Changeset 179

Timestamp:

07/25/12 22:50:48 (12 years ago)

Author:

atzm

Message:

• handle authentication per instance, not class

File:

• etherws/trunk/etherws.py (modified) (5 diffs)

etherws/trunk/etherws.py

@@ -198 +198 @@
 
 
+class Htpasswd(object):
+    def __init__(self, path):
+        self._path = path
+        self._stat = None
+        self._data = {}
+
+    def auth(self, name, passwd):
+        passwd = base64.b64encode(hashlib.sha1(passwd).digest())
+        return self._data.get(name) == passwd
+
+    def load(self):
+        old_stat = self._stat
+
+        with open(self._path) as fp:
+            fileno = fp.fileno()
+            fcntl.flock(fileno, fcntl.LOCK_SH | fcntl.LOCK_NB)
+            self._stat = os.fstat(fileno)
+
+            unchanged = old_stat and \
+                        old_stat.st_ino == self._stat.st_ino and \
+                        old_stat.st_dev == self._stat.st_dev and \
+                        old_stat.st_mtime == self._stat.st_mtime
+
+            if not unchanged:
+                self._data = self._parse(fp)
+
+        return self
+
+    def _parse(self, fp):
+        data = {}
+        for line in fp:
+            line = line.strip()
+            if 0 <= line.find(':'):
+                name, passwd = line.split(':', 1)
+                if passwd.startswith('{SHA}'):
+                    data[name] = passwd[5:]
+        return data
+
+
 class TapHandler(DebugMixIn):
     READ_SIZE = 65535
@@ -258 +297 @@
 
 class EtherWebSocketHandler(tornado.websocket.WebSocketHandler, DebugMixIn):
-    def __init__(self, app, req, switch, debug=False):
+    def __init__(self, app, req, switch, htpasswd=None, debug=False):
         super(EtherWebSocketHandler, self).__init__(app, req)
         self._switch = switch
+        self._htpasswd = htpasswd
         self._debug = debug
+
+        if self._htpasswd:
+            self._htpasswd = Htpasswd(self._htpasswd)
 
     def open(self):
@@ -273 +316 @@
         self._switch.unregister_port(self)
         self.dprintf('disconnected: %s\n', lambda: self.request.remote_ip)
+
+    def _execute(self, transforms, *args, **kwargs):
+        def do_execute():
+            sp = super(EtherWebSocketHandler, self)
+            return sp._execute(transforms, *args, **kwargs)
+
+        def auth_required():
+            self.stream.write(tornado.escape.utf8(
+                'HTTP/1.1 401 Authorization Required\r\n'
+                'WWW-Authenticate: Basic realm=etherws\r\n\r\n'
+            ))
+            self.stream.close()
+
+        try:
+            if not self._htpasswd:
+                return do_execute()
+
+            creds = self.request.headers.get('Authorization')
+
+            if not creds or not creds.startswith('Basic '):
+                return auth_required()
+
+            name, passwd = base64.b64decode(creds[6:]).split(':', 1)
+
+            if self._htpasswd.load().auth(name, passwd):
+                return do_execute()
+        except:
+            traceback.print_exc()
+
+        return auth_required()
 
 
@@ -334 +407 @@
             traceback.print_exc()
         self.close()
-
-
-class Htpasswd(object):
-    def __init__(self, path):
-        self._path = path
-        self._stat = None
-        self._data = {}
-
-    def auth(self, name, passwd):
-        passwd = base64.b64encode(hashlib.sha1(passwd).digest())
-        return self._data.get(name) == passwd
-
-    def load(self):
-        old_stat = self._stat
-
-        with open(self._path) as fp:
-            fileno = fp.fileno()
-            fcntl.flock(fileno, fcntl.LOCK_SH | fcntl.LOCK_NB)
-            self._stat = os.fstat(fileno)
-
-            unchanged = old_stat and \
-                        old_stat.st_ino == self._stat.st_ino and \
-                        old_stat.st_dev == self._stat.st_dev and \
-                        old_stat.st_mtime == self._stat.st_mtime
-
-            if not unchanged:
-                self._data = self._parse(fp)
-
-    def _parse(self, fp):
-        data = {}
-        for line in fp:
-            line = line.strip()
-            if 0 <= line.find(':'):
-                name, passwd = line.split(':', 1)
-                if passwd.startswith('{SHA}'):
-                    data[name] = passwd[5:]
-        return data
-
-
-def wrap_basic_auth(handler_class, htpasswd_path):
-    if not htpasswd_path:
-        return handler_class
-
-    old_execute = handler_class._execute
-    htpasswd = Htpasswd(htpasswd_path)
-
-    def execute(self, transforms, *args, **kwargs):
-        def auth_required():
-            self.stream.write(tornado.escape.utf8(
-                'HTTP/1.1 401 Authorization Required\r\n'
-                'WWW-Authenticate: Basic realm=etherws\r\n\r\n'
-            ))
-            self.stream.close()
-
-        creds = self.request.headers.get('Authorization')
-
-        if not creds or not creds.startswith('Basic '):
-            return auth_required()
-
-        try:
-            name, passwd = base64.b64decode(creds[6:]).split(':', 1)
-            htpasswd.load()
-
-            if not htpasswd.auth(name, passwd):
-                return auth_required()
-
-            return old_execute(self, transforms, *args, **kwargs)
-
-        except:
-            return auth_required()
-
-    handler_class._execute = execute
-    return handler_class
 
 
@@ -469 +469 @@
     switch = SwitchingHub(fdb, debug=args.debug)
 
-    handler = wrap_basic_auth(EtherWebSocketHandler, args.htpasswd)
-    srv = (args.path, handler, {'switch': switch, 'debug': args.debug})
-    app = tornado.web.Application([srv])
+    harg = {'switch': switch, 'htpasswd': args.htpasswd, 'debug': args.debug}
+    serv = (args.path, EtherWebSocketHandler, harg)
+    app = tornado.web.Application([serv])
     server = tornado.httpserver.HTTPServer(app, ssl_options=ssl_options)
     server.listen(args.port, address=args.address)