[Zodb-checkins] CVS: ZODB3/ZEO - zeopasswd.py:1.1.2.1 component.xml:1.3.10.1 StorageServer.py:1.92.10.4 ClientStorage.py:1.93.2.4

Jeremy Hylton jeremy at zope.com
Wed May 28 15:37:33 EDT 2003


Update of /cvs-repository/ZODB3/ZEO
In directory cvs.zope.org:/tmp/cvs-serv5351/ZEO

Modified Files:
      Tag: ZODB3-auth-branch
	component.xml StorageServer.py ClientStorage.py 
Added Files:
      Tag: ZODB3-auth-branch
	zeopasswd.py 
Log Message:
Big refactoring of authentication mechanism.

Add mac to the smac layer.
Add explicit realm for use by client and server.
Add authentication to the ZEO schema components.
Add session key generation to digest authentication.

Add a new zeopasswd.py script that isn't quite done.
Move plaintext authentication to the tests directory; it isn't
supposed to be used for real.


=== Added File ZODB3/ZEO/zeopasswd.py ===
#!python
##############################################################################
#
# Copyright (c) 2003 Zope Corporation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Update a user's authentication tokens for a ZEO server.

usage: python zeopasswd.py [options] username [password]

-C/--configuration URL -- configuration file or URL
-d/--delete -- delete user instead of updating password
"""

import getopt
import getpass
import sys

import ZConfig
import ZEO

def usage(msg):
    print msg
    print __doc__
    sys.exit(2)

def options(args):
    """Password-specific options loaded from regular ZEO config file."""

    schema = ZConfig.loadSchema(os.path.join(os.path.dirname(ZEO.__file__),
                                             "schema.xml"))

    try:
        options, args = getopt.getopt(args, "C:", ["configure="])
    except getopt.error, msg:
        usage(msg)
    config = None
    delete = False
    for k, v in options:
        if k == '-C' or k == '--configure':
            config, nil = ZConfig.loadConfig(schema, v)
        if k == '-d' or k == '--delete':
            delete = True
    if config is None:
        usage("Must specifiy configuration file")

    password = None
    if delete:
        if not args:
            usage("Must specify username to delete")
        elif len(args) > 1:
            usage("Too many arguments")
        username = args[0]
    else:
        if not args:
            usage("Must specify username")
        elif len(args) > 2:
            usage("Too many arguments")
        elif len(args) == 1:
            username = args[0]
        else:
            username, password = args
        
    return config.zeo, delete, username, password

def main(args=None):
    options, delete, username, password = options(args)
    p = options.authentication_protocol  
    if p is None:
        usage("ZEO configuration does not specify authentication-protocol")
    if p == "digest":
        from ZEO.auth.auth_digest import DigestDatabase as Database
    elif p == "srp":
        from ZEO.auth.auth_srp import SRPDatabase as Database
    if options.authentication_database is None:
        usage("ZEO configuration does not specify authentication-database")
    db = Database(options.authentication_database)
    if delete:
        db.del_user(username)
    else:
        if password is None:
            password = getpass.getpass("Enter password: ")
        db.add_user(username, password)
    db.save()

if __name__ == "__main__":
    main(sys.argv)


=== ZODB3/ZEO/component.xml 1.3 => 1.3.10.1 ===
--- ZODB3/ZEO/component.xml:1.3	Mon Jan 20 17:09:46 2003
+++ ZODB3/ZEO/component.xml	Wed May 28 14:37:32 2003
@@ -3,7 +3,7 @@
   <sectiontype name="zeo">
 
     <description>
-      The content of a "ZEO" section describe operational parameters
+      The content of a ZEO section describe operational parameters
       of a ZEO server except for the storage(s) to be served.
     </description>
 
@@ -68,6 +68,28 @@
         after acquiring the storage lock, specified in seconds.  If the
         transaction takes too long, the client connection will be closed
         and the transaction aborted.
+      </description>
+    </key>
+
+    <key name="authentication-protocol" required="no">
+      <description>
+        The name of the protocol used for authentication.  The
+        only protocol provided with ZEO is "digest," but extensions
+        may provide other protocols.
+      </description>
+    </key>
+
+    <key name="authentication-database" required="no">
+      <description>
+        The path of the database containing authentication credentials.
+      </description>
+    </key>
+
+    <key name="authentication-realm" required="no">
+      <description>
+        The authentication realm of the server.  Some authentication
+        schemes use a realm to identify the logic set of usernames
+        that are accepted by this server.
       </description>
     </key>
 


=== ZODB3/ZEO/StorageServer.py 1.92.10.3 => 1.92.10.4 ===
--- ZODB3/ZEO/StorageServer.py:1.92.10.3	Fri May 23 17:13:21 2003
+++ ZODB3/ZEO/StorageServer.py	Wed May 28 14:37:32 2003
@@ -609,7 +609,8 @@
                  transaction_timeout=None,
                  monitor_address=None,
                  auth_protocol=None,
-                 auth_filename=None):
+                 auth_filename=None,
+                 realm=None):
         """StorageServer constructor.
 
         This is typically invoked from the start.py script.
@@ -653,7 +654,7 @@
             text format.
 
         auth_protocol -- The name of the authentication protocol to use.
-            Examples are "plaintext", "sha" and "srp".
+            Examples are "digest" and "srp".
             
         auth_filename -- The name of the password database filename.
             It should be in a format compatible with the authentication
@@ -682,6 +683,7 @@
         self.read_only = read_only
         self.auth_protocol = auth_protocol
         self.auth_filename = auth_filename
+        self.realm = realm
         self.database = None
         if auth_protocol:
             self._setup_auth(auth_protocol)


=== ZODB3/ZEO/ClientStorage.py 1.93.2.3 => 1.93.2.4 ===
--- ZODB3/ZEO/ClientStorage.py:1.93.2.3	Fri May 23 17:13:21 2003
+++ ZODB3/ZEO/ClientStorage.py	Wed May 28 14:37:32 2003
@@ -101,8 +101,7 @@
                  wait_for_server_on_startup=None, # deprecated alias for wait
                  wait=None, # defaults to 1
                  read_only=0, read_only_fallback=0,
-                 username='', password=''):
-
+                 username='', password='', realm=None):
         """ClientStorage constructor.
 
         This is typically invoked from a custom_zodb.py file.
@@ -232,6 +231,7 @@
         self._read_only_fallback = read_only_fallback
         self._username = username
         self._password = password
+        self._realm = realm
         # _server_addr is used by sortKey()
         self._server_addr = None
         self._tfile = None
@@ -383,7 +383,7 @@
         c = client(stub)
         
         # Initiate authentication, returns boolean specifying whether OK
-        return c.start(self._username, self._password)
+        return c.start(self._username, self._realm, self._password)
         
     def testConnection(self, conn):
         """Internal: test the given connection.
@@ -413,8 +413,10 @@
 
         # XXX: Verify return value?
         auth = stub.getAuthProtocol()
-        if auth and not self.doAuth(auth, stub):
-            raise AuthError, "Authentication failed"
+        if auth:
+            skey = self.doAuth(auth, stub)
+            if not skey:
+                raise AuthError, "Authentication failed"
         
         try:
             stub.register(str(self._storage), self._is_read_only)




More information about the Zodb-checkins mailing list