[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] svnperms.py Allow authentication against AcitveDirectory groups

From: Paul Kendall <Paul.Kendall_at_orion.co.nz>
Date: 2004-09-03 03:30:01 CEST

The patch here allows you to enter a space-trimmed active directory usergroup name
in the groups section.

So you can add users to your repository permissions checks by adding them to groups
managed by ActiveDirectory rather than editing the svnperms.conf file all the time :-)

Heres an example of how we use it. TeamGroup is an ActiveGroup actually "Team Group" but
we strip the spaces for svnperms.py.

I hope this patch helps others like it has us and can make it into the main source tree.

[groups]
admin = domain\paul
owner = domain\david
commit = TeamGroup

[perms]
.* = @admin(add,remove,update)
trunk/.* = @admin(add,remove,update) @commit(add,remove,update)

Index: svnperms.py
===================================================================
--- svnperms.py (revision 10372)
+++ svnperms.py (working copy)
@@ -9,6 +9,8 @@
 import sys, os
 import getopt
 import re
+if sys.platform == "win32":
+ import win32net
 
 __author__ = "Gustavo Niemeyer <niemeyer@conectiva.com>"
 
@@ -111,12 +113,24 @@
                         users.append(groupuser)
                 self._permlist.append((pattern, users, perms))
 
+ def _getgrouplist(self, user):
+ if sys.platform == "win32":
+ domain, username = user.split('\\')
+ groups = [groupdata[0].replace(' ', '') for groupdata in win32net.NetUserGetGroups(win32net.NetGetAnyDCName(None, domain), username)]
+ else:
+ groups = []
+ return groups
+
     def get(self, user, path):
- ret = []
+ groups = self._getgrouplist(user)
         for pattern, users, perms in self._permlist:
- if pattern.match(path) and (user in users or "*" in users):
- ret = perms
- return ret
+ if pattern.match(path):
+ if (user in users or "*" in users):
+ return perms
+ for groupname in groups:
+ if groupname in users:
+ return perms
+ return []
 
 class SVNLook:
     def __init__(self, repospath, txn=None, rev=None):

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 3 03:33:46 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.