def testHashIsEmptyString(self):
password = "******"
# On some systems (e.g. Mac OS X) the crypt() function can handle
# empty salts, while on others (e.g. Debian lenny) the crypt() function
# returns an empty hash if an empty salt is passed in. If the latter
# is the case, password_validate() will not work properly due to how
# employs crypt() for its implementation. This test case will always
# fail, which makes it pretty useless. Instead of removing the test
# case altogether, we execute it only if the system crypt() behaviour
# lets us assume that it might succeed.
salt = ""
import crypt
if len(crypt.crypt(password, salt)) is 0:
return
hash = ""
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def authenticate(self, username=None, password=None):
"""
Authenticates against the database using Apache Portable Runtime MD5 hash function.
"""
if not APR_ENABLED:
return None
try:
user = auth_models.User.objects.get(username__iexact=username)
if aprmd5.password_validate(password, user.password):
# Successfully checked password, so we change it to the Django password format
user.set_password(password)
user.save()
return user
except ValueError:
return None
except auth_models.User.DoesNotExist:
return None
def testHashHasNoSalt(self):
password = "******"
hash = "$apr1$vGRl2mLvDG8pptkZ9Cyum."
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testHashHasTooLongPrefix(self):
password = "******"
hash = "$apr1234567890$mYJd83wW$IO.6aK3G0d4mHxcImhPX50"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testPasswordIsEmptyString(self):
password = ""
hash = "$apr1$7n4Iu7Bq$jsH1cRc.tyRPvJpZjxUjV."
expectedResult = True
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testValidationFails(self):
password = "******"
hash = "$apr1$mYJd83wW$xxxxxxxxxxxxxxxxxxxxxx"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testValidationSucceeds(self):
password = "******"
hash = "$apr1$mYJd83wW$IO.6aK3G0d4mHxcImhPX50"
expectedResult = True
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testHashHasNoCrypt(self):
password = "******"
hash = "$apr1$mYJd83wW"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testHashHasTooLongSalt(self):
password = "******"
hash = "$apr1$mYJd83wW9876543210$IO.6aK3G0d4mHxcImhPX50"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testPasswordIsEmptyString(self):
password = ""
hash = "$apr1$7n4Iu7Bq$jsH1cRc.tyRPvJpZjxUjV."
expectedResult = True
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testValidationFails(self):
password = "******"
hash = "$apr1$mYJd83wW$xxxxxxxxxxxxxxxxxxxxxx"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testValidationSucceeds(self):
password = "******"
hash = "$apr1$mYJd83wW$IO.6aK3G0d4mHxcImhPX50"
expectedResult = True
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testHashHasTooLongCrypt(self):
password = "******"
hash = "$apr1$mYJd83wW$IO.6aK3G0d4mHxcImhPX501234567890"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def testHashHasNoCrypt(self):
password = "******"
hash = "$apr1$mYJd83wW"
expectedResult = False
result = password_validate(password, hash)
self.assertEqual(result, expectedResult)
def process_handshake(self, line):
deny = None
alreadyauthed = False
try:
hs = json.loads(line.decode('ascii'))
except ValueError as e:
deny = 'Badly formatted handshake: ' + str(e)
else:
try:
self.coordinator.handshake_logger.debug(line.decode('ascii'))
if hs['version'] != 2 and hs['version'] != 3:
raise ValueError('Unsupported version in handshake')
auth = str(hs['user'])
auth = auth.split(":")
if len(auth) != 2:
raise ValueError(
"No API-key given. Please check your credentials.")
user = auth[0]
# Newlines wreak havoc on log files, strip them
user = re.sub("\n|\r", r'\\n', user)
# replace bad characters with an underscore
user = re.sub("[^A-Za-z0-9_.-]", r'_', user)
if len(user) > 400:
user = user[:400]
if len(user) < 5:
user = user + '_' + str(random.randrange(10000, 99999))
# Make sure the user string is sane...
good_user_regex = '^[A-Za-z0-9_.-]+$'
user_ok = re.match(good_user_regex, user)
if user_ok is None:
raise ValueError(
"Bad username '{user}'. Please only use alphanum, '_', '-', or '.'"
.format(user=user))
"""Read htpasswd file and authenticate the user"""
lines = open("auth/htpasswd", "r").readlines()
authenticated = False
for line in lines:
username, pwhash = line.split(":")
if username == user:
authenticated = password_validate(
auth[1], pwhash.rstrip())
if authenticated == True:
break
if authenticated is False:
raise ValueError(
"Authentification failed. Please check your credentials."
)
for i in range(5):
if user in self.coordinator.receivers:
"""user = user + '_' + str(random.randrange(10,99))"""
alreadyauthed = True
raise ValueError(
"Station already connected. If you've lost connection, try again later."
)
else:
break
peer_compression_methods = set(hs['compress'])
self.compress = None
for c, readmeth, writemeth in self._compression_methods:
if c in peer_compression_methods:
self.compress = c
self.handle_messages = readmeth
self.send = writemeth
break
if self.compress is None:
raise ValueError('No mutually usable compression type')
lat = float(hs['lat'])
if lat < -90 or lat > 90:
raise ValueError('invalid latitude, should be -90 .. 90')
lon = float(hs['lon'])
if lon < -180 or lon > 360:
raise ValueError(
'invalid longitude, should be -180 .. 360')
if lon > 180:
lon = lon - 180
alt = float(hs['alt'])
if alt < -1000 or alt > 10000:
raise ValueError(
'invalid altitude, should be -1000 .. 10000')
clock_type = str(hs.get('clock_type', 'dump1090'))
self.use_return_results = bool(hs.get('return_results', False))
if self.use_return_results:
return_result_format = hs.get('return_result_format',
'old')
if return_result_format == 'old':
self.report_mlat_position = self.report_mlat_position_old
elif return_result_format == 'ecef':
self.report_mlat_position = self.report_mlat_position_ecef
else:
raise ValueError(
'invalid return_result_format, should be one of "old" or "ecef"'
)
else:
self.report_mlat_position = self.report_mlat_position_discard
self.use_udp = (self.udp_protocol is not None
and hs.get('udp_transport', 0) == 2)
conn_info = 'v{v} {clock_type} {cversion} {udp} {compress}'.format(
v=hs['version'],
cversion=hs.get("client_version", "unknown"),
udp="udp" if self.use_udp else "tcp",
clock_type=clock_type,
compress=self.compress)
self.receiver = self.coordinator.new_receiver(
connection=self,
uuid=user,
user=user,
auth=hs.get('auth'),
clock_type=clock_type,
position_llh=(lat, lon, alt),
privacy=bool(hs.get('privacy', False)),
connection_info=conn_info)
# disabled until I get to the bottom of the odd timestamps
if False and self.receiver.clock.epoch == 'gps_midnight':
self.process_mlat = self.process_mlat_gps
else:
self.process_mlat = self.process_mlat_nongps
except KeyError as e:
deny = 'Missing field in handshake: ' + str(e)
except ValueError as e:
deny = 'Bad values in handshake: ' + str(e)
if deny:
self.logger.warning('Handshake failed: %s', deny)
if alreadyauthed is True:
self.write_raw(deny=[deny], reconnect_in=util.fuzzy(15))
else:
self.write_raw(deny=[deny], reconnect_in=util.fuzzy(15))
return False
expanded_motd = """
{motd}
The multilateration server source code is available under
the terms of the Affero GPL (v3 or later). You may obtain
a copy of this server's source code at the following
location: {agpl_url}
""".format(agpl_url=config.AGPL_SERVER_CODE_URL, motd=self.motd)
response = {
"compress": self.compress,
"reconnect_in": util.fuzzy(15),
"selective_traffic": True,
"heartbeat": True,
"return_results": self.use_return_results,
"rate_reports": True,
"motd": expanded_motd
}
if self.use_udp:
self._udp_key = self.udp_protocol.add_client(
sync_handler=self.process_sync, mlat_handler=self.process_mlat)
response['udp_transport'] = (self.udp_host, self.udp_port,
self._udp_key)
self.write_raw(**response)
strange = ''
if clock_type != 'dump1090' and clock_type != 'radarcape_gps':
strange = 'strange clock: '
self.logger.warning(
"{strange}Handshake successful ({user} {conn_info})'".format(
strange=strange, user=user, conn_info=conn_info))
self.logger = util.TaggingLogger(glogger,
{'tag': '{user}'.format(user=user)})
return True
