def _mungePassword(self, password):
if password is None or password == '':
return None, None
m = md5()
salt = os.urandom(4)
m.update(salt)
m.update(password)
return salt.encode('hex'), m.hexdigest()
def addUser(self, user, password):
self.log(3, user)
salt = os.urandom(4)
m = digestlib.md5()
m.update(salt)
m.update(password)
self.addUserByMD5(user, salt, m.hexdigest())
def addUser(self, user, password):
self.log(3, user)
salt = os.urandom(4)
m = digestlib.md5()
m.update(salt)
m.update(password)
self.addUserByMD5(user, salt, m.hexdigest())
def _checkPassword(self, user, salt, password, challenge):
if salt and password:
m = md5(salt.decode('hex') + challenge)
if m.hexdigest() == password:
return True
else:
if self.authClient.checkPassword(user, challenge):
return True
return False
def changePassword(self, user, newPassword):
self.log(3, user)
salt = os.urandom(4)
m = digestlib.md5()
m.update(salt)
m.update(newPassword)
cu = self.db.cursor()
self.userAuth.changePassword(cu, user, salt, m.hexdigest())
self.db.commit()
def changePassword(self, user, newPassword):
self.log(3, user)
salt = os.urandom(4)
m = digestlib.md5()
m.update(salt)
m.update(newPassword)
cu = self.db.cursor()
self.userAuth.changePassword(cu, user, salt, m.hexdigest())
self.db.commit()
def _checkPassword(self, user, salt, password, challenge, remoteIp=None):
if challenge is ValidPasswordToken:
# Short-circuit for shim-using code that does its own
# authentication, e.g. through one-time tokens or session
# data.
return True
if self.cacheTimeout:
cacheEntry = sha1helper.sha1String("%s%s" % (user, challenge))
timeout = self.pwCache.get(cacheEntry, None)
if timeout is not None and time.time() < timeout:
return True
if self.pwCheckUrl:
try:
url = "%s?user=%s;password=%s" \
% (self.pwCheckUrl, urllib.quote(user),
urllib.quote(challenge))
if remoteIp is not None:
url += ';remote_ip=%s' % urllib.quote(remoteIp)
f = urllib2.urlopen(url)
xmlResponse = f.read()
except:
return False
p = PasswordCheckParser()
p.parse(xmlResponse)
isValid = p.validPassword()
else:
m = digestlib.md5()
m.update(salt)
m.update(challenge)
isValid = m.hexdigest() == password
if isValid and self.cacheTimeout:
# cacheEntry is still around from above
self.pwCache[cacheEntry] = time.time() + self.cacheTimeout
return isValid
def _checkPassword(self, user, salt, password, challenge, remoteIp = None):
if challenge is ValidPasswordToken:
# Short-circuit for shim-using code that does its own
# authentication, e.g. through one-time tokens or session
# data.
return True
if self.cacheTimeout:
cacheEntry = sha1helper.sha1String("%s%s" % (user, challenge))
timeout = self.pwCache.get(cacheEntry, None)
if timeout is not None and time.time() < timeout:
return True
if self.pwCheckUrl:
try:
url = "%s?user=%s;password=%s" \
% (self.pwCheckUrl, urllib.quote(user),
urllib.quote(challenge))
if remoteIp is not None:
url += ';remote_ip=%s' % urllib.quote(remoteIp)
f = urllib2.urlopen(url)
xmlResponse = f.read()
except:
return False
p = PasswordCheckParser()
p.parse(xmlResponse)
isValid = p.validPassword()
else:
m = digestlib.md5()
m.update(salt)
m.update(challenge)
isValid = m.hexdigest() == password
if isValid and self.cacheTimeout:
# cacheEntry is still around from above
self.pwCache[cacheEntry] = time.time() + self.cacheTimeout
return isValid
def get(self, build_flavor, search_flavors, macros):
'''
Create a context in the local buildcfg out of the specified build
and search flavors, and macros.
'''
# Calculate a unique context name based on the specified settings
ctx = md5()
ctx.update(build_flavor.freeze())
for search_flavor in search_flavors:
ctx.update(search_flavor.freeze())
for key in sorted(macros.keys()):
ctx.update(key + macros[key])
name = ctx.hexdigest()[:12]
# Add a context if necessary and return the context name.
if name not in self.contexts:
context = self.config.setSection(name)
context['buildFlavor'] = build_flavor
context['flavor'] = search_flavors
context['macros'] = macros
self.contexts.add(name)
return name
def _mungePassword(password):
m = md5()
salt = os.urandom(4)
m.update(salt)
m.update(password)
return salt.encode('hex'), m.hexdigest()
def verifySignatures(f, validKeys=None):
"""
Given an extended file, compute signatures
"""
f.seek(0)
h = readHeader(f)
# Cheap test first: verify MD5 sig
sigmd5 = h.get(SIG_MD5, None)
if sigmd5 is not None:
f.seek(0)
readSignatureHeader(f)
# verify md5 digest
md5 = digestlib.md5()
util.copyfileobj(f, NullWriter(), digest=md5)
if md5.digest() != sigmd5:
raise MD5SignatureError(
"The MD5 digest fails to verify: expected %s, got %s" %
(sha1helper.md5ToString(sigmd5), md5.hexdigest()))
# Don't bother if no gpg signature was present, or no valid keys were
# presented
if validKeys is None:
return
sigString = h.get(SIG_GPG, None)
if sigString is None:
return
# Skip to immutable header region
f.seek(0)
readSignatureHeader(f)
sig = openpgpfile.readSignature(sigString)
keyId = sig.getSignerKeyId()
matchingKeys = [x for x in validKeys if x.hasKeyId(keyId)]
if not matchingKeys:
raise PGPSignatureError("Signature generated with key %s does "
"not match valid keys %s" %
(keyId, ', '.join(x.getKeyId()
for x in validKeys)))
key = matchingKeys[0]
# signature verification assumes a seekable stream and will seek to the
# beginning; use a SeekableNestedFile
size = h.getHeaderPlusPayloadSize()
if size is None:
pos = f.tell()
f.seek(0, 2)
size = f.tell()
f.seek(pos, 0)
snf = None
if hasattr(f, 'pread'):
extFile = f
elif hasattr(f, 'name'):
extFile = util.ExtendedFile(f.name, buffering=False)
else:
# worst case scenario, we slurp everything in memory
extFile = util.ExtendedStringIO(f.read())
snf = extFile
if snf is None:
snf = util.SeekableNestedFile(extFile, start=f.tell(), size=size)
try:
sig.verifyDocument(key.getCryptoKey(), snf)
except openpgpfile.SignatureError:
raise PGPSignatureError
def _mungePassword(cls, password):
salt = '\000' * 4
m = digestlib.md5()
m.update(salt)
m.update(password)
return salt.encode('hex'), m.hexdigest()
def md5String(buf):
m = digestlib.md5()
m.update(buf)
return m.digest()
def verifySignatures(f, validKeys = None):
"""
Given an extended file, compute signatures
"""
f.seek(0)
h = readHeader(f)
# Cheap test first: verify MD5 sig
sigmd5 = h.get(SIG_MD5, None)
if sigmd5 is not None:
f.seek(0)
readSignatureHeader(f)
# verify md5 digest
md5 = digestlib.md5()
util.copyfileobj(f, NullWriter(), digest = md5)
if md5.digest() != sigmd5:
raise MD5SignatureError(
"The MD5 digest fails to verify: expected %s, got %s" %
(sha1helper.md5ToString(sigmd5), md5.hexdigest()))
# Don't bother if no gpg signature was present, or no valid keys were
# presented
if validKeys is None:
return
sigString = h.get(SIG_GPG, None)
if sigString is None:
return
# Skip to immutable header region
f.seek(0)
readSignatureHeader(f)
sig = openpgpfile.readSignature(sigString)
keyId = sig.getSignerKeyId()
matchingKeys = [ x for x in validKeys if x.hasKeyId(keyId) ]
if not matchingKeys:
raise PGPSignatureError("Signature generated with key %s does "
"not match valid keys %s" %
(keyId, ', '.join(x.getKeyId() for x in validKeys)))
key = matchingKeys[0]
# signature verification assumes a seekable stream and will seek to the
# beginning; use a SeekableNestedFile
size = h.getHeaderPlusPayloadSize()
if size is None:
pos = f.tell()
f.seek(0, 2)
size = f.tell()
f.seek(pos, 0)
snf = None
if hasattr(f, 'pread'):
extFile = f
elif hasattr(f, 'name'):
extFile = util.ExtendedFile(f.name, buffering = False)
else:
# worst case scenario, we slurp everything in memory
extFile = util.ExtendedStringIO(f.read())
snf = extFile
if snf is None:
snf = util.SeekableNestedFile(extFile, start = f.tell(), size = size)
try:
sig.verifyDocument(key.getCryptoKey(), snf)
except openpgpfile.SignatureError:
raise PGPSignatureError
def md5String(buf):
m = digestlib.md5()
m.update(buf)
return m.digest()
