コード例 #1
0
ファイル: decorators.py プロジェクト: unixbhaskar/pulp
def consumer_cert_authentication():
    cert_pem = http.ssl_client_cert()
    if cert_pem is not None:
        consumerid = factory.authentication_manager().check_consumer_cert(cert_pem)
        if consumerid is not None:
            _LOG.debug("Consumer authenticated with ssl cert: %s" % consumerid)
            return consumerid
コード例 #2
0
ファイル: decorators.py プロジェクト: unixbhaskar/pulp
def user_cert_authentication():
    cert_pem = http.ssl_client_cert()
    if cert_pem is not None:
        userid = factory.authentication_manager().check_user_cert(cert_pem)
        if userid:
            _LOG.debug("User authenticated with ssl cert: %s" % userid)
            return userid
    return None
コード例 #3
0
ファイル: decorators.py プロジェクト: unixbhaskar/pulp
def oauth_authentication():
    if not config.getboolean('oauth', 'enabled'):
        return None, False

    username = http.request_info('HTTP_PULP_USER')
    auth = http.http_authorization()
    cert_pem = http.ssl_client_cert()
    if username is None or auth is None:
        if cert_pem is not None:
            raise PulpCodedAuthenticationException(error_code=error_codes.PLP0027, user=username)
        return None, False
    meth = http.request_info('REQUEST_METHOD')
    url = http.request_url()
    query = http.request_info('QUERY_STRING')
    userid, is_consumer = factory.authentication_manager().check_oauth(username, meth, url, auth, query)
    if userid is None:
        raise PulpCodedAuthenticationException(error_code=error_codes.PLP0028, user=username)
    _LOG.debug("User authenticated with Oauth: %s" % userid)
    return userid, is_consumer
コード例 #4
0
ファイル: decorators.py プロジェクト: aweiteka/pulp
def oauth_authentication():
    if not config.getboolean('oauth', 'enabled'):
        return None, False

    username = http.request_info('HTTP_PULP_USER')
    auth = http.http_authorization()
    cert_pem = http.ssl_client_cert()
    if username is None or auth is None:
        if cert_pem is not None:
            raise AuthenticationFailed(auth_utils.CODE_INVALID_SSL_CERT)
        return None, False
    meth = http.request_info('REQUEST_METHOD')
    url = http.request_url()
    query = http.request_info('QUERY_STRING')
    userid, is_consumer = factory.authentication_manager().check_oauth(username, meth, url, auth, query)
    if userid is None:
        raise AuthenticationFailed(auth_utils.CODE_OAUTH)
    _LOG.debug("User authenticated with Oauth: %s" % userid)
    return userid, is_consumer
コード例 #5
0
ファイル: decorators.py プロジェクト: ehelms/pulp
        def _auth_decorator(self, *args, **kwargs):
            # XXX jesus h christ: is this some god awful shit
            # please, please refactor this into ... something ... anything!
            user = None
            is_consumer = False
            permissions = {'/v2/consumers/' : [0, 1]}
            # first, try username:password authentication
            username, password = http.username_password()
            if username is not None:
                user = check_username_password(username, password)
                if user is None:
                    return self.unauthorized(user_pass_fail_msg)

            # second, try certificate authentication
            if user is None:
                cert_pem = http.ssl_client_cert()
                if cert_pem is not None:
                    # first, check user certificate
                    user = check_user_cert(cert_pem)
                    if user is None:
                        # second, check consumer certificate

                        # This is temporary solution to solve authorization failure for consumers
                        # because of no associated users. We would likely be going with a similar approach
                        # for v2 with static permissions for consumers instead of associates users. Once we
                        # have users and permissions flushed out for v2, this code will look much better.

                        # user = check_consumer_cert(cert_pem)
                        user = check_consumer_cert_no_user(cert_pem)
                        if user:
                            is_consumer = True
                            consumer_base_url = '/v2/consumers/%s' % user + '/'
                            permissions[consumer_base_url] = [0, 1, 2, 3, 4]

                # third, check oauth credentials
                if user is None:
                    auth = http.http_authorization()
                    username = http.request_info('HTTP_PULP_USER')
                    if None in (auth, username):
                        if cert_pem is not None:
                            return self.unauthorized(cert_fail_msg)
                    else:
                        meth = http.request_info('REQUEST_METHOD')
                        url = http.request_url()
                        query = http.request_info('QUERY_STRING')
                        user = check_oauth(username, meth, url, auth, query)
                        if user is None:
                            return self.unauthorized(oauth_fail_msg)

            # authentication has failed
            if user is None:
                return self.unauthorized(authen_fail_msg)

            # procedure to check consumer permissions - part of the temporary solution described above
            def is_consumer_authorized(resource, consumer, operation):
                if consumer_base_url in resource and operation in permissions[consumer_base_url]:
                    return True
                else:
                    return False

            # forth, check authorization
            user_query_manager = factory.user_query_manager()
            if super_user_only and not user_query_manager.is_superuser(user['login']):
                return self.unauthorized(author_fail_msg)

            # if the operation is None, don't check authorization
            elif operation is not None:
                if is_consumer and is_consumer_authorized(http.resource_path(), user, operation):
                    value = method(self, *args, **kwargs)
                    clear_principal()
                    return value
                elif user_query_manager.is_authorized(http.resource_path(), user['login'], operation):
                    pass
                else:
                    return self.unauthorized(author_fail_msg)

            # everything ok, manage the principal and call the method
            set_principal(user)
            value = method(self, *args, **kwargs)
            clear_principal()
            return value