Exemplo n.º 1
0
def _sha1(hash_value, password):
    """Check if ``hash_value`` and ``password`` match using sha1 method."""
    hash_value = hash_value.replace("{SHA}", "").encode("ascii")
    password = password.encode(config.get("encoding", "stock"))
    sha1 = hashlib.sha1() # pylint: disable=E1101
    sha1.update(password)
    return sha1.digest() == base64.b64decode(hash_value)
Exemplo n.º 2
0
def _bcrypt(hash_value, password):
    if have_bcrypt:
        password = password.encode(config.get("encoding", "stock"))
        return bcrypt.hashpw(password, hash_value) == hash_value
    else:
        log.error("Bcrypt module is missing, cannot authenticate")
        return False
Exemplo n.º 3
0
def _sha1(hash_value, password):
    """Check if ``hash_value`` and ``password`` match using sha1 method."""
    hash_value = hash_value.replace("{SHA}", "").encode("ascii")
    password = password.encode(config.get("encoding", "stock"))
    sha1 = hashlib.sha1()  # pylint: disable=E1101
    sha1.update(password)
    return sha1.digest() == base64.b64decode(hash_value)
Exemplo n.º 4
0
def _bcrypt(hash_value, password):
    if have_bcrypt:
        password = password.encode(config.get("encoding", "stock"))
        return bcrypt.hashpw(password, hash_value) == hash_value
    else:
        log.error("Bcrypt module is missing, cannot authenticate")
        return False
Exemplo n.º 5
0
"""
PAM authentication

Use Pluggable Authentication Modules (PAM) system on Linux
for checking users/passwords.

"""

import logging
import PAM

from calypso import config

LOG = logging.getLogger()
SVC = config.get("acl", "pam_service")
PERSONAL = config.getboolean("acl", "personal")

def has_right(owner, user, password):
    """Check if ``user``/``password`` couple is valid."""
    LOG.debug("owner %s user %s", owner, user)
    if owner and owner != user and PERSONAL:
        return False
    def pam_conv(auth, query_list, userData):
        result = []
        result.append((password, 0))
        return result
    try:
        auth = PAM.pam()
        auth.start(SVC)
        auth.set_item(PAM.PAM_USER, user)
Exemplo n.º 6
0
    hash_value = hash_value.replace("{SHA}", "").encode("ascii")
    password = password.encode(config.get("encoding", "stock"))
    sha1 = hashlib.sha1() # pylint: disable=E1101
    sha1.update(password)
    return sha1.digest() == base64.b64decode(hash_value)


def _bcrypt(hash_value, password):
    if have_bcrypt:
        password = password.encode(config.get("encoding", "stock"))
        return bcrypt.hashpw(password, hash_value) == hash_value
    else:
        log.error("Bcrypt module is missing, cannot authenticate")
        return False


def has_right(owner, user, password):
    """Check if ``user``/``password`` couple is valid."""
    log.debug("owner '%s' user '%s'", owner, user)
    for line in open(FILENAME).readlines():
        if line.strip():
            login, hash_value = line.strip().split(":", 1)
            if login == user and (not PERSONAL or user == owner):
                return CHECK_PASSWORD(hash_value, password)
    return False


FILENAME = os.path.expanduser(config.get("acl", "filename"))
PERSONAL = config.getboolean("acl", "personal")
CHECK_PASSWORD = locals()["_%s" % config.get("acl", "encryption")]
Exemplo n.º 7
0
# along with Calypso.  If not, see <http://www.gnu.org/licenses/>.
"""
PAM authentication

Use Pluggable Authentication Modules (PAM) system on Linux
for checking users/passwords.

"""

import logging
import PAM

from calypso import config

LOG = logging.getLogger()
SVC = config.get("acl", "pam_service")
PERSONAL = config.getboolean("acl", "personal")


def has_right(owner, user, password):
    """Check if ``user``/``password`` couple is valid."""
    LOG.debug("owner %s user %s", owner, user)
    if owner and owner != user and PERSONAL:
        return False

    def pam_conv(auth, query_list, userData):
        result = []
        result.append((password, 0))
        return result

    try:
Exemplo n.º 8
0
def load():
    """Load list of available ACL managers."""
    acl_type = config.get("acl", "type").encode("utf-8")
    module = __import__("calypso.acl", fromlist=[acl_type])
    return getattr(module, acl_type)
Exemplo n.º 9
0
def _crypt(hash_value, password):
    """Check if ``hash_value`` and ``password`` match using crypt method."""
    # The ``crypt`` module is only present on Unix, import if needed
    import crypt
    return crypt.crypt(password, hash_value) == hash_value


def _sha1(hash_value, password):
    """Check if ``hash_value`` and ``password`` match using sha1 method."""
    hash_value = hash_value.replace("{SHA}", "").encode("ascii")
    password = password.encode(config.get("encoding", "stock"))
    sha1 = hashlib.sha1()  # pylint: disable=E1101
    sha1.update(password)
    return sha1.digest() == base64.b64decode(hash_value)


def has_right(owner, user, password):
    """Check if ``user``/``password`` couple is valid."""
    log.debug("owner %s user %s", owner, user)
    for line in open(FILENAME).readlines():
        if line.strip():
            login, hash_value = line.strip().split(":", 1)
            if login == user and (not PERSONAL or user == owner):
                return CHECK_PASSWORD(hash_value, password)
    return False


FILENAME = os.path.expanduser(config.get("acl", "filename"))
PERSONAL = config.getboolean("acl", "personal")
CHECK_PASSWORD = locals()["_%s" % config.get("acl", "encryption")]
Exemplo n.º 10
0
def load():
    """Load list of available ACL managers."""
    module = __import__("calypso.acl", fromlist=[config.get("acl", "type")])
    return getattr(module, config.get("acl", "type"))