Exemplo n.º 1
0
        def add_anonymous(self, homedir=None, realuser="******", **kwargs):
            """Add an anonymous user to the virtual users table.

             - (string) homedir:
                The anonymous user home directory.  If this is not
                specified the "realuser" home directory will be
                determined (if any) and used.

             - (string) realuser:
                specifies the system user to use for managing anonymous
                sessions.  On some UNIX systems "ftp" is available and
                usually used by end-user FTP servers but it can vary
                (e.g. "nobody").

             - (dict) **kwargs:
                the same keyword arguments expected by the original
                add_user method: "perm", "msg_login" and "msg_quit".
            """
            users = [entry.pw_name for entry in pwd.getpwall()]
            if not realuser in users:
                raise AuthorizerError('No such user "%s".' % realuser)
            if not homedir:
                homedir = pwd.getpwnam(realuser).pw_dir
                self._dynamic_home_users.append(realuser)
            DummyAuthorizer.add_anonymous(self, homedir, **kwargs)
            self._anon_user = realuser
Exemplo n.º 2
0
 def get_home_dir(self, username):
     """Return the user's profile directory, the closest thing
     to a user home directory we have on Windows.
     """
     try:
         sid = win32security.ConvertSidToStringSid(
                 win32security.LookupAccountName(None, username)[0])
     except pywintypes.error, err:
         raise AuthorizerError(err)
Exemplo n.º 3
0
 def get_home_dir(self, username):
     """Return the user's profile directory, the closest thing
     to a user home directory we have on Windows.
     """
     try:
         sid = win32security.ConvertSidToStringSid(
             win32security.LookupAccountName(None, username)[0])
     except pywintypes.error as err:
         raise AuthorizerError(err)
     path = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" + \
            "\\" + sid
     try:
         key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, path)
     except WindowsError:
         raise AuthorizerError(
             "No profile directory defined for user %s" % username)
     value = _winreg.QueryValueEx(key, "ProfileImagePath")[0]
     return win32api.ExpandEnvironmentStrings(value)
Exemplo n.º 4
0
 def impersonate_user(self, username, password):
     if (username == "anonymous") and self.has_user('anonymous'):
         username = self._anon_user
     try:
         uid = pwd.getpwnam(username).pw_uid
         gid = pwd.getpwnam(username).pw_gid
     except KeyError:
         raise AuthorizerError('No such user %s' % username)
     os.setegid(gid)
     os.seteuid(uid)
Exemplo n.º 5
0
 def get_home_dir(self, username):
     if username not in self._dynamic_home_users:
         return self.user_table[username]['home']
     else:
         if (username == "anonymous") and self.has_user('anonymous'):
             username = self._anon_user
         try:
             return pwd.getpwnam(username).pw_dir
         except KeyError:
             raise AuthorizerError('No such user %s' % username)
Exemplo n.º 6
0
 def get_home_dir(self, username):
     """Return user home directory."""
     try:
         home = pwd.getpwnam(username).pw_dir
     except KeyError:
         raise AuthorizerError('no such user %s' % username)
     else:
         if not PY3:
             home = home.decode('utf8')
         return home
Exemplo n.º 7
0
 def impersonate_user(self, username, password):
     """Change process effective user/group ids to reflect
     logged in user.
     """
     try:
         pwdstruct = pwd.getpwnam(username)
     except KeyError:
         raise AuthorizerError('no such user %s' % username)
     else:
         os.setegid(pwdstruct.pw_gid)
         os.seteuid(pwdstruct.pw_uid)
Exemplo n.º 8
0
        def __init__(self, anonymous_user=None):
            if os.geteuid() != 0 or not spwd.getspall():
                raise AuthorizerError("super user privileges are required")
            self.anonymous_user = anonymous_user

            if self.anonymous_user is not None:
                if not self.anonymous_user in self._get_system_users():
                    raise ValueError('no such user %s' % self.anonymous_user)
                try:
                    pwd.getpwnam(self.anonymous_user).pw_dir
                except KeyError:
                    raise ValueError('no such user %s' % anonymous_user)
Exemplo n.º 9
0
        def add_user(self, username, homedir=None, **kwargs):
            """Add a "real" system user to the virtual users table.

             - (string) homedir:
                The user home directory.  If this is not specified the
                real user home directory will be determined (if any)
                and used.

             - (dict) **kwargs:
                the same keyword arguments expected by the original
                add_user method: "perm", "msg_login" and "msg_quit".
            """
            # get the list of all available users on the system and check
            # if provided username exists
            users = [entry.pw_name for entry in pwd.getpwall()]
            if not username in users:
                raise AuthorizerError('No such user "%s".' % username)
            if not homedir:
                homedir = pwd.getpwnam(username).pw_dir
                self._dynamic_home_users.append(username)
            DummyAuthorizer.add_user(self, username, '', homedir, **kwargs)
Exemplo n.º 10
0
    class BaseWindowsAuthorizer(object):
        """An authorizer compatible with Windows user account and
        password database.
        This class should not be used directly unless for subclassing.
        Use higher-level WinowsAuthorizer class instead.
        """

        def __init__(self, anonymous_user=None, anonymous_password=None):
            # actually try to impersonate the user
            self.anonymous_user = anonymous_user
            self.anonymous_password = anonymous_password
            if self.anonymous_user is not None:
                self.impersonate_user(self.anonymous_user,
                                      self.anonymous_password)
                self.terminate_impersonation()

        def validate_authentication(self, username, password):
            if username == "anonymous":
                return self.anonymous_user is not None
            try:
                win32security.LogonUser(username, None, password,
                                        win32con.LOGON32_LOGON_INTERACTIVE,
                                        win32con.LOGON32_PROVIDER_DEFAULT)
            except pywintypes.error:
                return False
            else:
                return True

        @replace_anonymous
        def impersonate_user(self, username, password):
            """Impersonate the security context of another user."""
            handler = win32security.LogonUser(username, None, password,
                                              win32con.LOGON32_LOGON_INTERACTIVE,
                                              win32con.LOGON32_PROVIDER_DEFAULT)
            win32security.ImpersonateLoggedOnUser(handler)
            handler.Close()

        def terminate_impersonation(self, username):
            """Terminate the impersonation of another user."""
            win32security.RevertToSelf()

        @replace_anonymous
        def has_user(self, username):
            return username in self._get_system_users()

        @replace_anonymous
        def get_home_dir(self, username):
            """Return the user's profile directory, the closest thing
            to a user home directory we have on Windows.
            """
            try:
                sid = win32security.ConvertSidToStringSid(
                        win32security.LookupAccountName(None, username)[0])
            except pywintypes.error, err:
                raise AuthorizerError(err)
            path = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" + \
                   "\\" + sid
            try:
                key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, path)
            except WindowsError:
                raise AuthorizerError("No profile directory defined for user %s"
                                      % username)
            value = _winreg.QueryValueEx(key, "ProfileImagePath")[0]
            return win32api.ExpandEnvironmentStrings(value)
Exemplo n.º 11
0
 def get_home_dir(self, username):
     """Return user home directory."""
     try:
         return pwd.getpwnam(username).pw_dir
     except KeyError:
         raise AuthorizerError('no such user %s' % username)