FilesExpand file tree

 python-808

/

auth.py

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

182 lines (138 loc) · 6.01 KB

 python-808

/

auth.py

Top

File metadata and controls

• Code
• Blame

182 lines (138 loc) · 6.01 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

# Copyright 2013-2017 DataStax, Inc.

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

# http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

try:

from puresasl.client import SASLClient

except ImportError:

SASLClient = None

class AuthProvider(object):

"""

An abstract class that defines the interface that will be used for

creating :class:`~.Authenticator` instances when opening new

connections to Cassandra.

.. versionadded:: 2.0.0

"""

def new_authenticator(self, host):

"""

Implementations of this class should return a new instance

of :class:`~.Authenticator` or one of its subclasses.

"""

raise NotImplementedError()

class Authenticator(object):

"""

An abstract class that handles SASL authentication with Cassandra servers.

Each time a new connection is created and the server requires authentication,

a new instance of this class will be created by the corresponding

:class:`~.AuthProvider` to handler that authentication. The lifecycle of the

new :class:`~.Authenticator` will the be:

1) The :meth:`~.initial_response()` method will be called. The return

value will be sent to the server to initiate the handshake.

2) The server will respond to each client response by either issuing a

challenge or indicating that the authentication is complete (successful or not).

If a new challenge is issued, :meth:`~.evaluate_challenge()`

will be called to produce a response that will be sent to the

server. This challenge/response negotiation will continue until the server

responds that authentication is successful (or an :exc:`~.AuthenticationFailed`

is raised).

3) When the server indicates that authentication is successful,

:meth:`~.on_authentication_success` will be called a token string that

that the server may optionally have sent.

The exact nature of the negotiation between the client and server is specific

to the authentication mechanism configured server-side.

.. versionadded:: 2.0.0

"""

server_authenticator_class = None

""" Set during the connection AUTHENTICATE phase """

def initial_response(self):

"""

Returns an message to send to the server to initiate the SASL handshake.

:const:`None` may be returned to send an empty message.

"""

return None

def evaluate_challenge(self, challenge):

"""

Called when the server sends a challenge message. Generally, this method

should return :const:`None` when authentication is complete from a

client perspective. Otherwise, a string should be returned.

"""

raise NotImplementedError()

def on_authentication_success(self, token):

"""

Called when the server indicates that authentication was successful.

Depending on the authentication mechanism, `token` may be :const:`None`

or a string.

"""

pass

class PlainTextAuthProvider(AuthProvider):

"""

An :class:`~.AuthProvider` that works with Cassandra's PasswordAuthenticator.

Example usage::

from cassandra.cluster import Cluster

from cassandra.auth import PlainTextAuthProvider

auth_provider = PlainTextAuthProvider(

username='cassandra', password='cassandra')

cluster = Cluster(auth_provider=auth_provider)

.. versionadded:: 2.0.0

"""

def __init__(self, username, password):

self.username = username

self.password = password

def new_authenticator(self, host):

return PlainTextAuthenticator(self.username, self.password)

class PlainTextAuthenticator(Authenticator):

"""

An :class:`~.Authenticator` that works with Cassandra's PasswordAuthenticator.

.. versionadded:: 2.0.0

"""

def __init__(self, username, password):

self.username = username

self.password = password

def initial_response(self):

return "\x00%s\x00%s" % (self.username, self.password)

def evaluate_challenge(self, challenge):

return None

class SaslAuthProvider(AuthProvider):

"""

An :class:`~.AuthProvider` supporting general SASL auth mechanisms

Suitable for GSSAPI or other SASL mechanisms

Example usage::

from cassandra.cluster import Cluster

from cassandra.auth import SaslAuthProvider

sasl_kwargs = {'service': 'something',

'mechanism': 'GSSAPI',

'qops': 'auth'.split(',')}

auth_provider = SaslAuthProvider(**sasl_kwargs)

cluster = Cluster(auth_provider=auth_provider)

.. versionadded:: 2.1.4

"""

def __init__(self, **sasl_kwargs):

if SASLClient is None:

raise ImportError('The puresasl library has not been installed')

if 'host' in sasl_kwargs:

raise ValueError("kwargs should not contain 'host' since it is passed dynamically to new_authenticator")

self.sasl_kwargs = sasl_kwargs

def new_authenticator(self, host):

return SaslAuthenticator(host, **self.sasl_kwargs)

class SaslAuthenticator(Authenticator):

"""

A pass-through :class:`~.Authenticator` using the third party package

'pure-sasl' for authentication

.. versionadded:: 2.1.4

"""

def __init__(self, host, service, mechanism='GSSAPI', **sasl_kwargs):

if SASLClient is None:

raise ImportError('The puresasl library has not been installed')

self.sasl = SASLClient(host, service, mechanism, **sasl_kwargs)

def initial_response(self):

return self.sasl.process()

def evaluate_challenge(self, challenge):

return self.sasl.process(challenge)