courier.py 2.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. # -*- coding: utf-8 -*-
  2. #
  3. # This file is part of Radicale Server - Calendar Server
  4. # Copyright © 2011 Henry-Nicolas Tourneur
  5. #
  6. # This library is free software: you can redistribute it and/or modify
  7. # it under the terms of the GNU General Public License as published by
  8. # the Free Software Foundation, either version 3 of the License, or
  9. # (at your option) any later version.
  10. #
  11. # This library is distributed in the hope that it will be useful,
  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. # GNU General Public License for more details.
  15. #
  16. # You should have received a copy of the GNU General Public License
  17. # along with Radicale. If not, see <http://www.gnu.org/licenses/>.
  18. """
  19. Courier-Authdaemon authentication.
  20. """
  21. import sys
  22. import socket
  23. from .. import config, log
  24. COURIER_SOCKET = config.get("auth", "courier_socket")
  25. def is_authenticated(user, password):
  26. """Check if ``user``/``password`` couple is valid."""
  27. if not user or not password:
  28. return False
  29. line = "%s\nlogin\n%s\n%s" % (sys.argv[0], user, password)
  30. line = "AUTH %i\n%s" % (len(line), line)
  31. try:
  32. sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
  33. sock.connect(COURIER_SOCKET)
  34. log.LOGGER.debug("Sending to Courier socket the request: %s" % line)
  35. sock.send(line)
  36. data = sock.recv(1024)
  37. sock.close()
  38. except socket.error as exception:
  39. log.LOGGER.debug(
  40. "Unable to communicate with Courier socket: %s" % exception)
  41. return False
  42. log.LOGGER.debug("Got Courier socket response: %r" % data)
  43. # Address, HOME, GID, and either UID or USERNAME are mandatory in resposne
  44. # see http://www.courier-mta.org/authlib/README_authlib.html#authpipeproto
  45. for line in data.split():
  46. if "GID" in line:
  47. return True
  48. # default is reject
  49. # this alleviates the problem of a possibly empty reply from authlib
  50. # see http://www.courier-mta.org/authlib/README_authlib.html#authpipeproto
  51. return False