--- IntranetUserFolder/IntranetUserFolder.py	2004/05/14 09:52:04	1.1
+++ IntranetUserFolder/IntranetUserFolder.py	2006/07/05 12:38:21	1.2
@@ -3,6 +3,8 @@
 import Globals
 from AccessControl.User import UserFolder
 from Globals import MessageDialog
+import zLOG
+import re
 
 class IntranetUserFolder(UserFolder):
 	"""User folder for Intranet"""
@@ -10,6 +12,9 @@ class IntranetUserFolder(UserFolder):
 	meta_type="IntranetUserFolder"
 	
 	def authenticate(self, name, password, request):
+		"""modified authenticate to use domainspecmath below"""
+		#zLOG.LOG('IntranetUserFolder',zLOG.INFO,"authenticate %s, %s from %s"%(name,password,request['REMOTE_ADDR']))
+
 		emergency = self._emergency_user
 		if name is None:
 		    return None
@@ -18,14 +23,21 @@ class IntranetUserFolder(UserFolder):
 		else:
 		    user = self.getUser(name)
 		if user is not None and user.authenticate(password, request):
-		    return user
-		else:
-		    return None
-
-	def domainSpecMatch(self,spec, request):
+		    domains = user.getDomains()
+		    if self.domainSpecMatch(domains, request):
+		        #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"  as %s"%user)
+			return user
+
+		#zLOG.LOG('IntranetUserFolder',zLOG.INFO,"  failed!")
+		return None
+
+	def domainSpecMatch(self, spec, request):
+	    """modified domainspecmatch to look at FORWARDED_FOR"""
+	    #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"domainspecmatch %s, %s"%(self,spec))
 	    host=''
 	    addr=''
 
+
 	    # Fast exit for the match-all case
 	    if len(spec) == 1 and spec[0] == '*':
 		return 1
@@ -33,12 +45,17 @@ class IntranetUserFolder(UserFolder):
 	    if request.has_key('REMOTE_HOST'):
 		host=request['REMOTE_HOST']
 
-	    if request.has_key('REMOTE_ADDR'):
-		addr=request['REMOTE_ADDR']
+	    addr=request.getClientAddr()
+	    #if request.has_key('REMOTE_ADDR'):
+	    #    addr=request['REMOTE_ADDR']
 
 	    if request.has_key('HTTP_X_FORWARDED_FOR'):
 		addr=request['HTTP_X_FORWARDED_FOR']
-
+	        #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"forwarded addr: %s"%(addr))
+		# check for strange headers (may be fake)
+		if len(addr.split('.')) != 4:
+		    zLOG.LOG('IntranetUserFolder',zLOG.WARNING,"invalid forward addr: %s"%(addr))
+		    return 0
 	    
 	    if not host and not addr:
 		return 0
@@ -50,12 +67,13 @@ class IntranetUserFolder(UserFolder):
 		try:    addr=socket.gethostbyname(host)
 		except: pass
 
-
 	    _host=host.split('.')
 	    _addr=addr.split('.')
 	    _hlen=len(_host)
 	    _alen=len(_addr)
 
+	    #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"host: %s, addr: %s"%(_host,_addr))
+
 	    for ob in spec:
 		sz=len(ob)
 		_ob=ob.split('.')
@@ -99,7 +117,6 @@ class IntranetUserFolder(UserFolder):
 Globals.default__class_init__(IntranetUserFolder)
 
 
-
 def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored):
     """add a user folder """
     f=IntranetUserFolder()
@@ -116,3 +133,6 @@ def manage_addIntranetUserFolder(self,dt
 def manage_addIntranetUserFolderForm(self):
 	"""add a user folder form"""
 	return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)
+
+addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)|((\d{1,3}\.){3}\d{1,3})').match
+host_match=re.compile(r'(([\_0-9a-zA-Z\-]*\.)*[0-9a-zA-Z\-]*)').match