Trees | Indices | Help |
---|
|
1 # -*- Mode: Python; test-case-name: flumotion.test.test_bouncers_ipbouncer -*- 2 # vi:si:et:sw=4:sts=4:ts=4 3 # 4 # Flumotion - a streaming media server 5 # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 6 # All rights reserved. 7 8 # This file may be distributed and/or modified under the terms of 9 # the GNU General Public License version 2 as published by 10 # the Free Software Foundation. 11 # This file is distributed without any warranty; without even the implied 12 # warranty of merchantability or fitness for a particular purpose. 13 # See "LICENSE.GPL" in the source distribution for more information. 14 15 # Licensees having purchased or holding a valid Flumotion Advanced 16 # Streaming Server license may use this file in accordance with the 17 # Flumotion Advanced Streaming Server Commercial License Agreement. 18 # See "LICENSE.Flumotion" in the source distribution for more information. 19 20 # Headers in this file shall remain intact. 21 22 """ 23 A bouncer that authenticates based on the IP address of the remote side, 24 as seen by the bouncer. 25 """ 26 27 from twisted.internet import defer 28 29 from flumotion.common import keycards, messages, errors, log, netutils 30 from flumotion.component.bouncers import bouncer 31 from flumotion.common.keycards import KeycardUACPP 32 33 N_ = messages.N_ 34 T_ = messages.gettexter('flumotion') 35 36 __all__ = ['IPBouncer'] 3739 40 logCategory = 'ip-bouncer' 41 keycardClasses = (keycards.KeycardUACPCC, keycards.KeycardUACPP) 429044 conf = self.config 45 props = conf['properties'] 46 47 self.deny_default = props.get('deny-default', True) 48 49 self.allows = netutils.RoutingTable() 50 self.denies = netutils.RoutingTable() 51 for p, t in (('allow', self.allows), ('deny', self.denies)): 52 for s in props.get(p, []): 53 try: 54 ip, mask = s.split('/') 55 t.addSubnet(True, ip, int(mask)) 56 except Exception, e: 57 m = messages.Error( 58 T_(N_("Invalid value for property %r: %s"), p, s), 59 log.getExceptionMessage(e), 60 id='match-type') 61 self.addMessage(m) 62 raise errors.ComponentSetupHandledError() 63 64 return defer.succeed(None)6567 ip = keycard.getData()['address'] 68 self.debug('authenticating keycard from requester %s', ip) 69 70 if ip is None: 71 self.warning('could not get address of remote') 72 allowed = False 73 elif self.deny_default: 74 allowed = (self.allows.route(ip) 75 and not self.denies.route(ip)) 76 else: 77 allowed = (self.allows.route(ip) 78 or not self.denies.route(ip)) 79 80 if not allowed: 81 self.info('denied login from ip address %s', 82 keycard.address) 83 return None 84 else: 85 keycard.state = keycards.AUTHENTICATED 86 self.addKeycard(keycard) 87 self.debug('allowed login from ip address %s', 88 keycard.address) 89 return keycard
Trees | Indices | Help |
---|
Generated by Epydoc 3.0.1 on Thu Aug 7 15:03:02 2008 | http://epydoc.sourceforge.net |