From 809f56f2e219d926f9ee33031e82ab7e5d36a712 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz> Date: Mon, 18 Apr 2016 15:22:47 +0200 Subject: [PATCH] NoAuthenticator now creates ad-hoc client ids based on client name (thanks to Radko Krkos) --- warden3/warden_server/warden_server.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py index 5b4c01c..322ea13 100755 --- a/warden3/warden_server/warden_server.py +++ b/warden3/warden_server/warden_server.py @@ -279,8 +279,21 @@ class NoAuthenticator(ObjectReq): ObjectReq.__init__(self, req) - def authenticate (self, env, args): - return "anybody" # or None + def shash(self, s): + """ Simple FNV1 hash for creating ids on the fly """ + res = 2166136261 + for c in s: + res = 0xFFFFFFFF & res * 16777619 ^ ord(c) + return res + + + def authenticate(self, env, args): + name = args.get("client", [None])[0] + if name is None: + logging.error("NoAuthenticator: clients must authenticate by name, not secret") + return None + + return Client(self.shash(name), None, None, None, name, None, 1, None, 1, 1, 1, 0) def authorize(self, env, client, path, method): @@ -336,8 +349,8 @@ class X509Authenticator(NoAuthenticator): name, secret, str(cert_names))) return None - # Clients with 'secret' set muset get authorized by it. - # No secret turns auth off for this particular client. + # Clients with 'secret' set must get authenticated by it. + # No secret turns secret auth off for this particular client. if client.secret is not None and secret is None: logging.info("authenticate: missing secret argument") return None -- GitLab