X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FAuth.py;h=80db3e792c94aabb067c2ac4fe7f8f3a42d4b3c5;hb=c12908a687431a9b5670491a695bc084c22ac584;hp=f056552b295cb5c82a172d1ecc941e566d5019f4;hpb=9101972fad4b6628eb666e5cf28893e4a776f419;p=plcapi.git diff --git a/PLC/Auth.py b/PLC/Auth.py index f056552..80db3e7 100644 --- a/PLC/Auth.py +++ b/PLC/Auth.py @@ -5,12 +5,17 @@ # Copyright (C) 2006 The Trustees of Princeton University # # $Id$ +# $URL$ # import crypt -import sha +try: + from hashlib import sha1 as sha +except ImportError: + import sha import hmac import time +import os from PLC.Faults import * from PLC.Parameter import Parameter, Mixed @@ -21,21 +26,13 @@ from PLC.Sessions import Session, Sessions from PLC.Peers import Peer, Peers from PLC.Boot import notify_owners -def map_auth(auth): - if auth['AuthMethod'] == "session": - expected = SessionAuth() - elif auth['AuthMethod'] == "password" or \ - auth['AuthMethod'] == "capability": - expected = PasswordAuth() - elif auth['AuthMethod'] == "gpg": - expected = GPGAuth() - elif auth['AuthMethod'] == "hmac" or \ - auth['AuthMethod'] == "hmac_dummybox": - expected = BootAuth() - elif auth['AuthMethod'] == "anonymous": - expected = AnonymousAuth() - else: - raise PLCInvalidArgument("must be 'session', 'password', 'gpg', 'hmac', 'hmac_dummybox', or 'anonymous'", "AuthMethod") +auth_methods = {'session': SessionAuth, + 'password': PasswordAuth, + 'capability': PasswordAuth, + 'gpg': GPGAuth, + 'hmac': BootAuth, + 'hmac_dummybox': BootAuth, + 'anonymous': AnonymousAuth} class Auth(Parameter): """ @@ -50,11 +47,17 @@ class Auth(Parameter): Parameter.__init__(self, auth, "API authentication structure") def check(self, method, auth, *args): + global auth_methods + # Method.type_check() should have checked that all of the # mandatory fields were present. assert 'AuthMethod' in auth - expected = map_auth(auth) + if auth['AuthMethod'] in auth_methods: + expected = auth_methods[auth['AuthMethod']]() + else: + sm = "'" + "', '".join(auth_methods.keys()) + "'" + raise PLCInvalidArgument("must be " + sm, "AuthMethod") # Re-check using the specified authentication method method.type_check("auth", auth, expected, (auth,) + args) @@ -234,10 +237,10 @@ class BootAuth(Auth): for interface in interfaces: if interface['is_primary']: break - + if not interface or not interface['is_primary']: raise PLCAuthenticationFailure, "No primary network interface on record" - + if method.source is None: raise PLCAuthenticationFailure, "Cannot determine IP address of requestor" @@ -254,7 +257,8 @@ class BootAuth(Auth): # We encode in UTF-8 before calculating the HMAC, which is # an 8-bit algorithm. - digest = hmac.new(key, msg.encode('utf-8'), sha).hexdigest() + # python 2.6 insists on receiving a 'str' as opposed to a 'unicode' + digest = hmac.new(str(key), msg.encode('utf-8'), sha).hexdigest() if digest != auth['value']: raise PLCAuthenticationFailure, "Call could not be authenticated" @@ -331,6 +335,20 @@ class PasswordAuth(Auth): raise PLCAuthenticationFailure, "Password verification failed" if not set(person['roles']).intersection(method.roles): - raise PLCAuthenticationFailure, "Not allowed to call method" + raise PLCAuthenticationFailure, "Not allowed to call method" method.caller = person + +path = os.path.dirname(__file__) + "/Auth.d" +try: + extensions = os.listdir(path) +except OSError, e: + extensions = [] +for extension in extensions: + if extension.startswith("."): + continue + if not extension.endswith(".py"): + continue + execfile("%s/%s" % (path, extension)) +del extension +del extensions