b99f2078a1
This fix provides to Synergy a security mechanism highly configurable. The security policies are pluggable so that it is possible to define any kind of authorization checks. This commit includes a very simple authorization plugin (i.e. synergy.auth.plugin.LocalHostAuthorization) which denies any command coming from clients having IP address different from the Synergy's one. Bug: #1691352 Change-Id: I2535b2a3edeea5e56cd8918d01070a6f8a534c3e Sem-Ver: bugfix
31 lines
1.1 KiB
Python
31 lines
1.1 KiB
Python
from synergy.exception import AuthorizationError
|
|
|
|
|
|
__author__ = "Lisa Zangrando"
|
|
__email__ = "lisa.zangrando[AT]pd.infn.it"
|
|
__copyright__ = """Copyright (c) 2015 INFN - INDIGO-DataCloud
|
|
All Rights Reserved
|
|
|
|
Licensed under the Apache License, Version 2.0;
|
|
you may not use this file except in compliance with the
|
|
License. You may obtain a copy of the License at:
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing,
|
|
software distributed under the License is distributed on an
|
|
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
|
either express or implied.
|
|
See the License for the specific language governing
|
|
permissions and limitations under the License."""
|
|
|
|
|
|
class LocalHostAuthorization(object):
|
|
|
|
def authorize(self, context):
|
|
server_addr = context.get("SERVER_NAME")
|
|
remote_addr = context.get("REMOTE_ADDR")
|
|
|
|
if not server_addr or not remote_addr or server_addr != remote_addr:
|
|
raise AuthorizationError("You are not authorized!")
|