diff --git a/config b/config index 2d93905..ea14ebb 100644 --- a/config +++ b/config @@ -3,7 +3,7 @@ # Config file for Radicale - A simple calendar server # -# Place it into /etc/radicale/config (global) +# Place it into /etc/radicale/config (global) # or ~/.config/radicale/config (user) # # The current values are the default ones @@ -47,7 +47,7 @@ stock = utf-8 [auth] # Authentication method -# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | custom +# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | custom | apache type = None # custom auth handler @@ -69,7 +69,7 @@ ldap_attribute = uid # placed as X in a query of the form (&(...)X) # example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org) # leave empty if no additional filter is needed -ldap_filter = +ldap_filter = # LDAP dn for initial login, used if LDAP server does not allow anonymous searches # Leave empty if searches are anonymous ldap_binddn = diff --git a/radicale/__init__.py b/radicale/__init__.py index 9222e9c..0a851d9 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -273,10 +273,15 @@ class Application(object): # Ask authentication backend to check rights authorization = environ.get("HTTP_AUTHORIZATION", None) + # Get the apache authentified user + remote_user = environ.get("REMOTE_USER", None) + if authorization: authorization = authorization.lstrip("Basic").strip() user, password = self.decode(base64.b64decode( authorization.encode("ascii")), environ).split(":", 1) + elif remote_user: + user, password = remote_user, None else: user = password = None diff --git a/radicale/auth/apache.py b/radicale/auth/apache.py new file mode 100644 index 0000000..7c3cf16 --- /dev/null +++ b/radicale/auth/apache.py @@ -0,0 +1,30 @@ +# -*- coding: utf-8 -*- +# +# This file is part of Radicale Server - Calendar Server +# Copyright © 2012 Ehsanul Hoque +# Copyright © 2013 Guillaume Ayoub +# +# This library is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Radicale. If not, see . + +""" +Trusting apache auth mechanism. +""" + +from .. import log + + +def is_authenticated(user, password): + """Check if ``user`` is defined and assuming it's valid.""" + log.LOGGER.debug('Got user %r from apache.' % user) + return user is not None