← Back to branch summary

~ttx/swift/release-1.4.2

« back to all changes in this revision

Viewing changes to swift/common/middleware/tempauth.py

  • Committer: Tarmac
  • Author(s): gholt, FUJITA Tomonori, John Dickinson, David Goetz, John Dickinson, Joe Arnold, Scott Simpson, joe at cloudscaling, Thierry Carrez
  • Date: 2011-07-26 09:08:37 UTC
  • mfrom: (305.1.1 milestone-proposed)
  • Revision ID: tarmac-20110726090837-fwlvja8dnk7nkppw
Merge 1.4.2 development from trunk (rev331)

Show diffs side-by-side

added added

removed removed

Lines of Context:
swift/common/middleware/tempauth.py
27
27
    HTTPUnauthorized
28
28
 
29
29
from swift.common.middleware.acl import clean_acl, parse_acl, referrer_allowed
30
 
from swift.common.utils import cache_from_env, get_logger, split_path
 
30
from swift.common.utils import cache_from_env, get_logger, get_remote_client, \
 
31
    split_path
31
32
 
32
33
 
33
34
class TempAuth(object):
70
71
        if self.auth_prefix[-1] != '/':
71
72
            self.auth_prefix += '/'
72
73
        self.token_life = int(conf.get('token_life', 86400))
 
74
        self.allowed_sync_hosts = [h.strip()
 
75
            for h in conf.get('allowed_sync_hosts', '127.0.0.1').split(',')
 
76
            if h.strip()]
73
77
        self.users = {}
74
78
        for conf_key in conf:
75
79
            if conf_key.startswith('user_'):
85
89
                    if ip == '0.0.0.0':
86
90
                        ip = '127.0.0.1'
87
91
                    url += ip
88
 
                    url += ':' + conf.get('bind_port', 80) + '/v1/' + \
 
92
                    url += ':' + conf.get('bind_port', '8080') + '/v1/' + \
89
93
                           self.reseller_prefix + conf_key.split('_')[1]
90
94
                groups = values
91
95
                self.users[conf_key.split('_', 1)[1].replace('_', ':')] = {
245
249
        if '.reseller_admin' in user_groups and \
246
250
                account != self.reseller_prefix and \
247
251
                account[len(self.reseller_prefix)] != '.':
 
252
            req.environ['swift_owner'] = True
248
253
            return None
249
254
        if account in user_groups and \
250
255
                (req.method not in ('DELETE', 'PUT') or container):
251
256
            # If the user is admin for the account and is not trying to do an
252
257
            # account DELETE or PUT...
 
258
            req.environ['swift_owner'] = True
 
259
            return None
 
260
        if (req.environ.get('swift_sync_key') and
 
261
            req.environ['swift_sync_key'] ==
 
262
                req.headers.get('x-container-sync-key', None) and
 
263
            'x-timestamp' in req.headers and
 
264
            (req.remote_addr in self.allowed_sync_hosts or
 
265
             get_remote_client(req) in self.allowed_sync_hosts)):
253
266
            return None
254
267
        referrers, groups = parse_acl(getattr(req, 'acl', None))
255
268
        if referrer_allowed(req.referer, referrers):