aboutsummaryrefslogtreecommitdiffstats
path: root/libmproxy/authentication.py
diff options
context:
space:
mode:
Diffstat (limited to 'libmproxy/authentication.py')
-rw-r--r--libmproxy/authentication.py122
1 files changed, 0 insertions, 122 deletions
diff --git a/libmproxy/authentication.py b/libmproxy/authentication.py
deleted file mode 100644
index 500ead6b..00000000
--- a/libmproxy/authentication.py
+++ /dev/null
@@ -1,122 +0,0 @@
-import binascii
-import contrib.md5crypt as md5crypt
-
-class NullProxyAuth():
- """
- No proxy auth at all (returns empty challange headers)
- """
- def __init__(self, password_manager):
- self.password_manager = password_manager
- self.username = ""
-
- def clean(self, headers):
- """
- Clean up authentication headers, so they're not passed upstream.
- """
- pass
-
- def authenticate(self, headers):
- """
- Tests that the user is allowed to use the proxy
- """
- return True
-
- def auth_challenge_headers(self):
- """
- Returns a dictionary containing the headers require to challenge the user
- """
- return {}
-
-
-class BasicProxyAuth(NullProxyAuth):
- CHALLENGE_HEADER = 'Proxy-Authenticate'
- AUTH_HEADER = 'Proxy-Authorization'
- def __init__(self, password_manager, realm):
- NullProxyAuth.__init__(self, password_manager)
- self.realm = realm
-
- def clean(self, headers):
- del headers[self.AUTH_HEADER]
-
- def authenticate(self, headers):
- auth_value = headers.get(self.AUTH_HEADER, [])
- if not auth_value:
- return False
- try:
- scheme, username, password = self.parse_auth_value(auth_value[0])
- except ValueError:
- return False
- if scheme.lower()!='basic':
- return False
- if not self.password_manager.test(username, password):
- return False
- self.username = username
- return True
-
- def auth_challenge_headers(self):
- return {self.CHALLENGE_HEADER:'Basic realm="%s"'%self.realm}
-
- def unparse_auth_value(self, scheme, username, password):
- v = binascii.b2a_base64(username + ":" + password)
- return scheme + " " + v
-
- def parse_auth_value(self, auth_value):
- words = auth_value.split()
- if len(words) != 2:
- raise ValueError("Invalid basic auth credential.")
- scheme = words[0]
- try:
- user = binascii.a2b_base64(words[1])
- except binascii.Error:
- raise ValueError("Invalid basic auth credential: user:password pair not valid base64: %s"%words[1])
- parts = user.split(':')
- if len(parts) != 2:
- raise ValueError("Invalid basic auth credential: decoded user:password pair not valid: %s"%user)
- return scheme, parts[0], parts[1]
-
-
-class PasswordManager():
- def __init__(self):
- pass
-
- def test(self, username, password_token):
- return False
-
-
-class PermissivePasswordManager(PasswordManager):
- def __init__(self):
- PasswordManager.__init__(self)
-
- def test(self, username, password_token):
- if username:
- return True
- return False
-
-
-class HtpasswdPasswordManager(PasswordManager):
- """
- Read usernames and passwords from a file created by Apache htpasswd
- """
- def __init__(self, filehandle):
- PasswordManager.__init__(self)
- entries = (line.strip().split(':') for line in filehandle)
- valid_entries = (entry for entry in entries if len(entry)==2)
- self.usernames = {username:token for username,token in valid_entries}
-
- def test(self, username, password_token):
- if username not in self.usernames:
- return False
- full_token = self.usernames[username]
- dummy, magic, salt, hashed_password = full_token.split('$')
- expected = md5crypt.md5crypt(password_token, salt, '$'+magic+'$')
- return expected==full_token
-
-
-class SingleUserPasswordManager(PasswordManager):
- def __init__(self, username, password):
- PasswordManager.__init__(self)
- self.username = username
- self.password = password
-
- def test(self, username, password_token):
- return self.username==username and self.password==password_token
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 20:01:13 +0000