def authToESMySQL(mysqlHost,userMySQL="",passwordMySQL="",adminLogin=""):
"""Provides authentication with EventStore DB."""
#if not userMySQL or not passwordMySQL:
# read them from $HOME/.esdb.conf file
loginInfo,adminInfo,dbName,host,port,socket = readConfigFile()
#print "In authToESMySQL()"
#print "mysqlHost = %s userMySQL = %s passwordMySQL = %s adminLogin = %s"%(mysqlHost,userMySQL,passwordMySQL,adminLogin)
#print "loginInfo = %s adminInfo = %s dbName = %s host = %s port = %s socket = %s"%(loginInfo,adminInfo,dbName,host,port,socket)
try:
if adminLogin:
userMySQL,passwordMySQL = string.split(adminInfo,":")
else:
userMySQL,passwordMySQL = string.split(loginInfo,":")
except:
print "Fail to decode login/password information from your $HOME/.esdb.conf"
raise
# we used md5crypt.md5crypt(password,'') to generate these hashes
#if mysqlHost=="localhost":
md5user = ["$1$$e9gJaPbMtkdCzRfQ60OFF/","$1$$ix2ie71gC4Xwad5LhaC3S1"]
md5pass = ["$1$$sbkdtWBHO51xPwl./H9N81","$1$$sbkdtWBHO51xPwl./H9N81"]
if not md5user.count(md5crypt.unix_md5_crypt(userMySQL,"")):
print "Fail to login to mysql server, incorrect login. Please try again."
sys.exit()
if not md5pass.count(md5crypt.unix_md5_crypt(passwordMySQL,"")):
print "Fail to login to mysql server, incorrect password. Please try again."
sys.exit()
#return (userMySQL,passwordMySQL)
# actual DB isn't protected by a password right now
return (userMySQL,"")
def authToESMySQL(mysqlHost, userMySQL="", passwordMySQL="", adminLogin=""):
"""Provides authentication with EventStore DB."""
#if not userMySQL or not passwordMySQL:
# read them from $HOME/.esdb.conf file
loginInfo, adminInfo, dbName, host, port, socket = readConfigFile()
#print "In authToESMySQL()"
#print "mysqlHost = %s userMySQL = %s passwordMySQL = %s adminLogin = %s"%(mysqlHost,userMySQL,passwordMySQL,adminLogin)
#print "loginInfo = %s adminInfo = %s dbName = %s host = %s port = %s socket = %s"%(loginInfo,adminInfo,dbName,host,port,socket)
try:
if adminLogin:
userMySQL, passwordMySQL = string.split(adminInfo, ":")
else:
userMySQL, passwordMySQL = string.split(loginInfo, ":")
except:
print "Fail to decode login/password information from your $HOME/.esdb.conf"
raise
# we used md5crypt.md5crypt(password,'') to generate these hashes
#if mysqlHost=="localhost":
md5user = ["$1$$e9gJaPbMtkdCzRfQ60OFF/", "$1$$ix2ie71gC4Xwad5LhaC3S1"]
md5pass = ["$1$$sbkdtWBHO51xPwl./H9N81", "$1$$sbkdtWBHO51xPwl./H9N81"]
if not md5user.count(md5crypt.unix_md5_crypt(userMySQL, "")):
print "Fail to login to mysql server, incorrect login. Please try again."
sys.exit()
if not md5pass.count(md5crypt.unix_md5_crypt(passwordMySQL, "")):
print "Fail to login to mysql server, incorrect password. Please try again."
sys.exit()
#return (userMySQL,passwordMySQL)
# actual DB isn't protected by a password right now
return (userMySQL, "")
def _validatePassword(self, data, password):
"""
Check user password.
This is a private method and should not be used by clients.
@param data: dict with user data (from storage)
@param password: password to verify [unicode]
@rtype: 2 tuple (bool, bool)
@return: password is valid, enc_password changed
"""
epwd = data['enc_password']
# If we have no password set, we don't accept login with username
if not epwd:
return False, False
# require non empty password
if not password:
return False, False
# Check and upgrade passwords from earlier MoinMoin versions and
# passwords imported from other wiki systems.
for method in ['{SHA}', '{APR1}', '{MD5}', '{DES}']:
if epwd.startswith(method):
d = epwd[len(method):]
if method == '{SHA}':
enc = base64.encodestring(
hash_new('sha1', password.encode('utf-8')).digest()).rstrip()
elif method == '{APR1}':
# d is of the form "$apr1$<salt>$<hash>"
salt = d.split('$')[2]
enc = md5crypt.apache_md5_crypt(password.encode('utf-8'),
salt.encode('ascii'))
elif method == '{MD5}':
# d is of the form "$1$<salt>$<hash>"
salt = d.split('$')[2]
enc = md5crypt.unix_md5_crypt(password.encode('utf-8'),
salt.encode('ascii'))
elif method == '{DES}':
if crypt is None:
return False, False
# d is 2 characters salt + 11 characters hash
salt = d[:2]
enc = crypt.crypt(password.encode('utf-8'), salt.encode('ascii'))
if epwd == method + enc:
data['enc_password'] = encodePassword(password) # upgrade to SSHA
return True, True
return False, False
if epwd[:6] == '{SSHA}':
data = base64.decodestring(epwd[6:])
salt = data[20:]
hash = hash_new('sha1', password.encode('utf-8'))
hash.update(salt)
return hash.digest() == data[:20], False
# No encoded password match, this must be wrong password
return False, False
def _validatePassword(self, data, password):
"""
Check user password.
This is a private method and should not be used by clients.
@param data: dict with user data (from storage)
@param password: password to verify [unicode]
@rtype: 2 tuple (bool, bool)
@return: password is valid, enc_password changed
"""
epwd = data['enc_password']
# If we have no password set, we don't accept login with username
if not epwd:
return False, False
# require non empty password
if not password:
return False, False
password_correct = recompute_hash = False
wanted_scheme = self._cfg.password_scheme
# Check password and upgrade weak hashes to strong default algorithm:
for scheme in config.password_schemes_supported:
if epwd.startswith(scheme):
is_passlib = False
d = epwd[len(scheme):]
if scheme == '{PASSLIB}':
# a password hash to be checked by passlib library code
if not self._cfg.passlib_support:
logging.error('in user profile %r, password hash with {PASSLIB} scheme encountered, but passlib_support is False' % (self.id, ))
else:
pwd_context = self._cfg.cache.pwd_context
try:
password_correct = pwd_context.verify(password, d)
except ValueError, err:
# can happen for unknown scheme
logging.error('in user profile %r, verifying the passlib pw hash crashed [%s]' % (self.id, str(err)))
if password_correct:
# check if we need to recompute the hash. this is needed if either the
# passlib hash scheme / hash params changed or if we shall change to a
# builtin hash scheme (not recommended):
recompute_hash = pwd_context.hash_needs_update(d) or wanted_scheme != '{PASSLIB}'
else:
# a password hash to be checked by legacy, builtin code
if scheme == '{SSHA}':
d = base64.decodestring(d)
salt = d[20:]
hash = hash_new('sha1', password.encode('utf-8'))
hash.update(salt)
enc = base64.encodestring(hash.digest() + salt).rstrip()
elif scheme == '{SHA}':
enc = base64.encodestring(
hash_new('sha1', password.encode('utf-8')).digest()).rstrip()
elif scheme == '{APR1}':
# d is of the form "$apr1$<salt>$<hash>"
salt = d.split('$')[2]
enc = md5crypt.apache_md5_crypt(password.encode('utf-8'),
salt.encode('ascii'))
elif scheme == '{MD5}':
# d is of the form "$1$<salt>$<hash>"
salt = d.split('$')[2]
enc = md5crypt.unix_md5_crypt(password.encode('utf-8'),
salt.encode('ascii'))
elif scheme == '{DES}':
if crypt is None:
return False, False
# d is 2 characters salt + 11 characters hash
salt = d[:2]
enc = crypt.crypt(password.encode('utf-8'), salt.encode('ascii'))
else:
logging.error('in user profile %r, password hash with unknown scheme encountered: %r' % (self.id, scheme))
raise NotImplementedError
if safe_str_equal(epwd, scheme + enc):
password_correct = True
recompute_hash = scheme != wanted_scheme
if recompute_hash:
data['enc_password'] = encodePassword(self._cfg, password)
return password_correct, recompute_hash
def realEncode(self, data): if self._salt == None: return md5crypt.unix_md5_crypt(data, data[:2], self._magic) return md5crypt.unix_md5_crypt(data, self._salt, self._magic)
def _validatePassword(self, data, password):
"""
Check user password.
This is a private method and should not be used by clients.
@param data: dict with user data (from storage)
@param password: password to verify [unicode]
@rtype: 2 tuple (bool, bool)
@return: password is valid, enc_password changed
"""
epwd = data['enc_password']
# If we have no password set, we don't accept login with username
if not epwd:
return False, False
# require non empty password
if not password:
return False, False
password_correct = recompute_hash = False
wanted_scheme = self._cfg.password_scheme
# Check password and upgrade weak hashes to strong default algorithm:
for scheme in config.password_schemes_supported:
if epwd.startswith(scheme):
is_passlib = False
d = epwd[len(scheme):]
if scheme == '{PASSLIB}':
# a password hash to be checked by passlib library code
if not self._cfg.passlib_support:
logging.error(
'in user profile %r, password hash with {PASSLIB} scheme encountered, but passlib_support is False'
% (self.id, ))
else:
pwd_context = self._cfg.cache.pwd_context
try:
password_correct = pwd_context.verify(password, d)
except ValueError, err:
# can happen for unknown scheme
logging.error(
'in user profile %r, verifying the passlib pw hash crashed [%s]'
% (self.id, str(err)))
if password_correct:
# check if we need to recompute the hash. this is needed if either the
# passlib hash scheme / hash params changed or if we shall change to a
# builtin hash scheme (not recommended):
recompute_hash = pwd_context.hash_needs_update(
d) or wanted_scheme != '{PASSLIB}'
else:
# a password hash to be checked by legacy, builtin code
if scheme == '{SSHA}':
d = base64.decodestring(d)
salt = d[20:]
hash = hash_new('sha1', password.encode('utf-8'))
hash.update(salt)
enc = base64.encodestring(hash.digest() +
salt).rstrip()
elif scheme == '{SHA}':
enc = base64.encodestring(
hash_new(
'sha1',
password.encode('utf-8')).digest()).rstrip()
elif scheme == '{APR1}':
# d is of the form "$apr1$<salt>$<hash>"
salt = d.split('$')[2]
enc = md5crypt.apache_md5_crypt(
password.encode('utf-8'), salt.encode('ascii'))
elif scheme == '{MD5}':
# d is of the form "$1$<salt>$<hash>"
salt = d.split('$')[2]
enc = md5crypt.unix_md5_crypt(password.encode('utf-8'),
salt.encode('ascii'))
elif scheme == '{DES}':
if crypt is None:
return False, False
# d is 2 characters salt + 11 characters hash
salt = d[:2]
enc = crypt.crypt(password.encode('utf-8'),
salt.encode('ascii'))
else:
logging.error(
'in user profile %r, password hash with unknown scheme encountered: %r'
% (self.id, scheme))
raise NotImplementedError
if safe_str_equal(epwd, scheme + enc):
password_correct = True
recompute_hash = scheme != wanted_scheme
if recompute_hash:
data['enc_password'] = encodePassword(self._cfg, password)
return password_correct, recompute_hash
def realEncode(self, data): if self._salt == None: return md5crypt.unix_md5_crypt(data, data[:2], self._magic) return md5crypt.unix_md5_crypt(data, self._salt, self._magic)
def generate_md5_password(p):
p = str(p).strip()
return md5crypt.unix_md5_crypt(p, generate_random_strings(length=8))
