A few weeks ago I opened a discussion "sender-based authorisation" about
something similar to "Approved: password", but where the password would be
associated with a person (sender) rather than a list.
There seemed to be agreement in principle. (For the history, see that
thread.)
Being completely new to both Mailman and python programming (though with
several years of majordomo and perl behind me!) I thought I'd check that
I'm on the right lines. Attached is a shot at a "UserAuth.py" module(?)
to maintain the passwords, with ideas borrowed from "Utils.py".
Does it seem the right sort of thing? Does it conform to the spirit of
Mailman? Or is it hopelessly wrong or idiosyncrantic?
I've also written myself a little command-line maintenance program to add,
modify, delete, list, etc. entries in the database. (I have no plans to
put any user-oriented WWW front end to this at present; I want to get the
module and the command-line interface functional. Initially, our local
use would be for us, the service, to maintain the entries, not (yet) for
users to be able to maintain it.)
Thoughts?
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: Durham University :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
#! /usr/bin/python
#
# Copyright (C) 2006 David Lee, Durham University, UK
#
# <<GPL>>
#
"""User (site-wide) table maintenance"""
import os
import sha
import dbm
#filename = os.path.join(DATA_DIR, 'userpw')
filename = 'userpw'
�
def add(user=None, password=None):
oldmask = os.umask(026)
try:
file = dbm.open(filename, 'c')
if file.has_key(user):
raise KeyError
file[user] = sha.new(password).hexdigest()
file.close()
finally:
os.umask(oldmask)
def check(user=None, password=None):
file = dbm.open(filename, 'r')
if not file.has_key(user):
raise KeyError
pwsha = file[user]
file.close()
return pwsha == sha.new(password).hexdigest()
def delete(user=None):
oldmask = os.umask(026)
try:
file = dbm.open(filename, 'c')
if not file.has_key(user):
raise KeyError
del file[user]
file.close()
finally:
os.umask(oldmask)
def list():
file = dbm.open(filename, 'r')
lret = {}
for key in file.keys():
lret[key] = file[key]
file.close()
return lret
def modify(user=None, password=None):
oldmask = os.umask(026)
try:
file = dbm.open(filename, 'c')
if not file.has_key(user):
raise KeyError
file[user] = sha.new(password).hexdigest()
file.close()
finally:
os.umask(oldmask)
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
