Annotation of IntranetUserFolder/IntranetUserFolder.py, revision 1.2
1.1 dwinter 1: """User Folder Extension, tests now also ip number of the host where the original call comes from in case of redirects"""
2:
3: import Globals
4: from AccessControl.User import UserFolder
5: from Globals import MessageDialog
1.2 ! casties 6: import zLOG
! 7: import re
1.1 dwinter 8:
9: class IntranetUserFolder(UserFolder):
10: """User folder for Intranet"""
11: _domain_auth_mode=1 # Identification via domain
12: meta_type="IntranetUserFolder"
13:
14: def authenticate(self, name, password, request):
1.2 ! casties 15: """modified authenticate to use domainspecmath below"""
! 16: #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"authenticate %s, %s from %s"%(name,password,request['REMOTE_ADDR']))
! 17:
1.1 dwinter 18: emergency = self._emergency_user
19: if name is None:
20: return None
21: if emergency and name==emergency.getUserName():
22: user = emergency
23: else:
24: user = self.getUser(name)
25: if user is not None and user.authenticate(password, request):
1.2 ! casties 26: domains = user.getDomains()
! 27: if self.domainSpecMatch(domains, request):
! 28: #zLOG.LOG('IntranetUserFolder',zLOG.INFO," as %s"%user)
! 29: return user
! 30:
! 31: #zLOG.LOG('IntranetUserFolder',zLOG.INFO," failed!")
! 32: return None
! 33:
! 34: def domainSpecMatch(self, spec, request):
! 35: """modified domainspecmatch to look at FORWARDED_FOR"""
! 36: #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"domainspecmatch %s, %s"%(self,spec))
1.1 dwinter 37: host=''
38: addr=''
39:
1.2 ! casties 40:
1.1 dwinter 41: # Fast exit for the match-all case
42: if len(spec) == 1 and spec[0] == '*':
43: return 1
44:
45: if request.has_key('REMOTE_HOST'):
46: host=request['REMOTE_HOST']
47:
1.2 ! casties 48: addr=request.getClientAddr()
! 49: #if request.has_key('REMOTE_ADDR'):
! 50: # addr=request['REMOTE_ADDR']
1.1 dwinter 51:
52: if request.has_key('HTTP_X_FORWARDED_FOR'):
53: addr=request['HTTP_X_FORWARDED_FOR']
1.2 ! casties 54: #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"forwarded addr: %s"%(addr))
! 55: # check for strange headers (may be fake)
! 56: if len(addr.split('.')) != 4:
! 57: zLOG.LOG('IntranetUserFolder',zLOG.WARNING,"invalid forward addr: %s"%(addr))
! 58: return 0
1.1 dwinter 59:
60: if not host and not addr:
61: return 0
62:
63: if not host:
64: try: host=socket.gethostbyaddr(addr)[0]
65: except: pass
66: if not addr:
67: try: addr=socket.gethostbyname(host)
68: except: pass
69:
70: _host=host.split('.')
71: _addr=addr.split('.')
72: _hlen=len(_host)
73: _alen=len(_addr)
74:
1.2 ! casties 75: #zLOG.LOG('IntranetUserFolder',zLOG.INFO,"host: %s, addr: %s"%(_host,_addr))
! 76:
1.1 dwinter 77: for ob in spec:
78: sz=len(ob)
79: _ob=ob.split('.')
80: _sz=len(_ob)
81:
82: mo = addr_match(ob)
83: if mo is not None:
84: if mo.end(0)==sz:
85: fail=0
86: for i in range(_sz):
87: a=_addr[i]
88: o=_ob[i]
89: if (o != a) and (o != '*'):
90: fail=1
91: break
92: if fail:
93: continue
94: return 1
95:
96: mo = host_match(ob)
97: if mo is not None:
98: if mo.end(0)==sz:
99: if _hlen < _sz:
100: continue
101: elif _hlen > _sz:
102: _item=_host[-_sz:]
103: else:
104: _item=_host
105: fail=0
106: for i in range(_sz):
107: h=_item[i]
108: o=_ob[i]
109: if (o != h) and (o != '*'):
110: fail=1
111: break
112: if fail:
113: continue
114: return 1
115: return 0
116:
117: Globals.default__class_init__(IntranetUserFolder)
118:
119:
120: def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored):
121: """add a user folder """
122: f=IntranetUserFolder()
123: self=self.this()
124: try: self._setObject('acl_users', f)
125: except: return MessageDialog(
126: title ='Item Exists',
127: message='This object already contains a User Folder',
128: action ='%s/manage_main' % REQUEST['URL1'])
129: self.__allow_groups__=f
130: if REQUEST is not None:
131: REQUEST['RESPONSE'].redirect(self.absolute_url()+'/manage_main')
132:
133: def manage_addIntranetUserFolderForm(self):
134: """add a user folder form"""
135: return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)
1.2 ! casties 136:
! 137: addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)|((\d{1,3}\.){3}\d{1,3})').match
! 138: host_match=re.compile(r'(([\_0-9a-zA-Z\-]*\.)*[0-9a-zA-Z\-]*)').match
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>