Source Code for Module flumotion.component.bouncers.ipbouncer

 1  # -*- Mode: Python; test-case-name: flumotion.test.test_bouncers_ipbouncer -*- 
 2  # vi:si:et:sw=4:sts=4:ts=4 
 3  # 
 4  # Flumotion - a streaming media server 
 5  # Copyright (C) 2004,2005,2006,2007 Fluendo, S.L. (www.fluendo.com). 
 6  # All rights reserved. 
 7   
 8  # This file may be distributed and/or modified under the terms of 
 9  # the GNU General Public License version 2 as published by 
10  # the Free Software Foundation. 
11  # This file is distributed without any warranty; without even the implied 
12  # warranty of merchantability or fitness for a particular purpose. 
13  # See "LICENSE.GPL" in the source distribution for more information. 
14   
15  # Licensees having purchased or holding a valid Flumotion Advanced 
16  # Streaming Server license may use this file in accordance with the 
17  # Flumotion Advanced Streaming Server Commercial License Agreement. 
18  # See "LICENSE.Flumotion" in the source distribution for more information. 
19   
20  # Headers in this file shall remain intact. 
21   
22  """ 
23  A bouncer that authenticates based on the IP address of the remote side, 
24  as seen by the bouncer. 
25  """ 
26   
27  from twisted.internet import defer 
28   
29  from flumotion.common import keycards, messages, errors, log, netutils 
30  from flumotion.component.bouncers import bouncer 
31  from flumotion.common.keycards import KeycardUACPP 
32   
33  N_ = messages.N_ 
34  T_ = messages.gettexter('flumotion') 
35   
36  __all__ = ['IPBouncer'] 
37   
38 -class IPBouncer(bouncer.Bouncer): 
39   
40      logCategory = 'ip-bouncer' 
41      keycardClasses = (keycards.KeycardUACPCC, keycards.KeycardUACPP) 
42   
43 -    def do_setup(self): 
44          conf = self.config 
45          props = conf['properties'] 
46   
47          self.deny_default = props.get('deny-default', True) 
48   
49          self.allows = netutils.RoutingTable() 
50          self.denies = netutils.RoutingTable() 
51          for p, t in (('allow', self.allows), ('deny', self.denies)): 
52              for s in props.get(p, []): 
53                  try: 
54                      ip, mask = s.split('/') 
55                      t.addSubnet(True, ip, int(mask)) 
56                  except Exception, e: 
57                      m = messages.Error( 
58                          T_(N_("Invalid value for property %r: %s"), p, s), 
59                          log.getExceptionMessage(e), 
60                          id='match-type') 
61                      self.addMessage(m) 
62                      raise errors.ComponentSetupHandledError() 
63   
64          return defer.succeed(None) 
65   
66 -    def do_authenticate(self, keycard): 
67          ip = keycard.getData()['address'] 
68          self.debug('authenticating keycard from requester %s', ip) 
69   
70          if ip is None: 
71              self.warning('could not get address of remote') 
72              allowed = False 
73          elif self.deny_default: 
74              allowed = (self.allows.route(ip) 
75                         and not self.denies.route(ip)) 
76          else: 
77              allowed = (self.allows.route(ip) 
78                         or not self.denies.route(ip)) 
79   
80          if not allowed: 
81              self.info('denied login from ip address %s', 
82                        keycard.address) 
83              return None 
84          else: 
85              keycard.state = keycards.AUTHENTICATED 
86              self.addKeycard(keycard) 
87              self.debug('allowed login from ip address %s', 
88                         keycard.address) 
89              return keycard 
90