Changeset - 74e669d8a479
Parent rev.
Child rev.
[Not reviewed]
stable
0 2 0
Mads Kiilerich - 10 years ago 2015-12-25 12:32:25
madski@unity3d.com
auth: fail pam and internal authentication attempts if no username is provided (Issue #180)

When the Mercurial client communicates with a server over HTTP, it will always
first try to perform operations unauthenticated before providing credentials.
Authentication attempts without credentials is usually pointless and will just
slow operations down.

Some authentication plugins (such as LDAP) already skipped these
unauthenticated requests. Now, do the same for other authentication plugions.

Other authentication plugins also skip if no password is provided ... but that
doesn't seem necessary.
2 files changed with 6 insertions and 0 deletions:
kallithea/lib/auth_modules/auth_internal.py
3
kallithea/lib/auth_modules/auth_pam.py
3
0 comments (0 inline, 0 general)
kallithea/lib/auth_modules/auth_internal.py
Show inline comments
 
@@ -64,12 +64,15 @@ class KallitheaAuthPlugin(auth_modules.K
 
            log.debug('userobj was:%s skipping', userobj)
 
            return None
 
        if userobj.extern_type != self.name:
 
            log.warning("userobj:%s extern_type mismatch got:`%s` expected:`%s`",
 
                     userobj, userobj.extern_type, self.name)
 
            return None
 
        if not username:
 
            log.debug('Empty username - skipping...')
 
            return None
 

			




	
	
	
		
 
        user_data = {

			




	
	
	
		
 
            "username": userobj.username,

			




	
	
	
		
 
            "firstname": userobj.firstname,

			




	
	
	
		
 
            "lastname": userobj.lastname,

			




	
	
	
		
 
            "groups": [],

			




        

    


    
    

    

        

                

                    kallithea/lib/auth_modules/auth_pam.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -82,12 +82,15 @@ class KallitheaAuthPlugin(auth_modules.K

			




	
	
	
		
 
        return settings

			




	
	
	
		
 

			




	
	
	
		
 
    def use_fake_password(self):

			




	
	
	
		
 
        return True

			




	
	
	
		
 

			




	
	
	
		
 
    def auth(self, userobj, username, password, settings, **kwargs):

			




	
	
	
		
 
        if not username:

			




	
	
	
		
 
            log.debug('Empty username - skipping...')

			




	
	
	
		
 
            return None

			




	
	
	
		
 
        if username not in _auth_cache:

			




	
	
	
		
 
            # Need lock here, as PAM authentication is not thread safe

			




	
	
	
		
 
            _pam_lock.acquire()

			




	
	
	
		
 
            try:

			




	
	
	
		
 
                auth_result = pam.authenticate(username, password,

			




	
	
	
		
 
                                               settings["service"])

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.