Home Verkennen Help
Inloggen
mirrors
/
Radicale
spiegel van https://github.com/Kozea/Radicale
1
0
Vork 0
Bestanden Issues 0 Wiki
Boom: 3a134c44c6
Aftakkingen Labels
Radicale
/
radicale
/
acl
/
PAM.py

PAM.py 2.1 KB
Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. # -*- coding: utf-8 -*-
    2. 

  2. #
    3. 

  3. # This file is part of Radicale Server - Calendar Server
    4. 

  4. # Copyright © 2011 Henry-Nicolas Tourneur
    5. 

  5. #
    6. 

  6. # This library is free software: you can redistribute it and/or modify
    7. 

  7. # it under the terms of the GNU General Public License as published by
    8. 

  8. # the Free Software Foundation, either version 3 of the License, or
    9. 

  9. # (at your option) any later version.
    10. 

  10. #
    11. 

  11. # This library is distributed in the hope that it will be useful,
    12. 

  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. # GNU General Public License for more details.
    15. 

  15. #
    16. 

  16. # You should have received a copy of the GNU General Public License
    17. 

  17. # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. 

  19. """
    20. 

  20. PAM ACL.
    21. 

  21. 

  22. Authentication based on the ``python-pam`` module
    23. 

  23. 

  24. """
    25. 

  25. 

  26. import grp
    27. 

  27. import pam
    28. 

  28. import pwd
    29. 

  29. from radicale import acl, config, log
    30. 

  30. 

  31. 

  32. GROUP_MEMBERSHIP = config.get("acl", "group_membership")
    33. 

  33. 

  34. 

  35. def has_right(owner, user, password):
    36. 

  36.     """Check if ``user``/``password`` couple is valid."""
    37. 

  37.     if not user or (owner not in acl.PRIVATE_USERS and user != owner):
    38. 

  38.         # No user given, or owner is not private and is not user, forbidden
    39. 

  39.         return False
    40. 

  40.     
    41. 

  41.     try: # 1 - Does the user exist in the PAM system?
    42. 

  42.       pwd.getpwnam(user).pw_uid
    43. 

  43.       log.LOGGER.debug("User %s found" % user)
    44. 

  44.     except KeyError: # No such user in the PAM system
    45. 

  45.       log.LOGGER.debug("User %s not found" % user)
    46. 

  46.       return False
    47. 

  47.     
    48. 

  48.     try: # 2 - Does the user belong to the required group?
    49. 

  49.       for member in grp.getgrnam(GROUP_MEMBERSHIP):
    50. 

  50. 	if member == user:
    51. 

  51. 	  raise Exception()
    52. 

  52.       log.LOGGER.debug("The user doesn't belong to the required group (%s)" % GROUP_MEMBERSHIP)
    53. 

  53.       return False
    54. 

  54.     except KeyError:
    55. 

  55.       log.LOGGER.debug("The membership required group (%s) doesn't exist" % GROUP_MEMBERSHIP)
    56. 

  56.       return False
    57. 

  57.     except Exception:
    58. 

  58.       log.LOGGER.debug("The user belong to the required group (%s)" % GROUP_MEMBERSHIP)
    59. 

  59.         
    60. 

  60.     if pam.authenticate(user, password): # 3 - Does the password match ?
    61. 

  61.       return True
    62. 

  62.     return False # Authentication failled
    63.