;cc@s]dZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z ddl m Z yddl Z Wne k reZ nXddlmZddlmZddlmZddlmZdd lmZmZyeefWnek r-d Zd ZnXd fd YZejdZdZdS(s0Handle passwords and sanitize approved messages.iN(t StringTypet TupleType(turlparse(tmm_cfg(tUtils(tErrors(tsyslog(tmd5_newtsha_newiitSecurityManagercBsbeZdZddZddZddZddZddZddZ dZ RS( cCsd|_d|_i|_dS(N(tNonet mod_passwordt post_passwordt passwords(tself((s6/export/web/mailman/mailman/Mailman/SecurityManager.pytInitVarsPs  cCsY|jd}|tjkr|dkr7tdntjtj|}|j |}tj tj |dd}|d|7}n|tj kr|j }|d7}n|tjkr|j}|d7}nx|tjkr|j}|d7}nS|tjkrKtj}tjr5|r5|}d }qO|j}|d7}nd S||fS( Nt+s%No user supplied for AuthUser contexttsafetsuser+%stpostert moderatortadmintsite(NN(t internal_nameRtAuthUserR t TypeErrorRtUnobscureEmailturllibtunquotetgetMemberPasswordtquotet ObscureEmailtAuthListPosterR tAuthListModeratorR t AuthListAdmintpasswordt AuthSiteAdmintget_global_passwordtALLOW_SITE_ADMIN_COOKIES(Rt authcontexttusertkeytsecrettuserdatatsitepass((s6/export/web/mailman/mailman/Mailman/SecurityManager.pytAuthContextInfoZs4             c Cs|s tjSx|D]}|tjkrNtj|dd}|rtjSq|tjkr|tj|}|rtjSq|tjkrd}|j|\}}|dkrqnt |j } t } }| |krt }nAt |j|krt }} n|||r-t }} n| rt } |jsX|jt } nz | |_| rw|jnWd| r|jnXn|r|Sq|tjkr|j|\}}|rt |j |kr|Sq|tjkr1|j|\}}|rt |j |kr|Sq|tjkr|dk ry|j||re|SWqtjk r|qXqqtdd|td|qWtjS(Nt siteadminicSsMy4|d }tr/tj|||kr/tStSWntk rHtSXdS(Ni(tcrypttTruetFalseR(tresponseR*tsalt((s6/export/web/mailman/mailman/Mailman/SecurityManager.pyt cryptmatchps  terrorsBad authcontext: %s(Rt UnAuthorizedt AuthCreatorRtcheck_global_passwordR$R"R-R Rt hexdigestR1R0RtdigesttLockedtLockR#tSavetUnlockR!R RtauthenticateMemberRtNotAMemberErrorRt ValueError( Rt authcontextsR2R(tactokR4R)R*t sharesponsetupgradetsave_and_unlock((s6/export/web/mailman/mailman/Mailman/SecurityManager.pyt Authenticatesn                cCsax*|D]"}|j||}|rtSqW|j|||}|r]|j||GHtStS(N(t CheckCookieR0RHt MakeCookieR1(RRBR2R(RCRD((s6/export/web/mailman/mailman/Mailman/SecurityManager.pytWebAuthenticates c Cs|j||\}}|dks@|dks@t|t rItnttj}t|| j}t j }t j t j||f||s6           $