Главная Обзор Помощь
Вход
mirrors
/
Radicale
зеркало из https://github.com/Kozea/Radicale
1
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Merge pull request #68 from shenek/master

PAM fixes
Guillaume Ayoub 12 лет назад
Родитель
72d40d45e5 7c03089601
Сommit
7ce8caa913
1 измененных файлов с 24 добавлено и 12 удалено
Разделённый вид Показать статистику Diff
  1. 24 12
      radicale/auth/PAM.py

+ 24 - 12
radicale/auth/PAM.py
Просмотреть файл 

@@ -36,6 +36,9 @@ GROUP_MEMBERSHIP = config.get("auth", "pam_group_membership")
 
 def is_authenticated(user, password):
 
     """Check if ``user``/``password`` couple is valid."""
 
 
+    if user is None or password is None:
 
+      return False
 
+
 
     # Check whether the user exists in the PAM system
 
     try:
 
         pwd.getpwnam(user).pw_uid
 
@@ -47,6 +50,7 @@ def is_authenticated(user, password):
 
 
     # Check whether the group exists
 
     try:
 
+        # Obtain supplementary groups
 
         members = grp.getgrnam(GROUP_MEMBERSHIP).gr_mem
 
     except KeyError:
 
         log.LOGGER.debug(
 
@@ -54,18 +58,26 @@ def is_authenticated(user, password):
 
             GROUP_MEMBERSHIP)
 
         return False
 
 
-    # Check whether the user belongs to the required group
 
-    for member in members:
 
-        if member == user:
 
-            log.LOGGER.debug(
 
-                "The PAM user belongs to the required group (%s)" %
 
-                GROUP_MEMBERSHIP)
 
-            # Check the password
 
-            if pam.authenticate(user, password):
 
-                return True
 
-            else:
 
-                log.LOGGER.debug("Wrong PAM password")
 
-            break
 
+    # Check whether the user exists
 
+    try:
 
+        # Get user primary group
 
+        primary_group = grp.getgrgid(pwd.getpwnam(user).pw_gid).gr_name
 
+    except KeyError:
 
+        log.LOGGER.debug(
 
+            "The PAM user (%s) doesn't exist" %
 
+            user)
 
+        return False
 
+
 
+    # Check whether the user belongs to the required group (primary or supplementary)
 
+    if primary_group == GROUP_MEMBERSHIP or user in members:
 
+        log.LOGGER.debug(
 
+            "The PAM user belongs to the required group (%s)" %
 
+            GROUP_MEMBERSHIP)
 
+        # Check the password
 
+        if pam.authenticate(user, password):
 
+            return True
 
+        else:
 
+            log.LOGGER.debug("Wrong PAM password")
 
     else:
 
         log.LOGGER.debug(
 
             "The PAM user doesn't belong to the required group (%s)" %