def authenticate(self, mech, pwd, cert = None):
conf = FLSConfig.getInstance()
log = logging.getLogger('flscp')
data = {
'userdb_user': '',
'userdb_home': '',
'userdb_uid': '',
'userdb_gid': '',
'userdb_mail': '',
'quota_rule': '',
'nopassword': 1
}
localPartDir = os.path.join(conf.get('mailserver', 'basemailpath'), 'virtual')
homeDir = os.path.join(localPartDir, self.domain, self.mail)
username = ('%s@%s' % (self.mail, self.domain)).lower()
if self.hashPw == '_no_':
log.debug('User %s can not login, because password is disabled!' % (self.getMailAddress(),))
return False
s = SaltEncryption()
if mech in ['PLAIN', 'LOGIN']:
state = s.compare(pwd, self.hashPw)
elif mech in ['EXTERNAL']:
state = (cert.lower() == 'valid' and pwd == '')
else:
log.debug('User %s can not login: unsupported auth mechanism "%s"' % (self.getMailAddress(), mech))
state = False
if state:
data['userdb_user'] = username
data['userdb_home'] = self.getHomeDir()
data['userdb_uid'] = conf.get('mailserver', 'uid')
data['userdb_gid'] = conf.get('mailserver', 'gid')
data['userdb_mail'] = self.getMailDirFormat()
data['quota_rule'] = '*:storage=%sb' % (self.quota,)
return data
else:
return False
def hashPassword(self): s = SaltEncryption() # idea for later: store hash with: # s.hash(md5(self.pw)) and check it later with s.compare(md5(self.pw), <hash>) # or do it with sha512 self.hashPw = s.hash(self.pw)
