def authenticate(self, mech, pwd, cert = None): conf = FLSConfig.getInstance() log = logging.getLogger('flscp') data = { 'userdb_user': '', 'userdb_home': '', 'userdb_uid': '', 'userdb_gid': '', 'userdb_mail': '', 'quota_rule': '', 'nopassword': 1 } localPartDir = os.path.join(conf.get('mailserver', 'basemailpath'), 'virtual') homeDir = os.path.join(localPartDir, self.domain, self.mail) username = ('%s@%s' % (self.mail, self.domain)).lower() if self.hashPw == '_no_': log.debug('User %s can not login, because password is disabled!' % (self.getMailAddress(),)) return False s = SaltEncryption() if mech in ['PLAIN', 'LOGIN']: state = s.compare(pwd, self.hashPw) elif mech in ['EXTERNAL']: state = (cert.lower() == 'valid' and pwd == '') else: log.debug('User %s can not login: unsupported auth mechanism "%s"' % (self.getMailAddress(), mech)) state = False if state: data['userdb_user'] = username data['userdb_home'] = self.getHomeDir() data['userdb_uid'] = conf.get('mailserver', 'uid') data['userdb_gid'] = conf.get('mailserver', 'gid') data['userdb_mail'] = self.getMailDirFormat() data['quota_rule'] = '*:storage=%sb' % (self.quota,) return data else: return False
def hashPassword(self): s = SaltEncryption() # idea for later: store hash with: # s.hash(md5(self.pw)) and check it later with s.compare(md5(self.pw), <hash>) # or do it with sha512 self.hashPw = s.hash(self.pw)