upstream/kallithea Files · rhodecode/lib/auth_modules/auth_pam.py

Complete copyright notices for web interface; change footer to link to them....

Complete copyright notices for web interface; change footer to link to them. The original copyright notice found in the footer was not accurate as it included only one of the many copyright holders in this project. This change creates an "about" page, which currently contains just the copyright and license information. It links to repository for additional potential copyright holders not listed on the about page. Unlisted contributors are mentioned in template comments. Html links for Kallithea is fixed and we link to Conservancy. Display of version information in the footer is improved.

Bradley M. Kuhn - - Load All Authors

File last commit:

r4116:ffd45b18 rhodecode-2.2.5-gpl


                r4178:9dd72670

kallithea-2.2.5-r...

Download file

             auth_pam.py
        
                    138 lines
            
             | 4.7 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / lib / auth_modules / auth_pam.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # -*- coding: utf-8 -*-

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU General Public License as published by

      # the Free Software Foundation, either version 3 of the License, or

      # (at your option) any later version.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      """

      rhodecode.lib.auth_pam

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      RhodeCode authentication library for PAM

      :created_on: Created on Apr 09, 2013

      :author: Alexey Larikov

      """

      import logging

      import time

      import pam

      import pwd

      import grp

      import re

      import socket

      import threading

      from rhodecode.lib import auth_modules

      from rhodecode.lib.compat import formatted_json, hybrid_property

      log = logging.getLogger(__name__)

      # Cache to store PAM authenticated users

      _auth_cache = dict()

      _pam_lock = threading.Lock()

      class RhodeCodeAuthPlugin(auth_modules.RhodeCodeExternalAuthPlugin):

          # PAM authnetication can be slow. Repository operations involve a lot of

          # auth calls. Little caching helps speedup push/pull operations significantly

          AUTH_CACHE_TTL = 4

          def __init__(self):

              global _auth_cache

              ts = time.time()

              cleared_cache = dict(

                  [(k, v) for (k, v) in _auth_cache.items() if

                   (v + RhodeCodeAuthPlugin.AUTH_CACHE_TTL > ts)])

              _auth_cache = cleared_cache

          @hybrid_property

          def name(self):

              return "pam"

          def settings(self):

              settings = [

                  {

                      "name": "service",

                      "validator": self.validators.UnicodeString(strip=True),

                      "type": "string",

                      "description": "PAM service name to use for authentication",

                      "default": "login",

                      "formname": "PAM service name"

                  },

                  {

                      "name": "gecos",

                      "validator": self.validators.UnicodeString(strip=True),

                      "type": "string",

                      "description": "Regex for extracting user name/email etc "

                                     "from Unix userinfo",

                      "default": "(?P<last_name>.+),\s*(?P<first_name>\w+)",

                      "formname": "Gecos Regex"

                  }

              ]

              return settings

          def use_fake_password(self):

              return True

          def auth(self, userobj, username, password, settings, **kwargs):

              if username not in _auth_cache:

                  # Need lock here, as PAM authentication is not thread safe

                  _pam_lock.acquire()

                  try:

                      auth_result = pam.authenticate(username, password,

                                                     settings["service"])

                      # cache result only if we properly authenticated

                      if auth_result:

                          _auth_cache[username] = time.time()

                  finally:

                      _pam_lock.release()

                  if not auth_result:

                      log.error("PAM was unable to authenticate user: %s" % (username,))

                      return None

              else:

                  log.debug("Using cached auth for user: %s" % (username,))

              # old attrs fetched from RhodeCode database

              admin = getattr(userobj, 'admin', False)

              active = getattr(userobj, 'active', True)

              email = getattr(userobj, 'email', '') or "%s@%s" % (username, socket.gethostname())

              firstname = getattr(userobj, 'firstname', '')

              lastname = getattr(userobj, 'lastname', '')

              extern_type = getattr(userobj, 'extern_type', '')

              user_attrs = {

                  'username': username,

                  'firstname': firstname,

                  'lastname': lastname,

                  'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],

                  'email': email,

                  'admin': admin,

                  'active': active,

                  "active_from_extern": None,

                  'extern_name': username,

                  'extern_type': extern_type,

              }

              try:

                  user_data = pwd.getpwnam(username)

                  regex = settings["gecos"]

                  match = re.search(regex, user_data.pw_gecos)

                  if match:

                      user_attrs["firstname"] = match.group('first_name')

                      user_attrs["lastname"] = match.group('last_name')

              except Exception:

                  log.warn("Cannot extract additional info for PAM user")

                  pass

              log.debug("pamuser: \n%s" % formatted_json(user_attrs))

              log.info('user %s authenticated correctly' % user_attrs['username'])

              return user_attrs

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# -- coding: utf-8 --
				# This program is free software: you can redistribute it and/or modify
				# it under the terms of the GNU General Public License as published by
				# the Free Software Foundation, either version 3 of the License, or
				# (at your option) any later version.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU General Public License
				# along with this program. If not, see <http://www.gnu.org/licenses/>.
				"""
				rhodecode.lib.auth_pam
				~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

				RhodeCode authentication library for PAM

				:created_on: Created on Apr 09, 2013
				:author: Alexey Larikov
				"""

				import logging
				import time
				import pam
				import pwd
				import grp
				import re
				import socket
				import threading

				from rhodecode.lib import auth_modules
				from rhodecode.lib.compat import formatted_json, hybrid_property

				log = logging.getLogger(__name__)

				# Cache to store PAM authenticated users
				_auth_cache = dict()
				_pam_lock = threading.Lock()


				class RhodeCodeAuthPlugin(auth_modules.RhodeCodeExternalAuthPlugin):
				# PAM authnetication can be slow. Repository operations involve a lot of
				# auth calls. Little caching helps speedup push/pull operations significantly
				AUTH_CACHE_TTL = 4

				def __init__(self):
				global _auth_cache
				ts = time.time()
				cleared_cache = dict(
				[(k, v) for (k, v) in _auth_cache.items() if
				(v + RhodeCodeAuthPlugin.AUTH_CACHE_TTL > ts)])
				_auth_cache = cleared_cache

				@hybrid_property
				def name(self):
				return "pam"

				def settings(self):
				settings = [
				{
				"name": "service",
				"validator": self.validators.UnicodeString(strip=True),
				"type": "string",
				"description": "PAM service name to use for authentication",
				"default": "login",
				"formname": "PAM service name"
				},
				{
				"name": "gecos",
				"validator": self.validators.UnicodeString(strip=True),
				"type": "string",
				"description": "Regex for extracting user name/email etc "
				"from Unix userinfo",
				"default": "(?P<last_name>.+),\s*(?P<first_name>\w+)",
				"formname": "Gecos Regex"
				}
				]
				return settings

				def use_fake_password(self):
				return True

				def auth(self, userobj, username, password, settings, **kwargs):
				if username not in _auth_cache:
				# Need lock here, as PAM authentication is not thread safe
				_pam_lock.acquire()
				try:
				auth_result = pam.authenticate(username, password,
				settings["service"])
				# cache result only if we properly authenticated
				if auth_result:
				_auth_cache[username] = time.time()
				finally:
				_pam_lock.release()

				if not auth_result:
				log.error("PAM was unable to authenticate user: %s" % (username,))
				return None
				else:
				log.debug("Using cached auth for user: %s" % (username,))

				# old attrs fetched from RhodeCode database
				admin = getattr(userobj, 'admin', False)
				active = getattr(userobj, 'active', True)
				email = getattr(userobj, 'email', '') or "%s@%s" % (username, socket.gethostname())
				firstname = getattr(userobj, 'firstname', '')
				lastname = getattr(userobj, 'lastname', '')
				extern_type = getattr(userobj, 'extern_type', '')

				user_attrs = {
				'username': username,
				'firstname': firstname,
				'lastname': lastname,
				'groups': [g.gr_name for g in grp.getgrall() if username in g.gr_mem],
				'email': email,
				'admin': admin,
				'active': active,
				"active_from_extern": None,
				'extern_name': username,
				'extern_type': extern_type,
				}

				try:
				user_data = pwd.getpwnam(username)
				regex = settings["gecos"]
				match = re.search(regex, user_data.pw_gecos)
				if match:
				user_attrs["firstname"] = match.group('first_name')
				user_attrs["lastname"] = match.group('last_name')
				except Exception:
				log.warn("Cannot extract additional info for PAM user")
				pass

				log.debug("pamuser: \n%s" % formatted_json(user_attrs))
				log.info('user %s authenticated correctly' % user_attrs['username'])
				return user_attrs