IntranetUserFolder/IntranetUserFolder.py - diff

Return to IntranetUserFolder.py CVS log

Up to [Repository] / IntranetUserFolder

Diff for /IntranetUserFolder/IntranetUserFolder.py between versions 1.2 and 1.3

version 1.2, 2006/07/05 12:38:21	version 1.3, 2007/03/01 19:17:10
Line 1	Line 1
"""User Folder Extension, tests now also ip number of the host where the original call comes from in case of redirects"""	"""User Folder Extension, tests now also ip number of the host where the original connection
	comes from in case of proxies/rewrites"""

import Globals	import Globals
from AccessControl.User import UserFolder	from AccessControl.User import UserFolder
	from AccessControl import AuthEncoding
from Globals import MessageDialog	from Globals import MessageDialog
import zLOG	import logging
import re	import re
	import socket

class IntranetUserFolder(UserFolder):	class IntranetUserFolder(UserFolder):
"""User folder for Intranet"""	"""User folder for Intranet"""
Line 12 class IntranetUserFolder(UserFolder):	Line 15 class IntranetUserFolder(UserFolder):
meta_type="IntranetUserFolder"	meta_type="IntranetUserFolder"

def authenticate(self, name, password, request):	def authenticate(self, name, password, request):
"""modified authenticate to use domainspecmath below"""	"""modified authenticate to use domainspecmatch below"""
#zLOG.LOG('IntranetUserFolder',zLOG.INFO,"authenticate %s, %s from %s"%(name,password,request['REMOTE_ADDR']))	#logging.debug("IntranetUserFolder: authenticate %s from %s"%(name,request['REMOTE_ADDR']))

emergency = self._emergency_user	emergency = self._emergency_user
if name is None:	if name is None:
Line 22 class IntranetUserFolder(UserFolder):	Line 25 class IntranetUserFolder(UserFolder):
user = emergency	user = emergency
else:	else:
user = self.getUser(name)	user = self.getUser(name)
if user is not None and user.authenticate(password, request):
	#logging.debug("IntranetUserFolder: user: %s"%repr(user))

	if user is not None:
	pwd=user._getPassword()
	# check PW first (which may be empty)
	if AuthEncoding.pw_validate(pwd, password):
domains = user.getDomains()	domains = user.getDomains()
	#logging.debug("IntranetUserFolder: pw OK, domains: %s"%(repr(domains)))
if self.domainSpecMatch(domains, request):	if self.domainSpecMatch(domains, request):
#zLOG.LOG('IntranetUserFolder',zLOG.INFO," as %s"%user)	logging.debug("IntranetUserFolder: domain user %s"%user)
return user	return user
	#else:
	#logging.debug("IntranetUserFolder: pw not ok: '%s'"%password)
	#logging.debug("IntranetUserFolder: user has password: '%s'"%user._getPassword())

#zLOG.LOG('IntranetUserFolder',zLOG.INFO," failed!")	logging.debug("IntranetUserFolder: authenticate failed here!")
return None	return None

def domainSpecMatch(self, spec, request):	def domainSpecMatch(self, spec, request):
"""modified domainspecmatch to look at FORWARDED_FOR"""	"""modified domainspecmatch to look at FORWARDED_FOR"""
#zLOG.LOG('IntranetUserFolder',zLOG.INFO,"domainspecmatch %s, %s"%(self,spec))	#logging.debug("IntranetUserFolder: domainspecmatch %s, %s"%(self,spec))
host=''
addr=''	addr=''


# Fast exit for the match-all case	# Fast exit for the match-all case
if len(spec) == 1 and spec[0] == '*':	if len(spec) == 0 or (len(spec) == 1 and spec[0] == '*'):
return 1	return 1

if request.has_key('REMOTE_HOST'):	# start with getClientAddr
host=request['REMOTE_HOST']

addr=request.getClientAddr()	addr=request.getClientAddr()
	#logging.debug("IntranetUserFolder: getclientaddr: %s"%(addr))
#if request.has_key('REMOTE_ADDR'):	#if request.has_key('REMOTE_ADDR'):
# addr=request['REMOTE_ADDR']	# addr=request['REMOTE_ADDR']

if request.has_key('HTTP_X_FORWARDED_FOR'):	# override with forwarded address if present
	if request.get('HTTP_X_FORWARDED_FOR', None):
addr=request['HTTP_X_FORWARDED_FOR']	addr=request['HTTP_X_FORWARDED_FOR']
#zLOG.LOG('IntranetUserFolder',zLOG.INFO,"forwarded addr: %s"%(addr))	#logging.debug("IntranetUserFolder: forwarded addr: %s"%(addr))

# check for strange headers (may be fake)	# check for strange headers (may be fake)
if len(addr.split('.')) != 4:	if len(addr.split('.')) != 4:
zLOG.LOG('IntranetUserFolder',zLOG.WARNING,"invalid forward addr: %s"%(addr))	logging.warning("IntranetUserFolder: invalid forward addr: %s"%(addr))
return 0	return 0

if not host and not addr:
return 0

if not host:
try: host=socket.gethostbyaddr(addr)[0]
except: pass
if not addr:	if not addr:
try: addr=socket.gethostbyname(host)	return 0
except: pass

_host=host.split('.')
_addr=addr.split('.')	_addr=addr.split('.')
_hlen=len(_host)	#logging.debug("IntranetUserFolder: addr: %s , %s"%(repr(_addr), repr(_m), repr(_addr & _m)))
_alen=len(_addr)

#zLOG.LOG('IntranetUserFolder',zLOG.INFO,"host: %s, addr: %s"%(_host,_addr))

for ob in spec:	for ob in spec:
sz=len(ob)	sz=len(ob)
Line 93 class IntranetUserFolder(UserFolder):	Line 94 class IntranetUserFolder(UserFolder):
continue	continue
return 1	return 1

mo = host_match(ob)
if mo is not None:
if mo.end(0)==sz:
if _hlen < _sz:
continue
elif _hlen > _sz:
_item=_host[-_sz:]
else:
_item=_host
fail=0
for i in range(_sz):
h=_item[i]
o=_ob[i]
if (o != h) and (o != '*'):
fail=1
break
if fail:
continue
return 1
return 0	return 0

Globals.default__class_init__(IntranetUserFolder)	Globals.default__class_init__(IntranetUserFolder)
Line 135 def manage_addIntranetUserFolderForm(sel	Line 117 def manage_addIntranetUserFolderForm(sel
return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)	return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)

addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)\|((\d{1,3}\.){3}\d{1,3})').match	addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)\|((\d{1,3}\.){3}\d{1,3})').match
host_match=re.compile(r'(([\_0-9a-zA-Z\-]\.)[0-9a-zA-Z\-]*)').match

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.2
changed lines
	Added in v.1.3