Changeset 1141 for TI05-delivery/trunk

Timestamp:

08/06/06 12:51:22 (15 years ago)

Author:

spascoe

Message:

There are various changes here.

The server now calls python for authorisation. This is untested, although the test suite passes. More flesh on delivery.server and it's now used in the
test suite. The server now logs python exceptions to syslog from within C code.

Location:

TI05-delivery/trunk

Files:

• lib/python/delivery/server.py (modified) (6 diffs)
• src/bbftp-server-3.2.0/includes/ndg.h (modified) (1 diff)
• src/python_ext/bbftpd.c (modified) (13 diffs)
• test/test_embedded.py (modified) (4 diffs)

TI05-delivery/trunk/lib/python/delivery/server.py

@@ -7 +7 @@
 import bbftpd
 
-def start(authHandler):
+def start(authHandler, args):
     """Start the bbftp server.
 
     The server performs a fork() during initialisation, the child process remains in
     the server's main loop and the parent returns from this function.  The server process
-    calls authHandler() on each connection to do authentication/authorisation.
+    calls authHandler.authorise() on each connection to do authentication/authorisation.
 
     @note: because the server process forks, authHandler will not see any changes to the python
         interpreter following the call to start().
 
+    @param authHandler: an instance of AuthHandler.
+    @param args: a list of command line arguments.
     @return: the PID of the server process.
     """
     
-    bbftpd.run(authHandler)
+    return bbftpd.run(authHandler, args)
 
 
@@ -30 +32 @@
     """
     
-    def __call__(self):
-        """Entry point called by the server to do authorisation.
-
-        This function simply calls the authorise() method.  See authorise() for details.
-        """
-        return self.authorise()
-
     def send(self, buffer):
         """Send a message to the client.
@@ -70 +65 @@
 class AuthzHandler(object):
     """Abstract base class for implementing authorisation.
+
+    @ivar username the client's username
     """
 
@@ -92 +89 @@
         raise NotImplementedError
 
-    def authzSend(self, path):
-        """Authorise a send request.
+    def authzStore(self, path):
+        """Authorise a store request.
 
         @param path: the destination file.
@@ -99 +96 @@
         """
 
+        raise NotImplementedError
+    
+    def _raiseNoUsername(self):
+        raise ValueError, "No username has been set"
+    username = property(_raiseNoUsername)
 
-
+#--------------------------------------------------------------------------------------------------------------
 
 class BasicClientAuthHandler(AuthHandler):
@@ -124 +126 @@
         return msg
 
+
+
+class LiberalAuthzHandler(AuthzHandler):
+    """Allow everything.
+    """
+
+    username = None
+
+    def __init__(self, username):
+        self.username = username
+
+    def authzControl(self, m, t, p):
+        return 0;
+
+    def authzRetr(self, p):
+        return 0;
+
+    def authzStore(self, p):
+        return 0;
+    

TI05-delivery/trunk/src/bbftp-server-3.2.0/includes/ndg.h

@@ -35 +35 @@
 char *ndg_getusername(char *logmessage);
 
+int ndg_authz_control(int msgcode, int transferoption, char *path, char *logmessage);
+int ndg_authz_retr(char *path, char *logmessage);
+int ndg_authz_store(char *path, char *logmessage);
+
+
 #endif // NDG_PYTHON_EMBED

TI05-delivery/trunk/src/python_ext/bbftpd.c

@@ -11 +11 @@
 
 #include <Python.h>
+#include <ndg.h>
 
 extern char **environ;
@@ -27 +28 @@
  * Static variables.
  */
-static PyObject *authContext = NULL;
-static PyObject *authzContext = NULL;
+static PyObject *authHandler = NULL;
+static PyObject *authzHandler = NULL;
+
+static void ndg_pyerr_to_logmessage(char *logmessage, char *prefix);
 
 /*---------------------------------------------------------------------------------------------------
@@ -37 +40 @@
 
 /**
+ * Copy the python exception message to a bbftp logmessage.
+ *
+ * If the python error indicator is set it will be cleared.
+ * If the python error indicator is not set the empty string will be copied to \a logmessage.
+ * The exception message is truncated if it exceeds \c NDG_MAX_LOGMESSAGE.
+ *
+ * @param logmessage a pointer to a buffer of length \c NDG_MAX_LOGMESSAGE
+ *     for storing an error message when returning -1.
+ * @param prefix a string to be prefixed to the logmessage.
+ */
+static void ndg_pyerr_to_logmessage(char *logmessage, char *prefix) {
+  PyObject *ptype, *pvalue, *ptraceback, *obj;
+  char *exname, *exvalue;
+
+  PyErr_Fetch(&ptype, &pvalue, &ptraceback);
+  
+  if ((obj = PyObject_GetAttrString(ptype, "__name__")) == NULL) goto error;
+  exname = PyString_AsString(obj); Py_DECREF(obj);
+  if (exname == NULL) goto error;
+
+  if ((obj = PyObject_Str(pvalue)) == NULL) goto error;
+  exvalue = PyString_AsString(obj); Py_DECREF(obj);
+  if (exvalue == NULL) goto error;
+
+  snprintf(logmessage, NDG_MAX_LOGMESSAGE, "%s: %s: %s", prefix, exname, exvalue);
+  return;
+  
+ error:
+  sprintf("ndg_pyerr_to_logmessage: internal python error", logmessage);
+  return;
+}
+
+/**
  * Make a callback bbftpd->python to handle authentication.
  *
@@ -45 +81 @@
 int ndg_auth(char *logmessage) {
 
-  if (authzContext != NULL) {
-    sprintf(logmessage, "bbftpd_private_auth_callback: authzContext already present");
-    return -1;
-  }
-  
-  if (authContext == NULL) {
-    sprintf(logmessage, "bbftpd_private_auth_callback: no authContext set");
-    return -1;
-  }
-
-  if ((authzContext = PyObject_CallObject(authContext, NULL)) == NULL) {
-    //!TODO: should probably read the exception object to fill logmessage.
-    sprintf(logmessage, "bbftpd_private_auth_callback: authContext.authorise() failed");
-    return -1;
-  }
-
-  /* If authContext.authorise() returned None then authorisation failed.  */
-  if (authzContext == Py_None) {
-    sprintf(logmessage, "bbftpd_private_auth_callback: python authorisation failed");
+  if (authzHandler != NULL) {
+    sprintf(logmessage, "ndg_auth: authzHandler already present");
+    return -1;
+  }
+  
+  if (authHandler == NULL) {
+    sprintf(logmessage, "ndg_auth: no authHandler set");
+    return -1;
+  }
+
+  if ((authzHandler = PyObject_CallMethod(authHandler, "authorise", "")) == NULL) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_auth");
+    return -1;
+  }
+
+  /* If authHandler.authorise() returned None then authorisation failed.  */
+  if (authzHandler == Py_None) {
+    sprintf(logmessage, "ndg_auth: python authorisation failed");
     return -1;
   }
@@ -71 +106 @@
 
 /**
- * retrieve the username from authzContext.
+ * retrieve the username from authzHandler.
  *
  * @param logmessage a pointer to a buffer of length \c NDG_MAX_LOGMESSAGE
@@ -81 +116 @@
   PyObject *str_obj;
 
-  if (authzContext == NULL) {
-    sprintf(logmessage, "bbftpd_private_auth_getusername: no authzContext set");
-    return NULL;
-  }
-
-  if ((str_obj = PyObject_GetAttrString(authzContext, "username")) == NULL) {
-    sprintf(logmessage, "bbftpd_private_auth_getusername: authzContext.username lookup failed");
+  if (authzHandler == NULL) {
+    sprintf(logmessage, "bbftpd_private_auth_getusername: no authzHandler set");
+    return NULL;
+  }
+
+  if ((str_obj = PyObject_GetAttrString(authzHandler, "username")) == NULL) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_getusername");
     return NULL;
   }
 
   if ((username = PyString_AsString(str_obj)) == NULL) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_getusername");
     Py_DECREF(str_obj);
-    sprintf(logmessage, "bbftpd_private_auth_getusername: authzContext.username not a string");
     return NULL;
   }
@@ -101 +136 @@
 
 
-      
+/**
+ * Make a callback to do authorisation of a control command.
+ *
+ * @see bbftpd_private_authz_control()
+ */
+int ndg_authz_control(int msgcode, int transferoption, char *path, char *logmessage) {
+  PyObject *ret_obj;
+  int ret;
+
+  if (authzHandler == NULL) {
+    sprintf(logmessage, "ndg_authz_control: no authzHandler set");
+    return -1;
+  }
+  
+  if ((ret_obj = PyObject_CallMethod(authzHandler, "authzControl", "iis", msgcode, transferoption, path)) == NULL) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_authz_control");
+    return -1;
+  }
+  
+  if (!PyInt_Check(ret_obj)) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_authz_control");
+    Py_DECREF(ret_obj);
+    return -1;
+  }
+
+  ret = (int)PyInt_AsLong(ret_obj);
+  Py_DECREF(ret_obj);
+  return ret;
+}
+
+/**
+ * Make a callback to do authorisation of a retr command.
+ *
+ * @see bbftpd_private_authz_store()
+ */
+int ndg_authz_retr(char *path, char *logmessage) {
+  PyObject *ret_obj;
+  int ret;
+
+  if (authzHandler == NULL) {
+    sprintf(logmessage, "ndg_authz_retr: no authzHandler set");
+    return -1;
+  }
+  
+  if ((ret_obj = PyObject_CallMethod(authzHandler, "authzRetr", "s", path)) == NULL) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_authz_retr");
+    return -1;
+  }
+  
+  if (!PyInt_Check(ret_obj)) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_authz_retr");
+    Py_DECREF(ret_obj);
+    return -1;
+  }
+
+  ret = (int)PyInt_AsLong(ret_obj);
+  Py_DECREF(ret_obj);
+  return ret;
+}
+
+
+/**
+ * Make a callback to do authorisation of a store command.
+ *
+ * @see bbftpd_private_authz_store()
+ */
+int ndg_authz_store(char *path, char *logmessage) {
+  PyObject *ret_obj;
+  int ret;
+
+  if (authzHandler == NULL) {
+    sprintf(logmessage, "ndg_authz_store: no authzHandler set");
+    return -1;
+  }
+  
+  if ((ret_obj = PyObject_CallMethod(authzHandler, "authzStore", "s", path)) == NULL) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_authz_store");
+    return -1;
+  }
+  
+  if (!PyInt_Check(ret_obj)) {
+    ndg_pyerr_to_logmessage(logmessage, "ndg_authz_store");
+    Py_DECREF(ret_obj);
+    return -1;
+  }
+
+  ret = (int)PyInt_AsLong(ret_obj);
+  Py_DECREF(ret_obj);
+  return ret;
+}
+ 
+
+     
 /*-------------------------------------------------------------------------------------------------
  * Functions exported to python
@@ -116 +243 @@
   }
 
-  if (authContext == NULL) {
+  if (authHandler == NULL) {
     PyErr_SetString(PyExc_RuntimeError, "Must be called within a bbftpd callback");
     return NULL;
@@ -139 +266 @@
   }
 
-  if (authContext == NULL) {
+  if (authHandler == NULL) {
     PyErr_SetString(PyExc_RuntimeError, "Must be called within a bbftpd callback");
     return NULL;
@@ -167 +294 @@
   PyObject *daemon_args, *item;
 
-  if (!PyArg_ParseTuple(args, "OO", &authContext, &daemon_args)) {
-    return NULL;
-  }
-  Py_INCREF(authContext);
+  if (!PyArg_ParseTuple(args, "OO", &authHandler, &daemon_args)) {
+    return NULL;
+  }
+  Py_INCREF(authHandler);
   Py_INCREF(daemon_args);
 
@@ -190 +317 @@
   for (i=0; i<argc; i++) {
     if ((item = PySequence_GetItem(daemon_args, i)) == NULL) {
-      Py_DECREF(authContext);
+      Py_DECREF(authHandler);
       Py_DECREF(daemon_args);
       return NULL;
@@ -197 +324 @@
       free(argv);
       Py_DECREF(item);
-      Py_DECREF(authContext);
+      Py_DECREF(authHandler);
       Py_DECREF(daemon_args);
       return NULL;
@@ -213 +340 @@
 
   free(argv);
-  Py_DECREF(authContext); authContext = NULL;
+  Py_DECREF(authHandler); authHandler = NULL;
   Py_DECREF(daemon_args);
 

TI05-delivery/trunk/test/test_embedded.py

@@ -22 +22 @@
 
 sys.path.append(BUILDDIR)
-import delivery.bbftpd as bbftpd
-        
-class AuthzContext:
-    def __init__(self, version_msg, user):
-        self.version = version_msg
-        self.username = user
-
-class AuthContext:
-    def __call__(self):
-        # Read the auth version message
-        msg = bbftpd.recv()
-        # Trim to first '\0'
-        x = msg.find('\0')
-        if x:
-            msg = msg[:x]
+
+import delivery.server as server
+
+
+class TestAuthHandler(server.BasicClientAuthHandler):
+    def authorise(self):
+        msg = self.recvCStr()
 
         syslog.syslog(syslog.LOG_DEBUG, 'AuthContext received Auth message: %s' % msg)
 
-        # Send the response
-        msg = NDG_HANDSHAKE + '\0' * (NDG_MESSAGE_LEN - len(NDG_HANDSHAKE))
-        bbftpd.send(msg)
-
-        # Get privatestr
-        privatestr = bbftpd.recv()
-        # Trim to first '\0'
-        x = privatestr.find('\0')
-        if x:
-            privatestr = privatestr[:x]
+        self.send(NDG_HANDSHAKE)
+
+        privatestr = self.recvCStr()
         syslog.syslog(syslog.LOG_DEBUG, "AuthContext received privatestr: %s" % privatestr)
 
-        return AuthzContext(msg, "TestCaseUser")
-
-
-class FailingAuthContext(AuthContext):
-    def __call__(self):
-        az = super(FailingAuthContext).authorise()
+        return TestAuthzHandler(msg, "TestCaseUser")
+
+class TestAuthzHandler(server.LiberalAuthzHandler):
+    def __init__(self, version, username):
+        super(TestAuthzHandler, self).__init__(username)
+        self.version = version
+
+
+class TestFailAuthHandler(server.AuthHandler):
+    def authorise(self):
         return None
-
-
-
 
 class BaseFixture(unittest.TestCase):
@@ -81 +67 @@
     def _startServer(self, authContext=None):
         if not authContext:
-            authContext = AuthContext()
+            authContext = TestAuthHandler()
         # Start the server and store it's PID
-        self.pid = bbftpd.run(authContext, ['-l', 'DEBUG'])
+        self.pid = server.start(authContext, ['-l', 'DEBUG'])
 
     def _stopServer(self):
@@ -217 +203 @@
         # Check the client output
         output = fh.read()
+
         self.assertLines(['get.*nogzip'], output)
 
@@ -258 +245 @@
         syslog.syslog(syslog.LOG_DEBUG, 'Starting EmbeddedServerTestCase')
 
-        self._startServer(authContext=FailingAuthContext())
+        self._startServer(authContext=TestFailAuthHandler())
 
     def test(self):