Example #1
0
    def getChild(self, path, request):
        request.postpath.insert(0,request.prepath.pop())
        env = self.env.copy()
        username = request.getUser()
        password = request.getPassword()

        if username:
            import md5crypt
            authdb = list(file('/var/www/trac.htpasswd'))
            for ent in authdb:
                u, p = ent.split(':', 1)
                if u == username:
                    print 'Found username', u, 'in auth db'
                    parts = p.split('$', 2)
                    print 'Found salt', parts[1], 'in md5'
                    if md5crypt.md5crypt(password, parts[1]) != p:
                        print 'It is a bad liar'
                        username = ''
                    else:
                        print 'Yay victory'
                break
            else:
                username = ''

        if request.postpath == ['login']:
            if not username:
                return BasicAuthError(http.UNAUTHORIZED,
                                      "Unauthorized",
                                      "401 Authentication required",
                                      self.basicRealm)
            return util.Redirect("/trac/")
        env['REMOTE_USER'] = username
        return EnvableCGIThing(self.cgifile, env=env)
Example #2
0
 def login(self):
     if not self.username and not self.password:
         return True # fall back to free account
     elif self.username and self.password and len(self.username)>0 and len(self.password)>0:
         #util.info('Login user=%s, pass=*****' % self.username)
         #sclog.logDebug("Login start...")
         # get salt
         headers,req = self._create_request('',{'username_or_email':self.username})
         sclog.logDebug("Webshare login try '%s' ..."%self._url('api/salt/'))
         data = util.post(self._url('api/salt/'),req,headers=headers)
         xml = ET.fromstring(data)
         if not xml.find('status').text == 'OK':
             #sclog.logDebug("Login end salt...")
             #util.error('Server returned error status, response: %s' % data)
             return False
         salt = xml.find('salt').text
         if salt is None:
             salt = ''
         # create hashes
         password = hashlib.sha1(md5crypt(self.password.encode('utf-8'), salt.encode('utf-8'))).hexdigest()
         digest = hashlib.md5(self.username + ':Webshare:' + self.password).hexdigest()
         # login
         headers,req = self._create_request('',{'username_or_email':self.username,'password':password,'digest':digest,'keep_logged_in':1})
         data = util.post(self._url('api/login/'),req,headers=headers)
         xml = ET.fromstring(data)
         #sclog.logDebug("Login end...")
         if not xml.find('status').text == 'OK':
             #util.error('Server returned error status, response: %s' % data)
             return False
         
         self.token = xml.find('token').text
         #util.info('Login successfull')
         return True
     return False
Example #3
0
        def add(self, user, password):
                """ Add/overwrite a new user """
                magic = 'apr1'
                salt = md5crypt.makesalt()
                newhash = md5crypt.md5crypt(password, salt, '$' + magic + '$')

                self.passwords[user] = newhash
                self.modified = True
                self.flush()
                return True
Example #4
0
        def change(self, user, password):
                """ Change users password """
                if not self.passwords.has_key(user):
                        return False

                magic, salt, encrypted = self.passwords[user][1:].split('$')

                newhash = md5crypt.md5crypt(password, salt, '$' + magic + '$')

                self.passwords[user] = newhash
                self.modified = True
                return True
Example #5
0
        def check(self, user, password):
                """ Check if user has password """
                if not self.passwords.has_key(user):
                        return False

                vals = self.passwords[user][1:].split('$')
                if not len(vals) == 3:
                        raise NoMD5PasswordError()

                magic, salt, encrypted = vals

                hash = md5crypt.md5crypt(password, salt, '$' + magic + '$')

                return hash == self.passwords[user]
Example #6
0
 def authenticate(self, username=None, password=None):
   """
   Authenticates against the database using crypt hash function.
   """
   try:
     user = auth_models.User.objects.get(username__iexact=username)
     if crypt.crypt(password, user.password) == user.password or md5crypt.md5crypt(password, user.password) == user.password:
       # Successfully checked password, so we change it to the Django password format
       user.set_password(password)
       user.save()
       return user
   except ValueError:
     return None
   except auth_models.User.DoesNotExist:
     return None
Example #7
0
 def _check_userline(self, password, prefix, suffix):
     if suffix.startswith('$apr1$'):
         return suffix == md5crypt(password, suffix[6:].split('$')[0],
                                   '$apr1$')
     elif suffix.startswith('{SHA}'):
         return (suffix[5:] ==
                 sha.new(password).digest().encode('base64')[:-1])
     elif crypt is None:
         # crypt passwords are only supported on Unix-like systems
         raise NotImplementedError('The "crypt" module is unavailable '
                                   'on this platform.  Only MD5 '
                                   'passwords (starting with "$apr1$") '
                                   'are supported in the htpasswd file.')
     else:
         return suffix == crypt(password, suffix)
Example #8
0
def htpasswd(password, salt_=None):
    # TODO need unit test of generating new hash
    if salt_ is None:
        salt_ = salt()
        if crypt is None:
            salt_ = "$apr1$" + salt_
    if salt_.startswith("$apr1$"):
        return md5crypt(password, salt_[6:].split("$")[0], "$apr1$")
    elif salt_.startswith("{SHA}"):
        return "{SHA}" + sha.new(password).digest().encode("base64")[:-1]
    elif crypt is None:
        # crypt passwords are only supported on Unix-like systems
        raise NotImplementedError('The "crypt" module is unavailable ' "on this platform.")
    else:
        return crypt(password, salt_)
Example #9
0
def htpasswd(password, salt_=None):
# TODO need unit test of generating new hash
    if salt_ is None:
        salt_ = salt()
        if crypt is None:
            salt_ = '$apr1$' + salt_
    if salt_.startswith('$apr1$'):
        return md5crypt(password, salt_[6:].split('$')[0], '$apr1$')
    elif salt_.startswith('{SHA}'):
        return '{SHA}' + sha1(password).digest().encode('base64')[:-1]
    elif crypt is None:
        # crypt passwords are only supported on Unix-like systems
        raise NotImplementedError('The "crypt" module is unavailable '
                                  'on this platform.')
    else:
        return crypt(password, salt_)
Example #10
0
 def login(self):
     if not self.username and not self.password:
         return True # fall back to free account
     elif self.username and self.password and len(self.username)>0 and len(self.password)>0:
         headers,req = self._create_request('',{'username_or_email':self.username})
         data = util.post(self._url('api/salt/'),req,headers=headers)
         xml = ET.fromstring(data)
         if not xml.find('status').text == 'OK':
             return False
         salt = xml.find('salt').text
         if salt is None:
             salt = ''
         password = hashlib.sha1(md5crypt(self.password.encode('utf-8'), salt.encode('utf-8'))).hexdigest()
         digest = hashlib.md5(self.username + ':Webshare:' + self.password).hexdigest()
         headers,req = self._create_request('',{'username_or_email':self.username,'password':password,'digest':digest,'keep_logged_in':1})
         data = util.post(self._url('api/login/'),req,headers=headers)
         xml = ET.fromstring(data)
         if not xml.find('status').text == 'OK':
             return False
         self.token = xml.find('token').text
         return True
     return False
Example #11
0
def testpwd(clear_password, the_hash):
    magic, salt = the_hash[1:].split('$')[:2]
    magic = '$' + magic + '$'
    if (md5crypt.md5crypt(clear_password, salt, magic) == the_hash):
        return True
    return False
Example #12
0
def testpwd(clear_password, the_hash):
    magic, salt = the_hash[1:].split('$')[:2]
    magic = '$' + magic + '$'
    if (md5crypt.md5crypt(clear_password, salt, magic) == the_hash):
        return True
    return False
Example #13
0
 def userline(self, user, password):
     if crypt is None:
         return self.prefix(user) + md5crypt(password, salt(), '$apr1$')
     else:
         return self.prefix(user) + crypt(password, salt())
Example #14
0
 def crypt(self, plain):
     """You can override this to use your favorite one-way encryption"""
     import md5crypt
     return md5crypt.md5crypt(plain, "pw")
Example #15
0
domains=Set()

for line in data:
	line=line.strip()
	if line.find('USER')>=0:
		user=line[line.find('USER')+5:]
	if line.find('PASS')>=0:
		passwd=line[line.find('PASS')+5:]
	"""if line.find("Mailbox open")>=0:
		if( not pairs.has_key(user)):
			pairs[user]=passwd"""
	pairs[user]=passwd
	
for user in users:
	try:
		pwhash=md5.md5crypt(pairs[user])
	except Exception:
		pwhash=md5.md5crypt("")
	domain=user.split('@')[1]
	domains.add(domain)
	maildir=domain+'/'+user.split('@')[0]
	local_part=user.split('@')[0]
	print "insert into mailbox values('%s','%s','','%s',524288000,'%s','%s',now(),now(),1);"%(user,pwhash,maildir,local_part,domain)
	print "insert into alias values('%s','%s','%s',now(),now(),1);"%(user,user,domain)
	
for domain in domains:
	print "insert into domain values('%s','',25,25,2048,2048,'virtual',0,now(),now(),1);"%(domain)

for user in users:
	try:
		print pairs[user],"\n"
Example #16
0
def encrypt_password(password, salt = None):
    import md5crypt
    if not salt:
        salt = "%06d" % (1000000 * (time.time() % 1.0))
    return md5crypt.md5crypt(password, salt, '$1$')
Example #17
0
def encrypt_password(password, salt=None):
    import md5crypt
    if not salt:
        salt = "%06d" % (1000000 * (time.time() % 1.0))
    return md5crypt.md5crypt(password, salt, '$1$')
Example #18
0
def curphoo_process_auth(username, password, seed):

    #
    # Magic: Phase 1.  Generate what seems to be a 30
    # byte value (could change if base64
    # ends up differently?  I don't remember and I'm
    # tired, so use a 64 byte buffer.
    #

    magic1 = []
    for char in seed:
        # Ignore parentheses.
        if char == "(" or char == ")":
            continue
        # Characters and digits verify against the challenge lookup.
        if char.isalpha() or char.isdigit():
            magic_work = challenge_lookup.index(char) << 3
        else:
            local_store = operand_lookup.index(char)
            magic1.append(magic_work | local_store)

    # Magic: Phase 2.  Take generated magic value and
    # sprinkle fairy dust on the values.

    magic2 = []
    for c in range(len(magic1) - 1, 0, -1):
        byte1 = magic1[c - 1]
        byte2 = magic1[c]

        byte1 *= 0xCD
        byte1 &= 0xFF
        byte1 ^= byte2

        magic2.append(byte1)

    # Magic: Phase 3.  This computes 20 bytes.  The first 4 bytes are used as our magic
    # key (and may be changed later); the next 16 bytes are an MD5 sum of the magic key
    # plus 3 bytes.  The 3 bytes are found by looping, and they represent the offsets
    # into particular functions we'll later call to potentially alter the magic key.

    comparison_src = array("B")
    while len(magic2) > 0 and len(comparison_src) < 20:
        cl = magic2.pop()

        if cl > 0x7F:
            if cl < 0xE0:
                bl = (cl & 0x1F) << 6
            else:
                bl = magic2.pop()
                cl = (cl & 0x0F) << 6
                bl = ((bl & 0x3F) + cl) << 6
            cl = magic2.pop()
            cl = (cl & 0x3F) + bl

        comparison_src.append(cl >> 8)
        comparison_src.append(cl & 0xFF)

    # Compute values for recursive function table!
    def find_table_depth_values(md5root, search_hash):
        def guesser():
            yield (3, 88)  # take a wild guess at what seems to be a constant
            for i in range(0xFFFF):
                for j in range(5):
                    yield (j, i)

        for (j, i) in guesser():
            md5object = md5root.copy()
            md5object.update(chr(i & 0xFF) + chr(i >> 8) + chr(j))
            if md5object.digest() == search_hash:
                return (j, i)

    (table, depth) = find_table_depth_values(md5.new(comparison_src[:4]), comparison_src[4:].tostring())

    # Transform magic_key_char using transform table
    x = comparison_src[3] << 24L | comparison_src[2] << 16 | comparison_src[1] << 8 | comparison_src[0]
    x = yahoo_xfrm(table, depth, x)
    x = yahoo_xfrm(table, depth, x)
    magic_key_char = chr(x & 0xFF) + chr(x >> 8 & 0xFF) + chr(x >> 16 & 0xFF) + chr(x >> 24 & 0xFF)

    crypt_result = md5crypt(password, "$1$_2S43d5f$")

    def finalstep(input, magic_key_char, table):
        def finalxor(hash, mask):
            result = array("B")
            for c in hash:
                result.append(ord(c) ^ mask)
            for c in range(64 - len(hash)):
                result.append(mask)
            return result.tostring()

        hash = md5.new(input).digest().encode("base64").translate(base64translate, "\r\n")

        if table >= 3:  # We have to use the slow sha1 implementation to get to it's internals
            sha1 = pysha.new(finalxor(hash, 0x36) + magic_key_char)
            sha1.count[1] = sha1.count[1] - 1
        else:
            sha1 = sha.new(finalxor(hash, 0x36) + magic_key_char)
        digest1 = sha1.digest()
        digest2 = sha.new(finalxor(hash, 0x5C) + digest1).digest()

        result = ""
        for i in range(10):
            # First two bytes of digest stuffed together.
            val = (ord(digest2[i * 2]) << 8) + ord(digest2[i * 2 + 1])

            result += alphabet1[(val >> 0x0B) & 0x1F] + "="
            result += alphabet2[(val >> 0x06) & 0x1F]
            result += alphabet2[(val >> 0x01) & 0x1F]
            result += delimit_lookup[val & 0x01]
        return result

    return (finalstep(password, magic_key_char, table), finalstep(crypt_result, magic_key_char, table))
Example #19
0
def encrypt_password(password, salt=None, prefix="1"):
    import md5crypt
    if not salt:
        salt = "%06d" % (1000000 * (time.time() % 1.0))
    return md5crypt.md5crypt(password, salt, '$%s$' % prefix)
Example #20
0
def curphoo_process_auth(username, password, seed):

    #
    # Magic: Phase 1.  Generate what seems to be a 30
    # byte value (could change if base64
    # ends up differently?  I don't remember and I'm
    # tired, so use a 64 byte buffer.
    #

    magic1 = []
    for char in seed:
        # Ignore parentheses.
        if char == '(' or char == ')': continue
        # Characters and digits verify against the challenge lookup.
        if char.isalpha() or char.isdigit():
            magic_work = challenge_lookup.index(char) << 3
        else:
            local_store = operand_lookup.index(char)
            magic1.append(magic_work | local_store)

    # Magic: Phase 2.  Take generated magic value and
    # sprinkle fairy dust on the values.

    magic2 = []
    for c in range(len(magic1) - 1, 0, -1):
        byte1 = magic1[c - 1]
        byte2 = magic1[c]

        byte1 *= 0xcd
        byte1 &= 0xff
        byte1 ^= byte2

        magic2.append(byte1)

    # Magic: Phase 3.  This computes 20 bytes.  The first 4 bytes are used as our magic
    # key (and may be changed later); the next 16 bytes are an MD5 sum of the magic key
    # plus 3 bytes.  The 3 bytes are found by looping, and they represent the offsets
    # into particular functions we'll later call to potentially alter the magic key.

    comparison_src = array('B')
    while len(magic2) > 0 and len(comparison_src) < 20:
        cl = magic2.pop()

        if cl > 0x7f:
            if cl < 0xe0:
                bl = (cl & 0x1f) << 6
            else:
                bl = magic2.pop()
                cl = (cl & 0x0f) << 6
                bl = ((bl & 0x3f) + cl) << 6
            cl = magic2.pop()
            cl = (cl & 0x3f) + bl

        comparison_src.append(cl >> 8)
        comparison_src.append(cl & 0xff)

    # Compute values for recursive function table!
    def find_table_depth_values(md5root, search_hash):
        def guesser():
            yield (3, 88)  # take a wild guess at what seems to be a constant
            for i in range(0xffff):
                for j in range(5):
                    yield (j, i)

        for (j, i) in guesser():
            md5object = md5root.copy()
            md5object.update(chr(i & 0xff) + chr(i >> 8) + chr(j))
            if md5object.digest() == search_hash:
                return (j, i)

    (table, depth) = find_table_depth_values(md5.new(comparison_src[:4]),
                                             comparison_src[4:].tostring())

    # Transform magic_key_char using transform table
    x = comparison_src[3] << 24l | comparison_src[2] << 16 | comparison_src[
        1] << 8 | comparison_src[0]
    x = yahoo_xfrm(table, depth, x)
    x = yahoo_xfrm(table, depth, x)
    magic_key_char = chr(x & 0xFF) + chr(x >> 8 & 0xFF) + chr(
        x >> 16 & 0xFF) + chr(x >> 24 & 0xFF)

    crypt_result = md5crypt(password, '$1$_2S43d5f$')

    def finalstep(input, magic_key_char, table):
        def finalxor(hash, mask):
            result = array('B')
            for c in hash:
                result.append(ord(c) ^ mask)
            for c in range(64 - len(hash)):
                result.append(mask)
            return result.tostring()

        hash = md5.new(input).digest().encode('base64').translate(
            base64translate, '\r\n')

        if (
                table >= 3
        ):  # We have to use the slow sha1 implementation to get to it's internals
            sha1 = pysha.new(finalxor(hash, 0x36) + magic_key_char)
            sha1.count[1] = sha1.count[1] - 1
        else:
            sha1 = sha.new(finalxor(hash, 0x36) + magic_key_char)
        digest1 = sha1.digest()
        digest2 = sha.new(finalxor(hash, 0x5c) + digest1).digest()

        result = ''
        for i in range(10):
            # First two bytes of digest stuffed together.
            val = (ord(digest2[i * 2]) << 8) + ord(digest2[i * 2 + 1])

            result += alphabet1[(val >> 0x0b) & 0x1f] + '='
            result += alphabet2[(val >> 0x06) & 0x1f]
            result += alphabet2[(val >> 0x01) & 0x1f]
            result += delimit_lookup[val & 0x01]
        return result

    return (finalstep(password, magic_key_char,
                      table), finalstep(crypt_result, magic_key_char, table))