X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FAuth.py;h=dde0280f9f1c44d718774cc56f320c3f10300d31;hb=d35362b6d7c96dec551a846a9316d17c22d25be6;hp=f62b5119d577765db8f6d381578e1256b0439ce9;hpb=a74854dd38cb742b8fdc0d0cda7fff738a95312c;p=plcapi.git

diff --git a/PLC/Auth.py b/PLC/Auth.py
index f62b511..dde0280 100644
--- a/PLC/Auth.py
+++ b/PLC/Auth.py
@@ -5,18 +5,23 @@
 # Copyright (C) 2006 The Trustees of Princeton University
 #
 # $Id$
+# $URL$
 #
 
 import crypt
-import sha
+try:
+    from hashlib import sha1 as sha
+except ImportError:
+    import sha
 import hmac
 import time
+import os
 
 from PLC.Faults import *
 from PLC.Parameter import Parameter, Mixed
 from PLC.Persons import Persons
 from PLC.Nodes import Node, Nodes
-from PLC.NodeNetworks import NodeNetwork, NodeNetworks
+from PLC.Interfaces import Interface, Interfaces
 from PLC.Sessions import Session, Sessions
 from PLC.Peers import Peer, Peers
 from PLC.Boot import notify_owners
@@ -34,23 +39,17 @@ class Auth(Parameter):
         Parameter.__init__(self, auth, "API authentication structure")
 
     def check(self, method, auth, *args):
+        global auth_methods
+
         # Method.type_check() should have checked that all of the
         # mandatory fields were present.
         assert 'AuthMethod' in auth
 
-        if auth['AuthMethod'] == "session":
-            expected = SessionAuth()
-        elif auth['AuthMethod'] == "password" or \
-             auth['AuthMethod'] == "capability":
-            expected = PasswordAuth()
-        elif auth['AuthMethod'] == "gpg":
-            expected = GPGAuth()
-        elif auth['AuthMethod'] == "hmac":
-            expected = BootAuth()
-        elif auth['AuthMethod'] == "anonymous":
-            expected = AnonymousAuth()
+        if auth['AuthMethod'] in auth_methods:
+            expected = auth_methods[auth['AuthMethod']]()
         else:
-            raise PLCInvalidArgument("must be 'session', 'password', 'gpg', 'hmac', or 'anonymous'", "AuthMethod")
+            sm = "'" + "', '".join(auth_methods.keys()) + "'"
+            raise PLCInvalidArgument("must be " + sm, "AuthMethod")
 
         # Re-check using the specified authentication method
         method.type_check("auth", auth, expected, (auth,) + args)
@@ -224,22 +223,22 @@ class BootAuth(Auth):
                 # on record for the node.
                 key = node['boot_nonce']
 
-                nodenetwork = None
-                if node['nodenetwork_ids']:
-                    nodenetworks = NodeNetworks(method.api, node['nodenetwork_ids'])
-                    for nodenetwork in nodenetworks:
-                        if nodenetwork['is_primary']:
+                interface = None
+                if node['interface_ids']:
+                    interfaces = Interfaces(method.api, node['interface_ids'])
+                    for interface in interfaces:
+                        if interface['is_primary']:
                             break
-            
-                if not nodenetwork or not nodenetwork['is_primary']:
+
+                if not interface or not interface['is_primary']:
                     raise PLCAuthenticationFailure, "No primary network interface on record"
-            
+
                 if method.source is None:
                     raise PLCAuthenticationFailure, "Cannot determine IP address of requestor"
 
-                if nodenetwork['ip'] != method.source[0]:
+                if interface['ip'] != method.source[0]:
                     raise PLCAuthenticationFailure, "Requestor IP %s does not match node IP %s" % \
-                          (method.source[0], nodenetwork['ip'])
+                          (method.source[0], interface['ip'])
             else:
                 raise PLCAuthenticationFailure, "No node key or boot nonce"
 
@@ -250,7 +249,8 @@ class BootAuth(Auth):
 
             # We encode in UTF-8 before calculating the HMAC, which is
             # an 8-bit algorithm.
-            digest = hmac.new(key, msg.encode('utf-8'), sha).hexdigest()
+            # python 2.6 insists on receiving a 'str' as opposed to a 'unicode'
+            digest = hmac.new(str(key), msg.encode('utf-8'), sha).hexdigest()
 
             if digest != auth['value']:
                 raise PLCAuthenticationFailure, "Call could not be authenticated"
@@ -327,6 +327,27 @@ class PasswordAuth(Auth):
                 raise PLCAuthenticationFailure, "Password verification failed"
 
         if not set(person['roles']).intersection(method.roles):
-  	    raise PLCAuthenticationFailure, "Not allowed to call method"
+            raise PLCAuthenticationFailure, "Not allowed to call method"
 
         method.caller = person
+
+auth_methods = {'session': SessionAuth,
+                'password': PasswordAuth,
+                'capability': PasswordAuth,
+                'gpg': GPGAuth,
+                'hmac': BootAuth,
+                'hmac_dummybox': BootAuth,
+                'anonymous': AnonymousAuth}
+
+path = os.path.dirname(__file__) + "/Auth.d"
+try:
+    extensions = os.listdir(path)
+except OSError, e:
+    extensions = []
+for extension in extensions:
+    if extension.startswith("."):
+        continue
+    if not extension.endswith(".py"):
+        continue
+    execfile("%s/%s" % (path, extension))
+del extensions