diff options
author | Michał Górny <mgorny@gentoo.org> | 2013-08-20 20:46:10 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2013-08-25 10:51:02 +0200 |
commit | 38306632322d4f16289d63087fc978bd9388c2d2 (patch) | |
tree | b79dbdb54c26a56440dcf397c59f2076276f112f /okupy | |
parent | Initial SSH server support. (diff) | |
download | identity.gentoo.org-38306632322d4f16289d63087fc978bd9388c2d2.tar.gz identity.gentoo.org-38306632322d4f16289d63087fc978bd9388c2d2.tar.bz2 identity.gentoo.org-38306632322d4f16289d63087fc978bd9388c2d2.zip |
Introduce the concept of auth handlers.
Somehow similar to views. We pass command and its arguments as username,
the thing splits it and looks for handler for the command.
Diffstat (limited to 'okupy')
-rw-r--r-- | okupy/accounts/ssh.py | 8 | ||||
-rw-r--r-- | okupy/common/ssh.py | 18 |
2 files changed, 25 insertions, 1 deletions
diff --git a/okupy/accounts/ssh.py b/okupy/accounts/ssh.py new file mode 100644 index 0000000..83d1f10 --- /dev/null +++ b/okupy/accounts/ssh.py @@ -0,0 +1,8 @@ +# vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python + +ssh_handlers = {} + + +def ssh_handler(f): + ssh_handlers[f.__name__] = f + return f diff --git a/okupy/common/ssh.py b/okupy/common/ssh.py index bde138b..8854690 100644 --- a/okupy/common/ssh.py +++ b/okupy/common/ssh.py @@ -7,9 +7,12 @@ import paramiko from io import BytesIO import asyncore +import inspect import socket import threading +from ..accounts.ssh import ssh_handlers + LISTEN_BACKLOG = 20 @@ -19,7 +22,20 @@ class SSHServer(paramiko.ServerInterface): return 'publickey' def check_auth_publickey(self, username, key): - return paramiko.AUTH_SUCCESSFUL + spl = username.split('+') + cmd = spl[0] + args = spl[1:] + + try: + h = ssh_handlers[cmd] + # this is an easy way of checking if we have correct args + inspect.getcallargs(h, *args, key=key) + except (KeyError, TypeError) as e: + pass + else: + if h(*args, key=key): + return paramiko.AUTH_SUCCESSFUL + return paramiko.AUTH_FAILED def check_channel_request(self, kind, chanid): if kind == 'session': |