IdentityManagement: sosmbprovider-(after_r1512).py

File sosmbprovider-(after_r1512).py, 3.2 kB (added by Joel Pearson, 2 years ago)

Simplified version for use with TurboGears r1512 and later (post-0.9a6)

Line 
1 # sosmbprovider.py
2 """
3 NOTE: This is intended as "example code", not as a finished product!
4 Use at your own risk. (etc.)
5
6 Written by Joel Pearson for the TurboGears project.
7
8 This is a TurboGears Identity provider that's identical to the SQLObject
9 provider, except that passwords are checked against a Windows/Samba domain.
10 To be more precise, it's a subclass of SqlObjectIdentityProvider that
11 overrides the validate_password() method.
12
13 IMPORTANT: This is *not* a standalone SMB Identity provider!
14 You still have to create a user record in the database for each
15 domain user that you want to have log in. The only difference between this
16 provider and the standard sqlobject provider is that sosmbprovider ignores
17 the password field in the user model, and validates the user-supplied password
18 against the domain password, instead.
19
20 It requires Python Win32 extensions, so it only works on Windows servers.
21
22 To use:
23
24 1) IMPORTANT: Follow all instructions provided for setting up and using the
25 SqlObjectProvider, including creating the tables and adding users and groups.
26 Try logging in. MAKE SURE THIS WORKS BEFORE PROCEEDING! None of what follows
27 will work until the standard "sqlobject" provider is working.
28
29 2) Install the Win32 extensions.
30
31 3) Save this file into the identity folder under your TurboGears installation
32 as "sosmbprovider.py".
33
34 4) Edit the entry_points.txt file of your TurboGears installation (such as
35 C:\Python24\Lib\site-packages\TurboGears-0.9a6-py2.4.egg\EGG-INFO\entry_points.txt)
36 and add the following line under the [turbogears.identity.provider] section:
37
38 sosmbprovider = turbogears.identity.sosmbprovider:SoSmbIdentityProvider
39
40 5) Add the following lines under the [global] section in a config file (such as app.cfg):
41
42 identity.provider='sosmbprovider'
43 identity.sosmbprovider.smb_domain="PUT_YOUR_DOMAIN_HERE"
44
45 6) Restart TurboGears, and try to log in. Identity should authenticate logins
46 using the usernames and passwords of the domain you specified in step 4.
47
48 """
49
50 from soprovider import *
51
52 from win32security import LogonUser, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT
53 from win32security import error as LogonError
54    
55 # Global class references -- these will be set when the Provider is initialised.
56 smb_domain = None
57
58 class SoSmbIdentityProvider(SqlObjectIdentityProvider):
59     '''
60     IdentityProvider that uses a model from a database (via SQLObject).
61     '''
62    
63     def __init__(self):
64         super(SoSmbIdentityProvider, self).__init__()
65         get = turbogears.config.get
66         global smb_domain
67         smb_domain = get("identity.sosmbprovider.smb_domain", None)
68            
69     def validate_password(self, user, user_name, password):
70         '''
71         Validates user_name and password against a Windows/Samba domain
72         specified in the identity.sosmbprovider.smb_domain config parameter.
73         It's just a wrapper for win32security.LogonUser().
74         '''
75         global smb_domain
76         try:
77             token = LogonUser(user_name,
78                               smb_domain,
79                               password,
80                               LOGON32_LOGON_NETWORK,
81                               LOGON32_PROVIDER_DEFAULT)
82         except LogonError, e:
83             return False
84         else:
85             return bool(token)   # usually True