Trees | Indices | Help |
---|
|
1 # -*- Mode: Python; test-case-name: flumotion.test.test_bouncers_ipbouncer -*- 2 # vi:si:et:sw=4:sts=4:ts=4 3 4 # Flumotion - a streaming media server 5 # Copyright (C) 2004,2005,2006,2007,2008,2009 Fluendo, S.L. 6 # Copyright (C) 2010,2011 Flumotion Services, S.A. 7 # All rights reserved. 8 # 9 # This file may be distributed and/or modified under the terms of 10 # the GNU Lesser General Public License version 2.1 as published by 11 # the Free Software Foundation. 12 # This file is distributed without any warranty; without even the implied 13 # warranty of merchantability or fitness for a particular purpose. 14 # See "LICENSE.LGPL" in the source distribution for more information. 15 # 16 # Headers in this file shall remain intact. 17 18 """ 19 A bouncer that authenticates based on the IP address of the remote side, 20 as seen by the bouncer. 21 """ 22 23 from flumotion.common import keycards, messages, errors, log, netutils 24 from flumotion.common.i18n import N_, gettexter 25 from flumotion.component.bouncers.algorithms import base 26 27 __all__ = ['IPBouncerAlgorithm'] 28 __version__ = "$Rev$" 29 T_ = gettexter() 30 3133 34 logCategory = 'ip-bouncer' 35 volatile = False 36 398241 self.props = self.args['properties'] 42 self.deny_default = self.props.get('deny-default', True) 43 44 self.allows = netutils.RoutingTable() 45 self.denies = netutils.RoutingTable() 46 for p, t in (('allow', self.allows), ('deny', self.denies)): 47 for s in self.props.get(p, []): 48 try: 49 ip, mask = s.split('/') 50 t.addSubnet(True, ip, int(mask)) 51 except Exception, e: 52 m = messages.Error( 53 T_(N_("Invalid value for property %r: %s"), p, s), 54 log.getExceptionMessage(e), 55 mid='match-type') 56 component.addMessage(m) 57 raise errors.ComponentSetupHandledError()5860 ip = keycard.getData()['address'] 61 self.debug('authenticating keycard from requester %s', ip) 62 63 if ip is None: 64 self.warning('could not get address of remote') 65 allowed = False 66 elif self.deny_default: 67 allowed = (self.allows.route(ip) 68 and not self.denies.route(ip)) 69 else: 70 allowed = (self.allows.route(ip) 71 or not self.denies.route(ip)) 72 73 if not allowed: 74 self.info('denied login from ip address %s', 75 keycard.address) 76 return None 77 else: 78 keycard.state = keycards.AUTHENTICATED 79 self.debug('allowed login from ip address %s', 80 keycard.address) 81 return keycard
Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Tue Aug 13 06:17:35 2013 | http://epydoc.sourceforge.net |