Home Explore Help
Sign In
mirrors
/
Radicale
mirror of https://github.com/Kozea/Radicale
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Clean the PAM and Courier acls

Guillaume Ayoub 14 years ago
parent
ae5a68fa6a
commit
6ef7e1857a
2 changed files with 64 additions and 41 deletions
Split View Show Diff Stats
  1. 38 24
      radicale/acl/PAM.py
  2. 26 17
      radicale/acl/courier.py

+ 38 - 24
radicale/acl/PAM.py
View File 

@@ -19,7 +19,7 @@
 
 """
 
 PAM ACL.
 
 
-Authentication based on the ``python-pam`` module
 
+Authentication based on the ``pam-python`` module.
 
 
 """
 
 
@@ -29,7 +29,7 @@ import pwd
 
 from radicale import acl, config, log
 
 
 
-GROUP_MEMBERSHIP = config.get("acl", "group_membership")
 
+GROUP_MEMBERSHIP = config.get("acl", "pam_group_membership")
 
 
 
 def has_right(owner, user, password):
 
@@ -37,26 +37,40 @@ def has_right(owner, user, password):
 
     if not user or (owner not in acl.PRIVATE_USERS and user != owner):
 
         # No user given, or owner is not private and is not user, forbidden
 
         return False
 
-    
-    try: # 1 - Does the user exist in the PAM system?
 
-      pwd.getpwnam(user).pw_uid
 
-      log.LOGGER.debug("User %s found" % user)
 
-    except KeyError: # No such user in the PAM system
 
-      log.LOGGER.debug("User %s not found" % user)
 
-      return False
 
-    
-    try: # 2 - Does the user belong to the required group?
 
-      for member in grp.getgrnam(GROUP_MEMBERSHIP):
 
-	if member == user:
 
-	  raise Exception()
 
-      log.LOGGER.debug("The user doesn't belong to the required group (%s)" % GROUP_MEMBERSHIP)
 
-      return False
 
+
 
+    # Check whether the user exists in the PAM system
 
+    try:
 
+        pwd.getpwnam(user).pw_uid
 
+    except KeyError:
 
+        log.LOGGER.debug("User %s not found" % user)
 
+        return False
 
+    else:
 
+        log.LOGGER.debug("User %s found" % user)
 
+
 
+    # Check whether the group exists
 
+    try:
 
+        members = grp.getgrnam(GROUP_MEMBERSHIP)
 
     except KeyError:
 
-      log.LOGGER.debug("The membership required group (%s) doesn't exist" % GROUP_MEMBERSHIP)
 
-      return False
 
-    except Exception:
 
-      log.LOGGER.debug("The user belong to the required group (%s)" % GROUP_MEMBERSHIP)
 
-        
-    if pam.authenticate(user, password): # 3 - Does the password match ?
 
-      return True
 
-    return False # Authentication failled
 
+        log.LOGGER.debug(
 
+            "The PAM membership required group (%s) doesn't exist" %
 
+            GROUP_MEMBERSHIP)
 
+        return False
 
+
 
+    # Check whether the user belongs to the required group
 
+    for member in members:
 
+        if member == user:
 
+            log.LOGGER.debug(
 
+                "The PAM user belongs to the required group (%s)" %
 
+                GROUP_MEMBERSHIP)
 
+            # Check the password
 
+            if pam.authenticate(user, password):
 
+                return True
 
+            else:
 
+                log.LOGGER.debug("Wrong PAM password")
 
+            break
 
+    else:
 
+        log.LOGGER.debug(
 
+            "The PAM user doesn't belong to the required group (%s)" %
 
+            GROUP_MEMBERSHIP)
 
+
 
+    return False

+ 26 - 17
radicale/acl/Courier-Authdaemon.py → radicale/acl/courier.py
View File 

@@ -16,11 +16,17 @@
 
 # You should have received a copy of the GNU General Public License
 
 # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
 
 
-import socket,os,sys
 
+"""
 
+Courier-Authdaemon ACL.
 
+
 
+"""
 
+
 
+import sys
 
+import socket
 
 from radicale import acl, config, log
 
 
 
-COURIER_SOCKET = config.get("acl", "courier-auth_socket")
 
+COURIER_SOCKET = config.get("acl", "courier_socket")
 
 
 
 def has_right(owner, user, password):
 
@@ -28,21 +34,24 @@ def has_right(owner, user, password):
 
     if not user or (owner not in acl.PRIVATE_USERS and user != owner):
 
         # No user given, or owner is not private and is not user, forbidden
 
         return False
 
-        
-    line = sys.argv[0] . "\nlogin\n" + user + "\n" + password
 
-    line = len(line) + "\n" + line
 
+
 
+    line = "%s\nlogin\n%s\n%s" % (sys.argv[0], user, password)
 
+    line = "%i\n%s" % (len(line), line)
 
     try:
 
-      s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 
-      s.connect(COURIER_SOCKET)
 
-      log.LOGGER.debug("Sending to socket the request: %s" % line)
 
-      s.send(line)
 
-      data = s.recv(1024)
 
-      s.close()
 
-    except socket.error, (value,message): 
-      log.LOGGER.debug("Unable to communicate with the socket (error: %s)" % message)
 
-      return False
 
-    log.LOGGER.debug("Got socket response: %s" % repr(data))
 
+        sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
 
+        sock.connect(COURIER_SOCKET)
 
+        log.LOGGER.debug("Sending to Courier socket the request: %s" % line)
 
+        sock.send(line)
 
+        data = sock.recv(1024)
 
+        sock.close()
 
+    except socket.error, (_, message):
 
+        log.LOGGER.debug(
 
+            "Unable to communicate with Courier socket: %s" % message)
 
+        return False
 
+
 
+    log.LOGGER.debug("Got Courier socket response: %r" % data)
 
+
 
     if repr(data) == "FAIL":
 
-      return False
 
+        return False
 
+
 
     return True
 
-