def _sha1(hash_value, password):
"""Check if ``hash_value`` and ``password`` match using sha1 method."""
hash_value = hash_value.replace("{SHA}", "").encode("ascii")
password = password.encode(config.get("encoding", "stock"))
sha1 = hashlib.sha1() # pylint: disable=E1101
sha1.update(password)
return sha1.digest() == base64.b64decode(hash_value)
def _bcrypt(hash_value, password):
if have_bcrypt:
password = password.encode(config.get("encoding", "stock"))
return bcrypt.hashpw(password, hash_value) == hash_value
else:
log.error("Bcrypt module is missing, cannot authenticate")
return False
def _sha1(hash_value, password):
"""Check if ``hash_value`` and ``password`` match using sha1 method."""
hash_value = hash_value.replace("{SHA}", "").encode("ascii")
password = password.encode(config.get("encoding", "stock"))
sha1 = hashlib.sha1() # pylint: disable=E1101
sha1.update(password)
return sha1.digest() == base64.b64decode(hash_value)
def _bcrypt(hash_value, password):
if have_bcrypt:
password = password.encode(config.get("encoding", "stock"))
return bcrypt.hashpw(password, hash_value) == hash_value
else:
log.error("Bcrypt module is missing, cannot authenticate")
return False
"""
PAM authentication
Use Pluggable Authentication Modules (PAM) system on Linux
for checking users/passwords.
"""
import logging
import PAM
from calypso import config
LOG = logging.getLogger()
SVC = config.get("acl", "pam_service")
PERSONAL = config.getboolean("acl", "personal")
def has_right(owner, user, password):
"""Check if ``user``/``password`` couple is valid."""
LOG.debug("owner %s user %s", owner, user)
if owner and owner != user and PERSONAL:
return False
def pam_conv(auth, query_list, userData):
result = []
result.append((password, 0))
return result
try:
auth = PAM.pam()
auth.start(SVC)
auth.set_item(PAM.PAM_USER, user)
hash_value = hash_value.replace("{SHA}", "").encode("ascii")
password = password.encode(config.get("encoding", "stock"))
sha1 = hashlib.sha1() # pylint: disable=E1101
sha1.update(password)
return sha1.digest() == base64.b64decode(hash_value)
def _bcrypt(hash_value, password):
if have_bcrypt:
password = password.encode(config.get("encoding", "stock"))
return bcrypt.hashpw(password, hash_value) == hash_value
else:
log.error("Bcrypt module is missing, cannot authenticate")
return False
def has_right(owner, user, password):
"""Check if ``user``/``password`` couple is valid."""
log.debug("owner '%s' user '%s'", owner, user)
for line in open(FILENAME).readlines():
if line.strip():
login, hash_value = line.strip().split(":", 1)
if login == user and (not PERSONAL or user == owner):
return CHECK_PASSWORD(hash_value, password)
return False
FILENAME = os.path.expanduser(config.get("acl", "filename"))
PERSONAL = config.getboolean("acl", "personal")
CHECK_PASSWORD = locals()["_%s" % config.get("acl", "encryption")]
# along with Calypso. If not, see <http://www.gnu.org/licenses/>.
"""
PAM authentication
Use Pluggable Authentication Modules (PAM) system on Linux
for checking users/passwords.
"""
import logging
import PAM
from calypso import config
LOG = logging.getLogger()
SVC = config.get("acl", "pam_service")
PERSONAL = config.getboolean("acl", "personal")
def has_right(owner, user, password):
"""Check if ``user``/``password`` couple is valid."""
LOG.debug("owner %s user %s", owner, user)
if owner and owner != user and PERSONAL:
return False
def pam_conv(auth, query_list, userData):
result = []
result.append((password, 0))
return result
try:
def load():
"""Load list of available ACL managers."""
acl_type = config.get("acl", "type").encode("utf-8")
module = __import__("calypso.acl", fromlist=[acl_type])
return getattr(module, acl_type)
def _crypt(hash_value, password):
"""Check if ``hash_value`` and ``password`` match using crypt method."""
# The ``crypt`` module is only present on Unix, import if needed
import crypt
return crypt.crypt(password, hash_value) == hash_value
def _sha1(hash_value, password):
"""Check if ``hash_value`` and ``password`` match using sha1 method."""
hash_value = hash_value.replace("{SHA}", "").encode("ascii")
password = password.encode(config.get("encoding", "stock"))
sha1 = hashlib.sha1() # pylint: disable=E1101
sha1.update(password)
return sha1.digest() == base64.b64decode(hash_value)
def has_right(owner, user, password):
"""Check if ``user``/``password`` couple is valid."""
log.debug("owner %s user %s", owner, user)
for line in open(FILENAME).readlines():
if line.strip():
login, hash_value = line.strip().split(":", 1)
if login == user and (not PERSONAL or user == owner):
return CHECK_PASSWORD(hash_value, password)
return False
FILENAME = os.path.expanduser(config.get("acl", "filename"))
PERSONAL = config.getboolean("acl", "personal")
CHECK_PASSWORD = locals()["_%s" % config.get("acl", "encryption")]
def load():
"""Load list of available ACL managers."""
module = __import__("calypso.acl", fromlist=[config.get("acl", "type")])
return getattr(module, config.get("acl", "type"))
