Author: jsrain Date: Thu Jul 3 11:19:32 2008 New Revision: 48798 URL: http://svn.opensuse.org/viewcvs/yast?rev=48798&view=rev Log: moved authentication stuff to separate file Added: branches/research/web-service/authentication.py Modified: branches/research/web-service/services/ntp.py Added: branches/research/web-service/authentication.py URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/authentication.py?rev=48798&view=auto ============================================================================== --- branches/research/web-service/authentication.py (added) +++ branches/research/web-service/authentication.py Thu Jul 3 11:19:32 2008 @@ -0,0 +1,54 @@ +from django.conf.urls.defaults import * +from django_restapi.resource import Resource +from django.http import * +from django_restapi.authentication import * +import polkitbind +import logging + +class PolkitResource(Resource): + def __init__(self, authentication=None, permitted_methods=None, + mimetype=None, polkit_actions={}): + Resource.__init__(self, authentication, permitted_methods, mimetype) + self.polkit_actions=polkit_actions + + def PolkitCheck(self, method, user): + if not method in self.polkit_actions: + return 0 + polkit_action = self.polkit_actions.get(method) + if (polkit_action == ""): + return 0 + result = polkitbind.checkPolicyLow(polkit_action,user) + logging.basicConfig(level=logging.DEBUG, + format='%(asctime)s %(levelname)s %(message)s', + filename='/tmp/polkitcheck.log', + filemode='a') + logging.info('checking name %s result: %i'%(polkit_action,result)) + return result + + def AuthenticatedUser(self, request): + (authmeth, auth) = request.META['HTTP_AUTHORIZATION'].split(" ", 1) + amap = self.authentication.get_auth_dict(auth) + username = amap['username'] + return username + + def ReturnAutorizationError(self, error): + if error == -3: + return HttpResponseForbidden() + return HttpResponseServerError() + +def digest_authfunc(username, realm): + """ + Exemplary authfunc for HTTP Digest. In production situations, + the combined hashes of realm, username and password are usually + stored in an external file/db. + """ + hashes = { + ('realm1', 'john') : '3014aff1d0d0f0038e23c1195301def3', # Password: johnspass + ('realm1', 'jim') : 'b92ea52783e356acae8a26087d8d1e83' # Password: jimspass + } + ret = hashes[(username, realm)] + return ret + +class WSAuthentication(HttpDigestAuthentication): + def __init__(self): + HttpDigestAuthentication.__init__(self, digest_authfunc, "realm1") Modified: branches/research/web-service/services/ntp.py URL: http://svn.opensuse.org/viewcvs/yast/branches/research/web-service/services/ntp.py?rev=48798&r1=48797&r2=48798&view=diff ============================================================================== --- branches/research/web-service/services/ntp.py (original) +++ branches/research/web-service/services/ntp.py Thu Jul 3 11:19:32 2008 @@ -1,60 +1,12 @@ from django.conf.urls.defaults import * -from django_restapi.model_resource import Collection -from django_restapi.responder import XMLResponder from django_restapi.resource import Resource -#from django.http import HttpResponse HttpResponseForbidden HttpResponseServerError from django.http import * -from django_restapi.authentication import * import os import dbus -import polkitbind -import logging +from authentication import * -class PolkitResource(Resource): - def __init__(self, authentication=None, permitted_methods=None, - mimetype=None, polkit_actions=""): - Resource.__init__(self, authentication, permitted_methods, mimetype) - self.polkit_actions=polkit_actions - - def PolkitCheck(self, method, user): - if not method in self.polkit_actions: - return 0 - polkit_action = self.polkit_actions.get(method) - if (polkit_action == ""): - return 0 - result = polkitbind.checkPolicyLow(polkit_action,user) - logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)s %(message)s', - filename='/tmp/polkitcheck.log', - filemode='a') - logging.info('checking name %s result: %i'%(polkit_action,result)) - return result - - def AuthenticatedUser(self, request): - (authmeth, auth) = request.META['HTTP_AUTHORIZATION'].split(" ", 1) - amap = self.authentication.get_auth_dict(auth) - username = amap['username'] - return username - - def ReturnAutorizationError(self, error): - if error == -3: - return HttpResponseForbidden() - return HttpResponseServerError() - -def digest_authfunc(username, realm): - """ - Exemplary authfunc for HTTP Digest. In production situations, - the combined hashes of realm, username and password are usually - stored in an external file/db. - """ - hashes = { - ('realm1', 'john') : '3014aff1d0d0f0038e23c1195301def3', # Password: johnspass - ('realm1', 'jim') : 'b92ea52783e356acae8a26087d8d1e83' # Password: jimspass - } - ret = hashes[(username, realm)] - return ret -class Ntp(Resource): +class Ntp(PolkitResource): def read(self, request): return HttpResponse('<a href="/services/ntp/status">Status</a><br><a href="/services/ntp/start">Start</a>') # FIXME how to do a link to POST? @@ -70,35 +22,35 @@ return HttpResponse ("Hi " + self.AuthenticatedUser(request) + "! Yes, it is running") return HttpResponse ("Hi " + self.AuthenticatedUser(request) + "! No, it is not running") -class NtpStart(Resource): +class NtpStart(PolkitResource): def create(self, request): exit = os.system("/etc/init.d/ntp start") if (exit == 0): return HttpResponse ("Success") return HttpResponse ("Failed") -class NtpStop(Resource): +class NtpStop(PolkitResource): def create(self, request): exit = os.system("/etc/init.d/ntp stop") if (exit == 0): return HttpResponse ("Success") return HttpResponse ("Failed") -class NtpRestart(Resource): +class NtpRestart(PolkitResource): def create(self, request): exit = os.system("/etc/init.d/ntp restart") if (exit == 0): return HttpResponse ("Success") return HttpResponse ("Failed") -class NtpReload(Resource): +class NtpReload(PolkitResource): def create(self, request): exit = os.system("/etc/init.d/ntp reload") if (exit == 0): return HttpResponse ("Success") return HttpResponse ("Failed") -class NtpServers(Resource): +class NtpServers(PolkitResource): def read(self, request): return HttpResponse("Servers: Guess ;-)") # TODO return real list of servers @@ -110,7 +62,7 @@ urlpatterns = patterns('', (r'^services/ntp/?$', Ntp(authentication = HttpDigestAuthentication(digest_authfunc, 'realm1'), permitted_methods = ('GET', 'PUT'))), - (r'^services/ntp/status', NtpStatus(authentication = HttpDigestAuthentication(digest_authfunc, 'realm1'), permitted_methods = ('GET', 'PUT'), polkit_actions = { 'read' : 'org.freedesktop.hal.storage.mount-fixed' })), + (r'^services/ntp/status', NtpStatus(authentication = WSAuthentication(), permitted_methods = ('GET', 'PUT'), polkit_actions = { 'read' : 'org.freedesktop.hal.storage.mount-fixed' })), #TODO: Use real action names, this is just for testing (r'^services/ntp/start', NtpStart(permitted_methods = ('GET', 'POST'))), (r'^services/ntp/stop', NtpStop(permitted_methods = ('GET', 'POST'))), -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org