diff --git a/etc/doorlockd.blacklist b/etc/doorlockd.blacklist new file mode 100644 index 0000000..bb2159f --- /dev/null +++ b/etc/doorlockd.blacklist @@ -0,0 +1,2 @@ +# Place blacklisted usernames here, separated by newlines. Blacklist applies to +# all authentication backends. diff --git a/etc/doorlockd.cfg b/etc/doorlockd.cfg index 6b322a8..3b68f31 100644 --- a/etc/doorlockd.cfg +++ b/etc/doorlockd.cfg @@ -15,6 +15,8 @@ SOUNDS = True # Local # LOCAL_USER_DB = /etc/doorlockd.passwd +# USER_BLACKLIST = /etc/doorlockd.blacklist + TITLE = Binary Kitchen Doorlock ROOM = Hauptraum WELCOME = Willkommen in der Binary Kitchen diff --git a/pydoorlock/Authenticator.py b/pydoorlock/Authenticator.py index a6b0aca..c9f613b 100644 --- a/pydoorlock/Authenticator.py +++ b/pydoorlock/Authenticator.py @@ -43,6 +43,17 @@ class Authenticator: self._simulate = cfg.boolean('SIMULATE_AUTH') self._backends = set() + f_blacklist = cfg.str('USER_BLACKLIST') + self._user_blacklist = set() + if f_blacklist: + with open(f_blacklist, 'r') as f: + for line in f: + line = line.strip() + if line.startswith('#'): + continue + if line: + self._user_blacklist.add(line) + if self._simulate: return @@ -104,13 +115,18 @@ class Authenticator: return DoorlockResponse.Success def try_auth(self, credentials): + user, password = credentials + + if user in self._user_blacklist: + return DoorlockResponse.Perm + if self._simulate: log.info('SIMULATION MODE! ACCEPTING ANYTHING!') return DoorlockResponse.Success if AuthMethod.LDAP_USER_PW in self._backends: - retval = self._try_auth_ldap(credentials[0], credentials[1]) + retval = self._try_auth_ldap(user, password) if retval == DoorlockResponse.Success: return retval if AuthMethod.LOCAL_USER_DB in self._backends: - return self._try_auth_local(credentials[0], credentials[1]) + return self._try_auth_local(user, password) return DoorlockResponse.Perm