source: remit/mit/__init__.py @ 5c334f6

client
Last change on this file since 5c334f6 was 3b03cc6, checked in by Alex Dehnert <adehnert@…>, 14 years ago

Fix issues with user setup in the scripts backend

In particular:

  • Properly escape usernames before passing them to LDAP
  • Error out if the user can't be found

In theory, neither should be an issue, because this should only get called if
certs are in use, so the username should be sane and present in LDAP.

Thanks to Anders for bringing the first issue to my attention.
  • Property mode set to 100644
File size: 2.0 KB
Line 
1import subprocess
2import ldap
3import ldap.filter
4
5from django.contrib.auth.middleware import RemoteUserMiddleware
6from django.contrib.auth.backends import RemoteUserBackend
7from django.contrib import auth
8from django.core.exceptions import ObjectDoesNotExist
9
10def zephyr(msg, clas='remit', instance='log', rcpt='adehnert',):
11    proc = subprocess.Popen(
12        ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
13        stdin=subprocess.PIPE, stdout=subprocess.PIPE
14    )
15    proc.communicate(msg)
16
17class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
18    header = 'SSL_CLIENT_S_DN_Email'
19
20class ScriptsRemoteUserBackend(RemoteUserBackend):
21    def clean_username(self, username, ):
22        if '@' in username:
23            name, domain = username.split('@')
24            assert domain.upper() == 'MIT.EDU'
25            return name
26        else:
27            return username
28    def configure_user(self, user, ):
29        username = user.username
30        user.password = "ScriptsSSLAuth"
31        con = ldap.open('ldap.mit.edu')
32        con.simple_bind_s("", "")
33        dn = "dc=mit,dc=edu"
34        fields = ['cn', 'sn', 'givenName', 'mail', ]
35        userfilter = ldap.filter.filter_format('uid=%s', [username])
36        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
37        if len(result) == 1:
38            user.first_name = result[0][1]['givenName'][0]
39            user.last_name = result[0][1]['sn'][0]
40            user.email = result[0][1]['mail'][0]
41            try:
42                user.groups.add(auth.models.Group.objects.get(name='mit'))
43            except ObjectDoesNotExist:
44                print "Failed to retrieve mit group"
45        else:
46            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
47        try:
48            user.groups.add(auth.models.Group.objects.get(name='autocreated'))
49        except ObjectDoesNotExist:
50            print "Failed to retrieve autocreated group"
51        user.save()
52        return user
Note: See TracBrowser for help on using the repository browser.