
68 @type arguments: dict of str->str
69 """
70 implements(ICredentials)
71
72 address = None
73 username = None
74 password = None
75 path = None
76 token = ''
77 arguments = {}
78
88
90 """
91 Return a dictionary of the viewable data on the keycard that can be
92 used to identify the keycard.
93 It doesn't include sensitive information though.
94
95 Subclasses should override to add additional information.
96 """
97 return {'id': self.id,
98 'requester': self.requesterId,
99 'domain': self.domain,
100 'username': self.username,
101 'address': self.address,
102 'path': self.path,
103 'token': self.token,
104 'arguments': self.arguments}
105
107 return "<%s for requesterId %r in state %s>" % (
108 self.__class__.__name__,
109 self.requesterId, _statesEnum[self.state])
110
111
114
115 pb.setUnjellyableForClass(KeycardGeneric, KeycardGeneric)
116
117
118
119
120 UCPP = credentials.UsernameCryptPasswordPlaintext
121
122
124 """
125 I am a keycard with a username, plaintext password and IP address.
126 I get authenticated against a crypt password.
127 """
128
129 - def __init__(self, username, password, address):
133
139
144
145 pb.setUnjellyableForClass(KeycardUACPP, KeycardUACPP)
146
147
148
149
150
151 UCPCC = credentials.UsernameCryptPasswordCryptChallenger
152
153
155 """
156 I am a keycard with a username and IP address.
157 I get authenticated through challenge/response on a crypt password.
158 """
159
164
170
175
176 pb.setUnjellyableForClass(KeycardUACPCC, KeycardUACPCC)
177
178
180 """
181 I am a keycard with a token and IP address and a path (optional).
182 I get authenticated by token and maybe IP address.
183 """
184
185 - def __init__(self, token, address, path=None):
190
197
202
203 pb.setUnjellyableForClass(KeycardToken, KeycardToken)
204
205
207 """
208 I am a keycard with a token and IP address and a path (optional).
209 I get authenticated by HTTP request GET parameters and maybe IP address.
210
211 @type address: C{str}
212 @ivar address: The HTTP client IP address.
213 @type path: C{str}
214 @ivar path: The path requested by the HTTP client.
215 """
216
217 - def __init__(self, arguments, address, path=None):
222
229
231 return "<%s %s for path %s @%s for reqId %r in state %s>" % (
232 self.__class__.__name__, self.id, self.path,
233 self.address, self.requesterId, _statesEnum[self.state])
234
235 pb.setUnjellyableForClass(KeycardHTTPGetArguments, KeycardHTTPGetArguments)
236
237
238 USPCC = credentials.UsernameSha256PasswordCryptChallenger
239
240
242 """
243 I am a keycard with a username and IP address.
244 I get authenticated through challenge/response on a SHA-256 password.
245 """
246
251
257
262
263 pb.setUnjellyableForClass(KeycardUASPCC, KeycardUASPCC)
264
265
282
283 pb.setUnjellyableForClass(KeycardHTTPDigest, KeycardHTTPDigest)
284