Начало Каталог Помощ
Вход
mirrors
/
Radicale
огледало от https://github.com/Kozea/Radicale
1
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: 82bd62e21c
Клонове Маркери
Radicale
/
radicale
/
acl
/
PAM.py

PAM.py 2.2 KB
История Директен файл

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. # -*- coding: utf-8 -*-
    2. 

  2. #
    3. 

  3. # This file is part of Radicale Server - Calendar Server
    4. 

  4. # Copyright © 2011 Corentin Le Bail
    5. 

  5. # Copyright © 2011 Guillaume Ayoub
    6. 

  6. #
    7. 

  7. # This library is free software: you can redistribute it and/or modify
    8. 

  8. # it under the terms of the GNU General Public License as published by
    9. 

  9. # the Free Software Foundation, either version 3 of the License, or
    10. 

  10. # (at your option) any later version.
    11. 

  11. #
    12. 

  12. # This library is distributed in the hope that it will be useful,
    13. 

  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15. # GNU General Public License for more details.
    16. 

  16. #
    17. 

  17. # You should have received a copy of the GNU General Public License
    18. 

  18. # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
    19. 

  19. 

  20. """
    21. 

  21. PAM ACL.
    22. 

  22. 

  23. Authentication based on the ``python-ldap`` module
    24. 

  24. (http://www.python-ldap.org/).
    25. 

  25. 

  26. """
    27. 

  27. 

  28. import grp
    29. 

  29. import pam
    30. 

  30. import pwd
    31. 

  31. from radicale import acl, config, log
    32. 

  32. 

  33. 

  34. GROUP_MEMBERSHIP = config.get("acl", "group_membership")
    35. 

  35. 

  36. 

  37. def has_right(owner, user, password):
    38. 

  38.     """Check if ``user``/``password`` couple is valid."""
    39. 

  39.     if not user or (owner not in acl.PRIVATE_USERS and user != owner):
    40. 

  40.         # No user given, or owner is not private and is not user, forbidden
    41. 

  41.         return False
    42. 

  42.     
    43. 

  43.     try: # 1 - Does the user exist in the PAM system?
    44. 

  44.       pwd.getpwnam(user).pw_uid
    45. 

  45.       log.LOGGER.debug("User %s found" % user)
    46. 

  46.     except KeyError: # No such user in the PAM system
    47. 

  47.       log.LOGGER.debug("User %s not found" % user)
    48. 

  48.       return False
    49. 

  49.     
    50. 

  50.     try: # 2 - Does the user belong to the required group?
    51. 

  51.       for member in grp.getgrnam(GROUP_MEMBERSHIP):
    52. 

  52. 	if member == user:
    53. 

  53. 	  raise Exception()
    54. 

  54.       log.LOGGER.debug("The user doesn't belong to the required group (%s)" % GROUP_MEMBERSHIP)
    55. 

  55.       return False
    56. 

  56.     except KeyError:
    57. 

  57.       log.LOGGER.debug("The membership required group (%s) doesn't exist" % GROUP_MEMBERSHIP)
    58. 

  58.       return False
    59. 

  59.     except Exception:
    60. 

  60.       log.LOGGER.debug("The user belong to the required group (%s)" % GROUP_MEMBERSHIP)
    61. 

  61.         
    62. 

  62.     if pam.authenticate(user, password): # 3 - Does the password match ?
    63. 

  63.       return True
    64. 

  64.     return False # Authentication failled
    65.