281 lines
11 KiB
Python
Executable File
281 lines
11 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# -*- coding: iso-8859-15 -*-
|
|
|
|
|
|
# Glasnost
|
|
# By: Odile Bénassy <obenassy@entrouvert.com>
|
|
# Romain Chantereau <rchantereau@entrouvert.com>
|
|
# Nicolas Clapiès <nclapies@easter-eggs.org>
|
|
# Pierre-Antoine Dejace <padejace@entrouvert.be>
|
|
# Thierry Dulieu <tdulieu@easter-eggs.com>
|
|
# Florent Monnier <monnier@codelutin.com>
|
|
# Cédric Musso <cmusso@easter-eggs.org>
|
|
# Frédéric Péters <fpeters@entrouvert.be>
|
|
# Benjamin Poussin <poussin@codelutin.com>
|
|
# Emmanuel Raviart <eraviart@entrouvert.com>
|
|
# Sébastien Régnier <regnier@codelutin.com>
|
|
# Emmanuel Saracco <esaracco@easter-eggs.com>
|
|
#
|
|
# Copyright (C) 2000, 2001 Easter-eggs & Emmanuel Raviart
|
|
# Copyright (C) 2002 Odile Bénassy, Code Lutin, Thierry Dulieu, Easter-eggs,
|
|
# Entr'ouvert, Frédéric Péters, Benjamin Poussin, Emmanuel Raviart,
|
|
# Emmanuel Saracco & Théridion
|
|
# Copyright (C) 2003 Odile Bénassy, Romain Chantereau, Nicolas Clapiès,
|
|
# Code Lutin, Pierre-Antoine Dejace, Thierry Dulieu, Easter-eggs,
|
|
# Entr'ouvert, Florent Monnier, Cédric Musso, Ouvaton, Frédéric Péters,
|
|
# Benjamin Poussin, Rodolphe Quiédeville, Emmanuel Raviart, Sébastien
|
|
# Régnier, Emmanuel Saracco, Théridion & Vecam
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
|
__doc__ = """Glasnost Authentication Server"""
|
|
|
|
__version__ = '$Revision$'[11:-2]
|
|
|
|
|
|
import cPickle
|
|
import imp
|
|
import sys
|
|
import time
|
|
import whrandom
|
|
|
|
glasnostPythonDir = '/usr/local/lib/glasnost-devel' # changed on make install
|
|
sys.path.insert(0, glasnostPythonDir)
|
|
|
|
import glasnost
|
|
|
|
from glasnost.common.AuthenticationCommon import *
|
|
import glasnost.common.faults as faults
|
|
import glasnost.common.tools_new as commonTools
|
|
|
|
from glasnost.proxy.DispatcherProxy import getApplicationId, \
|
|
getApplicationToken, registerServer, registerVirtualServer
|
|
from glasnost.server.ObjectsServer import register, AdministrableServerMixin, \
|
|
AdminServerMixin, Server, VirtualServer, AdministrableVirtualServer
|
|
from glasnost.server.tools import *
|
|
|
|
from glasnost.proxy.GroupsProxy import setContains
|
|
|
|
import glasnost.server.kinds as kinds
|
|
|
|
|
|
applicationName = 'AuthenticationServer'
|
|
applicationRole = 'authentication'
|
|
dispatcher = None
|
|
|
|
# Don't forget to also change the value in SessionsServer.py.
|
|
expirationTime = 120 * 60
|
|
|
|
|
|
class AdminAuthentication(AdminServerMixin, AdminAuthenticationCommon):
|
|
pass
|
|
register(AdminAuthentication)
|
|
|
|
class AuthenticationVirtualServer(AdministrableVirtualServer):
|
|
tokenExpirations = None
|
|
userAuthObjects = None
|
|
userIds = None
|
|
userTokens = None
|
|
|
|
def convertIds(self, sourceDispatcherId, destinationDispatcherId):
|
|
AdministrableVirtualServer.convertIds(
|
|
self, sourceDispatcherId, destinationDispatcherId)
|
|
|
|
for token, expiration in self.tokenExpirations.items():
|
|
newToken = token.replace(sourceDispatcherId,
|
|
destinationDispatcherId)
|
|
if newToken != token:
|
|
del self.tokenExpirations[token]
|
|
self.tokenExpirations[newToken] = expiration
|
|
|
|
for token, dict in self.userAuthObjects.items():
|
|
newToken = token.replace(
|
|
sourceDispatcherId, destinationDispatcherId)
|
|
if newToken != token:
|
|
del self.userAuthObjects[token]
|
|
self.userAuthObjects[newToken] = dict
|
|
|
|
for token, id in self.userIds.items():
|
|
newToken = token.replace(sourceDispatcherId,
|
|
destinationDispatcherId)
|
|
if newToken != token:
|
|
del self.userIds[token]
|
|
token = newToken
|
|
self.userIds[token] = id
|
|
newId = id.replace(sourceDispatcherId, destinationDispatcherId)
|
|
if newId != id:
|
|
self.userIds[token] = newId
|
|
|
|
for id, token in self.userTokens.items():
|
|
newId = id.replace(sourceDispatcherId, destinationDispatcherId)
|
|
if newId != id:
|
|
del self.userTokens[id]
|
|
id = newId
|
|
self.userTokens[id] = token
|
|
newToken = token.replace(
|
|
sourceDispatcherId, destinationDispatcherId)
|
|
if newToken != token:
|
|
self.userTokens[id] = newToken
|
|
|
|
def init(self):
|
|
AdministrableVirtualServer.init(self)
|
|
if not self.admin.authenticationMethods:
|
|
self.admin.authenticationMethods = ['login-password']
|
|
self.userAuthObjects = {}
|
|
self.userIds = {}
|
|
self.userTokens = {}
|
|
self.tokenExpirations = {}
|
|
|
|
def testExpiration(self, userToken):
|
|
if not self.userIds.has_key(userToken):
|
|
return
|
|
if time.time() > self.tokenExpirations[userToken]:
|
|
print 'userToken %s expired' % userToken
|
|
userId = self.userIds[userToken]
|
|
if self.userAuthObjects.has_key(userToken):
|
|
del self.userAuthObjects[userToken]
|
|
del self.userIds[userToken]
|
|
del self.userTokens[userId]
|
|
del self.tokenExpirations[userToken]
|
|
else:
|
|
self.tokenExpirations[userToken] = time.time() + expirationTime
|
|
|
|
class AuthenticationServer(AuthenticationCommonMixin,
|
|
AdministrableServerMixin, Server):
|
|
VirtualServer = AuthenticationVirtualServer
|
|
|
|
def computeVirtualServerIdFromUserToken(self, userToken):
|
|
return self.computeVirtualServerId(userToken)
|
|
|
|
def getAuthObject(self):
|
|
virtualServerId = context.getVar('applicationId')
|
|
userToken = context.getVar('userToken')
|
|
if not userToken:
|
|
return None # raise sth
|
|
virtualServer = self.getVirtualServer(virtualServerId)
|
|
virtualServer.testExpiration(userToken)
|
|
if not virtualServer.userAuthObjects.has_key(userToken):
|
|
return None # raise sth
|
|
userAuthObject = virtualServer.userAuthObjects[userToken]
|
|
return userAuthObject
|
|
|
|
def getUserId(self):
|
|
virtualServerId = context.getVar('applicationId')
|
|
userToken = context.getVar('userToken')
|
|
if not userToken:
|
|
return ''
|
|
virtualServer = self.getVirtualServer(virtualServerId)
|
|
virtualServer.testExpiration(userToken)
|
|
if not virtualServer.userIds.has_key(userToken):
|
|
return ''
|
|
#raise faults.UnknownUserToken(userToken)
|
|
userId = virtualServer.userIds[userToken]
|
|
return userId
|
|
|
|
def delUserToken(self):
|
|
virtualServerId = context.getVar('applicationId')
|
|
virtualServer = self.getVirtualServer(virtualServerId)
|
|
userToken = context.getVar('userToken')
|
|
if virtualServer.userIds.has_key(userToken):
|
|
userId = virtualServer.userIds[userToken]
|
|
del virtualServer.userIds[userToken]
|
|
del virtualServer.userTokens[userId]
|
|
del virtualServer.tokenExpirations[userToken]
|
|
del virtualServer.userAuthObjects[userToken]
|
|
|
|
def getUserToken(self, authenticationMethod, authenticationObject):
|
|
virtualServerId = context.getVar('applicationId')
|
|
virtualServer = self.getVirtualServer(virtualServerId)
|
|
|
|
authServer = getProxyForServerRole('authentication-%s' % \
|
|
authenticationMethod)
|
|
if not authServer:
|
|
raise faults.UnknownAuthenticationMethod(authenticationMethod)
|
|
userId = authServer.checkAuthentication(authenticationObject)
|
|
|
|
virtualServer.lock.acquire()
|
|
if virtualServer.userTokens.has_key(userId):
|
|
userToken = virtualServer.userTokens[userId]
|
|
virtualServer.testExpiration(userToken)
|
|
|
|
if virtualServer.userTokens.has_key(userId):
|
|
userToken = virtualServer.userTokens[userId]
|
|
virtualServer.tokenExpirations[userToken] = \
|
|
time.time() + expirationTime
|
|
virtualServer.userAuthObjects[userToken] = authenticationObject
|
|
else:
|
|
while 1:
|
|
userLocalToken = str(
|
|
self.randomGenerator.uniform(0.1, 1))[2:]
|
|
userToken = '%s/%s' % (virtualServerId, userLocalToken)
|
|
if not virtualServer.userIds.has_key(userToken):
|
|
break
|
|
virtualServer.userTokens[userId] = userToken
|
|
virtualServer.userIds[userToken] = userId
|
|
virtualServer.userAuthObjects[userToken] = authenticationObject
|
|
virtualServer.tokenExpirations[userToken] = \
|
|
time.time() + expirationTime
|
|
virtualServer.lock.release()
|
|
virtualServer.markAllAsDirtyFIXME()
|
|
return userToken
|
|
|
|
def init(self):
|
|
self.randomGenerator = whrandom.whrandom()
|
|
Server.init(self)
|
|
|
|
def loadConfigOptions(self):
|
|
Server.loadConfigOptions(self)
|
|
|
|
# Default expiration time is 120 minutes.
|
|
global expirationTime
|
|
expirationTime = int(
|
|
commonTools.getConfig('Misc', 'ExpirationTime', '120')) * 60
|
|
|
|
def registerAuthenticationMethod(self, method):
|
|
print 'adding authentication method:', method
|
|
|
|
def registerPublicMethods(self):
|
|
Server.registerPublicMethods(self)
|
|
AdministrableServerMixin.registerPublicMethods(self)
|
|
self.registerPublicMethod('delUserToken')
|
|
self.registerPublicMethod('getAuthObject')
|
|
self.registerPublicMethod('getUserId')
|
|
self.registerPublicMethod('getUserToken')
|
|
self.registerPublicMethod('registerAuthenticationMethod')
|
|
self.registerPublicMethod('setContainsUser')
|
|
|
|
def repairVirtualServer(self, virtualServer, version):
|
|
changed = 0
|
|
if version < 1049000:
|
|
admin = virtualServer.admin
|
|
if not admin.authenticationMethods:
|
|
admin.authenticationMethods = ['login-password']
|
|
changed = 1
|
|
if changed:
|
|
virtualServer.markAllAsDirtyFIXME()
|
|
|
|
def setContainsUser(self, set):
|
|
userId = getProxyForServerRole('authentication').getUserId()
|
|
return setContains(set, userId)
|
|
|
|
|
|
authenticationServer = AuthenticationServer()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
authenticationServer.launch(applicationName, applicationRole)
|
|
|