upstream/kallithea Files · rhodecode/lib/auth_modules/auth_pam.py

Add mousetrap.js file from Mousetrap 1.4.5, under the Apache license....

Add mousetrap.js file from Mousetrap 1.4.5, under the Apache license. The file was download and verified via these commands: $ git clone https://github.com/ccampbell/mousetrap.git $ cd mousetrap; git checkout 1.4.5 The file in that repository named mousetrap.js is exactly the same one that appeared in RhodeCode 2.2.5 in changeset c8d3c0d61d95. The mousetrap.js states clearly that it is licensed under Apache-2.0.

Bradley M. Kuhn - - Load All Authors

File last commit:

r4116:ffd45b18 rhodecode-2.2.5-gpl


                r4126:158ef336

rhodecode-2.2.5-gpl

Download file

             auth_pam.py
        
                    138 lines
            
             | 4.7 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / lib / auth_modules / auth_pam.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # -*- coding: utf-8 -*-

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU General Public License as published by

      # the Free Software Foundation, either version 3 of the License, or

      # (at your option) any later version.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      """

      rhodecode.lib.auth_pam

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      RhodeCode authentication library for PAM

      :created_on: Created on Apr 09, 2013

      :author: Alexey Larikov

      """

      import logging

      import time

      import pam

      import pwd

      import grp

      import re

      import socket

      import threading

      from rhodecode.lib import auth_modules

      from rhodecode.lib.compat import formatted_json, hybrid_property

      log = logging.getLogger(__name__)

      # Cache to store PAM authenticated users

      _auth_cache = dict()

      _pam_lock = threading.Lock()

      class RhodeCodeAuthPlugin(auth_modules.RhodeCodeExternalAuthPlugin):

          # PAM authnetication can be slow. Repository operations involve a lot of

          # auth calls. Little caching helps speedup push/pull operations significantly

          AUTH_CACHE_TTL = 4

          def __init__(self):

              global _auth_cache

              ts = time.time()

              cleared_cache = dict(

                  [(k, v) for (k, v) in _auth_cache.items() if

                   (v + RhodeCodeAuthPlugin.AUTH_CACHE_TTL > ts)])

              _auth_cache = cleared_cache

          @hybrid_property

          def name(self):

              return "pam"

          def settings(self):

              settings = [

                  {

                      "name": "service",

                      "validator": self.validators.UnicodeString(strip=True),

                      "type": "string",

                      "description": "PAM service name to use for authentication",

                      "default": "login",

                      "formname": "PAM service name"

                  },

                  {

                      "name": "gecos",

                      "validator": self.validators.UnicodeString(strip=True),

                      "type": "string",

                      "description": "Regex for extracting user name/email etc "

                                     "from Unix userinfo",

                      "default": "(?P<last_name>.+),\s*(?P<first_name>\w+)",

                      "formname": "Gecos Regex"

                  }

              ]

              return settings

          def use_fake_password(self):

              return True

          def auth(self, userobj, username, password, settings, **kwargs):

              if username not in _auth_cache:

                  # Need lock here, as PAM authentication is not thread safe

                  _pam_lock.acquire()

                  try:

                      auth_result = pam.authenticate(username, password,

                                                     settings["service"])

                      # cache result only if we properly authenticated

                      if auth_result:

                          _auth_cache[username] = time.time()

                  finally:

                      _pam_lock.release()

                  if not auth_result:

                      log.error("PAM was unable to authenticate user: %s" % (username,))

                      return None

              else:

                  log.debug("Using cached auth for user: %s" % (username,))

              # old attrs fetched from RhodeCode database

              admin = getattr(userobj, 'admin', False)

              active = getattr(userobj, 'active', True)

              email = getattr(userobj, 'email', '') or "%s@%s" % (username, socket.gethostname())

              firstname = getattr(userobj, 'firstname', '')

              lastname = getattr(userobj, 'lastname', '')

              extern_type = getattr(userobj, 'extern_type', '')

              user_attrs = {

                  'username': username,

                  'firstname': firstname,

                  'lastname': lastname,

                  'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],

                  'email': email,

                  'admin': admin,

                  'active': active,

                  "active_from_extern": None,

                  'extern_name': username,

                  'extern_type': extern_type,

              }

              try:

                  user_data = pwd.getpwnam(username)

                  regex = settings["gecos"]

                  match = re.search(regex, user_data.pw_gecos)

                  if match:

                      user_attrs["firstname"] = match.group('first_name')

                      user_attrs["lastname"] = match.group('last_name')

              except Exception:

                  log.warn("Cannot extract additional info for PAM user")

                  pass

              log.debug("pamuser: \n%s" % formatted_json(user_attrs))

              log.info('user %s authenticated correctly' % user_attrs['username'])

              return user_attrs

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# -- coding: utf-8 --
				# This program is free software: you can redistribute it and/or modify
				# it under the terms of the GNU General Public License as published by
				# the Free Software Foundation, either version 3 of the License, or
				# (at your option) any later version.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU General Public License
				# along with this program. If not, see <http://www.gnu.org/licenses/>.
				"""
				rhodecode.lib.auth_pam
				~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

				RhodeCode authentication library for PAM

				:created_on: Created on Apr 09, 2013
				:author: Alexey Larikov
				"""

				import logging
				import time
				import pam
				import pwd
				import grp
				import re
				import socket
				import threading

				from rhodecode.lib import auth_modules
				from rhodecode.lib.compat import formatted_json, hybrid_property

				log = logging.getLogger(__name__)

				# Cache to store PAM authenticated users
				_auth_cache = dict()
				_pam_lock = threading.Lock()


				class RhodeCodeAuthPlugin(auth_modules.RhodeCodeExternalAuthPlugin):
				# PAM authnetication can be slow. Repository operations involve a lot of
				# auth calls. Little caching helps speedup push/pull operations significantly
				AUTH_CACHE_TTL = 4

				def __init__(self):
				global _auth_cache
				ts = time.time()
				cleared_cache = dict(
				[(k, v) for (k, v) in _auth_cache.items() if
				(v + RhodeCodeAuthPlugin.AUTH_CACHE_TTL > ts)])
				_auth_cache = cleared_cache

				@hybrid_property
				def name(self):
				return "pam"

				def settings(self):
				settings = [
				{
				"name": "service",
				"validator": self.validators.UnicodeString(strip=True),
				"type": "string",
				"description": "PAM service name to use for authentication",
				"default": "login",
				"formname": "PAM service name"
				},
				{
				"name": "gecos",
				"validator": self.validators.UnicodeString(strip=True),
				"type": "string",
				"description": "Regex for extracting user name/email etc "
				"from Unix userinfo",
				"default": "(?P<last_name>.+),\s*(?P<first_name>\w+)",
				"formname": "Gecos Regex"
				}
				]
				return settings

				def use_fake_password(self):
				return True

				def auth(self, userobj, username, password, settings, **kwargs):
				if username not in _auth_cache:
				# Need lock here, as PAM authentication is not thread safe
				_pam_lock.acquire()
				try:
				auth_result = pam.authenticate(username, password,
				settings["service"])
				# cache result only if we properly authenticated
				if auth_result:
				_auth_cache[username] = time.time()
				finally:
				_pam_lock.release()

				if not auth_result:
				log.error("PAM was unable to authenticate user: %s" % (username,))
				return None
				else:
				log.debug("Using cached auth for user: %s" % (username,))

				# old attrs fetched from RhodeCode database
				admin = getattr(userobj, 'admin', False)
				active = getattr(userobj, 'active', True)
				email = getattr(userobj, 'email', '') or "%s@%s" % (username, socket.gethostname())
				firstname = getattr(userobj, 'firstname', '')
				lastname = getattr(userobj, 'lastname', '')
				extern_type = getattr(userobj, 'extern_type', '')

				user_attrs = {
				'username': username,
				'firstname': firstname,
				'lastname': lastname,
				'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],
				'email': email,
				'admin': admin,
				'active': active,
				"active_from_extern": None,
				'extern_name': username,
				'extern_type': extern_type,
				}

				try:
				user_data = pwd.getpwnam(username)
				regex = settings["gecos"]
				match = re.search(regex, user_data.pw_gecos)
				if match:
				user_attrs["firstname"] = match.group('first_name')
				user_attrs["lastname"] = match.group('last_name')
				except Exception:
				log.warn("Cannot extract additional info for PAM user")
				pass

				log.debug("pamuser: \n%s" % formatted_json(user_attrs))
				log.info('user %s authenticated correctly' % user_attrs['username'])
				return user_attrs