OXIESEC PANEL
- Current Dir:
/
/
opt
/
alt
/
python311
/
lib
/
python3.11
/
site-packages
/
pyroute2
/
ndb
Server IP: 2a02:4780:11:1084:0:327f:3464:10
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
05/08/2024 06:42:21 PM
rwxr-xr-x
📄
__init__.py
0 bytes
05/08/2024 06:42:21 PM
rw-r--r--
📁
__pycache__
-
05/08/2024 06:42:21 PM
rwxr-xr-x
📄
auth_manager.py
2.58 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
cli.py
2.25 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
cluster.py
1003 bytes
05/08/2024 06:42:21 PM
rw-r--r--
📄
compat.py
2.2 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
events.py
2.02 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
main.py
20.96 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
messages.py
246 bytes
05/08/2024 06:42:21 PM
rw-r--r--
📄
noipdb.py
5.03 KB
05/08/2024 06:42:21 PM
rw-r--r--
📁
objects
-
05/08/2024 06:42:21 PM
rwxr-xr-x
📄
query.py
4.75 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
report.py
11.86 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
schema.py
32.04 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
source.py
16.56 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
task_manager.py
9.58 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
transaction.py
11.05 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
transport.py
6.2 KB
05/08/2024 06:42:21 PM
rw-r--r--
📄
view.py
16.5 KB
05/08/2024 06:42:21 PM
rw-r--r--
Editing: auth_manager.py
Close
''' AAA concept ----------- AAA refers to Authentication, Authorization and Accounting. NDB provides a minimalistic API to integrate Authorization routines, leaving the rest -- Authentication and Accounting -- to the user. Some of NDB routines and RTNL object methods are guarded with a parametrized decorator. The decorator takes the only parameter `tag`:: @check_auth('obj:read') def __getitem__(self, key): ... @check_auth('obj:modify') def __setitem__(self, key, value): ... AuthManager ----------- The tag is checked by `AuthManager.check(...)` routine. The routine is the only method that must be provided by AuthManager-compatible objects, and must be defined as:: def check(self, obj, tag): # -> True: grant access to the tag # -> False: reject access # -> raise Exception(): reject access with a specific exception ... NDB module provides an example AuthManager:: from pyroute2 import NDB from pyroute2.ndb.auth_manager import AuthManager ndb = NDB(log='debug') am = AuthManager({'obj:list': False, # deny dump(), summary() 'obj:read': True, # permit reading RTNL attributes 'obj:modify': True}, # permit add_ip(), commit() etc. ndb.log.channel('auth')) ap = ndb.auth_proxy(am) ap.interfaces.summary() # <-- fails with PermissionError You can implement custom AuthManager classes, the only requirement -- they must provide `.check(self, obj, tag)` routine, which returns `True` or `False` or raises an exception. ''' class check_auth(object): def __init__(self, tag): self.tag = tag def __call__(self, f): def guard(obj, *argv, **kwarg): if not getattr(obj, '_init_complete', True): return f(obj, *argv, **kwarg) if not obj.auth_managers: raise PermissionError('access rejected') if all([x.check(obj, self.tag) for x in obj.auth_managers]): return f(obj, *argv, **kwarg) raise PermissionError('access rejected') guard.__doc__ = f.__doc__ return guard class AuthManager(object): def __init__(self, auth, log, policy=False): self.auth = auth self.log = log self.policy = policy self.exception = PermissionError def check(self, obj, tag): ret = self.policy if isinstance(self.auth, dict): ret = self.auth.get(tag, self.policy) if not ret and self.exception: raise self.exception('%s access rejected' % (tag,)) return ret