This file is indexed.

/usr/share/pyshared/MoinMoin/auth/sslclientcert.py is in python-moinmoin 1.9.3-1ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - SSL client certificate authentication

    Currently not supported for Twisted web server, but only for web servers
    setting SSL_CLIENT_* environment (e.g. Apache).

    @copyright: 2003 Martin v. Loewis,
                2006 MoinMoin:ThomasWaldmann
    @license: GNU GPL, see COPYING for details.
"""

from MoinMoin import config, user
from MoinMoin.auth import BaseAuth

class SSLClientCertAuth(BaseAuth):
    """ authenticate via SSL client certificate """

    name = 'sslclientcert'

    def __init__(self, authorities=None,
                 email_key=True, name_key=True,
                 use_email=False, use_name=False,
                 autocreate=False):
        self.use_email = use_email
        self.authorities = authorities
        self.email_key = email_key
        self.name_key = name_key
        self.use_email = use_email
        self.use_name = use_name
        self.autocreate = autocreate
        BaseAuth.__init__(self)

    def request(self, request, user_obj, **kw):
        u = None
        changed = False

        env = request.environ
        if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':

            # check authority list if given
            if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities:
                return user_obj, True

            email_lower = None
            if self.email_key:
                email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset)
                email_lower = email.lower()
            commonname_lower = None
            if self.name_key:
                commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset)
                commonname_lower = commonname.lower()
            if email_lower or commonname_lower:
                for uid in user.getUserList(request):
                    u = user.User(request, uid,
                                  auth_method=self.name, auth_attribs=())
                    if self.email_key and email_lower and u.email.lower() == email_lower:
                        u.auth_attribs = ('email', 'password')
                        if self.use_name and commonname_lower != u.name.lower():
                            u.name = commonname
                            changed = True
                            u.auth_attribs = ('email', 'name', 'password')
                        break
                    if self.name_key and commonname_lower and u.name.lower() == commonname_lower:
                        u.auth_attribs = ('name', 'password')
                        if self.use_email and email_lower != u.email.lower():
                            u.email = email
                            changed = True
                            u.auth_attribs = ('name', 'email', 'password')
                        break
                else:
                    u = None
                if u is None:
                    # user wasn't found, so let's create a new user object
                    u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
                                  auth_method=self.name)
                    u.auth_attribs = ('name', 'password')
                    if self.use_email:
                        u.email = email
                        u.auth_attribs = ('name', 'email', 'password')
        elif user_obj and user_obj.auth_method == self.name:
            user_obj.valid = False
            return user_obj, False
        if u and self.autocreate:
            u.create_or_update(changed)
        if u and u.valid:
            return u, True
        else:
            return user_obj, True