Changeset View
Changeset View
Standalone View
Standalone View
saslauthd/__init__.py
Show First 20 Lines • Show All 132 Lines • ▼ Show 20 Lines | def run(self): | ||||
elif pid > 0: | elif pid > 0: | ||||
sys.exit(0) | sys.exit(0) | ||||
else: | else: | ||||
# Give up the session, all control, | # Give up the session, all control, | ||||
# all open file descriptors, see #5151 | # all open file descriptors, see #5151 | ||||
os.chdir("/") | os.chdir("/") | ||||
os.umask(0) | old_umask = os.umask(0) | ||||
os.setsid() | os.setsid() | ||||
pid = os.fork() | pid = os.fork() | ||||
if pid > 0: | if pid > 0: | ||||
sys.exit(0) | sys.exit(0) | ||||
sys.stderr.flush() | sys.stderr.flush() | ||||
sys.stdout.flush() | sys.stdout.flush() | ||||
os.close(0) | os.close(0) | ||||
os.close(1) | os.close(1) | ||||
os.close(2) | os.close(2) | ||||
os.umask(old_umask) | |||||
self.thread_count += 1 | self.thread_count += 1 | ||||
log.remove_stdout_handler() | log.remove_stdout_handler() | ||||
self.set_signal_handlers() | self.set_signal_handlers() | ||||
self.write_pid() | self.write_pid() | ||||
self.do_saslauthd() | self.do_saslauthd() | ||||
except SystemExit, e: | except SystemExit, e: | ||||
exitcode = e | exitcode = e | ||||
except KeyboardInterrupt: | except KeyboardInterrupt: | ||||
exitcode = 1 | exitcode = 1 | ||||
log.info(_("Interrupted by user")) | log.info(_("Interrupted by user")) | ||||
except AttributeError, e: | except AttributeError, e: | ||||
exitcode = 1 | exitcode = 1 | ||||
traceback.print_exc() | traceback.print_exc() | ||||
print >> sys.stderr, _("Traceback occurred, please report a " + | print >> sys.stderr, _("Traceback occurred, please report a " + | ||||
"bug at https://issues.kolab.org") | "bug at https://issues.kolab.org") | ||||
except TypeError, e: | except TypeError, e: | ||||
exitcode = 1 | exitcode = 1 | ||||
traceback.print_exc() | traceback.print_exc() | ||||
log.error(_("Type Error: %s") % e) | log.error(_("Type Error: %s") % e) | ||||
except: | except: | ||||
Lint: PEP8 E722: do not use bare 'except' | |||||
exitcode = 2 | exitcode = 2 | ||||
traceback.print_exc() | traceback.print_exc() | ||||
print >> sys.stderr, _("Traceback occurred, please report a " + | print >> sys.stderr, _("Traceback occurred, please report a " + | ||||
"bug at https://issues.kolab.org") | "bug at https://issues.kolab.org") | ||||
sys.exit(exitcode) | sys.exit(exitcode) | ||||
def do_saslauthd(self): | def do_saslauthd(self): | ||||
""" | """ | ||||
Create the actual listener socket, and handle the authentication. | Create the actual listener socket, and handle the authentication. | ||||
The actual authentication handling is passed on to the appropriate | The actual authentication handling is passed on to the appropriate | ||||
backend authentication classes through the more generic Auth(). | backend authentication classes through the more generic Auth(). | ||||
""" | """ | ||||
import binascii | import binascii | ||||
import socket | import socket | ||||
import struct | import struct | ||||
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) | s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) | ||||
# TODO: The saslauthd socket path could be a setting. | # TODO: The saslauthd socket path could be a setting. | ||||
try: | try: | ||||
os.remove(conf.socketfile) | os.remove(conf.socketfile) | ||||
except: | except: | ||||
Lint: PEP8 E722 do not use bare 'except' Lint: PEP8 E722: do not use bare 'except' | |||||
# TODO: Do the "could not remove, could not start" dance | # TODO: Do the "could not remove, could not start" dance | ||||
pass | pass | ||||
s.bind(conf.socketfile) | s.bind(conf.socketfile) | ||||
os.chmod(conf.socketfile, 0777) | os.chmod(conf.socketfile, 0777) | ||||
s.listen(5) | s.listen(5) | ||||
▲ Show 20 Lines • Show All 43 Lines • ▼ Show 20 Lines | def do_saslauthd(self): | ||||
auth = Auth(domain=realm) | auth = Auth(domain=realm) | ||||
auth.connect() | auth.connect() | ||||
success = False | success = False | ||||
try: | try: | ||||
success = auth.authenticate(login) | success = auth.authenticate(login) | ||||
except: | except: | ||||
Lint: PEP8 E722 do not use bare 'except' Lint: PEP8 E722: do not use bare 'except' | |||||
success = False | success = False | ||||
if success: | if success: | ||||
# #1170: Catch broken pipe error (incomplete authentication request) | # #1170: Catch broken pipe error (incomplete authentication request) | ||||
try: | try: | ||||
clientsocket.send(struct.pack("!H2s", 2, "OK")) | clientsocket.send(struct.pack("!H2s", 2, "OK")) | ||||
except: | except: | ||||
Lint: PEP8 E722 do not use bare 'except' Lint: PEP8 E722: do not use bare 'except' | |||||
pass | pass | ||||
else: | else: | ||||
# #1170: Catch broken pipe error (incomplete authentication request) | # #1170: Catch broken pipe error (incomplete authentication request) | ||||
try: | try: | ||||
clientsocket.send(struct.pack("!H2s", 2, "NO")) | clientsocket.send(struct.pack("!H2s", 2, "NO")) | ||||
except: | except: | ||||
Lint: PEP8 E722 do not use bare 'except' Lint: PEP8 E722: do not use bare 'except' | |||||
pass | pass | ||||
clientsocket.close() | clientsocket.close() | ||||
auth.disconnect() | auth.disconnect() | ||||
def reload_config(self, *args, **kw): | def reload_config(self, *args, **kw): | ||||
pass | pass | ||||
▲ Show 20 Lines • Show All 85 Lines • ▼ Show 20 Lines | def _drop_privileges(self): | ||||
_("Switching real and effective user id to %d") % ( | _("Switching real and effective user id to %d") % ( | ||||
user_uid | user_uid | ||||
), | ), | ||||
level=8 | level=8 | ||||
) | ) | ||||
os.setreuid(user_uid, user_uid) | os.setreuid(user_uid, user_uid) | ||||
except: | except: | ||||
Lint: PEP8 E722 do not use bare 'except' Lint: PEP8 E722: do not use bare 'except' | |||||
log.error(_("Could not change real and effective uid and/or gid")) | log.error(_("Could not change real and effective uid and/or gid")) |
do not use bare 'except'