def authenticate_baisc_cperequest(dict_acs_option, dict_acs_option2, request_class, sn): """ 用于对CPE的HTTP请求进行baisc认证 """ log.run_info("Begin baisc Auth") dict_cperequest_header = request_class.getAllHeaders() realm = dict_acs_option.get('realm', 'tr069 basic realm') dict_acs_option['realm'] = realm #检查CPE认证http头中是否包含authorization字段 if 'authorization' in dict_cperequest_header: #对aauthorization字段中信息解码分别赋值在cpe_auth_type和cpe_message中 cpe_auth_type = dict_cperequest_header['authorization'].split( ' ')[:1][0] cpe_message = dict_cperequest_header['authorization'].split(' ')[1:][0] #检查CPE认证类型是否为Basic if 'Basic' == cpe_auth_type: #调用check_baisc_auth()检查CPE认证信息 if check_basic_auth(dict_acs_option, cpe_message) == ACS_AUTHENTICATE_PASS: result = ACS_AUTHENTICATE_PASS return result else: dict_acs_option["username"] = dict_acs_option2["username"] dict_acs_option["password"] = dict_acs_option2["password"] if check_basic_auth(dict_acs_option, cpe_message) == ACS_AUTHENTICATE_PASS: result = ACS_AUTHENTICATE_PASS dict_acs_option2["is_default"] = True return result else: result = ACS_AUTHENTICATE_FAIL else: result = ACS_AUTHENTICATION_TYPE_ERROR else: result = ACS_NO_AUTHENTICATION if ACS_NO_AUTHENTICATION == result: #没有认证信息,调用baisc_challenge()给CPE返回401 message = baisc_challenge(dict_acs_option, request_class) if CALL_METHOD_ERROR == message: log.run_info("Call baisc_challenge method error") return CALL_METHOD_ERROR else: return ACS_NO_AUTHENTICATION return baisc_challenge(dict_acs_option, request_class, message) else: #认证失败返回401错误 request_class.setResponseCode(401, 'Unauthorized') return ACS_AUTHENTICATE_FAIL
def authenticate_digest_cperequest(dict_acs_option, dict_acs_option2, request_class, sn): """ 用于对CPE的HTTP请求进行digest认证 """ log.run_info("Begin digest Auth") dict_cperequest_header = request_class.getAllHeaders() realm = dict_acs_option.get('realm', 'tr069') dict_acs_option['realm'] = realm #检查CPE的http头信息是否包含Authorization字段 if 'authorization' in dict_cperequest_header: #对CPE的消息头进行解析,保存相关数据到dict_cperequest_authheader dict_cperequest_authheader = get_data( dict_cperequest_header['authorization']) dict_cperequest_authheader['method'] = request_class.method #检查CPE认证信息类型是否为Digest if 'Digest' == dict_cperequest_authheader['digest_type']: result = try_username_password(dict_cperequest_authheader, dict_acs_option) if result == ACS_AUTHENTICATE_PASS: return result else: dict_acs_option["username"] = dict_acs_option2["username"] dict_acs_option["password"] = dict_acs_option2["password"] result = try_username_password(dict_cperequest_authheader, dict_acs_option) if result == ACS_AUTHENTICATE_PASS: dict_acs_option2["is_default"] = True return result else: result = ACS_AUTHENTICATION_TYPE_ERROR else: result = ACS_NO_AUTHENTICATION if ACS_NO_AUTHENTICATION == result: #没有认证信息调用digest_challenge message = digest_challenge(dict_acs_option, request_class, sn) if message == CALL_METHOD_ERROR: log.run_info("Call digest_challenge method error") result = CALL_METHOD_ERROR else: return ACS_NO_AUTHENTICATION else: #认证失败返回cpe 401错误信息 request_class.setResponseCode(401, 'Unauthorized') return result
def baisc_challenge(dict_acs_option, request_class): """ 构建baisc认证返回信息 """ header = 'WWW-Authenticate' message = 'Unauthorized' header_value = create_baisc_header(dict_acs_option) try: request_class.setResponseCode(401, message) request_class.setHeader(header, header_value) log.run_info('send WWW-Authenticate response succeed') except Exception: log.run_info('send WWW-Authenticate response error') return CALL_METHOD_ERROR
def try_username_password(dict_cperequest_authheader, dict_acs_option): """ nwf 2013-05-08 """ #检查CPE认证用户名是否和ACS选项用户名一致 if dict_cperequest_authheader['username'] == dict_acs_option['username']: #检查CPE的认证信息的其他字段(qop,nonce,response) try: result = check_digest_auth(dict_acs_option, dict_cperequest_authheader) #认证通过返回 ACS_AUTHENTICATE_PASS if result == ACS_AUTHENTICATE_PASS: return result except Exception, e: log.run_info('call check_digest_auth error,message:%s' % e) return ACS_AUTHENTICATE_FAIL
def digest_challenge(dict_acs_option, request_class, sn): """ Digest认证错误或没有认证信息,返回401信息 """ header = 'WWW-Authenticate' header_value = create_header(dict_acs_option, sn) #调用http模块的setResponseCod和sendHttpHeader发送错误信息 if header_value == CALL_METHOD_ERROR: log.run_info('create WWW-Authenticate header error') return CALL_METHOD_ERROR try: request_class.setResponseCode(401, 'Unauthorized') request_class.setHeader(header, header_value) log.run_info('send WWW-Authenticate response succeed') return except Exception: log.run_info('send WWW-Authenticate response error') return CALL_METHOD_ERROR
def authenticate_acs_cperequest(request_class, sn, dict_acs_option, dict_acs_option2): """ 根据CPE sn号判断当前读取当前CPE的配置信息 """ #判断是否需要认证 if dict_acs_option.get( "auth_type" ) == "None": # acs rf tr069gui 统一为不认证为str的"None" zsj 2013/11/20 return ACS_AUTHENTICATE_PASS auth_type = dict_acs_option.get('auth_type', None) #判断ACS认证类型是否为digest或者baisc,不是设置为digest if auth_type != 'digest' and auth_type != 'basic': dict_acs_option['auth_type'] = 'digest' #ACS认证类型为digest则调用authenticate_digest_cperequest()进行认证 if dict_acs_option['auth_type'] == 'digest': message = authenticate_digest_cperequest(dict_acs_option, dict_acs_option2, request_class, sn) #ACS认证类型为baisc则调用authenticate_baisc_cperequest()进行认证 else: message = authenticate_baisc_cperequest(dict_acs_option, dict_acs_option2, request_class, sn) if message == ACS_AUTHENTICATE_PASS: log.run_info('*********Authention Succeed!*********') return ACS_AUTHENTICATE_PASS elif message == ACS_NO_AUTHENTICATION: log.run_info("Cpe soap not have authentication") return ACS_NO_AUTHENTICATION else: log.run_info('*********Authention FAIL**********') return ACS_AUTHENTICATE_FAIL