def __init__(self, name=None, timeout=600, update_stamp=TRUE, service_equiv=FALSE, cleanup_threshold=100):
"""
<method maturity="stable">
<summary>
Constructor to initialize an instance of the AuthCache class.
</summary>
<description>
<para>
This constructor initializes and registers an AuthCache
instance that can be referenced in authentication
policies.
</para>
</description>
<metainfo>
<arguments>
<argument maturity="obsolete">
<name>name</name>
<type>
<string/>
</type>
<default>None</default>
<description>
The name of the authentication cache, this will be
used to identify this authentication cache when
the obsolete AuthPolicy construct is used. Setting
this value is not required if
AuthenticationPolicy is used.
</description>
</argument>
<argument>
<name>timeout</name>
<type>
<integer/>
</type>
<default>600</default>
<description>
Timeout while an authentication is assumed to be valid.
</description>
</argument>
<argument>
<name>update_stamp</name>
<type>
<boolean/>
</type>
<default>TRUE</default>
<description>
If set to <parameter>TRUE</parameter>, then cached authentications increase
the validity period of the authentication cache. Otherwise, the authentication
cache expires according to the timeout value set in
<xref linkend="python.Auth.AuthCache.__init___timeout"/>.
</description>
</argument>
<argument>
<name>service_equiv</name>
<type>
<boolean/>
</type>
<default>FALSE</default>
<description>If enabled, then a single authentication of a user applies to every service from that client.</description>
</argument>
<argument>
<name>cleanup_threshold</name>
<type>
<integer/>
</type>
<default>100</default>
<description>
When the number of entries in the cache reaches the value of
<parameter>cleanup_threshold</parameter>, old entries are automatically
deleted.
</description>
</argument>
</arguments>
</metainfo>
</method>
"""
if name:
self.name = name
cache_name = 'authcache(%s)' % self.name
else:
cache_name = 'authcache(noname)'
self.cache = LockedCache(TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
self.service_equiv = service_equiv
if name:
if Globals.auth_caches.has_key(name):
raise ValueError, "Duplicate AuthCache name: %s" % name
Globals.auth_caches[name] = self
def __init__(self,
name=None,
timeout=600,
update_stamp=TRUE,
service_equiv=FALSE,
cleanup_threshold=100):
"""
<method maturity="stable">
<summary>
Constructor to initialize an instance of the AuthCache class.
</summary>
<description>
<para>
This constructor initializes and registers an AuthCache
instance that can be referenced in authentication
policies.
</para>
</description>
<metainfo>
<arguments>
<argument maturity="obsolete">
<name>name</name>
<type>
<string/>
</type>
<default>None</default>
<description>
The name of the authentication cache, this will be
used to identify this authentication cache when
the obsolete AuthPolicy construct is used. Setting
this value is not required if
AuthenticationPolicy is used.
</description>
</argument>
<argument>
<name>timeout</name>
<type>
<integer/>
</type>
<default>600</default>
<description>
Timeout while an authentication is assumed to be valid.
</description>
</argument>
<argument>
<name>update_stamp</name>
<type>
<boolean/>
</type>
<default>TRUE</default>
<description>
If set to <parameter>TRUE</parameter>, then cached authentications increase
the validity period of the authentication cache. Otherwise, the authentication
cache expires according to the timeout value set in
<xref linkend="Auth___init___timeout"/><!-- FIXME ambiguous link, should point to
previous attribute-->.
</description>
</argument>
<argument>
<name>service_equiv</name>
<type>
<boolean/>
</type>
<default>FALSE</default>
<description>If enabled, then a single authentication of a user applies to every service from that client.</description>
</argument>
<argument>
<name>cleanup_threshold</name>
<type>
<integer/>
</type>
<default>100</default>
<description>
When the number of entries in the cache reaches the value of
<parameter>cleanup_threshold</parameter>, old entries are automatically
deleted.
</description>
</argument>
</arguments>
</metainfo>
</method>
"""
if name:
self.name = name
cache_name = 'authcache(%s)' % self.name
else:
cache_name = 'authcache(noname)'
self.cache = LockedCache(
TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
self.service_equiv = service_equiv
if name:
if Globals.auth_caches.has_key(name):
raise ValueError, "Duplicate AuthCache name: %s" % name
Globals.auth_caches[name] = self
class AuthCache(object):
"""
<class type="authcache">
<summary>
Class encapsulating the authentication cache.
</summary>
<description>
<para>
This class encapsulates an authentication cache which associates
usernames with client IP addresses. The association between a username
and an IP address is valid only until the specified timeout.
Caching the authentication results means that the users
do not need to authenticate themselves for every request: it is
assumed that the same user is using the computer within the timeout. E.g.: once
authenticated for an HTTP service, the client can browse
the web for <guilabel>Timeout</guilabel> period, but has to authenticate again to
use FTP.
</para>
<para>
To use a single authorization cache for every service request of a client, set
the <parameter>service_equiv</parameter> attribute to <parameter>TRUE</parameter>.
That way Zorp does not make difference between the different services (protocols) used
by the client: after a successful authentication the user can use all available services
without having to perform another authentication. E.g.: if this option is enabled in the
example above, the client does not have to re-authenticate for starting an FTP
connection.
</para>
</description>
<metainfo>
<attributes>
<attribute internal="yes">
<name>name</name>
<type>String</type>
<description>Name of the authentication cache.</description>
</attribute>
<attribute internal="yes">
<name>cache</name>
<type>AbstractCache instance</type>
<description>TimedCache object where the information is stored.</description>
</attribute>
<attribute internal="yes">
<name>service_equiv</name>
<type>Boolean</type>
<description>If enabled, then a single authentication of a user applies to every service from that client.</description>
</attribute>
</attributes>
</metainfo>
</class>
"""
def __init__(self, name=None, timeout=600, update_stamp=TRUE, service_equiv=FALSE, cleanup_threshold=100):
"""
<method maturity="stable">
<summary>
Constructor to initialize an instance of the AuthCache class.
</summary>
<description>
<para>
This constructor initializes and registers an AuthCache
instance that can be referenced in authentication
policies.
</para>
</description>
<metainfo>
<arguments>
<argument maturity="obsolete">
<name>name</name>
<type>
<string/>
</type>
<default>None</default>
<description>
The name of the authentication cache, this will be
used to identify this authentication cache when
the obsolete AuthPolicy construct is used. Setting
this value is not required if
AuthenticationPolicy is used.
</description>
</argument>
<argument>
<name>timeout</name>
<type>
<integer/>
</type>
<default>600</default>
<description>
Timeout while an authentication is assumed to be valid.
</description>
</argument>
<argument>
<name>update_stamp</name>
<type>
<boolean/>
</type>
<default>TRUE</default>
<description>
If set to <parameter>TRUE</parameter>, then cached authentications increase
the validity period of the authentication cache. Otherwise, the authentication
cache expires according to the timeout value set in
<xref linkend="python.Auth.AuthCache.__init___timeout"/>.
</description>
</argument>
<argument>
<name>service_equiv</name>
<type>
<boolean/>
</type>
<default>FALSE</default>
<description>If enabled, then a single authentication of a user applies to every service from that client.</description>
</argument>
<argument>
<name>cleanup_threshold</name>
<type>
<integer/>
</type>
<default>100</default>
<description>
When the number of entries in the cache reaches the value of
<parameter>cleanup_threshold</parameter>, old entries are automatically
deleted.
</description>
</argument>
</arguments>
</metainfo>
</method>
"""
if name:
self.name = name
cache_name = 'authcache(%s)' % self.name
else:
cache_name = 'authcache(noname)'
self.cache = LockedCache(TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
self.service_equiv = service_equiv
if name:
if Globals.auth_caches.has_key(name):
raise ValueError, "Duplicate AuthCache name: %s" % name
Globals.auth_caches[name] = self
def makeKey(self, session):
"""
<method internal="yes">
</method>
"""
if self.service_equiv:
return session.client_address.ip_s
else:
return (session.client_address.ip_s, session.service.name)
def lookup(self, session):
"""
<method internal="yes">
</method>
"""
return self.cache.lookup(self.makeKey(session))
def store(self, session, entity):
"""
<method internal="yes">
</method>
"""
return self.cache.store(self.makeKey(session), entity)
class AuthCache:
"""
<class type="authcache">
<summary>
Class encapsulating the authentication cache.
</summary>
<description>
<para>
This class encapsulates an authentication cache which associates
usernames with client IP addresses. The association between a username
and an IP address is valid only until the specified timeout.
Caching the authentication results means that the users
do not need to authenticate themselves for every request: it is
assumed that the same user is using the computer within the timeout. E.g.: once
authenticated for an HTTP service, the client can browse
the web for <guilabel>Timeout</guilabel> period, but has to authenticate again to
use FTP.
</para>
<para>
To use a single authorization cache for every service request of a client, set
the <parameter>service_equiv</parameter> attribute to <parameter>TRUE</parameter>.
That way Zorp does not make difference between the different services (protocols) used
by the client: after a successful authentication the user can use all available services
without having to perform another authentication. E.g.: if this option is enabled in the
example above, the client does not have to re-authenticate for starting an FTP
connection.
</para>
</description>
<metainfo>
<attributes>
<attribute internal="yes">
<name>name</name>
<type>String</type>
<description>Name of the authentication cache.</description>
</attribute>
<attribute internal="yes">
<name>cache</name>
<type>AbstractCache instance</type>
<description>TimedCache object where the information is stored.</description>
</attribute>
<attribute internal="yes">
<name>service_equiv</name>
<type>Boolean</type>
<description>If enabled, then a single authentication of a user applies to every service from that client.</description>
</attribute>
</attributes>
</metainfo>
</class>
"""
def __init__(self,
name=None,
timeout=600,
update_stamp=TRUE,
service_equiv=FALSE,
cleanup_threshold=100):
"""
<method maturity="stable">
<summary>
Constructor to initialize an instance of the AuthCache class.
</summary>
<description>
<para>
This constructor initializes and registers an AuthCache
instance that can be referenced in authentication
policies.
</para>
</description>
<metainfo>
<arguments>
<argument maturity="obsolete">
<name>name</name>
<type>
<string/>
</type>
<default>None</default>
<description>
The name of the authentication cache, this will be
used to identify this authentication cache when
the obsolete AuthPolicy construct is used. Setting
this value is not required if
AuthenticationPolicy is used.
</description>
</argument>
<argument>
<name>timeout</name>
<type>
<integer/>
</type>
<default>600</default>
<description>
Timeout while an authentication is assumed to be valid.
</description>
</argument>
<argument>
<name>update_stamp</name>
<type>
<boolean/>
</type>
<default>TRUE</default>
<description>
If set to <parameter>TRUE</parameter>, then cached authentications increase
the validity period of the authentication cache. Otherwise, the authentication
cache expires according to the timeout value set in
<xref linkend="Auth___init___timeout"/><!-- FIXME ambiguous link, should point to
previous attribute-->.
</description>
</argument>
<argument>
<name>service_equiv</name>
<type>
<boolean/>
</type>
<default>FALSE</default>
<description>If enabled, then a single authentication of a user applies to every service from that client.</description>
</argument>
<argument>
<name>cleanup_threshold</name>
<type>
<integer/>
</type>
<default>100</default>
<description>
When the number of entries in the cache reaches the value of
<parameter>cleanup_threshold</parameter>, old entries are automatically
deleted.
</description>
</argument>
</arguments>
</metainfo>
</method>
"""
if name:
self.name = name
cache_name = 'authcache(%s)' % self.name
else:
cache_name = 'authcache(noname)'
self.cache = LockedCache(
TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
self.service_equiv = service_equiv
if name:
if Globals.auth_caches.has_key(name):
raise ValueError, "Duplicate AuthCache name: %s" % name
Globals.auth_caches[name] = self
def makeKey(self, session):
"""
<method internal="yes">
</method>
"""
if self.service_equiv:
return session.client_address.ip_s
else:
return (session.client_address.ip_s, session.service.name)
def lookup(self, session):
"""
<method internal="yes">
</method>
"""
return self.cache.lookup(self.makeKey(session))
def store(self, session, entity):
"""
<method internal="yes">
</method>
"""
return self.cache.store(self.makeKey(session), entity)