def testHashIsEmptyString(self):
     password = "******"
     # On some systems (e.g. Mac OS X) the crypt() function can handle
     # empty salts, while on others (e.g. Debian lenny) the crypt() function
     # returns an empty hash if an empty salt is passed in. If the latter
     # is the case, password_validate() will not work properly due to how
     # employs crypt() for its implementation. This test case will always
     # fail, which makes it pretty useless. Instead of removing the test
     # case altogether, we execute it only if the system crypt() behaviour
     # lets us assume that it might succeed.
     salt = ""
     import crypt
     if len(crypt.crypt(password, salt)) is 0:
         return
     hash = ""
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
Beispiel #2
0
  def authenticate(self, username=None, password=None):
    """
    Authenticates against the database using Apache Portable Runtime MD5 hash function.
    """

    if not APR_ENABLED:
      return None

    try:
      user = auth_models.User.objects.get(username__iexact=username)
      if aprmd5.password_validate(password, user.password):
        # Successfully checked password, so we change it to the Django password format
        user.set_password(password)
        user.save()
        return user
    except ValueError:
      return None
    except auth_models.User.DoesNotExist:
      return None
 def testHashHasNoSalt(self):
     password = "******"
     hash = "$apr1$vGRl2mLvDG8pptkZ9Cyum."
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testHashHasTooLongPrefix(self):
     password = "******"
     hash = "$apr1234567890$mYJd83wW$IO.6aK3G0d4mHxcImhPX50"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testPasswordIsEmptyString(self):
     password = ""
     hash = "$apr1$7n4Iu7Bq$jsH1cRc.tyRPvJpZjxUjV."
     expectedResult = True
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testValidationFails(self):
     password = "******"
     hash = "$apr1$mYJd83wW$xxxxxxxxxxxxxxxxxxxxxx"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testValidationSucceeds(self):
     password = "******"
     hash = "$apr1$mYJd83wW$IO.6aK3G0d4mHxcImhPX50"
     expectedResult = True
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testHashHasNoCrypt(self):
     password = "******"
     hash = "$apr1$mYJd83wW"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testHashHasTooLongSalt(self):
     password = "******"
     hash = "$apr1$mYJd83wW9876543210$IO.6aK3G0d4mHxcImhPX50"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testPasswordIsEmptyString(self):
     password = ""
     hash = "$apr1$7n4Iu7Bq$jsH1cRc.tyRPvJpZjxUjV."
     expectedResult = True
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testValidationFails(self):
     password = "******"
     hash = "$apr1$mYJd83wW$xxxxxxxxxxxxxxxxxxxxxx"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testValidationSucceeds(self):
     password = "******"
     hash = "$apr1$mYJd83wW$IO.6aK3G0d4mHxcImhPX50"
     expectedResult = True
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testHashHasTooLongCrypt(self):
     password = "******"
     hash = "$apr1$mYJd83wW$IO.6aK3G0d4mHxcImhPX501234567890"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
 def testHashHasNoCrypt(self):
     password = "******"
     hash = "$apr1$mYJd83wW"
     expectedResult = False
     result = password_validate(password, hash)
     self.assertEqual(result, expectedResult)
    def process_handshake(self, line):
        deny = None
        alreadyauthed = False

        try:
            hs = json.loads(line.decode('ascii'))
        except ValueError as e:
            deny = 'Badly formatted handshake: ' + str(e)
        else:
            try:
                self.coordinator.handshake_logger.debug(line.decode('ascii'))

                if hs['version'] != 2 and hs['version'] != 3:
                    raise ValueError('Unsupported version in handshake')

                auth = str(hs['user'])
                auth = auth.split(":")

                if len(auth) != 2:
                    raise ValueError(
                        "No API-key given. Please check your credentials.")

                user = auth[0]

                # Newlines wreak havoc on log files, strip them
                user = re.sub("\n|\r", r'\\n', user)
                # replace bad characters with an underscore
                user = re.sub("[^A-Za-z0-9_.-]", r'_', user)
                if len(user) > 400:
                    user = user[:400]
                if len(user) < 5:
                    user = user + '_' + str(random.randrange(10000, 99999))
                # Make sure the user string is sane...
                good_user_regex = '^[A-Za-z0-9_.-]+$'
                user_ok = re.match(good_user_regex, user)
                if user_ok is None:
                    raise ValueError(
                        "Bad username '{user}'.  Please only use alphanum, '_', '-', or '.'"
                        .format(user=user))
                """Read htpasswd file and authenticate the user"""
                lines = open("auth/htpasswd", "r").readlines()
                authenticated = False

                for line in lines:
                    username, pwhash = line.split(":")
                    if username == user:
                        authenticated = password_validate(
                            auth[1], pwhash.rstrip())
                    if authenticated == True:
                        break

                if authenticated is False:
                    raise ValueError(
                        "Authentification failed. Please check your credentials."
                    )

                for i in range(5):
                    if user in self.coordinator.receivers:
                        """user = user + '_' + str(random.randrange(10,99))"""
                        alreadyauthed = True
                        raise ValueError(
                            "Station already connected. If you've lost connection, try again later."
                        )
                    else:
                        break

                peer_compression_methods = set(hs['compress'])
                self.compress = None
                for c, readmeth, writemeth in self._compression_methods:
                    if c in peer_compression_methods:
                        self.compress = c
                        self.handle_messages = readmeth
                        self.send = writemeth
                        break
                if self.compress is None:
                    raise ValueError('No mutually usable compression type')

                lat = float(hs['lat'])
                if lat < -90 or lat > 90:
                    raise ValueError('invalid latitude, should be -90 .. 90')

                lon = float(hs['lon'])
                if lon < -180 or lon > 360:
                    raise ValueError(
                        'invalid longitude, should be -180 .. 360')
                if lon > 180:
                    lon = lon - 180

                alt = float(hs['alt'])
                if alt < -1000 or alt > 10000:
                    raise ValueError(
                        'invalid altitude, should be -1000 .. 10000')

                clock_type = str(hs.get('clock_type', 'dump1090'))

                self.use_return_results = bool(hs.get('return_results', False))
                if self.use_return_results:
                    return_result_format = hs.get('return_result_format',
                                                  'old')
                    if return_result_format == 'old':
                        self.report_mlat_position = self.report_mlat_position_old
                    elif return_result_format == 'ecef':
                        self.report_mlat_position = self.report_mlat_position_ecef
                    else:
                        raise ValueError(
                            'invalid return_result_format, should be one of "old" or "ecef"'
                        )
                else:
                    self.report_mlat_position = self.report_mlat_position_discard

                self.use_udp = (self.udp_protocol is not None
                                and hs.get('udp_transport', 0) == 2)

                conn_info = 'v{v} {clock_type} {cversion} {udp} {compress}'.format(
                    v=hs['version'],
                    cversion=hs.get("client_version", "unknown"),
                    udp="udp" if self.use_udp else "tcp",
                    clock_type=clock_type,
                    compress=self.compress)
                self.receiver = self.coordinator.new_receiver(
                    connection=self,
                    uuid=user,
                    user=user,
                    auth=hs.get('auth'),
                    clock_type=clock_type,
                    position_llh=(lat, lon, alt),
                    privacy=bool(hs.get('privacy', False)),
                    connection_info=conn_info)

                # disabled until I get to the bottom of the odd timestamps
                if False and self.receiver.clock.epoch == 'gps_midnight':
                    self.process_mlat = self.process_mlat_gps
                else:
                    self.process_mlat = self.process_mlat_nongps

            except KeyError as e:
                deny = 'Missing field in handshake: ' + str(e)

            except ValueError as e:
                deny = 'Bad values in handshake: ' + str(e)

        if deny:
            self.logger.warning('Handshake failed: %s', deny)
            if alreadyauthed is True:
                self.write_raw(deny=[deny], reconnect_in=util.fuzzy(15))
            else:
                self.write_raw(deny=[deny], reconnect_in=util.fuzzy(15))
            return False

        expanded_motd = """

        {motd}

        The multilateration server source code is available under
        the terms of the Affero GPL (v3 or later). You may obtain
        a copy of this server's source code at the following
        location: {agpl_url}
        """.format(agpl_url=config.AGPL_SERVER_CODE_URL, motd=self.motd)

        response = {
            "compress": self.compress,
            "reconnect_in": util.fuzzy(15),
            "selective_traffic": True,
            "heartbeat": True,
            "return_results": self.use_return_results,
            "rate_reports": True,
            "motd": expanded_motd
        }

        if self.use_udp:
            self._udp_key = self.udp_protocol.add_client(
                sync_handler=self.process_sync, mlat_handler=self.process_mlat)
            response['udp_transport'] = (self.udp_host, self.udp_port,
                                         self._udp_key)

        self.write_raw(**response)
        strange = ''
        if clock_type != 'dump1090' and clock_type != 'radarcape_gps':
            strange = 'strange clock: '
        self.logger.warning(
            "{strange}Handshake successful ({user} {conn_info})'".format(
                strange=strange, user=user, conn_info=conn_info))
        self.logger = util.TaggingLogger(glogger,
                                         {'tag': '{user}'.format(user=user)})
        return True