def retrieve_profile(user):
"get or create a profile"
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
if user.is_superuser:
account_type = 1
else:
account_type = 3
profile = UserProfile(user=user, account_type=account_type)
profile.save()
return profile
def authenticate(self, username=None, password=None):
if not '@' in username:
return None
login_user, domain = username.split('@')
dom = UserAddresses.objects.filter(address=domain, address_type=1)
if not dom:
return None
hosts = MailAuthHost.objects.filter(useraddress=dom)
if not hosts:
return None
for host in hosts:
if not host.split_address:
login_user = username
if self.mail_auth(host.protocol, login_user, password,
host.address, host.port):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username)
user.set_unusable_password()
user.is_staff = False
user.is_superuser = False
try:
from django.forms.fields import email_re
except ImportError:
from django.core.validators import email_re
if email_re.match(username):
user.email = username
user.save()
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile(user=user, account_type=3)
profile.save()
return user
return None
def authenticate(self, username=None, password=None):
if not '@' in username:
return None
login_user, domain = username.split('@')
dom = UserAddresses.objects.filter(address=domain, address_type=1)
if not dom:
return None
hosts = MailAuthHost.objects.filter(useraddress=dom)
if not hosts:
return None
for host in hosts:
if not host.split_address:
login_user = username
if self.mail_auth(host.protocol, login_user, password,
host.address, host.port):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username)
user.set_unusable_password()
user.is_staff = False
user.is_superuser = False
try:
from django.forms.fields import email_re
except ImportError:
from django.core.validators import email_re
if email_re.match(username):
user.email = username
user.save()
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile(user=user, account_type=3)
profile.save()
return user
return None
def authenticate(self, username=None, password=None):
"""Authenticate to the AD backends"""
if not '@' in username:
logger.warning("Domain not specified for %s\n" % username)
return None
_, domain = username.split('@')
dom = UserAddresses.objects.filter(address=domain, address_type=1)
if not dom:
logger.warning("AD auth not enabled for %s\n" % domain)
return None
hosts = MailAuthHost.objects.filter(useraddress=dom,
protocol=5,
enabled=True)
if not hosts:
logger.warning("No AD servers found for %s\n" % domain)
return None
adset = None
for host in hosts:
# process all hosts
# Query each host for configured AD settings:
try:
adset = MailADAuthHost.objects.get(ad_host=host)
aduser = ADUser(username, host.address, host.port, adset.ad_search_dn, adset.ad_admin_group, adset.ad_user_group, adset.ad_auth_domain)
except MailADAuthHost.DoesNotExist:
logger.warning("No MySQL MailADAuthHost; using setting.py AD config\n")
aduser = ADUser(username, host.address, host.port, adset, adset, adset, adset)
if not aduser.connect(password):
logger.warning("AD bind failed for %s\n" % username)
continue
user = None
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
logger.warning("User missing %s. creating\n" % username)
user = User(username=username,
is_staff = False,
is_superuser = False)
user.set_unusable_password()
if not aduser.get_data():
logger.warning("AD auth backend failed when reading data for"
" %s. No Group information available." % username)
user = None
continue
else:
do_update = False
for attr in ['first_name',
'last_name',
'email',
'is_superuser']:
if not getattr(user, attr) == getattr(aduser, attr):
setattr(user, attr, getattr(aduser, attr))
do_update = True
if do_update:
user.save()
if not user.is_superuser:
for mail1 in aduser.email_addresses:
try:
address = UserAddresses.objects.get(user=user,
address=mail1)
except UserAddresses.DoesNotExist:
address = UserAddresses(user=user,
address=mail1)
address.save()
logger.info("AD auth backend check passed for %s" % username)
if user:
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
account_type = 3
if user.is_superuser:
account_type = 1
profile = UserProfile(user=user,
account_type=account_type)
profile.save()
return user
return None
def authenticate(self, username=None, password=None):
try:
from pyrad import packet
from pyrad.client import Client, Timeout
from pyrad.dictionary import Dictionary
except ImportError:
return None
if not "@" in username:
return None
username = username.decode("utf-8")
password = password.decode("utf-8")
login_user, domain = username.split("@")
dom = UserAddresses.objects.filter(address=domain, address_type=1)
if not dom:
return None
hosts = MailAuthHost.objects.filter(useraddress=dom, protocol=4)
if not hosts:
return None
for host in hosts:
if not host.split_address:
login_user = username
try:
client = Client(
server=host.address,
authport=host.port,
secret=settings.RADIUS_SECRET[host.address].encode("utf-8"),
dict=Dictionary(StringIO(DICTIONARY)),
)
except AttributeError:
continue
request = client.CreateAuthPacket(code=packet.Accessrequest, User_Name=login_user)
request["User-Password"] = request.PwCrypt(password)
try:
reply = client.SendPacket(request)
if reply.code == packet.AccessReject or reply.code != packet.AccessAccept:
continue
except (Timeout, Exception):
continue
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username)
user.set_unusable_password()
user.is_staff = False
user.is_superuser = False
if email_re.match(username):
user.email = username
user.save()
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile(user=user, account_type=3)
profile.save()
return user
return None
def authenticate(self, username=None, password=None):
try:
from pyrad import packet
from pyrad.client import Client, Timeout
from pyrad.dictionary import Dictionary
except ImportError:
return None
if not '@' in username:
return None
username = username.decode('utf-8')
password = password.decode('utf-8')
login_user, domain = username.split('@')
dom = UserAddresses.objects.filter(address=domain, address_type=1)
if not dom:
return None
hosts = MailAuthHost.objects.filter(useraddress=dom, protocol=3)
if not hosts:
return None
for host in hosts:
if not host.split_address:
login_user = username
try:
client = Client(
server=host.address,
authport=host.port,
secret=settings.RADIUS_SECRET[host.address].encode(
'utf-8'),
dict=Dictionary(StringIO(DICTIONARY)),
)
except AttributeError:
return None
request = client.CreateAuthPacket(
code=packet.Accessrequestuest,
User_Name=login_user,
)
request["User-Password"] = request.PwCrypt(password)
try:
reply = client.SendPacket(request)
except Timeout:
return None
except Exception:
return None
if reply.code == packet.AccessReject:
return None
if reply.code != packet.AccessAccept:
return None
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username)
user.set_unusable_password()
user.is_staff = False
user.is_superuser = False
if email_re.match(username):
user.email = username
user.save()
try:
profile = user.get_profile()
except UserProfile.DoesNotExist:
profile = UserProfile(user=user, account_type=3)
profile.save()
return user
return None