-
- """
- Verify the users pin
- """
- def _check_pin(self, uid, pin):
- print "_check_pin('",uid,"',---)"
- if uid != self._pin_uid:
- try:
- info = pwd.getpwuid(uid)
- except KeyError:
- logging.info('getting pin for uid %d: user not in password file'%uid)
- return None
- if info.pw_dir == None: return False
- pinfile = os.path.join(info.pw_dir, '.pin')
- try:
- s = os.stat(pinfile)
- except OSError:
- logging.info('getting pin for uid %d: .pin not found in home directory'%uid)
- return None
- if s.st_mode & 077:
- logging.info('getting pin for uid %d: .pin has wrong permissions. Fixing.'%uid)
- os.chmod(pinfile, 0600)
- try:
- f = file(pinfile)
- except IOError:
- logging.info('getting pin for uid %d: I cannot read pin file'%uid)
- return None
- pinstr = f.readline()
- f.close()
- if not re.search('^'+'[0-9]'*PIN_LENGTH+'$', pinstr):
- logging.info('getting pin for uid %d: %s not a good pin'%(uid,repr(pinstr)))
- return None
- self._pin_uid = uid
- self._pin_pin = pinstr
- self._pin_uname = info.pw_name
- else:
- pinstr = self._pin_pin
- if pin == int(pinstr):
- logging.info("Pin correct for %d",uid)
- else:
- logging.info("Pin incorrect for %d",uid)
- return pin == int(pinstr)
-
- """
- Check if the users account has been disabled
- """
- def acct_is_disabled(self, name=None):
- if name == None:
- name = self._pin_uname
- acct, unused = Popen(['dispense', 'acct', self._pin_uname], close_fds=True, stdout=PIPE).communicate()
- # this is fucking appalling
- flags = acct[acct.find("(")+1:acct.find(")")].strip()
- if 'disabled' in flags:
- return True
- if 'internal' in flags:
- return True
- return False
-
- """
- Check that the user has a valid pin set
- """
- def has_good_pin(self, uid):
- return self._check_pin(uid, None) != None
-
- """
- Verify the users pin.
- """
- def verify_user_pin(self, uid, pin, skip_pin_check=False):
- if skip_pin_check or self._check_pin(uid, pin) == True:
- info = pwd.getpwuid(uid)
- if skip_pin_check:
- if self.acct_is_disabled(info.pw_name):
- logging.info('refused mifare for disabled acct uid %d (%s)'%(uid,info.pw_name))
- return '-disabled-'
- logging.info('accepted mifare for uid %d (%s)'%(uid,info.pw_name))
- else:
- logging.info('accepted pin for uid %d (%s)'%(uid,info.pw_name))
- return info.pw_name
- else:
- logging.info('refused pin for uid %d'%(uid))
- return None
-