|
version 1.1.1.1, 2004/05/14 09:52:04
|
version 1.3, 2007/03/01 19:17:10
|
|
Line 1
|
Line 1
|
| """User Folder Extension, tests now also ip number of the host where the original call comes from in case of redirects""" |
"""User Folder Extension, tests now also ip number of the host where the original connection |
| |
comes from in case of proxies/rewrites""" |
| |
|
| import Globals |
import Globals |
| from AccessControl.User import UserFolder |
from AccessControl.User import UserFolder |
| |
from AccessControl import AuthEncoding |
| from Globals import MessageDialog |
from Globals import MessageDialog |
| |
import logging |
| |
import re |
| |
import socket |
| |
|
| class IntranetUserFolder(UserFolder): |
class IntranetUserFolder(UserFolder): |
| """User folder for Intranet""" |
"""User folder for Intranet""" |
|
Line 10 class IntranetUserFolder(UserFolder):
|
Line 15 class IntranetUserFolder(UserFolder):
|
| meta_type="IntranetUserFolder" |
meta_type="IntranetUserFolder" |
| |
|
| def authenticate(self, name, password, request): |
def authenticate(self, name, password, request): |
| |
"""modified authenticate to use domainspecmatch below""" |
| |
#logging.debug("IntranetUserFolder: authenticate %s from %s"%(name,request['REMOTE_ADDR'])) |
| |
|
| emergency = self._emergency_user |
emergency = self._emergency_user |
| if name is None: |
if name is None: |
| return None |
return None |
|
Line 17 class IntranetUserFolder(UserFolder):
|
Line 25 class IntranetUserFolder(UserFolder):
|
| user = emergency |
user = emergency |
| else: |
else: |
| user = self.getUser(name) |
user = self.getUser(name) |
| if user is not None and user.authenticate(password, request): |
|
| |
#logging.debug("IntranetUserFolder: user: %s"%repr(user)) |
| |
|
| |
if user is not None: |
| |
pwd=user._getPassword() |
| |
# check PW first (which may be empty) |
| |
if AuthEncoding.pw_validate(pwd, password): |
| |
domains = user.getDomains() |
| |
#logging.debug("IntranetUserFolder: pw OK, domains: %s"%(repr(domains))) |
| |
if self.domainSpecMatch(domains, request): |
| |
logging.debug("IntranetUserFolder: domain user %s"%user) |
| return user |
return user |
| else: |
#else: |
| |
#logging.debug("IntranetUserFolder: pw not ok: '%s'"%password) |
| |
#logging.debug("IntranetUserFolder: user has password: '%s'"%user._getPassword()) |
| |
|
| |
logging.debug("IntranetUserFolder: authenticate failed here!") |
| return None |
return None |
| |
|
| def domainSpecMatch(self,spec, request): |
def domainSpecMatch(self,spec, request): |
| host='' |
"""modified domainspecmatch to look at FORWARDED_FOR""" |
| |
#logging.debug("IntranetUserFolder: domainspecmatch %s, %s"%(self,spec)) |
| addr='' |
addr='' |
| |
|
| # Fast exit for the match-all case |
# Fast exit for the match-all case |
| if len(spec) == 1 and spec[0] == '*': |
if len(spec) == 0 or (len(spec) == 1 and spec[0] == '*'): |
| return 1 |
return 1 |
| |
|
| if request.has_key('REMOTE_HOST'): |
# start with getClientAddr |
| host=request['REMOTE_HOST'] |
addr=request.getClientAddr() |
| |
#logging.debug("IntranetUserFolder: getclientaddr: %s"%(addr)) |
| if request.has_key('REMOTE_ADDR'): |
#if request.has_key('REMOTE_ADDR'): |
| addr=request['REMOTE_ADDR'] |
# addr=request['REMOTE_ADDR'] |
| |
|
| if request.has_key('HTTP_X_FORWARDED_FOR'): |
# override with forwarded address if present |
| |
if request.get('HTTP_X_FORWARDED_FOR', None): |
| addr=request['HTTP_X_FORWARDED_FOR'] |
addr=request['HTTP_X_FORWARDED_FOR'] |
| |
#logging.debug("IntranetUserFolder: forwarded addr: %s"%(addr)) |
| |
|
| |
# check for strange headers (may be fake) |
| if not host and not addr: |
if len(addr.split('.')) != 4: |
| |
logging.warning("IntranetUserFolder: invalid forward addr: %s"%(addr)) |
| return 0 |
return 0 |
| |
|
| if not host: |
|
| try: host=socket.gethostbyaddr(addr)[0] |
|
| except: pass |
|
| if not addr: |
if not addr: |
| try: addr=socket.gethostbyname(host) |
return 0 |
| except: pass |
|
| |
|
| |
|
| _host=host.split('.') |
|
| _addr=addr.split('.') |
_addr=addr.split('.') |
| _hlen=len(_host) |
#logging.debug("IntranetUserFolder: addr: %s , %s"%(repr(_addr), repr(_m), repr(_addr & _m))) |
| _alen=len(_addr) |
|
| |
|
| for ob in spec: |
for ob in spec: |
| sz=len(ob) |
sz=len(ob) |
|
Line 75 class IntranetUserFolder(UserFolder):
|
Line 94 class IntranetUserFolder(UserFolder):
|
| continue |
continue |
| return 1 |
return 1 |
| |
|
| mo = host_match(ob) |
|
| if mo is not None: |
|
| if mo.end(0)==sz: |
|
| if _hlen < _sz: |
|
| continue |
|
| elif _hlen > _sz: |
|
| _item=_host[-_sz:] |
|
| else: |
|
| _item=_host |
|
| fail=0 |
|
| for i in range(_sz): |
|
| h=_item[i] |
|
| o=_ob[i] |
|
| if (o != h) and (o != '*'): |
|
| fail=1 |
|
| break |
|
| if fail: |
|
| continue |
|
| return 1 |
|
| return 0 |
return 0 |
| |
|
| Globals.default__class_init__(IntranetUserFolder) |
Globals.default__class_init__(IntranetUserFolder) |
| |
|
| |
|
| |
|
| def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored): |
def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored): |
| """add a user folder """ |
"""add a user folder """ |
| f=IntranetUserFolder() |
f=IntranetUserFolder() |
|
Line 116 def manage_addIntranetUserFolder(self,dt
|
Line 115 def manage_addIntranetUserFolder(self,dt
|
| def manage_addIntranetUserFolderForm(self): |
def manage_addIntranetUserFolderForm(self): |
| """add a user folder form""" |
"""add a user folder form""" |
| return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST) |
return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST) |
| |
|
| |
addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)|((\d{1,3}\.){3}\d{1,3})').match |
![[BACK]](/cvs/cvsweb/icons/back.gif){kind=icon}
Return to IntranetUserFolder.py CVS log ![[TXT]](/cvs/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvs/cvsweb/icons/dir.gif){kind=icon}
Up to [Repository] / IntranetUserFolder