From f41124ba14b27422470053dd44cf5998979a87a8 Mon Sep 17 00:00:00 2001 From: richard Date: Tue, 25 Jun 2002 04:08:15 +0000 Subject: [PATCH] Hack for implementing LDAP auth. Might be useful to use as a basis for a more complete solution. git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@818 57a73879-2fb5-44c3-a270-3262357dd7e2 --- patches/20020205.alternate_auth | 254 ++++++++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) create mode 100644 patches/20020205.alternate_auth diff --git a/patches/20020205.alternate_auth b/patches/20020205.alternate_auth new file mode 100644 index 0000000..254be9b --- /dev/null +++ b/patches/20020205.alternate_auth @@ -0,0 +1,254 @@ +From daniel_clark@us.ibm.com Wed Feb 6 04:27:15 2002 +X-Sieve: cmu-sieve 2.0 +Return-Path: +Received: (from uucp@localhost) + by crown.off.ekorp.com (8.9.3/8.9.3) id RAA12435 + for rjones@ekit-inc.com; Tue, 5 Feb 2002 17:30:24 GMT +Received: from usw-sf-fw2.sourceforge.net(216.136.171.252), claiming to be "usw-sf-list1.sourceforge.net" + via SMTP by mx3.ekorp.com, id smtpdAAALJaWqy; Tue Feb 5 17:30:22 2002 +Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net) + by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) + id 16Y9Q6-0002kj-00; Tue, 05 Feb 2002 09:30:14 -0800 +Received: from lotus2.lotus.com ([129.42.241.42]) + by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) + id 16Y9Ps-0002ee-00 + for ; Tue, 05 Feb 2002 09:30:00 -0800 +Received: from internet2.lotus.com (internet2 [172.16.131.236]) + by lotus2.lotus.com (8.12.1/8.12.1) with ESMTP id g15HUnTQ013140 + for ; Tue, 5 Feb 2002 12:30:54 -0500 (EST) +Received: from a3mail.lotus.com (a3mail.lotus.com [9.95.5.66]) + by internet2.lotus.com (8.12.1/8.12.1) with ESMTP id g15HTHS0005917 + for ; Tue, 5 Feb 2002 12:29:17 -0500 (EST) +To: roundup-devel@lists.sourceforge.net +X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 +Message-ID: +From: "Daniel Clark/CAM/Lotus" +X-MIMETrack: Serialize by Router on A3MAIL/CAM/H/Lotus(Build V5010_01222002 |January 22, 2002) at + 02/05/2002 12:25:48 PM +MIME-Version: 1.0 +Content-type: text/plain; + charset=iso-8859-1 +Content-transfer-encoding: quoted-printable +Subject: [Roundup-devel] Alternative authentication for roundup +Sender: roundup-devel-admin@lists.sourceforge.net +Errors-To: roundup-devel-admin@lists.sourceforge.net +X-BeenThere: roundup-devel@lists.sourceforge.net +X-Mailman-Version: 2.0.5 +Precedence: bulk +List-Help: +List-Post: +List-Subscribe: , + +List-Id: +List-Unsubscribe: , + +List-Archive: +X-Original-Date: Tue, 5 Feb 2002 12:27:15 -0500 +Date: Tue, 5 Feb 2002 12:27:15 -0500 +Status: R +X-Status: N + +I'm trying to get roundup to work with an alternative method of +authentication (due to a corporate requirement of using a common intran= +et +password). I've created an "altauth" module to abstract the details of = +the +authentication. Since the hyperdb usernames and passwords seem to be +referenced in a lot of places in the code, I am just creating hyperdb +entries for the users if they exist and enter their correct passwords +against the alternate authentication source. For the most part this eff= +ects +the login_action function in cgi_client.py. I've completed some changes= + +that make this work for the web interface, but as I am new to roundup a= +nd +relatively new to python I thought I'd post the changes for review. If +others would find this functionality useful I would be happy if these +changes (probably reworked) could make it into future releases. + +The main things I think I still need to do are add equivalent changes t= +o +mailgw.py and handle messages from the alternative authentication sourc= +e +better. + +--- cgi_client.py Tue Feb 5 21:56:30 2002 ++++ cgi_client.py-altauth Tue Feb 5 21:56:30 2002 +@@ -27,6 +27,13 @@ + import roundupdb, htmltemplate, date, hyperdb, password + from roundup.i18n import _ + ++try: ++ from altauth import altauth ++ import password as password_module ++ altauth_exists =3D 1 ++except: ++ altauth_exists =3D 0 ++ + class Unauthorised(ValueError): + pass + +@@ -807,7 +814,24 @@ + password =3D self.form['__login_password'].value + else: + password =3D '' ++ # if using alternate authentication, perform it. ++ if altauth_exists: ++ auth =3D altauth(self.user, password) + # make sure the user exists ++ if altauth_exists: ++ if auth.exists: ++ try: ++ uid =3D self.db.user.lookup(self.user) ++ except KeyError: ++ username =3D str(self.user) ++ self.db =3D self.instance.open('admin') ++ cl =3D self.db.user ++ props =3D {'username':username, 'realname':auth.re= +alname, ++ 'organisation':auth.org, 'address':auth.e= +mail, ++ 'phone':auth.phone} ++ uid =3D cl.create(**props) ++ self.user =3D cl.get(uid, 'username') ++ self.db.commit() + try: + uid =3D self.db.user.lookup(self.user) + except KeyError: +@@ -819,6 +843,20 @@ + return 0 + + # and that the password is correct ++ if altauth_exists: ++ if auth.success: ++ name =3D str(self.user) ++ self.db =3D self.instance.open(name) ++ value =3D password_module.Password(password.strip()) ++ password_dict =3D {'password':value} ++ user =3D self.db.user ++ user.set(uid, **password_dict) ++ self.db.commit() ++ else: ++ self.make_user_anonymous()o ++ action =3D self.form['__destination_url'].value ++ self.login(message=3D_(auth.message), action=3Daction)= + ++ return 0 + pw =3D self.db.user.get(uid, 'password') + if password !=3D pw: + self.make_user_anonymous() + + +example altauth.py: + +__doc__ =3D """ +Alternative authentication for roundup +""" + +import pipes, os, string + +class altauth: + """ + Arguments: + username : username + password : password in plaintext + + Instance variables: + realname : username's real name + org : username's organization + email : username's email address + phone : username's phone number + + code : return code from alternate authentication + message : message from alternate authentication + exists : does user exist in alternate autentication source? + success : did user enter a valid user / password combo? + """ + def __init__(self, username=3DNone, password=3DNone): + # Make sure user and password have values - else java cwauthcmd= + hangs. + if username is None: + username =3D "test" + if password is None: + password =3D "test" + + # In Bluepages, your username is your email address, but this m= +ight not + # be true for other authentication sources. + self.email =3D username + + # Get realname, phone and org from Bluepages + cmd =3D "phone ldap emailaddress=3D%s format givenname sn telep= +honenumber dept" % self.email + s =3D os.popen(cmd).readlines()[0].strip().split() + self.realname =3D string.join(s[:-2]) + self.phone =3D s[-2] + self.org =3D s[-1] + + # Open a pipeline to java cwauth stuff. The most secure option = +I could think of + # besides JPE (Java Python Extension), which I couldn't get to = +work. + os.umask(077) + t=3Dpipes.Template() + t.append('java cwauthcmd', '--') + tmpfile =3D os.tmpnam() + f=3Dt.open(tmpfile, 'w') + f.write(username + " " + password) + f.close() + self.code =3D int(open(tmpfile).read().strip()) + os.remove(tmpfile) + + if self.code =3D=3D 0: + self.message =3D "Success. The authentication was successfu= +l." + self.exists =3D 1 + self.success =3D 1 + elif self.code =3D=3D 2: + self.message =3D "Not registered. Visit http://w3.ibm.com/p= +assword/" + self.exists =3D 0 + self.success =3D 0 + elif self.code =3D=3D 3: + self.message =3D "LDAP Error. There was an error communicat= +ing with Bluepages." + self.exists =3D 0 + self.success =3D 0 + elif self.code =3D=3D 4: + self.message =3D "No Record Found. No user was found havin= +g that e-mail address." + self.exists =3D 0 + self.success =3D 0 + elif self.code =3D=3D 5: + self.message =3D "Multiple Records Found. More than one ent= +ry exists for that e-mail address." + self.exists =3D 1 + self.success =3D 0 + elif self.code =3D=3D 6: + self.message =3D "Incorrect password. Try again or visit ht= +tp://w3.ibm.com/password" + self.exists =3D 1 + self.success =3D 0 + else: + self.message =3D "Unknown result code. Contact daniel_clark= +@us.ibm.com" + self.exists =3D 0 + self.success =3D 0 + + +-- +Daniel Clark =A7 Sys Admin & Assistant Release Engineer +IBM =BB Lotus =BB Messaging Technology Group =A7 http://w3.mtg.lotus.co= +m +Tieline 693-7353 =A7 External 617-693-7353 =A7 Mobile 617-877-0702 +AIM as djbclark =A7 Sametime as Daniel Clark/CAM/Lotus += + + + +_______________________________________________ +Roundup-devel mailing list +Roundup-devel@lists.sourceforge.net +https://lists.sourceforge.net/lists/listinfo/roundup-devel + + -- 2.30.2