[Zodb-checkins] CVS: ZODB3/ZEO - zeopasswd.py:1.1.2.1
component.xml:1.3.10.1 StorageServer.py:1.92.10.4
ClientStorage.py:1.93.2.4
Jeremy Hylton
jeremy at zope.com
Wed May 28 15:37:33 EDT 2003
Update of /cvs-repository/ZODB3/ZEO
In directory cvs.zope.org:/tmp/cvs-serv5351/ZEO
Modified Files:
Tag: ZODB3-auth-branch
component.xml StorageServer.py ClientStorage.py
Added Files:
Tag: ZODB3-auth-branch
zeopasswd.py
Log Message:
Big refactoring of authentication mechanism.
Add mac to the smac layer.
Add explicit realm for use by client and server.
Add authentication to the ZEO schema components.
Add session key generation to digest authentication.
Add a new zeopasswd.py script that isn't quite done.
Move plaintext authentication to the tests directory; it isn't
supposed to be used for real.
=== Added File ZODB3/ZEO/zeopasswd.py ===
#!python
##############################################################################
#
# Copyright (c) 2003 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Update a user's authentication tokens for a ZEO server.
usage: python zeopasswd.py [options] username [password]
-C/--configuration URL -- configuration file or URL
-d/--delete -- delete user instead of updating password
"""
import getopt
import getpass
import sys
import ZConfig
import ZEO
def usage(msg):
print msg
print __doc__
sys.exit(2)
def options(args):
"""Password-specific options loaded from regular ZEO config file."""
schema = ZConfig.loadSchema(os.path.join(os.path.dirname(ZEO.__file__),
"schema.xml"))
try:
options, args = getopt.getopt(args, "C:", ["configure="])
except getopt.error, msg:
usage(msg)
config = None
delete = False
for k, v in options:
if k == '-C' or k == '--configure':
config, nil = ZConfig.loadConfig(schema, v)
if k == '-d' or k == '--delete':
delete = True
if config is None:
usage("Must specifiy configuration file")
password = None
if delete:
if not args:
usage("Must specify username to delete")
elif len(args) > 1:
usage("Too many arguments")
username = args[0]
else:
if not args:
usage("Must specify username")
elif len(args) > 2:
usage("Too many arguments")
elif len(args) == 1:
username = args[0]
else:
username, password = args
return config.zeo, delete, username, password
def main(args=None):
options, delete, username, password = options(args)
p = options.authentication_protocol
if p is None:
usage("ZEO configuration does not specify authentication-protocol")
if p == "digest":
from ZEO.auth.auth_digest import DigestDatabase as Database
elif p == "srp":
from ZEO.auth.auth_srp import SRPDatabase as Database
if options.authentication_database is None:
usage("ZEO configuration does not specify authentication-database")
db = Database(options.authentication_database)
if delete:
db.del_user(username)
else:
if password is None:
password = getpass.getpass("Enter password: ")
db.add_user(username, password)
db.save()
if __name__ == "__main__":
main(sys.argv)
=== ZODB3/ZEO/component.xml 1.3 => 1.3.10.1 ===
--- ZODB3/ZEO/component.xml:1.3 Mon Jan 20 17:09:46 2003
+++ ZODB3/ZEO/component.xml Wed May 28 14:37:32 2003
@@ -3,7 +3,7 @@
<sectiontype name="zeo">
<description>
- The content of a "ZEO" section describe operational parameters
+ The content of a ZEO section describe operational parameters
of a ZEO server except for the storage(s) to be served.
</description>
@@ -68,6 +68,28 @@
after acquiring the storage lock, specified in seconds. If the
transaction takes too long, the client connection will be closed
and the transaction aborted.
+ </description>
+ </key>
+
+ <key name="authentication-protocol" required="no">
+ <description>
+ The name of the protocol used for authentication. The
+ only protocol provided with ZEO is "digest," but extensions
+ may provide other protocols.
+ </description>
+ </key>
+
+ <key name="authentication-database" required="no">
+ <description>
+ The path of the database containing authentication credentials.
+ </description>
+ </key>
+
+ <key name="authentication-realm" required="no">
+ <description>
+ The authentication realm of the server. Some authentication
+ schemes use a realm to identify the logic set of usernames
+ that are accepted by this server.
</description>
</key>
=== ZODB3/ZEO/StorageServer.py 1.92.10.3 => 1.92.10.4 ===
--- ZODB3/ZEO/StorageServer.py:1.92.10.3 Fri May 23 17:13:21 2003
+++ ZODB3/ZEO/StorageServer.py Wed May 28 14:37:32 2003
@@ -609,7 +609,8 @@
transaction_timeout=None,
monitor_address=None,
auth_protocol=None,
- auth_filename=None):
+ auth_filename=None,
+ realm=None):
"""StorageServer constructor.
This is typically invoked from the start.py script.
@@ -653,7 +654,7 @@
text format.
auth_protocol -- The name of the authentication protocol to use.
- Examples are "plaintext", "sha" and "srp".
+ Examples are "digest" and "srp".
auth_filename -- The name of the password database filename.
It should be in a format compatible with the authentication
@@ -682,6 +683,7 @@
self.read_only = read_only
self.auth_protocol = auth_protocol
self.auth_filename = auth_filename
+ self.realm = realm
self.database = None
if auth_protocol:
self._setup_auth(auth_protocol)
=== ZODB3/ZEO/ClientStorage.py 1.93.2.3 => 1.93.2.4 ===
--- ZODB3/ZEO/ClientStorage.py:1.93.2.3 Fri May 23 17:13:21 2003
+++ ZODB3/ZEO/ClientStorage.py Wed May 28 14:37:32 2003
@@ -101,8 +101,7 @@
wait_for_server_on_startup=None, # deprecated alias for wait
wait=None, # defaults to 1
read_only=0, read_only_fallback=0,
- username='', password=''):
-
+ username='', password='', realm=None):
"""ClientStorage constructor.
This is typically invoked from a custom_zodb.py file.
@@ -232,6 +231,7 @@
self._read_only_fallback = read_only_fallback
self._username = username
self._password = password
+ self._realm = realm
# _server_addr is used by sortKey()
self._server_addr = None
self._tfile = None
@@ -383,7 +383,7 @@
c = client(stub)
# Initiate authentication, returns boolean specifying whether OK
- return c.start(self._username, self._password)
+ return c.start(self._username, self._realm, self._password)
def testConnection(self, conn):
"""Internal: test the given connection.
@@ -413,8 +413,10 @@
# XXX: Verify return value?
auth = stub.getAuthProtocol()
- if auth and not self.doAuth(auth, stub):
- raise AuthError, "Authentication failed"
+ if auth:
+ skey = self.doAuth(auth, stub)
+ if not skey:
+ raise AuthError, "Authentication failed"
try:
stub.register(str(self._storage), self._is_read_only)
More information about the Zodb-checkins
mailing list