making radicale support authenticated user from apache

2013-08-27 10:55:30 +02:00 · 2013-08-27 10:55:30 +02:00 · 34163c5020
commit 34163c5020
parent e2dbdd4d96
3 changed files with 38 additions and 3 deletions
--- a/6
+++ b/6
@ -3,7 +3,7 @@

 # Config file for Radicale - A simple calendar server
 #
-# Place it into /etc/radicale/config (global) 
+# Place it into /etc/radicale/config (global)
 # or ~/.config/radicale/config (user)
 #
 # The current values are the default ones
@ -47,7 +47,7 @@ stock = utf-8

 [auth]
 # Authentication method
-# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | custom
+# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | custom | apache
 type = None

 # custom auth handler
@ -69,7 +69,7 @@ ldap_attribute = uid
 # placed as X in a query of the form (&(...)X)
 # example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
 # leave empty if no additional filter is needed
-ldap_filter = 
+ldap_filter =
 # LDAP dn for initial login, used if LDAP server does not allow anonymous searches
 # Leave empty if searches are anonymous
 ldap_binddn =
--- a/radicale/init.py
+++ b/radicale/init.py
@ -273,10 +273,15 @@ class Application(object):
        # Ask authentication backend to check rights
        authorization = environ.get("HTTP_AUTHORIZATION", None)

+        # Get the apache authentified user
+        remote_user = environ.get("REMOTE_USER", None)
+
        if authorization:
            authorization = authorization.lstrip("Basic").strip()
            user, password = self.decode(base64.b64decode(
                authorization.encode("ascii")), environ).split(":", 1)
+        elif remote_user:
+            user, password = remote_user, None
        else:
            user = password = None

--- a/radicale/auth/apache.py
+++ b/radicale/auth/apache.py
@ -0,0 +1,30 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Radicale Server - Calendar Server
+# Copyright © 2012 Ehsanul Hoque
+# Copyright © 2013 Guillaume Ayoub
+#
+# This library is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Trusting apache auth mechanism.
+"""
+
+from .. import log
+
+
+def is_authenticated(user, password):
+    """Check if ``user`` is defined and assuming it's valid."""
+    log.LOGGER.debug('Got user %r from apache.' % user)
+    return user is not None