Annotation of IntranetUserFolder/IntranetUserFolder.py, revision 1.4
1.3 casties 1: """User Folder Extension, tests now also ip number of the host where the original connection
2: comes from in case of proxies/rewrites"""
1.1 dwinter 3:
4: import Globals
5: from AccessControl.User import UserFolder
1.3 casties 6: from AccessControl import AuthEncoding
1.1 dwinter 7: from Globals import MessageDialog
1.3 casties 8: import logging
1.2 casties 9: import re
1.3 casties 10: import socket
1.1 dwinter 11:
12: class IntranetUserFolder(UserFolder):
1.3 casties 13: """User folder for Intranet"""
14: _domain_auth_mode=1 # Identification via domain
15: meta_type="IntranetUserFolder"
16:
17: def authenticate(self, name, password, request):
18: """modified authenticate to use domainspecmatch below"""
19: #logging.debug("IntranetUserFolder: authenticate %s from %s"%(name,request['REMOTE_ADDR']))
20:
21: emergency = self._emergency_user
22: if name is None:
23: return None
24: if emergency and name==emergency.getUserName():
25: user = emergency
26: else:
27: user = self.getUser(name)
28:
29: #logging.debug("IntranetUserFolder: user: %s"%repr(user))
30:
31: if user is not None:
32: pwd=user._getPassword()
33: # check PW first (which may be empty)
34: if AuthEncoding.pw_validate(pwd, password):
35: domains = user.getDomains()
36: #logging.debug("IntranetUserFolder: pw OK, domains: %s"%(repr(domains)))
37: if self.domainSpecMatch(domains, request):
38: logging.debug("IntranetUserFolder: domain user %s"%user)
39: return user
40: #else:
41: #logging.debug("IntranetUserFolder: pw not ok: '%s'"%password)
42: #logging.debug("IntranetUserFolder: user has password: '%s'"%user._getPassword())
43:
44: logging.debug("IntranetUserFolder: authenticate failed here!")
45: return None
46:
47: def domainSpecMatch(self, spec, request):
48: """modified domainspecmatch to look at FORWARDED_FOR"""
49: #logging.debug("IntranetUserFolder: domainspecmatch %s, %s"%(self,spec))
50: addr=''
51:
52: # Fast exit for the match-all case
53: if len(spec) == 0 or (len(spec) == 1 and spec[0] == '*'):
54: return 1
55:
56: # start with getClientAddr
57: addr=request.getClientAddr()
58: #logging.debug("IntranetUserFolder: getclientaddr: %s"%(addr))
59: #if request.has_key('REMOTE_ADDR'):
60: # addr=request['REMOTE_ADDR']
61:
62: # override with forwarded address if present
63: if request.get('HTTP_X_FORWARDED_FOR', None):
64: addr=request['HTTP_X_FORWARDED_FOR']
65: #logging.debug("IntranetUserFolder: forwarded addr: %s"%(addr))
66:
67: # check for strange headers (may be fake)
68: if len(addr.split('.')) != 4:
69: logging.warning("IntranetUserFolder: invalid forward addr: %s"%(addr))
70: return 0
71:
72: if not addr:
73: return 0
74:
75: _addr=addr.split('.')
76: #logging.debug("IntranetUserFolder: addr: %s , %s"%(repr(_addr), repr(_m), repr(_addr & _m)))
77:
78: for ob in spec:
79: sz=len(ob)
80: _ob=ob.split('.')
81: _sz=len(_ob)
82:
83: mo = addr_match(ob)
84: if mo is not None:
85: if mo.end(0)==sz:
86: fail=0
87: for i in range(_sz):
88: a=_addr[i]
89: o=_ob[i]
90: if (o != a) and (o != '*'):
91: fail=1
92: break
93: if fail:
94: continue
95: return 1
96:
97: return 0
1.1 dwinter 98:
1.4 ! casties 99: #FIXME: problem with 2.12
! 100: #Globals.default__class_init__(IntranetUserFolder)
1.1 dwinter 101:
102:
103: def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored):
104: """add a user folder """
105: f=IntranetUserFolder()
106: self=self.this()
107: try: self._setObject('acl_users', f)
108: except: return MessageDialog(
109: title ='Item Exists',
110: message='This object already contains a User Folder',
111: action ='%s/manage_main' % REQUEST['URL1'])
112: self.__allow_groups__=f
113: if REQUEST is not None:
114: REQUEST['RESPONSE'].redirect(self.absolute_url()+'/manage_main')
115:
116: def manage_addIntranetUserFolderForm(self):
1.3 casties 117: """add a user folder form"""
118: return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)
1.2 casties 119:
120: addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)|((\d{1,3}\.){3}\d{1,3})').match
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>