Introduce the concept of auth handlers.

Somehow similar to views. We pass command and its arguments as username,
the thing splits it and looks for handler for the command.

2 files changed, 25 insertions, 1 deletions

diff --git a/okupy/accounts/ssh.py b/okupy/accounts/ssh.py
new file mode 100644
index 0000000..83d1f10
--- /dev/null
+++ b/okupy/accounts/ssh.py
@@ -0,0 +1,8 @@
+# vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python
+
+ssh_handlers = {}
+
+
+def ssh_handler(f):
+    ssh_handlers[f.__name__] = f
+    return f
diff --git a/okupy/common/ssh.py b/okupy/common/ssh.py
index bde138b..8854690 100644
--- a/okupy/common/ssh.py
+++ b/okupy/common/ssh.py
@@ -7,9 +7,12 @@ import paramiko
 from io import BytesIO
 
 import asyncore
+import inspect
 import socket
 import threading
 
+from ..accounts.ssh import ssh_handlers
+
 
 LISTEN_BACKLOG = 20
 
@@ -19,7 +22,20 @@ class SSHServer(paramiko.ServerInterface):
         return 'publickey'
 
     def check_auth_publickey(self, username, key):
-        return paramiko.AUTH_SUCCESSFUL
+        spl = username.split('+')
+        cmd = spl[0]
+        args = spl[1:]
+
+        try:
+            h = ssh_handlers[cmd]
+            # this is an easy way of checking if we have correct args
+            inspect.getcallargs(h, *args, key=key)
+        except (KeyError, TypeError) as e:
+            pass
+        else:
+            if h(*args, key=key):
+                return paramiko.AUTH_SUCCESSFUL
+        return paramiko.AUTH_FAILED
 
     def check_channel_request(self, kind, chanid):
         if kind == 'session':