Exemplo n.º 1
0
Arquivo: Auth.py Projeto: mochrul/zorp
 def __init__(self, name=None, timeout=600, update_stamp=TRUE, service_equiv=FALSE, cleanup_threshold=100):
     """
     <method maturity="stable">
       <summary>
         Constructor to initialize an instance of the AuthCache class.
       </summary>
       <description>
         <para>
           This constructor initializes and registers an AuthCache
           instance that can be referenced in authentication
           policies.
         </para>
       </description>
       <metainfo>
         <arguments>
           <argument maturity="obsolete">
             <name>name</name>
             <type>
               <string/>
             </type>
             <default>None</default>
             <description>
               The name of the authentication cache, this will be
               used to identify this authentication cache when
               the obsolete AuthPolicy construct is used. Setting
               this value is not required if
               AuthenticationPolicy is used.
             </description>
           </argument>
           <argument>
             <name>timeout</name>
             <type>
               <integer/>
             </type>
             <default>600</default>
             <description>
               Timeout while an authentication is assumed to be valid.
             </description>
           </argument>
           <argument>
             <name>update_stamp</name>
             <type>
               <boolean/>
             </type>
             <default>TRUE</default>
             <description>
               If set to <parameter>TRUE</parameter>, then cached authentications increase
               the validity period of the authentication cache. Otherwise, the authentication
               cache expires according to the timeout value set in
               <xref linkend="python.Auth.AuthCache.__init___timeout"/>.
             </description>
           </argument>
           <argument>
             <name>service_equiv</name>
             <type>
               <boolean/>
             </type>
             <default>FALSE</default>
             <description>If enabled, then a single authentication of a user applies to every service from that client.</description>
           </argument>
           <argument>
             <name>cleanup_threshold</name>
             <type>
               <integer/>
             </type>
             <default>100</default>
             <description>
               When the number of entries in the cache reaches the value of
               <parameter>cleanup_threshold</parameter>, old entries are automatically
               deleted.
             </description>
           </argument>
         </arguments>
       </metainfo>
     </method>
     """
     if name:
         self.name = name
         cache_name = 'authcache(%s)' % self.name
     else:
         cache_name = 'authcache(noname)'
     self.cache = LockedCache(TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
     self.service_equiv = service_equiv
     if name:
         if Globals.auth_caches.has_key(name):
             raise ValueError, "Duplicate AuthCache name: %s" % name
         Globals.auth_caches[name] = self
Exemplo n.º 2
0
 def __init__(self,
              name=None,
              timeout=600,
              update_stamp=TRUE,
              service_equiv=FALSE,
              cleanup_threshold=100):
     """
             <method maturity="stable">
               <summary>
                 Constructor to initialize an instance of the AuthCache class.
               </summary>
               <description>
                 <para>
                   This constructor initializes and registers an AuthCache
                   instance that can be referenced in authentication
                   policies.
                 </para>
               </description>
               <metainfo>
                 <arguments>
                   <argument maturity="obsolete">
                     <name>name</name>
                     <type>
                       <string/>
                     </type>
                     <default>None</default>
                     <description>
                       The name of the authentication cache, this will be
                       used to identify this authentication cache when
                       the obsolete AuthPolicy construct is used. Setting
                       this value is not required if
                       AuthenticationPolicy is used.
                     </description>
                   </argument>
                   <argument>
                     <name>timeout</name>
                     <type>
                       <integer/>
                     </type>
                     <default>600</default>
                     <description>
                       Timeout while an authentication is assumed to be valid.
                     </description>
                   </argument>
                   <argument>
                     <name>update_stamp</name>
                     <type>
                       <boolean/>
                     </type>
                     <default>TRUE</default>
                     <description>
                       If set to <parameter>TRUE</parameter>, then cached authentications increase
                       the validity period of the authentication cache. Otherwise, the authentication
                       cache expires according to the timeout value set in
                       <xref linkend="Auth___init___timeout"/><!-- FIXME ambiguous link, should point to
                       previous attribute-->.
                     </description>
                   </argument>
                   <argument>
                     <name>service_equiv</name>
                     <type>
                       <boolean/>
                     </type>
                     <default>FALSE</default>
                     <description>If enabled, then a single authentication of a user applies to every service from that client.</description>
                   </argument>
                   <argument>
                     <name>cleanup_threshold</name>
                     <type>
                       <integer/>
                     </type>
                     <default>100</default>
                     <description>
                       When the number of entries in the cache reaches the value of
                       <parameter>cleanup_threshold</parameter>, old entries are automatically
                       deleted.
                     </description>
                   </argument>
                 </arguments>
               </metainfo>
             </method>
             """
     if name:
         self.name = name
         cache_name = 'authcache(%s)' % self.name
     else:
         cache_name = 'authcache(noname)'
     self.cache = LockedCache(
         TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
     self.service_equiv = service_equiv
     if name:
         if Globals.auth_caches.has_key(name):
             raise ValueError, "Duplicate AuthCache name: %s" % name
         Globals.auth_caches[name] = self
Exemplo n.º 3
0
Arquivo: Auth.py Projeto: mochrul/zorp
class AuthCache(object):
    """
    <class type="authcache">
      <summary>
        Class encapsulating the authentication cache.
      </summary>
      <description>
        <para>
          This class encapsulates an authentication cache which associates
          usernames with client IP addresses. The association between a username
          and an IP address is valid only until the specified timeout.
          Caching the authentication results means that the users
          do not need to authenticate themselves for every request: it is
          assumed that the same user is using the computer within the timeout. E.g.: once
          authenticated for an HTTP service, the client can browse
          the web for <guilabel>Timeout</guilabel> period, but has to authenticate again to
            use FTP.
        </para>
        <para>
        To use a single authorization cache for every service request of a client, set
        the <parameter>service_equiv</parameter> attribute to <parameter>TRUE</parameter>.
        That way Zorp does not make difference between the different services (protocols) used
            by the client: after a successful authentication the user can use all available services
            without having to perform another authentication. E.g.: if this option is enabled in the
            example above, the client does not have to re-authenticate for starting an FTP
            connection.
        </para>
      </description>
      <metainfo>
        <attributes>
          <attribute internal="yes">
            <name>name</name>
            <type>String</type>
            <description>Name of the authentication cache.</description>
          </attribute>
          <attribute internal="yes">
            <name>cache</name>
            <type>AbstractCache instance</type>
            <description>TimedCache object where the information is stored.</description>
          </attribute>
          <attribute internal="yes">
            <name>service_equiv</name>
            <type>Boolean</type>
            <description>If enabled, then a single authentication of a user applies to every service from that client.</description>
          </attribute>
        </attributes>
      </metainfo>
    </class>
    """

    def __init__(self, name=None, timeout=600, update_stamp=TRUE, service_equiv=FALSE, cleanup_threshold=100):
        """
        <method maturity="stable">
          <summary>
            Constructor to initialize an instance of the AuthCache class.
          </summary>
          <description>
            <para>
              This constructor initializes and registers an AuthCache
              instance that can be referenced in authentication
              policies.
            </para>
          </description>
          <metainfo>
            <arguments>
              <argument maturity="obsolete">
                <name>name</name>
                <type>
                  <string/>
                </type>
                <default>None</default>
                <description>
                  The name of the authentication cache, this will be
                  used to identify this authentication cache when
                  the obsolete AuthPolicy construct is used. Setting
                  this value is not required if
                  AuthenticationPolicy is used.
                </description>
              </argument>
              <argument>
                <name>timeout</name>
                <type>
                  <integer/>
                </type>
                <default>600</default>
                <description>
                  Timeout while an authentication is assumed to be valid.
                </description>
              </argument>
              <argument>
                <name>update_stamp</name>
                <type>
                  <boolean/>
                </type>
                <default>TRUE</default>
                <description>
                  If set to <parameter>TRUE</parameter>, then cached authentications increase
                  the validity period of the authentication cache. Otherwise, the authentication
                  cache expires according to the timeout value set in
                  <xref linkend="python.Auth.AuthCache.__init___timeout"/>.
                </description>
              </argument>
              <argument>
                <name>service_equiv</name>
                <type>
                  <boolean/>
                </type>
                <default>FALSE</default>
                <description>If enabled, then a single authentication of a user applies to every service from that client.</description>
              </argument>
              <argument>
                <name>cleanup_threshold</name>
                <type>
                  <integer/>
                </type>
                <default>100</default>
                <description>
                  When the number of entries in the cache reaches the value of
                  <parameter>cleanup_threshold</parameter>, old entries are automatically
                  deleted.
                </description>
              </argument>
            </arguments>
          </metainfo>
        </method>
        """
        if name:
            self.name = name
            cache_name = 'authcache(%s)' % self.name
        else:
            cache_name = 'authcache(noname)'
        self.cache = LockedCache(TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
        self.service_equiv = service_equiv
        if name:
            if Globals.auth_caches.has_key(name):
                raise ValueError, "Duplicate AuthCache name: %s" % name
            Globals.auth_caches[name] = self


    def makeKey(self, session):
        """
        <method internal="yes">
        </method>
        """
        if self.service_equiv:
            return session.client_address.ip_s
        else:
            return (session.client_address.ip_s, session.service.name)

    def lookup(self, session):
        """
        <method internal="yes">
        </method>
        """
        return self.cache.lookup(self.makeKey(session))

    def store(self, session, entity):
        """
        <method internal="yes">
        </method>
        """
        return self.cache.store(self.makeKey(session), entity)
Exemplo n.º 4
0
class AuthCache:
    """
        <class type="authcache">
          <summary>
            Class encapsulating the authentication cache.
          </summary>
          <description>
            <para>
              This class encapsulates an authentication cache which associates
              usernames with client IP addresses. The association between a username
              and an IP address is valid only until the specified timeout.
              Caching the authentication results means that the users
              do not need to authenticate themselves for every request: it is
              assumed that the same user is using the computer within the timeout. E.g.: once
              authenticated for an HTTP service, the client can browse
              the web for <guilabel>Timeout</guilabel> period, but has to authenticate again to
                use FTP.
            </para>
            <para>
            To use a single authorization cache for every service request of a client, set
            the <parameter>service_equiv</parameter> attribute to <parameter>TRUE</parameter>.
            That way Zorp does not make difference between the different services (protocols) used
                by the client: after a successful authentication the user can use all available services
                without having to perform another authentication. E.g.: if this option is enabled in the
                example above, the client does not have to re-authenticate for starting an FTP
                connection.
            </para>
          </description>
          <metainfo>
            <attributes>
              <attribute internal="yes">
                <name>name</name>
                <type>String</type>
                <description>Name of the authentication cache.</description>
              </attribute>
              <attribute internal="yes">
                <name>cache</name>
                <type>AbstractCache instance</type>
                <description>TimedCache object where the information is stored.</description>
              </attribute>
              <attribute internal="yes">
                <name>service_equiv</name>
                <type>Boolean</type>
                <description>If enabled, then a single authentication of a user applies to every service from that client.</description>
              </attribute>
            </attributes>
          </metainfo>
        </class>
        """
    def __init__(self,
                 name=None,
                 timeout=600,
                 update_stamp=TRUE,
                 service_equiv=FALSE,
                 cleanup_threshold=100):
        """
                <method maturity="stable">
                  <summary>
                    Constructor to initialize an instance of the AuthCache class.
                  </summary>
                  <description>
                    <para>
                      This constructor initializes and registers an AuthCache
                      instance that can be referenced in authentication
                      policies.
                    </para>
                  </description>
                  <metainfo>
                    <arguments>
                      <argument maturity="obsolete">
                        <name>name</name>
                        <type>
                          <string/>
                        </type>
                        <default>None</default>
                        <description>
                          The name of the authentication cache, this will be
                          used to identify this authentication cache when
                          the obsolete AuthPolicy construct is used. Setting
                          this value is not required if
                          AuthenticationPolicy is used.
                        </description>
                      </argument>
                      <argument>
                        <name>timeout</name>
                        <type>
                          <integer/>
                        </type>
                        <default>600</default>
                        <description>
                          Timeout while an authentication is assumed to be valid.
                        </description>
                      </argument>
                      <argument>
                        <name>update_stamp</name>
                        <type>
                          <boolean/>
                        </type>
                        <default>TRUE</default>
                        <description>
                          If set to <parameter>TRUE</parameter>, then cached authentications increase
                          the validity period of the authentication cache. Otherwise, the authentication
                          cache expires according to the timeout value set in
                          <xref linkend="Auth___init___timeout"/><!-- FIXME ambiguous link, should point to
                          previous attribute-->.
                        </description>
                      </argument>
                      <argument>
                        <name>service_equiv</name>
                        <type>
                          <boolean/>
                        </type>
                        <default>FALSE</default>
                        <description>If enabled, then a single authentication of a user applies to every service from that client.</description>
                      </argument>
                      <argument>
                        <name>cleanup_threshold</name>
                        <type>
                          <integer/>
                        </type>
                        <default>100</default>
                        <description>
                          When the number of entries in the cache reaches the value of
                          <parameter>cleanup_threshold</parameter>, old entries are automatically
                          deleted.
                        </description>
                      </argument>
                    </arguments>
                  </metainfo>
                </method>
                """
        if name:
            self.name = name
            cache_name = 'authcache(%s)' % self.name
        else:
            cache_name = 'authcache(noname)'
        self.cache = LockedCache(
            TimedCache(cache_name, timeout, update_stamp, cleanup_threshold))
        self.service_equiv = service_equiv
        if name:
            if Globals.auth_caches.has_key(name):
                raise ValueError, "Duplicate AuthCache name: %s" % name
            Globals.auth_caches[name] = self

    def makeKey(self, session):
        """
                <method internal="yes">
                </method>
                """
        if self.service_equiv:
            return session.client_address.ip_s
        else:
            return (session.client_address.ip_s, session.service.name)

    def lookup(self, session):
        """
                <method internal="yes">
                </method>
                """
        return self.cache.lookup(self.makeKey(session))

    def store(self, session, entity):
        """
                <method internal="yes">
                </method>
                """
        return self.cache.store(self.makeKey(session), entity)