/usr/share/pyshared/pywebdav/server/mysqlauth.py is in python-webdav 0.9.8-7.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | #Copyright (c) 1999 Christian Scholz (ruebe@aachen.heimat.de)
#
#This library is free software; you can redistribute it and/or
#modify it under the terms of the GNU Library General Public
#License as published by the Free Software Foundation; either
#version 2 of the License, or (at your option) any later version.
#
#This library is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
#Library General Public License for more details.
#
#You should have received a copy of the GNU Library General Public
#License along with this library; if not, write to the Free
#Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
#MA 02111-1307, USA
from fileauth import DAVAuthHandler
class MySQLAuthHandler(DAVAuthHandler):
"""
Provides authentication based on a mysql table
"""
def get_userinfo(self,user,pw,command):
""" authenticate user """
# Commands that need write access
nowrite=['OPTIONS','PROPFIND','GET']
Mysql=self._config.MySQL
DB=Mconn(Mysql.user,Mysql.passwd,Mysql.host,Mysql.port,Mysql.dbtable)
if self.verbose:
print >>sys.stderr,user,command
qry="select * from %s.Users where User='%s' and Pass='%s'"%(Mysql.dbtable,user,pw)
Auth=DB.execute(qry)
if len(Auth) == 1:
can_write=Auth[0][3]
if not can_write and not command in nowrite:
self._log('Authentication failed for user %s using command %s' %(user,command))
return 0
else:
self._log('Successfully authenticated user %s writable=%s' % (user,can_write))
return 1
else:
self._log('Authentication failed for user %s' % user)
return 0
self._log('Authentication failed for user %s' % user)
return 0
|