sender-based authentication
A few weeks ago I opened a discussion "sender-based authorisation" about something similar to "Approved: password", but where the password would be associated with a person (sender) rather than a list.
There seemed to be agreement in principle. (For the history, see that thread.)
Being completely new to both Mailman and python programming (though with several years of majordomo and perl behind me!) I thought I'd check that I'm on the right lines. Attached is a shot at a "UserAuth.py" module(?) to maintain the passwords, with ideas borrowed from "Utils.py".
Does it seem the right sort of thing? Does it conform to the spirit of Mailman? Or is it hopelessly wrong or idiosyncrantic?
I've also written myself a little command-line maintenance program to add, modify, delete, list, etc. entries in the database. (I have no plans to put any user-oriented WWW front end to this at present; I want to get the module and the command-line interface functional. Initially, our local use would be for us, the service, to maintain the entries, not (yet) for users to be able to maintain it.)
Thoughts?
--
: David Lee I.T. Service : : Senior Systems Programmer Computer Centre : : Durham University : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham DH1 3LE : : Phone: +44 191 334 2752 U.K. :
David Lee wrote:
Being completely new to both Mailman and python programming (though with several years of majordomo and perl behind me!) I thought I'd check that I'm on the right lines. Attached is a shot at a "UserAuth.py" module(?) to maintain the passwords, with ideas borrowed from "Utils.py".
Does it seem the right sort of thing? Does it conform to the spirit of Mailman? Or is it hopelessly wrong or idiosyncrantic?
It seems to me to be the right sort of thing, but I see some specific issues.
It might be better to use anydbm rather than dbm. Some Python installations might have dbhash and/or gdbm available and not dbm.
I'm not sure why you want to give default values of None to missing arguments when the arguments are really required and the default None values throw exceptions anyway.
The database file can be left open, either because of your explicit exceptions or because of exceptions due to 2). E.g.,
def add(user=None, password=None): oldmask = os.umask(026) try: file = dbm.open(filename, 'c') if file.has_key(user): raise KeyError file[user] = sha.new(password).hexdigest() file.close() finally: os.umask(oldmask)
If I call add(), then I get some exception (which depends on the particular dbm module) and file is not closed (until garbage collected which may not happen immediately). A subsequent call to add('user_name', 'user_pwd') may fail with a permission error on the open (again depending on the particular dbm module). It would be better to move file.close() into the finally clause, perhaps within its own try so it doesn't skip the resetting of umask if the open failed.
- PEP 8 recommends all lower case module names, although consistency with existing Mailman module names probably overrides that.
-- Mark Sapiro msapiro@value.net The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Jul 7, 2006, at 12:50 AM, Mark Sapiro wrote:
- PEP 8 recommends all lower case module names, although consistency with existing Mailman module names probably overrides that.
I haven't had time to look at the patch yet, but I've been trying to
be more aligned with PEP 8 in all new code, and at some point I'd
like to do a Grand Renaming (or er, grandrenaming) of the existing
modules (although some provision will have to be made for pickled
class names like Mailman.Message.Message).
So for new code, please use PEP 8 module names.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRK3pP3EjvBPtnXfVAQJCfAQArCmIYuu4UnFLojc8BHK0T/SSUSrj2ls0 63G4I17pjU7hKr5AlWnKvLTypQW37avPd/Snt9hrp2eFVLUoy1k2m6861cVVAfo6 D3fShbqRots/aGtCarQgvOQpHIMiTbaeajlItPX8FuPuujNtPPEODqJZq3ssz+Nm NBeZHJPxyK8= =eV92 -----END PGP SIGNATURE-----
participants (3)
-
Barry Warsaw
-
David Lee
-
Mark Sapiro