connvalidator.py :  » Development » Pyro » Pyro-3.10 » examples » user_passwd_auth » Python Open Source

Home
Python Open Source
1.3.1.2 Python
2.Ajax
3.Aspect Oriented
4.Blog
5.Build
6.Business Application
7.Chart Report
8.Content Management Systems
9.Cryptographic
10.Database
11.Development
12.Editor
13.Email
14.ERP
15.Game 2D 3D
16.GIS
17.GUI
18.IDE
19.Installer
20.IRC
21.Issue Tracker
22.Language Interface
23.Log
24.Math
25.Media Sound Audio
26.Mobile
27.Network
28.Parser
29.PDF
30.Project Management
31.RSS
32.Search
33.Security
34.Template Engines
35.Test
36.UML
37.USB Serial
38.Web Frameworks
39.Web Server
40.Web Services
41.Web Unit
42.Wiki
43.Windows
44.XML
Python Open Source » Development » Pyro 
Pyro » Pyro 3.10 » examples » user_passwd_auth » connvalidator.py
from Pyro.protocol import DefaultConnValidator
import Pyro.constants
import hmac
try:
  import hashlib
  md5=hashlib.md5
except ImportError:
  import md5
  md5=md5.md5


# Example username/password database: (passwords stored in ascii md5 hash)
EXAMPLE_ALLOWED_USERS = {
  "irmen": "5ebe2294ecd0e0f08eab7690d2a6ee69",    # 'secret'
  "guest": "084e0343a0486ff05530df6c705c8bb4",    # 'guest'
  "root": "bbbb2edef660739a6071ab5a4f8a869f",      # 'change_me'
}

#
#  Example login/password validator.
#  Passwords are protected using md5 so they are not stored in plaintext.
#  The actual identification check is done using a hmac-md5 secure hash.
#
class UserLoginConnValidator(DefaultConnValidator):

  def acceptIdentification(self, daemon, connection, token, challenge):
    # extract tuple (login, processed password) from token as returned by createAuthToken
    # processed password is a hmac hash from the server's challenge string and the password itself.
    login, processedpassword = token.split(':', 1)
    knownpasswdhash = EXAMPLE_ALLOWED_USERS.get(login)
    # Check if the username/password is valid.
    if knownpasswdhash:
      # Known passwords are stored as ascii hash, but the auth token contains a binary hash.
      # So we need to convert our ascii hash to binary to be able to validate.
      knownpasswdhash=knownpasswdhash.decode("hex")
      if hmac.new(challenge,knownpasswdhash).digest() == processedpassword:
        print "ALLOWED", login
        connection.authenticated=login  # store for later reference by Pyro object
        return(1,0)
    print "DENIED",login
    return (0,Pyro.constants.DENIED_SECURITY)
    
  def createAuthToken(self, authid, challenge, peeraddr, URI, daemon):
    # authid is what mungeIdent returned, a tuple (login, hash-of-password)
    # we return a secure auth token based on the server challenge string.
    return "%s:%s" % (authid[0], hmac.new(challenge,authid[1]).digest() )

  def mungeIdent(self, ident):
    # ident is tuple (login, password), the client sets this.
    # we don't like to store plaintext passwords so store the md5 hash instead.
    return (ident[0], md5(ident[1]).digest())
    
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.