def check(self, db, uid, passwd): if not passwd: # empty passwords disallowed for obvious security reasons raise security.ExceptionNoTb('AccessDenied') # Get a chance to hash all passwords in db before using the uid_cache. obj = pooler.get_pool(db).get('res.users') if not hasattr(obj, "_salt_cache"): obj._salt_cache = {} self._uid_cache.get(db, {}).clear() cached_pass = self._uid_cache.get(db, {}).get(uid) if (cached_pass is not None) and cached_pass == passwd: return True cr = pooler.get_db(db).cursor() try: if uid not in self._salt_cache.get(db, {}): # If we don't have cache, we have to repeat the procedure # through the login function. cr.execute('SELECT login FROM res_users WHERE id=%s', (uid, )) stored_login = cr.fetchone() if stored_login: stored_login = stored_login[0] res = self._login(cr, db, stored_login, passwd) if not res: raise security.ExceptionNoTb('AccessDenied') else: salt = self._salt_cache[db][uid] cr.execute( 'SELECT COUNT(*) FROM res_users WHERE id=%s AND password=%s AND active', (int(uid), encrypt_md5(passwd, salt))) res = cr.fetchone()[0] finally: cr.close() if not bool(res): raise security.ExceptionNoTb('AccessDenied') if res: if self._uid_cache.has_key(db): ulist = self._uid_cache[db] ulist[uid] = passwd else: self._uid_cache[db] = {uid: passwd} return bool(res)
def check(self, db, uid, passwd): try: return super(users, self).check(db, uid, passwd) except security.ExceptionNoTb: # AccessDenied pass if not passwd: # empty passwords disallowed for obvious security reasons raise security.ExceptionNoTb('AccessDenied') cr = pooler.get_db(db).cursor() user = self.browse(cr, 1, uid) logger = logging.getLogger('orm.ldap') if user and user.company_id.ldaps: for res_company_ldap in user.company_id.ldaps: try: l = ldap.open(res_company_ldap.ldap_server, res_company_ldap.ldap_server_port) if l.simple_bind_s(res_company_ldap.ldap_binddn, res_company_ldap.ldap_password): base = res_company_ldap.ldap_base scope = ldap.SCOPE_SUBTREE filter = filter_format(res_company_ldap.ldap_filter, (user.login, )) retrieve_attributes = None result_id = l.search(base, scope, filter, retrieve_attributes) timeout = 60 result_type, result_data = l.result(result_id, timeout) if result_data and result_type == ldap.RES_SEARCH_RESULT and len( result_data) == 1: dn = result_data[0][0] # some LDAP servers allow anonymous binding with blank passwords, # but these have been rejected above, so we're safe to use bind() if l.bind_s(dn, passwd): l.unbind() self._uid_cache.setdefault(db, {})[uid] = passwd cr.close() return True l.unbind() except Exception: logger.warning('cannot check', exc_info=True) pass cr.close() raise security.ExceptionNoTb('AccessDenied')
def access(self, db, uid, passwd, sec_level, ids): if not passwd: return False cr = pooler.get_db(db).cursor() cr.execute('select id from res_users where id=%s and password=%s', (uid, passwd)) res = cr.fetchone() cr.close() if not res: raise security.ExceptionNoTb('Bad username or password') return res[0]
def access(self, db, uid, passwd, sec_level, ids): if not passwd: return False cr = pooler.get_db(db).cursor() try: cr.execute('SELECT id FROM res_users WHERE id=%s AND password=%s', (uid, passwd)) res = cr.fetchone() if not res: raise security.ExceptionNoTb('Bad username or password') return res[0] finally: cr.close()
def check(self, db, uid, passwd): """Verifies that the given (uid, password) pair is authorized for the database ``db`` and raise an exception if it is not.""" if not passwd: # empty passwords disallowed for obvious security reasons raise security.ExceptionNoTb('AccessDenied') if self._uid_cache.get(db, {}).get(uid) == passwd: return True cr = pooler.get_db(db).cursor() try: cr.execute('SELECT COUNT(1) FROM res_users WHERE id=%s AND password=%s AND active=%s', (int(uid), passwd, True)) res = cr.fetchone() if not (res and res[0]): raise security.ExceptionNoTb('AccessDenied') if self._uid_cache.has_key(db): ulist = self._uid_cache[db] ulist[uid] = passwd else: self._uid_cache[db] = {uid:passwd} return True finally: cr.close()
def check(self, db, uid, passwd): if not passwd: return False cached_pass = self._uid_cache.get(db, {}).get(uid) if (cached_pass is not None) and cached_pass == passwd: return True cr = pooler.get_db(db).cursor() cr.execute( 'select count(1) from res_users where id=%s and password=%s and active=%s', (int(uid), passwd, True)) res = cr.fetchone()[0] cr.close() if not bool(res): raise security.ExceptionNoTb('AccessDenied') if res: if self._uid_cache.has_key(db): ulist = self._uid_cache[db] ulist[uid] = passwd else: self._uid_cache[db] = {uid: passwd} return bool(res)
def check(self, db, uid, passwd): if not passwd: return False if self._uid_cache.get(db, {}).get(uid) == passwd: return True cr = pooler.get_db(db).cursor() try: cr.execute( 'SELECT COUNT(1) FROM res_users WHERE id=%s AND password=%s AND active=%s', (int(uid), passwd, True)) res = cr.fetchone()[0] if not bool(res): raise security.ExceptionNoTb('AccessDenied') if res: if self._uid_cache.has_key(db): ulist = self._uid_cache[db] ulist[uid] = passwd else: self._uid_cache[db] = {uid: passwd} return bool(res) finally: cr.close()
if l.simple_bind_s(res_company_ldap.ldap_binddn, res_company_ldap.ldap_password): base = res_company_ldap.ldap_base scope = ldap.SCOPE_SUBTREE filter = filter_format(res_company_ldap.ldap_filter, (user.login, )) retrieve_attributes = None result_id = l.search(base, scope, filter, retrieve_attributes) timeout = 60 result_type, result_data = l.result(result_id, timeout) if result_data and result_type == ldap.RES_SEARCH_RESULT and len( result_data) == 1: dn = result_data[0][0] if l.bind_s(dn, passwd): l.unbind() self._uid_cache.setdefault(db, {})[uid] = passwd cr.close() return True l.unbind() except Exception, e: logger.warning('cannot check', exc_info=True) pass cr.close() raise security.ExceptionNoTb('AccessDenied') users() # vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
def check_super(self, passwd): if passwd == tools.config['admin_passwd']: return True else: raise security.ExceptionNoTb('AccessDenied')