14 anos atrás · 6ef7e1857a
--- a/radicale/acl/PAM.py
+++ b/radicale/acl/PAM.py
@@ -19,7 +19,7 @@
 
				 """
			
 
				 PAM ACL.
			
 
				 
			
 
				-Authentication based on the ``python-pam`` module
			
 
				+Authentication based on the ``pam-python`` module.
			
 
				 
			
 
				 """
			
 
				 
			
@@ -29,7 +29,7 @@ import pwd
 
				 from radicale import acl, config, log
			
 
				 
			
 
				 
			
 
				-GROUP_MEMBERSHIP = config.get("acl", "group_membership")
			
 
				+GROUP_MEMBERSHIP = config.get("acl", "pam_group_membership")
			
 
				 
			
 
				 
			
 
				 def has_right(owner, user, password):
			
@@ -37,26 +37,40 @@ def has_right(owner, user, password):
 
				     if not user or (owner not in acl.PRIVATE_USERS and user != owner):
			
 
				         # No user given, or owner is not private and is not user, forbidden
			
 
				         return False
			
 
				-    
			
 
				-    try: # 1 - Does the user exist in the PAM system?
			
 
				-      pwd.getpwnam(user).pw_uid
			
 
				-      log.LOGGER.debug("User %s found" % user)
			
 
				-    except KeyError: # No such user in the PAM system
			
 
				-      log.LOGGER.debug("User %s not found" % user)
			
 
				-      return False
			
 
				-    
			
 
				-    try: # 2 - Does the user belong to the required group?
			
 
				-      for member in grp.getgrnam(GROUP_MEMBERSHIP):
			
 
				-	if member == user:
			
 
				-	  raise Exception()
			
 
				-      log.LOGGER.debug("The user doesn't belong to the required group (%s)" % GROUP_MEMBERSHIP)
			
 
				-      return False
			
 
				+
			
 
				+    # Check whether the user exists in the PAM system
			
 
				+    try:
			
 
				+        pwd.getpwnam(user).pw_uid
			
 
				+    except KeyError:
			
 
				+        log.LOGGER.debug("User %s not found" % user)
			
 
				+        return False
			
 
				+    else:
			
 
				+        log.LOGGER.debug("User %s found" % user)
			
 
				+
			
 
				+    # Check whether the group exists
			
 
				+    try:
			
 
				+        members = grp.getgrnam(GROUP_MEMBERSHIP)
			
 
				     except KeyError:
			
 
				-      log.LOGGER.debug("The membership required group (%s) doesn't exist" % GROUP_MEMBERSHIP)
			
 
				-      return False
			
 
				-    except Exception:
			
 
				-      log.LOGGER.debug("The user belong to the required group (%s)" % GROUP_MEMBERSHIP)
			
 
				-        
			
 
				-    if pam.authenticate(user, password): # 3 - Does the password match ?
			
 
				-      return True
			
 
				-    return False # Authentication failled
			
 
				+        log.LOGGER.debug(
			
 
				+            "The PAM membership required group (%s) doesn't exist" %
			
 
				+            GROUP_MEMBERSHIP)
			
 
				+        return False
			
 
				+
			
 
				+    # Check whether the user belongs to the required group
			
 
				+    for member in members:
			
 
				+        if member == user:
			
 
				+            log.LOGGER.debug(
			
 
				+                "The PAM user belongs to the required group (%s)" %
			
 
				+                GROUP_MEMBERSHIP)
			
 
				+            # Check the password
			
 
				+            if pam.authenticate(user, password):
			
 
				+                return True
			
 
				+            else:
			
 
				+                log.LOGGER.debug("Wrong PAM password")
			
 
				+            break
			
 
				+    else:
			
 
				+        log.LOGGER.debug(
			
 
				+            "The PAM user doesn't belong to the required group (%s)" %
			
 
				+            GROUP_MEMBERSHIP)
			
 
				+
			
 
				+    return False
			
--- a/radicale/acl/Courier-Authdaemon.py
+++ b/radicale/acl/Courier-Authdaemon.py
@@ -16,11 +16,17 @@
 
				 # You should have received a copy of the GNU General Public License
			
 
				 # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
			
 
				 
			
 
				-import socket,os,sys
			
 
				+"""
			
 
				+Courier-Authdaemon ACL.
			
 
				+
			
 
				+"""
			
 
				+
			
 
				+import sys
			
 
				+import socket
			
 
				 from radicale import acl, config, log
			
 
				 
			
 
				 
			
 
				-COURIER_SOCKET = config.get("acl", "courier-auth_socket")
			
 
				+COURIER_SOCKET = config.get("acl", "courier_socket")
			
 
				 
			
 
				 
			
 
				 def has_right(owner, user, password):
			
@@ -28,21 +34,24 @@ def has_right(owner, user, password):
 
				     if not user or (owner not in acl.PRIVATE_USERS and user != owner):
			
 
				         # No user given, or owner is not private and is not user, forbidden
			
 
				         return False
			
 
				-        
			
 
				-    line = sys.argv[0] . "\nlogin\n" + user + "\n" + password
			
 
				-    line = len(line) + "\n" + line
			
 
				+
			
 
				+    line = "%s\nlogin\n%s\n%s" % (sys.argv[0], user, password)
			
 
				+    line = "%i\n%s" % (len(line), line)
			
 
				     try:
			
 
				-      s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
			
 
				-      s.connect(COURIER_SOCKET)
			
 
				-      log.LOGGER.debug("Sending to socket the request: %s" % line)
			
 
				-      s.send(line)
			
 
				-      data = s.recv(1024)
			
 
				-      s.close()
			
 
				-    except socket.error, (value,message): 
			
 
				-      log.LOGGER.debug("Unable to communicate with the socket (error: %s)" % message)
			
 
				-      return False
			
 
				-    log.LOGGER.debug("Got socket response: %s" % repr(data))
			
 
				+        sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
			
 
				+        sock.connect(COURIER_SOCKET)
			
 
				+        log.LOGGER.debug("Sending to Courier socket the request: %s" % line)
			
 
				+        sock.send(line)
			
 
				+        data = sock.recv(1024)
			
 
				+        sock.close()
			
 
				+    except socket.error, (_, message):
			
 
				+        log.LOGGER.debug(
			
 
				+            "Unable to communicate with Courier socket: %s" % message)
			
 
				+        return False
			
 
				+
			
 
				+    log.LOGGER.debug("Got Courier socket response: %r" % data)
			
 
				+
			
 
				     if repr(data) == "FAIL":
			
 
				-      return False
			
 
				+        return False
			
 
				+
			
 
				     return True
			
 
				-