← Back to branch summary

~fujita-tomonori-deactivatedaccount/swift/s3-auth-helper

« back to all changes in this revision

Viewing changes to swift/auth/server.py

  • Committer: FUJITA Tomonori
  • Date: 2011-01-25 08:35:10 UTC
  • Revision ID: fujita.tomonori@lab.ntt.co.jp-20110125083510-mpsexw49z9ir3wwn
add S3 Authorization helper functions

refactor out devauth and swauth a bit.

Show diffs side-by-side

added added

removed removed

Lines of Context:
swift/auth/server.py
21
21
from urllib import unquote, quote
22
22
from uuid import uuid4
23
23
from urlparse import urlparse
24
 
from hashlib import md5, sha1
25
 
import hmac
26
 
import base64
27
24
 
28
25
import sqlite3
29
26
from webob import Request, Response
32
29
 
33
30
from swift.common.bufferedhttp import http_connect_raw as http_connect
34
31
from swift.common.db import get_db_connection
35
 
from swift.common.utils import get_logger, split_path
 
32
from swift.common.utils import get_logger, split_path, \
 
33
     s3_auth_signature, s3_auth_parser
36
34
 
37
35
 
38
36
class AuthController(object):
243
241
            raise err
244
242
 
245
243
    def validate_s3_sign(self, request, token):
246
 
        account, user, sign = request.headers['Authorization'].split(' ')[-1].split(':')
247
 
        msg = base64.urlsafe_b64decode(unquote(token))
 
244
        account, user, sign = s3_auth_parser(request.headers['Authorization'])
248
245
        rv = False
249
246
        with self.get_conn() as conn:
250
247
            row = conn.execute('''
253
250
                (account, user)).fetchone()
254
251
            rv = (84000, account, user, row[1])
255
252
        if rv:
256
 
            s = base64.encodestring(hmac.new(row[0], msg, sha1).digest()).strip()
257
 
            self.logger.info("orig %s, calc %s" % (sign, s))
258
 
            if sign != s:
 
253
            if sign != s3_auth_signature(token, row[0]):
259
254
                rv = False
260
255
        return rv
261
256