1
2
3
4
5
6
7
8
9
10
11
12
13
14 import os
15 from random import random
16 from datetime import datetime
17 from sets import Set as set
18
19 from OFS.Folder import Folder
20 from Products.PluggableAuthService import plugins
21 from Products.PluggableAuthService import interfaces
22 from Products.PluggableAuthService import PluggableAuthService
23
24
25 ZENOSS_ROLES = ['ZenUser', 'ZenManager']
26
27
37
38
40 """
41 Note: copied and adapted from AccessControl.User.BasicUser
42
43 If there are no users or only one user in this user folder,
44 populates from the 'inituser' file in the instance home.
45 We have to do this even when there is already a user
46 just in case the initial user ignored the setup messages.
47 We don't do it for more than one user to avoid
48 abuse of this mechanism.
49 Called only by OFS.Application.initialize().
50 """
51 from AccessControl.User import readUserAccessFile
52
53 plugins = self.plugins.listPlugins(
54 interfaces.plugins.IUserEnumerationPlugin)
55
56 userCounts = [ len(plugin.listUserInfo()) for id, plugin in plugins if hasattr(plugin, "listUserInfo")]
57
58 if len(userCounts) <= 1:
59 info = readUserAccessFile('inituser')
60 if info:
61 import App.config
62 name, password, domains, remote_user_mode = info
63 userManagers = self.plugins.listPlugins(interfaces.plugins.IUserAdderPlugin)
64 roleManagers = self.plugins.listPlugins(interfaces.plugins.IRolesPlugin)
65 for pluginId, userPlugin in userManagers:
66
67 try:
68 userPlugin.removeUser(name)
69 except KeyError:
70
71 pass
72
73 userPlugin.doAddUser(name, password)
74
75 for pluginId, rolePlugin in roleManagers:
76 rolePlugin.assignRoleToPrincipal('Manager', name)
77 cfg = App.config.getConfiguration()
78
79 try:
80 os.remove(os.path.join(cfg.instancehome, 'inituser'))
81 except:
82 pass
83
84
94
95
97 acl = context.acl_users
98 id = 'basicAuthHelper'
99 if not hasattr(acl, id):
100 plugins.HTTPBasicAuthHelper.addHTTPBasicAuthHelper(acl, id)
101 interfaces = []
102 physPath = '/'.join(context.getPhysicalPath())
103 if physPath == '':
104 interfaces = ['IExtractionPlugin', 'IChallengePlugin',
105 'ICredentialsResetPlugin']
106 elif physPath == '/zport':
107 interfaces = ['IExtractionPlugin', 'IChallengePlugin']
108 acl.basicAuthHelper.manage_activateInterfaces(interfaces)
109
110
112 acl = context.acl_users
113 id = 'cookieAuthHelper'
114 if not hasattr(acl, id):
115 plugins.CookieAuthHelper.addCookieAuthHelper(acl, id)
116 interfaces = []
117
118
119 physPath = '/'.join(context.getPhysicalPath())
120 if physPath == '':
121 interfaces = ['IExtractionPlugin']
122 elif physPath == '/zport':
123 interfaces = ['IExtractionPlugin',
124 'ICredentialsResetPlugin',
125 'IChallengePlugin']
126 if primaryAuth:
127 interfaces.append('ICredentialsUpdatePlugin')
128 acl.cookieAuthHelper.manage_activateInterfaces(interfaces)
129
131 acl = context.acl_users
132 id = 'sessionAuthHelper'
133 if not hasattr(acl, id):
134 plugins.SessionAuthHelper.manage_addSessionAuthHelper(acl, id)
135
136 interfaces = ['IExtractionPlugin',
137 'ICredentialsResetPlugin']
138 if primaryAuth:
139 interfaces.append('ICredentialsUpdatePlugin')
140 acl.sessionAuthHelper.manage_activateInterfaces(interfaces)
141
143 """
144 This sets cookie authentication as the primary auth
145 mechanism. This means that the users credentials will be stored
146 encoded in a cookie.
147 """
148 setupCookieHelper(context, primaryAuth=True)
149 setupSessionHelper(context, primaryAuth=False)
150
152 """
153 Stores the user credentials in the session and the token is sent
154 to the server. The user will be forced to re-login when zope
155 restarts or the session times out.
156 """
157 setupCookieHelper(context, primaryAuth=False)
158 setupSessionHelper(context, primaryAuth=True)
159
161 acl = context.acl_users
162 id = 'roleManager'
163 if not hasattr(acl, id):
164 plugins.ZODBRoleManager.addZODBRoleManager(acl, id)
165 acl.roleManager.manage_activateInterfaces(['IRolesPlugin',
166 'IRoleEnumerationPlugin', 'IRoleAssignerPlugin'])
167
168 for role in ZENOSS_ROLES:
169 try:
170 acl.roleManager.addRole(role)
171 except KeyError:
172
173 pass
174
175
177 acl = context.acl_users
178 id = 'userManager'
179 if not hasattr(acl, id):
180 plugins.ZODBUserManager.addZODBUserManager(acl, id)
181 acl.userManager.manage_activateInterfaces(['IAuthenticationPlugin',
182 'IUserEnumerationPlugin', 'IUserAdderPlugin'])
183
184
186 acl = context.acl_users
187 id = 'requestTypeSniffer'
188 if not hasattr(acl, id):
189 plugins.RequestTypeSniffer.addRequestTypeSnifferPlugin(acl, id)
190 acl.requestTypeSniffer.manage_activateInterfaces(['IRequestTypeSniffer'])
191
192
194 acl = context.acl_users
195 id = 'protocolChooser'
196 if not hasattr(acl, id):
197 plugins.ChallengeProtocolChooser.addChallengeProtocolChooserPlugin(acl,
198 id)
199 acl.protocolChooser.manage_activateInterfaces([
200 'IChallengeProtocolChooser'])
201 protocolMapping = {}
202
203 physPath = '/'.join(context.getPhysicalPath())
204 if physPath == '':
205 protocolMapping = {
206 'Browser': ['http'],
207 'FTP': ['http'],
208 'WebDAV': ['http'],
209 'XML-RPC': ['http'],
210 }
211 elif physPath == '/zport':
212 protocolMapping = {
213 'FTP': ['http'],
214 'WebDAV': ['http'],
215 'XML-RPC': ['http'],
216 }
217
218 icookie = plugins.CookieAuthHelper.ICookieAuthHelper
219 ichallenge = interfaces.plugins.IChallengePlugin
220 challenge = [ p for id, p in acl.plugins.listPlugins(ichallenge) ]
221
222 cookiePlugins = [ p for p in challenge if icookie.providedBy(p) ]
223
224
225
226
227 cookie = cookiePlugins[0]
228 index = challenge.index(cookie)
229 for i in xrange(index):
230 acl.plugins.movePluginsUp(ichallenge, [cookie.id])
231 acl.protocolChooser.manage_updateProtocolMapping(protocolMapping)
232
233
244
245
275
276
313