def __setitem__(self, key, val, typ=None, des=None):
'''
implemtation of the assignement operator == internal function
:param key: key of the dict
:type key: string
:param val: any value, which is put in the dict
:type val: any type
:param typ: used in the database to control if the data is encrypted
:type typ: None,string,password
:param des: literal, which describes the data
:type des: string
'''
if typ == 'password':
## in case we have a password type, we have to put
##- in the config only the encrypted pass and
##- add the config encprivacyidea.* with the clear password
res = self.parent.__setitem__(key, encryptPassword(val))
res = self.parent.__setitem__('enc' + key, val)
self.glo.setConfig({key :encryptPassword(val)})
self.glo.setConfig({'enc' + key : val})
else:
## update this config and sync with global dict and db
nVal = _expandHere(val)
res = self.parent.__setitem__(key, nVal)
self.glo.setConfig({key:nVal})
_storeConfigDB(key, val, typ, des)
_storeConfigDB('privacyidea.Config', datetime.now())
return res
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword(u"passwörd".encode('utf8'))
# encryptPassword returns unicode
self.assertTrue(isinstance(r, text_type))
pin = decryptPassword(r)
# decryptPassword always returns unicode
self.assertEqual(pin, u"passwörd")
r = encryptPassword(u"passwörd")
pin = decryptPassword(r)
self.assertEqual(pin, u"passwörd")
# decrypt some passwords generated with 2.23
pw1 = '3d1bf9db4c75469b4bb0bc7c70133181:2c27ac3839ed2213b8399d0471b17136'
self.assertEqual(decryptPassword(pw1), 'test123')
pw2 = '3a1be65a234f723fe5c6969b818582e1:08e51d1c65aa74c4988d094c40cb972c'
self.assertEqual(decryptPassword(pw2), 'test123')
pw3 = '7a4d5e2f26978394e33715bc3e8188a3:90b2782112ad7bbc5b48bd10e5c7c096cfe4ef7d9d11272595dc5b6c7f21d98a'
self.assertEqual(decryptPassword(pw3, ), u'passwörd')
# TODO: add checks for broken paddings/encrypted values and malformed enc_data
not_valid_password = b"\x01\x02\x03\x04\xff"
r = encryptPassword(not_valid_password)
# A non valid password will raise an exception during decryption
self.assertEqual(decryptPassword(r), 'FAILED TO DECRYPT PASSWORD!')
# A value with missing colon (IV) will fail to decrypt
self.assertEqual(decryptPassword('test'),
'FAILED TO DECRYPT PASSWORD!')
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword(u"passwörd".encode('utf8'))
# encryptPassword returns unicode
self.assertTrue(isinstance(r, text_type))
pin = decryptPassword(r)
# decryptPassword always returns unicode
self.assertEqual(pin, u"passwörd")
r = encryptPassword(u"passwörd")
pin = decryptPassword(r)
self.assertEqual(pin, u"passwörd")
# decrypt some passwords generated with 2.23
pw1 = '3d1bf9db4c75469b4bb0bc7c70133181:2c27ac3839ed2213b8399d0471b17136'
self.assertEqual(decryptPassword(pw1), 'test123')
pw2 = '3a1be65a234f723fe5c6969b818582e1:08e51d1c65aa74c4988d094c40cb972c'
self.assertEqual(decryptPassword(pw2), 'test123')
pw3 = '7a4d5e2f26978394e33715bc3e8188a3:90b2782112ad7bbc5b48bd10e5c7c096cfe4ef7d9d11272595dc5b6c7f21d98a'
self.assertEqual(decryptPassword(pw3, ), u'passwörd')
# TODO: add checks for broken paddings/encrypted values and malformed enc_data
not_valid_password = b"\x01\x02\x03\x04\xff"
r = encryptPassword(not_valid_password)
# A non valid password will raise an exception during decryption
self.assertEqual(decryptPassword(r), 'FAILED TO DECRYPT PASSWORD!')
# A value with missing colon (IV) will fail to decrypt
self.assertEqual(decryptPassword('test'), 'FAILED TO DECRYPT PASSWORD!')
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword("passwörd")
pin = decryptPassword(r)
self.assertTrue(pin == "passwörd", (r, pin))
r = encryptPassword(u"passwörd")
pin = decryptPassword(r, convert_unicode=True)
self.assertEqual(pin, u"passwörd")
r = encryptPassword(u"passwörd")
pin = decryptPassword(r, convert_unicode=False)
self.assertEqual(pin, "passwörd")
# error path returns the bytestring
r = encryptPassword(b"\x01\x02\x03\x04")
self.assertEqual(decryptPassword(r, convert_unicode=True), b"\x01\x02\x03\x04")
def add_smtpserver(identifier,
server,
port=25,
username="",
password="",
sender="",
description="",
tls=False):
"""
This adds an smtp server to the smtp server database table.
If the "identifier" already exists, the database entry is updated.
:param identifier: The identifier or the name of the SMTPServer definition.
As the identifier is unique, providing an identifier will return a
list with either one or no smtpserver
:type identifier: basestring
:param server: The FQDN or IP address of the smtpserver
:type server: basestring
:return: The Id of the database object
"""
cryptedPassword = encryptPassword(password)
r = SMTPServerDB(identifier=identifier,
server=server,
port=port,
username=username,
password=cryptedPassword,
sender=sender,
description=description,
tls=tls).save()
return r
def add_radius(identifier, server, secret, port=1812, description="",
dictionary='/etc/privacyidea/dictionary'):
"""
This adds a RADIUS server to the RADIUSServer database table.
If the "identifier" already exists, the database entry is updated.
:param identifier: The identifier or the name of the RADIUSServer
definition.
As the identifier is unique, providing an identifier will return a
list with either one or no radius server
:type identifier: basestring
:param server: The FQDN or IP address of the RADIUS server
:type server: basestring
:param secret: The RADIUS secret
:param port: the radius port
:type port: int
:param description: Human readable description of the RADIUS server
definition
:param dictionary: The RADIUS dictionary
:return: The Id of the database object
"""
cryptedSecret = encryptPassword(secret)
r = RADIUSServerDB(identifier=identifier, server=server, port=port,
secret=cryptedSecret, description=description,
dictionary=dictionary).save()
return r
def test_radius(identifier, server, secret, user, password, port=1812, description="",
dictionary='/etc/privacyidea/dictionary', retries=3, timeout=5):
"""
This tests a RADIUS server configuration by sending an access request.
:param identifier: The identifier or the name of the RADIUSServer definition
:type identifier: basestring
:param server: The FQDN or IP address of the RADIUS server
:type server: basestring
:param secret: The RADIUS secret
:param user: the username to send
:param password: the password to send
:param port: the radius port
:type port: int
:param description: Human readable description of the RADIUS server
definition
:param dictionary: The RADIUS dictionary
:return: The result of the access request
"""
cryptedSecret = encryptPassword(secret)
if len(cryptedSecret) > 255:
raise privacyIDEAError(description=_("The RADIUS secret is too long"),
id=2234)
s = RADIUSServerDB(identifier=identifier, server=server, port=port,
secret=cryptedSecret, dictionary=dictionary,
retries=retries, timeout=timeout,
description=description)
return RADIUSServer.request(s, user, password)
def add_radius(identifier, server, secret, port=1812, description="",
dictionary='/etc/privacyidea/dictionary', retries=3, timeout=5):
"""
This adds a RADIUS server to the RADIUSServer database table.
If the "identifier" already exists, the database entry is updated.
:param identifier: The identifier or the name of the RADIUSServer
definition.
As the identifier is unique, providing an identifier will return a
list with either one or no radius server
:type identifier: basestring
:param server: The FQDN or IP address of the RADIUS server
:type server: basestring
:param secret: The RADIUS secret
:param port: the radius port
:type port: int
:param description: Human readable description of the RADIUS server
definition
:param dictionary: The RADIUS dictionary
:return: The Id of the database object
"""
cryptedSecret = encryptPassword(secret)
if len(cryptedSecret) > 255:
raise privacyIDEAError(description=_("The RADIUS secret is too long"),
id=2234)
r = RADIUSServerDB(identifier=identifier, server=server, port=port,
secret=cryptedSecret, description=description,
dictionary=dictionary,
retries=retries, timeout=timeout).save()
return r
def test_radius(identifier, server, secret, user, password, port=1812, description="",
dictionary='/etc/privacyidea/dictionary', retries=3, timeout=5):
"""
This tests a RADIUS server configuration by sending an access request.
:param identifier: The identifier or the name of the RADIUSServer definition
:type identifier: basestring
:param server: The FQDN or IP address of the RADIUS server
:type server: basestring
:param secret: The RADIUS secret
:param user: the username to send
:param password: the password to send
:param port: the radius port
:type port: int
:param description: Human readable description of the RADIUS server
definition
:param dictionary: The RADIUS dictionary
:return: The result of the access request
"""
cryptedSecret = encryptPassword(secret)
if len(cryptedSecret) > 255:
raise privacyIDEAError(description=_("The RADIUS secret is too long"),
id=2234)
s = RADIUSServerDB(identifier=identifier, server=server, port=port,
secret=cryptedSecret, dictionary=dictionary,
retries=retries, timeout=timeout,
description=description)
return RADIUSServer.request(s, user, password)
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword("passwörd")
pin = decryptPassword(r)
self.assertTrue(pin == "passwörd", (r, pin))
r = encryptPassword(u"passwörd")
pin = decryptPassword(r, convert_unicode=True)
self.assertEqual(pin, u"passwörd")
r = encryptPassword(u"passwörd")
pin = decryptPassword(r, convert_unicode=False)
self.assertEqual(pin, "passwörd")
# error path returns the bytestring
r = encryptPassword(b"\x01\x02\x03\x04")
self.assertEqual(decryptPassword(r, convert_unicode=True), b"\x01\x02\x03\x04")
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword(u"passwörd".encode('utf8'))
pin = decryptPassword(r)
self.assertEqual(pin, u"passwörd".encode('utf8'))
r = encryptPassword(u"passwörd")
pin = decryptPassword(r, convert_unicode=True)
self.assertEqual(pin, u"passwörd")
r = encryptPassword(u"passwörd")
pin = decryptPassword(r, convert_unicode=False)
self.assertEqual(pin, u"passwörd".encode('utf8'))
# error path returns the bytestring
bs = b"\x01\x02\x03\x04\xff"
r = encryptPassword(bs)
self.assertEqual(decryptPassword(r, convert_unicode=True), bs)
self.assertEqual(decryptPassword('test'), 'FAILED TO DECRYPT PASSWORD!')
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword(u"passwörd".encode('utf8'))
# encryptPassword returns unicode
self.assertTrue(isinstance(r, text_type))
pin = decryptPassword(r)
# decryptPassword always returns unicode
self.assertEqual(pin, u"passwörd")
r = encryptPassword(u"passwörd")
pin = decryptPassword(r)
self.assertEqual(pin, u"passwörd")
not_valid_password = b"\x01\x02\x03\x04\xff"
r = encryptPassword(not_valid_password)
# A non valid password will raise an exception during decryption
self.assertEqual(decryptPassword(r), 'FAILED TO DECRYPT PASSWORD!')
# A value with missing colon (IV) will fail to decrypt
self.assertEqual(decryptPassword('test'), 'FAILED TO DECRYPT PASSWORD!')
def add_smtpserver(identifier, server, port=25, username="", password="",
sender="", description="", tls=False):
"""
This adds an smtp server to the smtp server database table.
If the "identifier" already exists, the database entry is updated.
:param identifier: The identifier or the name of the SMTPServer definition.
As the identifier is unique, providing an identifier will return a
list with either one or no smtpserver
:type identifier: basestring
:param server: The FQDN or IP address of the smtpserver
:type server: basestring
:return: The Id of the database object
"""
cryptedPassword = encryptPassword(password)
r = SMTPServerDB(identifier=identifier, server=server, port=port,
username=username, password=cryptedPassword, sender=sender,
description=description, tls=tls).save()
return r
def _storeConfigDB(key, val, typ=None, desc=None):
value = val
if (not key.startswith("privacyidea.")):
key = "privacyidea." + key
confEntries = Session.query(Config).filter(Config.Key == unicode(key))
theConf = None
if typ is not None and typ == 'password':
value = encryptPassword(val)
en = decryptPassword(value)
if (en != val):
raise Exception("StoreConfig: Error during encoding password type!")
## update
if confEntries.count() == 1:
theConf = confEntries[0]
theConf.Value = unicode(value)
if (typ is not None):
theConf.Type = unicode(typ)
if (desc is not None):
theConf.Description = unicode(desc)
## insert
elif confEntries.count() == 0:
theConf = Config(
Key=unicode(key),
Value=unicode(value),
Type=unicode(typ),
Description=unicode(desc)
)
if theConf is not None:
Session.add(theConf)
return 101
def test_01_encrypt_decrypt_pass(self):
r = encryptPassword("passwörd")
pin = decryptPassword(r)
self.assertTrue(pin == "passwörd", (r, pin))
