source: TI05-delivery/trunk/lib/python/ndg/delivery/auth.py @ 1539

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/trunk/lib/python/ndg/delivery/auth.py@1539
Revision 1539, 4.1 KB checked in by spascoe, 13 years ago (diff)

Some bug fixes to auth/authz API.

test_embedded.py now passes (except for the usual testStartup problem).

Line 
1"""
2Authorisation/authentication interface to pybbftp.
3
4These handler classes are deliberately kept separate from the C-interface (server.pybbftp & client.pybbftp) to
5allow both client and server sides to be implemented within the same module without running into the problem
6of not being able to import both bbftpc and bbftpd extensions together.  In this way it should be much easier
7to write auth/authz implementations.
8
9@copyright Copyright (C) 2006 CCLRC & NERC
10@license This software may be distributed under the terms of the Q Public Licence, version 1.0 or later.
11
12@author Stephen Pascoe
13"""
14
15class AuthenticationFailure(Exception):
16    """Signals authentication failed.
17    """
18    pass
19
20class AuthorisationFailure(Exception):
21    """Signals authorisation failed.
22    """
23    pass
24
25
26class AuthHandler(object):
27    """Abstract base class for implementing authentication.
28
29    Subclasses should implement the authorise() method to authenticate clients connecting to
30    the server.  An AuthHandler object is passed to start() when initialising the server.
31    """
32
33    def __init__(self, serverConnector):
34        """
35        @param serverConnector: A ServerConnector instance which can be used to communicate with
36            the C-level server code.
37        """
38       
39        self.server = serverConnector
40
41    def authenticate(self):
42        """Authenticate a connection.
43
44        This function should be overridden in subclasses to implement authentication using
45        the method calls self.server.send() and self.server.recv().
46        It is called by the bbftp server process created using the start() function.
47
48        @note because the server process forks on each connection, calls to authorise() will
49            see the state of the python interpreter as it was when start() was called.
50
51        @return an AuthzHandler instance if authentication succeeds.  Any false value is considered
52            an authorisation failure.
53        @raise AuthorisationFailure the preferred way of signaling authorisation failure to
54            the bbftp server process.
55        """
56
57        raise NotImplementedError
58
59
60
61class AuthzHandler(object):
62    """Abstract base class for implementing authorisation.
63
64    @ivar username: the client's username.  This attribute must be set before an instance of AuthzHandler
65        is returned to the bbftp server process by AuthHandler.authenticate().
66       
67    """
68
69    def __init__(self, serverConnector):
70        """
71        @param serverConnector: A ServerConnector instance which can be used to communicate with
72            the C-level server code.
73        """
74        self.server = serverConnector
75
76    def authzControl(self, msgcode, transferoption, path):
77        """Authorise a control command.
78
79        @param msgcode the command type.
80        @param transferoption extra options specified in the command.
81        @param path the file or directory to which the command applies.
82        @return bool for success or failure.
83        """
84
85        raise NotImplementedError
86
87    def authzRetr(self, path):
88        """Authorise a retrieve request.
89
90        @param path the file being retrieved.
91        @return bool for success or failure.
92        """
93
94        raise NotImplementedError
95
96    def authzStore(self, path):
97        """Authorise a store request.
98
99        @param path the destination file.
100        @return bool for success or failure.
101        """
102
103        raise NotImplementedError
104
105
106
107class AuthClientHandler(object):
108    """Abstract base class specifying the client authentication callback interface.
109    """
110
111    def __init__(self, clientConnector):
112        """
113        @param clientConnector: A ClientConnector instance providing an interface to the C-level
114            bbftp client.
115        """
116        self.client = clientConnector
117   
118    def authenticate(self):
119        """Authenticate with the server.
120
121        This method should be overridden in subclasses to implement authentication using
122        the method calls self.client.send() and self.client.recv().  It is called by the bbftp layer from within
123        connect().
124
125        @return a value indicating success or failure.
126        """
127       
128        raise NotImplementedError
Note: See TracBrowser for help on using the repository browser.