Changeset View
Changeset View
Standalone View
Standalone View
pykolab/auth/__init__.py
Show First 20 Lines • Show All 43 Lines • ▼ Show 20 Lines | class Auth(pykolab.base.Base): | ||||
def authenticate(self, login): | def authenticate(self, login): | ||||
""" | """ | ||||
Verify login credentials supplied in login against the appropriate | Verify login credentials supplied in login against the appropriate | ||||
authentication backend. | authentication backend. | ||||
Login is a simple list of username, password, service and, | Login is a simple list of username, password, service and, | ||||
optionally, the realm. | optionally, the realm. | ||||
""" | """ | ||||
if len(login) == 3: | if len(login) == 3: | ||||
# The realm has not been specified. See if we know whether or not | # The realm has not been specified. See if we know whether or not | ||||
# to use virtual_domains, as this may be a cause for the realm not | # to use virtual_domains, as this may be a cause for the realm not | ||||
# having been specified separately. | # having been specified separately. | ||||
use_virtual_domains = conf.get('imap', 'virtual_domains') | use_virtual_domains = conf.get('imap', 'virtual_domains') | ||||
# TODO: Insert debug statements | # TODO: Insert debug statements | ||||
#if use_virtual_domains == "userid": | #if use_virtual_domains == "userid": | ||||
#print "# Derive domain from login[0]" | # print "# Derive domain from login[0]" | ||||
#elif not use_virtual_domains: | #elif not use_virtual_domains: | ||||
#print "# Explicitly do not user virtual domains??" | # print "# Explicitly do not user virtual domains??" | ||||
#else: | #else: | ||||
## Do use virtual domains, derive domain from login[0] | # ## Do use virtual domains, derive domain from login[0] | ||||
#print "# Derive domain from login[0]" | # print "# Derive domain from login[0]" | ||||
if len(login[0].split('@')) > 1: | if len(login[0].split('@')) > 1: | ||||
domain = login[0].split('@')[1] | domain = login[0].split('@')[1] | ||||
elif len(login) >= 4: | elif len(login) >= 4: | ||||
domain = login[3] | domain = login[3] | ||||
else: | else: | ||||
domain = conf.get("kolab", "primary_domain") | domain = conf.get("kolab", "primary_domain") | ||||
# realm overrides domain | # realm overrides domain | ||||
if len(login) == 4: | if len(login) == 4: | ||||
domain = login[3] | domain = login[3] | ||||
retval = self._auth.authenticate(login, domain) | retval = self._auth.authenticate(login, domain) | ||||
return retval | return retval | ||||
def connect(self, domain=None): | def connect(self, domain=None): | ||||
""" | """ | ||||
Connect to the domain authentication backend using domain, or fall | Connect to the domain authentication backend using domain, or fall | ||||
back to the primary domain specified by the configuration. | back to the primary domain specified by the configuration. | ||||
""" | """ | ||||
log.debug(_("Called for domain %r") % (domain), level=8) | log.debug(_("Called for domain %r") % (domain), level=5) | ||||
if not self._auth == None: | if not self._auth == None: | ||||
return | return | ||||
if domain == None: | if domain == None: | ||||
if not self.domain == None: | if not self.domain == None: | ||||
section = self.domain | section = self.domain | ||||
domain = self.domain | domain = self.domain | ||||
else: | else: | ||||
section = 'kolab' | section = 'kolab' | ||||
domain = conf.get('kolab', 'primary_domain') | domain = conf.get('kolab', 'primary_domain') | ||||
else: | else: | ||||
log.debug(_("Getting list of domains for %s ...") % (domain), level=5) | |||||
self.list_domains(domain) | self.list_domains(domain) | ||||
section = domain | section = domain | ||||
log.debug( | |||||
_("Using section %s and domain %s") % (section,domain), | |||||
level=8 | |||||
) | |||||
if not self.domains == None and self.domains.has_key(domain): | if not self.domains == None and self.domains.has_key(domain): | ||||
section = self.domains[domain] | section = self.domains[domain] | ||||
domain = self.domains[domain] | domain = self.domains[domain] | ||||
log.debug( | log.debug( | ||||
_("Using section %s and domain %s") % (section,domain), | _("Using section %s and domain %s") % (section,domain), | ||||
level=8 | level=8 | ||||
) | ) | ||||
log.debug( | |||||
_("Connecting to Authentication backend for domain %s") % ( | |||||
domain | |||||
), | |||||
level=8 | |||||
) | |||||
if not conf.has_section(section): | if not conf.has_section(section): | ||||
section = 'kolab' | section = 'kolab' | ||||
if not conf.has_option(section, 'auth_mechanism'): | if not conf.has_option(section, 'auth_mechanism'): | ||||
log.debug( | log.debug( | ||||
_("Section %s has no option 'auth_mechanism'") % (section), | _("Section %s has no option 'auth_mechanism'") % (section), | ||||
level=8 | level=8 | ||||
) | ) | ||||
section = 'kolab' | section = 'kolab' | ||||
else: | else: | ||||
log.debug( | log.debug( | ||||
_("Section %s has auth_mechanism: %r") % ( | _("Section %s has auth_mechanism: %r") % ( | ||||
section, | section, | ||||
conf.get(section,'auth_mechanism') | conf.get(section,'auth_mechanism') | ||||
), | ), | ||||
level=8 | level=8 | ||||
) | ) | ||||
_auth_mechanism = conf.get(section, 'auth_mechanism') | |||||
# Get the actual authentication and authorization backend. | # Get the actual authentication and authorization backend. | ||||
if conf.get(section, 'auth_mechanism') == 'ldap': | if _auth_mechanism == 'ldap': | ||||
log.debug(_("Starting LDAP..."), level=8) | log.debug(_("Initializing LDAP..."), level=8) | ||||
from pykolab.auth import ldap | from pykolab.auth import ldap | ||||
self._auth = ldap.LDAP(self.domain) | self._auth = ldap.LDAP(self.domain) | ||||
elif conf.get(section, 'auth_mechanism') == 'sql': | elif _auth_mechanism == 'sql': | ||||
log.debug(_("Initializing SQL..."), level=8) | |||||
from pykolab.auth import sql | from pykolab.auth import sql | ||||
self._auth = sql.SQL(self.domain) | self._auth = sql.SQL(self.domain) | ||||
else: | else: | ||||
log.debug(_("Starting LDAP..."), level=8) | log.debug(_("Fallback to LDAP. Initializing ..."), level=5) | ||||
from pykolab.auth import ldap | from pykolab.auth import ldap | ||||
self._auth = ldap.LDAP(self.domain) | self._auth = ldap.LDAP(self.domain) | ||||
log.debug( | |||||
_("Connecting to Authentication %s backend for domain %s") % ( | |||||
_auth_mechanism, | |||||
domain | |||||
), | |||||
level=5 | |||||
) | |||||
self._auth.connect() | self._auth.connect() | ||||
def disconnect(self, domain=None): | def disconnect(self, domain=None): | ||||
""" | """ | ||||
Connect to the domain authentication backend using domain, or fall | Connect to the domain authentication backend using domain, or fall | ||||
back to the primary domain specified by the configuration. | back to the primary domain specified by the configuration. | ||||
""" | """ | ||||
▲ Show 20 Lines • Show All 104 Lines • ▼ Show 20 Lines | def list_domains(self, domain=None): | ||||
self.domains = { kolab_primary_domain: kolab_primary_domain } | self.domains = { kolab_primary_domain: kolab_primary_domain } | ||||
else: | else: | ||||
self.domains = {} | self.domains = {} | ||||
for primary, secondaries in domains: | for primary, secondaries in domains: | ||||
self.domains[primary.lower()] = primary.lower() | self.domains[primary.lower()] = primary.lower() | ||||
for secondary in secondaries: | for secondary in secondaries: | ||||
self.domains[secondary.lower()] = primary.lower() | self.domains[secondary.lower()] = primary.lower() | ||||
log.debug(_("List of domains for %s is: %s") % (domain, ", ".join(self.domains)), level=8) | |||||
return self.domains | return self.domains | ||||
def synchronize(self, mode=0, callback=None): | def synchronize(self, mode=0, callback=None): | ||||
self._auth.synchronize(mode=mode, callback=callback) | self._auth.synchronize(mode=mode, callback=callback) | ||||
def domain_default_quota(self, domain): | def domain_default_quota(self, domain): | ||||
return self._auth._domain_default_quota(domain) | return self._auth._domain_default_quota(domain) | ||||
def domain_naming_context(self, domain): | def domain_naming_context(self, domain): | ||||
return self._auth._domain_naming_context(domain) | return self._auth._domain_naming_context(domain) | ||||
def primary_domain_for_naming_context(self, domain): | def primary_domain_for_naming_context(self, domain): | ||||
return self._auth._primary_domain_for_naming_context(domain) | return self._auth._primary_domain_for_naming_context(domain) | ||||
def add_entry(self, domain, entry): | |||||
return self._auth._add_entry(entry) | |||||
def get_entry_attribute(self, domain, entry, attribute): | def get_entry_attribute(self, domain, entry, attribute): | ||||
return self._auth.get_entry_attribute(entry, attribute) | return self._auth.get_entry_attribute(entry, attribute) | ||||
def get_entry_attributes(self, domain, entry, attributes): | def get_entry_attributes(self, domain, entry, attributes): | ||||
return self._auth.get_entry_attributes(entry, attributes) | return self._auth.get_entry_attributes(entry, attributes) | ||||
def get_user_attribute(self, domain, user, attribute): | def get_user_attribute(self, domain, user, attribute): | ||||
return self._auth.get_entry_attribute(user, attribute) | return self._auth.get_entry_attribute(user, attribute) | ||||
Show All 18 Lines |