17 |
17 |
|
18 |
18 |
# imports ead2
|
19 |
19 |
from ead2.lib.libbackend import PamAuth
|
20 |
|
from ead2.lib.libsecure import ServerContextFactory
|
|
20 |
from ead2.lib.libsecure import ServerContextFactory, _gain_privileges, _drop_privileges
|
21 |
21 |
from ead2.backend.lib import error
|
22 |
22 |
from ead2.backend.lib.action import get_action, get_action_classes
|
23 |
23 |
from ead2.backend.lib.actionlist import load_actions
|
... | ... | |
26 |
26 |
from ead2.backend.lib.perm.registry import PermissionManager
|
27 |
27 |
|
28 |
28 |
#fichier de config specifique au backend
|
29 |
|
from ead2.backend.config.config import (NOBODY_UID, NOBODY_GID,
|
30 |
|
FRONTEND_KEYS_FILE, CONFIG_DIR, TEMPLATE_DIR, EOLE_MODULE, debug)
|
|
29 |
from ead2.backend.config.config import (FRONTEND_KEYS_FILE, CONFIG_DIR, TEMPLATE_DIR, EOLE_MODULE, debug)
|
31 |
30 |
#fichier de config de l'EAD, contenant les infos importantes
|
32 |
31 |
#sur les tickets de session du sso
|
33 |
32 |
from ead2.config.config import AUTH_SERVER, BACKEND_LISTEN_PORT
|
... | ... | |
59 |
58 |
return file(templatefile, 'r').read()
|
60 |
59 |
raise AssertionError
|
61 |
60 |
|
62 |
|
def _drop_privileges():
|
63 |
|
"""
|
64 |
|
drop de privileges vers nobody/nobody passage en root
|
65 |
|
"""
|
66 |
|
setegid(NOBODY_GID)
|
67 |
|
seteuid(NOBODY_UID)
|
68 |
|
|
69 |
|
def _gain_privileges(uid, gid):
|
70 |
|
"""
|
71 |
|
on donne les privileges uid, gid
|
72 |
|
"""
|
73 |
|
seteuid(uid)
|
74 |
|
setegid(gid)
|
75 |
|
|
76 |
61 |
def get_username(infos):
|
77 |
62 |
"""
|
78 |
63 |
Renvoie le username depuis les informations utilisateurs
|