def add_anonymous(self, homedir=None, realuser="******", **kwargs):
"""Add an anonymous user to the virtual users table.
- (string) homedir:
The anonymous user home directory. If this is not
specified the "realuser" home directory will be
determined (if any) and used.
- (string) realuser:
specifies the system user to use for managing anonymous
sessions. On some UNIX systems "ftp" is available and
usually used by end-user FTP servers but it can vary
(e.g. "nobody").
- (dict) **kwargs:
the same keyword arguments expected by the original
add_user method: "perm", "msg_login" and "msg_quit".
"""
users = [entry.pw_name for entry in pwd.getpwall()]
if not realuser in users:
raise AuthorizerError('No such user "%s".' % realuser)
if not homedir:
homedir = pwd.getpwnam(realuser).pw_dir
self._dynamic_home_users.append(realuser)
DummyAuthorizer.add_anonymous(self, homedir, **kwargs)
self._anon_user = realuser
def get_home_dir(self, username):
"""Return the user's profile directory, the closest thing
to a user home directory we have on Windows.
"""
try:
sid = win32security.ConvertSidToStringSid(
win32security.LookupAccountName(None, username)[0])
except pywintypes.error, err:
raise AuthorizerError(err)
def get_home_dir(self, username):
"""Return the user's profile directory, the closest thing
to a user home directory we have on Windows.
"""
try:
sid = win32security.ConvertSidToStringSid(
win32security.LookupAccountName(None, username)[0])
except pywintypes.error as err:
raise AuthorizerError(err)
path = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" + \
"\\" + sid
try:
key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, path)
except WindowsError:
raise AuthorizerError(
"No profile directory defined for user %s" % username)
value = _winreg.QueryValueEx(key, "ProfileImagePath")[0]
return win32api.ExpandEnvironmentStrings(value)
def impersonate_user(self, username, password):
if (username == "anonymous") and self.has_user('anonymous'):
username = self._anon_user
try:
uid = pwd.getpwnam(username).pw_uid
gid = pwd.getpwnam(username).pw_gid
except KeyError:
raise AuthorizerError('No such user %s' % username)
os.setegid(gid)
os.seteuid(uid)
def get_home_dir(self, username):
if username not in self._dynamic_home_users:
return self.user_table[username]['home']
else:
if (username == "anonymous") and self.has_user('anonymous'):
username = self._anon_user
try:
return pwd.getpwnam(username).pw_dir
except KeyError:
raise AuthorizerError('No such user %s' % username)
def get_home_dir(self, username):
"""Return user home directory."""
try:
home = pwd.getpwnam(username).pw_dir
except KeyError:
raise AuthorizerError('no such user %s' % username)
else:
if not PY3:
home = home.decode('utf8')
return home
def impersonate_user(self, username, password):
"""Change process effective user/group ids to reflect
logged in user.
"""
try:
pwdstruct = pwd.getpwnam(username)
except KeyError:
raise AuthorizerError('no such user %s' % username)
else:
os.setegid(pwdstruct.pw_gid)
os.seteuid(pwdstruct.pw_uid)
def __init__(self, anonymous_user=None):
if os.geteuid() != 0 or not spwd.getspall():
raise AuthorizerError("super user privileges are required")
self.anonymous_user = anonymous_user
if self.anonymous_user is not None:
if not self.anonymous_user in self._get_system_users():
raise ValueError('no such user %s' % self.anonymous_user)
try:
pwd.getpwnam(self.anonymous_user).pw_dir
except KeyError:
raise ValueError('no such user %s' % anonymous_user)
def add_user(self, username, homedir=None, **kwargs):
"""Add a "real" system user to the virtual users table.
- (string) homedir:
The user home directory. If this is not specified the
real user home directory will be determined (if any)
and used.
- (dict) **kwargs:
the same keyword arguments expected by the original
add_user method: "perm", "msg_login" and "msg_quit".
"""
# get the list of all available users on the system and check
# if provided username exists
users = [entry.pw_name for entry in pwd.getpwall()]
if not username in users:
raise AuthorizerError('No such user "%s".' % username)
if not homedir:
homedir = pwd.getpwnam(username).pw_dir
self._dynamic_home_users.append(username)
DummyAuthorizer.add_user(self, username, '', homedir, **kwargs)
class BaseWindowsAuthorizer(object):
"""An authorizer compatible with Windows user account and
password database.
This class should not be used directly unless for subclassing.
Use higher-level WinowsAuthorizer class instead.
"""
def __init__(self, anonymous_user=None, anonymous_password=None):
# actually try to impersonate the user
self.anonymous_user = anonymous_user
self.anonymous_password = anonymous_password
if self.anonymous_user is not None:
self.impersonate_user(self.anonymous_user,
self.anonymous_password)
self.terminate_impersonation()
def validate_authentication(self, username, password):
if username == "anonymous":
return self.anonymous_user is not None
try:
win32security.LogonUser(username, None, password,
win32con.LOGON32_LOGON_INTERACTIVE,
win32con.LOGON32_PROVIDER_DEFAULT)
except pywintypes.error:
return False
else:
return True
@replace_anonymous
def impersonate_user(self, username, password):
"""Impersonate the security context of another user."""
handler = win32security.LogonUser(username, None, password,
win32con.LOGON32_LOGON_INTERACTIVE,
win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(handler)
handler.Close()
def terminate_impersonation(self, username):
"""Terminate the impersonation of another user."""
win32security.RevertToSelf()
@replace_anonymous
def has_user(self, username):
return username in self._get_system_users()
@replace_anonymous
def get_home_dir(self, username):
"""Return the user's profile directory, the closest thing
to a user home directory we have on Windows.
"""
try:
sid = win32security.ConvertSidToStringSid(
win32security.LookupAccountName(None, username)[0])
except pywintypes.error, err:
raise AuthorizerError(err)
path = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" + \
"\\" + sid
try:
key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, path)
except WindowsError:
raise AuthorizerError("No profile directory defined for user %s"
% username)
value = _winreg.QueryValueEx(key, "ProfileImagePath")[0]
return win32api.ExpandEnvironmentStrings(value)
def get_home_dir(self, username):
"""Return user home directory."""
try:
return pwd.getpwnam(username).pw_dir
except KeyError:
raise AuthorizerError('no such user %s' % username)