def __setitem__(self, key, val, typ=None, des=None): ''' implemtation of the assignement operator == internal function :param key: key of the dict :type key: string :param val: any value, which is put in the dict :type val: any type :param typ: used in the database to control if the data is encrypted :type typ: None,string,password :param des: literal, which describes the data :type des: string ''' if typ == 'password': ## in case we have a password type, we have to put ##- in the config only the encrypted pass and ##- add the config encprivacyidea.* with the clear password res = self.parent.__setitem__(key, encryptPassword(val)) res = self.parent.__setitem__('enc' + key, val) self.glo.setConfig({key :encryptPassword(val)}) self.glo.setConfig({'enc' + key : val}) else: ## update this config and sync with global dict and db nVal = _expandHere(val) res = self.parent.__setitem__(key, nVal) self.glo.setConfig({key:nVal}) _storeConfigDB(key, val, typ, des) _storeConfigDB('privacyidea.Config', datetime.now()) return res
def test_01_encrypt_decrypt_pass(self): r = encryptPassword(u"passwörd".encode('utf8')) # encryptPassword returns unicode self.assertTrue(isinstance(r, text_type)) pin = decryptPassword(r) # decryptPassword always returns unicode self.assertEqual(pin, u"passwörd") r = encryptPassword(u"passwörd") pin = decryptPassword(r) self.assertEqual(pin, u"passwörd") # decrypt some passwords generated with 2.23 pw1 = '3d1bf9db4c75469b4bb0bc7c70133181:2c27ac3839ed2213b8399d0471b17136' self.assertEqual(decryptPassword(pw1), 'test123') pw2 = '3a1be65a234f723fe5c6969b818582e1:08e51d1c65aa74c4988d094c40cb972c' self.assertEqual(decryptPassword(pw2), 'test123') pw3 = '7a4d5e2f26978394e33715bc3e8188a3:90b2782112ad7bbc5b48bd10e5c7c096cfe4ef7d9d11272595dc5b6c7f21d98a' self.assertEqual(decryptPassword(pw3, ), u'passwörd') # TODO: add checks for broken paddings/encrypted values and malformed enc_data not_valid_password = b"\x01\x02\x03\x04\xff" r = encryptPassword(not_valid_password) # A non valid password will raise an exception during decryption self.assertEqual(decryptPassword(r), 'FAILED TO DECRYPT PASSWORD!') # A value with missing colon (IV) will fail to decrypt self.assertEqual(decryptPassword('test'), 'FAILED TO DECRYPT PASSWORD!')
def test_01_encrypt_decrypt_pass(self): r = encryptPassword("passwörd") pin = decryptPassword(r) self.assertTrue(pin == "passwörd", (r, pin)) r = encryptPassword(u"passwörd") pin = decryptPassword(r, convert_unicode=True) self.assertEqual(pin, u"passwörd") r = encryptPassword(u"passwörd") pin = decryptPassword(r, convert_unicode=False) self.assertEqual(pin, "passwörd") # error path returns the bytestring r = encryptPassword(b"\x01\x02\x03\x04") self.assertEqual(decryptPassword(r, convert_unicode=True), b"\x01\x02\x03\x04")
def add_smtpserver(identifier, server, port=25, username="", password="", sender="", description="", tls=False): """ This adds an smtp server to the smtp server database table. If the "identifier" already exists, the database entry is updated. :param identifier: The identifier or the name of the SMTPServer definition. As the identifier is unique, providing an identifier will return a list with either one or no smtpserver :type identifier: basestring :param server: The FQDN or IP address of the smtpserver :type server: basestring :return: The Id of the database object """ cryptedPassword = encryptPassword(password) r = SMTPServerDB(identifier=identifier, server=server, port=port, username=username, password=cryptedPassword, sender=sender, description=description, tls=tls).save() return r
def add_radius(identifier, server, secret, port=1812, description="", dictionary='/etc/privacyidea/dictionary'): """ This adds a RADIUS server to the RADIUSServer database table. If the "identifier" already exists, the database entry is updated. :param identifier: The identifier or the name of the RADIUSServer definition. As the identifier is unique, providing an identifier will return a list with either one or no radius server :type identifier: basestring :param server: The FQDN or IP address of the RADIUS server :type server: basestring :param secret: The RADIUS secret :param port: the radius port :type port: int :param description: Human readable description of the RADIUS server definition :param dictionary: The RADIUS dictionary :return: The Id of the database object """ cryptedSecret = encryptPassword(secret) r = RADIUSServerDB(identifier=identifier, server=server, port=port, secret=cryptedSecret, description=description, dictionary=dictionary).save() return r
def test_radius(identifier, server, secret, user, password, port=1812, description="", dictionary='/etc/privacyidea/dictionary', retries=3, timeout=5): """ This tests a RADIUS server configuration by sending an access request. :param identifier: The identifier or the name of the RADIUSServer definition :type identifier: basestring :param server: The FQDN or IP address of the RADIUS server :type server: basestring :param secret: The RADIUS secret :param user: the username to send :param password: the password to send :param port: the radius port :type port: int :param description: Human readable description of the RADIUS server definition :param dictionary: The RADIUS dictionary :return: The result of the access request """ cryptedSecret = encryptPassword(secret) if len(cryptedSecret) > 255: raise privacyIDEAError(description=_("The RADIUS secret is too long"), id=2234) s = RADIUSServerDB(identifier=identifier, server=server, port=port, secret=cryptedSecret, dictionary=dictionary, retries=retries, timeout=timeout, description=description) return RADIUSServer.request(s, user, password)
def add_radius(identifier, server, secret, port=1812, description="", dictionary='/etc/privacyidea/dictionary', retries=3, timeout=5): """ This adds a RADIUS server to the RADIUSServer database table. If the "identifier" already exists, the database entry is updated. :param identifier: The identifier or the name of the RADIUSServer definition. As the identifier is unique, providing an identifier will return a list with either one or no radius server :type identifier: basestring :param server: The FQDN or IP address of the RADIUS server :type server: basestring :param secret: The RADIUS secret :param port: the radius port :type port: int :param description: Human readable description of the RADIUS server definition :param dictionary: The RADIUS dictionary :return: The Id of the database object """ cryptedSecret = encryptPassword(secret) if len(cryptedSecret) > 255: raise privacyIDEAError(description=_("The RADIUS secret is too long"), id=2234) r = RADIUSServerDB(identifier=identifier, server=server, port=port, secret=cryptedSecret, description=description, dictionary=dictionary, retries=retries, timeout=timeout).save() return r
def test_01_encrypt_decrypt_pass(self): r = encryptPassword(u"passwörd".encode('utf8')) pin = decryptPassword(r) self.assertEqual(pin, u"passwörd".encode('utf8')) r = encryptPassword(u"passwörd") pin = decryptPassword(r, convert_unicode=True) self.assertEqual(pin, u"passwörd") r = encryptPassword(u"passwörd") pin = decryptPassword(r, convert_unicode=False) self.assertEqual(pin, u"passwörd".encode('utf8')) # error path returns the bytestring bs = b"\x01\x02\x03\x04\xff" r = encryptPassword(bs) self.assertEqual(decryptPassword(r, convert_unicode=True), bs) self.assertEqual(decryptPassword('test'), 'FAILED TO DECRYPT PASSWORD!')
def test_01_encrypt_decrypt_pass(self): r = encryptPassword(u"passwörd".encode('utf8')) # encryptPassword returns unicode self.assertTrue(isinstance(r, text_type)) pin = decryptPassword(r) # decryptPassword always returns unicode self.assertEqual(pin, u"passwörd") r = encryptPassword(u"passwörd") pin = decryptPassword(r) self.assertEqual(pin, u"passwörd") not_valid_password = b"\x01\x02\x03\x04\xff" r = encryptPassword(not_valid_password) # A non valid password will raise an exception during decryption self.assertEqual(decryptPassword(r), 'FAILED TO DECRYPT PASSWORD!') # A value with missing colon (IV) will fail to decrypt self.assertEqual(decryptPassword('test'), 'FAILED TO DECRYPT PASSWORD!')
def _storeConfigDB(key, val, typ=None, desc=None): value = val if (not key.startswith("privacyidea.")): key = "privacyidea." + key confEntries = Session.query(Config).filter(Config.Key == unicode(key)) theConf = None if typ is not None and typ == 'password': value = encryptPassword(val) en = decryptPassword(value) if (en != val): raise Exception("StoreConfig: Error during encoding password type!") ## update if confEntries.count() == 1: theConf = confEntries[0] theConf.Value = unicode(value) if (typ is not None): theConf.Type = unicode(typ) if (desc is not None): theConf.Description = unicode(desc) ## insert elif confEntries.count() == 0: theConf = Config( Key=unicode(key), Value=unicode(value), Type=unicode(typ), Description=unicode(desc) ) if theConf is not None: Session.add(theConf) return 101
def test_01_encrypt_decrypt_pass(self): r = encryptPassword("passwörd") pin = decryptPassword(r) self.assertTrue(pin == "passwörd", (r, pin))