diff options
Diffstat (limited to 'Mailman/SecurityManager.py')
| -rw-r--r-- | Mailman/SecurityManager.py | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py index c3fd72adf..4a9bd5e4e 100644 --- a/Mailman/SecurityManager.py +++ b/Mailman/SecurityManager.py @@ -68,17 +68,26 @@ class SecurityManager: return 1 def ConfirmUserPassword(self, user, pw): - if self.ValidAdminPassword(pw): - return 1 - if not self.members.has_key(user) \ - and not self.digest_members.has_key(user): - user = self.FindUser(user) + """True if password is valid for site, list admin, or specific user.""" + if self.ValidAdminPassword(pw): + return 1 + # We need to obtain the right letter-case translated version, if any: + got = self.members.get(string.lower(user), None) + if got == None: + got = self.digest_members.get(string.lower(user), None) + if got == 0: # Found, and case translation unneeded: + normalized = user + elif got == None: # Not found in either members dict: + normalized = self.FindUser(user) + else: # Found, use case translation version: + normalized = got try: - if string.lower(pw) <> string.lower(self.passwords[user]): + # XXX Huh?? Why eliminate password case info?? klm # 11/23/98. + if (string.lower(pw) <> string.lower(self.passwords[normalized])): raise Errors.MMBadPasswordError except KeyError: raise Errors.MMBadUserError - return 1 + return 1 def ChangeUserPassword(self, user, newpw, confirm): self.IsListInitialized() |