You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Paul Kendall <Pa...@orion.co.nz> on 2004/09/03 01:30:01 UTC

[PATCH] svnperms.py Allow authentication against AcitveDirectory groups

The patch here allows you to enter a space-trimmed active directory usergroup name
in the groups section.

So you can add users to your repository permissions checks by adding them to groups
managed by ActiveDirectory rather than editing the svnperms.conf file all the time :-)

Heres an example of how we use it.  TeamGroup is an ActiveGroup actually "Team Group" but
we strip the spaces for svnperms.py.

I hope this patch helps others like it has us and can make it into the main source tree.

[groups]
admin = domain\paul
owner = domain\david
commit = TeamGroup

[perms]
.* = @admin(add,remove,update)
trunk/.* = @admin(add,remove,update) @commit(add,remove,update)

Index: svnperms.py
===================================================================
--- svnperms.py	(revision 10372)
+++ svnperms.py	(working copy)
@@ -9,6 +9,8 @@
 import sys, os
 import getopt
 import re
+if sys.platform == "win32":
+    import win32net
 
 __author__ = "Gustavo Niemeyer <ni...@conectiva.com>"
 
@@ -111,12 +113,24 @@
                         users.append(groupuser)
                 self._permlist.append((pattern, users, perms))
 
+    def _getgrouplist(self, user):
+        if sys.platform == "win32":
+            domain, username = user.split('\\')
+            groups = [groupdata[0].replace(' ', '') for groupdata in win32net.NetUserGetGroups(win32net.NetGetAnyDCName(None, domain), username)]
+        else:
+            groups = []
+        return groups
+        
     def get(self, user, path):
-        ret = []
+        groups = self._getgrouplist(user)
         for pattern, users, perms in self._permlist:
-            if pattern.match(path) and (user in users or "*" in users):
-                ret = perms
-        return ret
+            if pattern.match(path):
+                if (user in users or "*" in users):
+                    return perms
+                for groupname in groups:
+                    if groupname in users:
+                        return perms
+        return []
 
 class SVNLook:
     def __init__(self, repospath, txn=None, rev=None):

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: [PATCH] svnperms.py Allow authentication against AcitveDirectory groups

Posted by Michael W Thelen <th...@cs.utah.edu>.

"Paul Kendall" <Pa...@orion.co.nz> [2004-09-03 13:30:01]:
> The patch here allows you to enter a space-trimmed active directory =
> usergroup name
> in the groups section.

Thank you, I've filed the patch as issue #2051:
http://subversion.tigris.org/issues/show_bug.cgi?id=2051

-- 
Michael W Thelen
It is a mistake to think you can solve any major problems just with potatoes.
                -- Douglas Adams

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org