Exemplo n.º 1
0
def authToESMySQL(mysqlHost,userMySQL="",passwordMySQL="",adminLogin=""):
    """Provides authentication with EventStore DB."""
    #if not userMySQL or not passwordMySQL:
    # read them from $HOME/.esdb.conf file
    loginInfo,adminInfo,dbName,host,port,socket = readConfigFile()
    #print "In authToESMySQL()"
    #print "mysqlHost = %s userMySQL = %s passwordMySQL = %s adminLogin = %s"%(mysqlHost,userMySQL,passwordMySQL,adminLogin)
    #print "loginInfo = %s adminInfo = %s dbName = %s host = %s port = %s socket = %s"%(loginInfo,adminInfo,dbName,host,port,socket)
    try:
        if adminLogin:
            userMySQL,passwordMySQL = string.split(adminInfo,":")
        else:
            userMySQL,passwordMySQL = string.split(loginInfo,":")
    except:
        print "Fail to decode login/password information from your $HOME/.esdb.conf"
        raise
    # we used md5crypt.md5crypt(password,'') to generate these hashes
    #if mysqlHost=="localhost":
    md5user = ["$1$$e9gJaPbMtkdCzRfQ60OFF/","$1$$ix2ie71gC4Xwad5LhaC3S1"]
    md5pass = ["$1$$sbkdtWBHO51xPwl./H9N81","$1$$sbkdtWBHO51xPwl./H9N81"]
    if not md5user.count(md5crypt.unix_md5_crypt(userMySQL,"")):
       print "Fail to login to mysql server, incorrect login. Please try again."
       sys.exit()
    if not md5pass.count(md5crypt.unix_md5_crypt(passwordMySQL,"")):
       print "Fail to login to mysql server, incorrect password. Please try again."
       sys.exit()
    #return (userMySQL,passwordMySQL)
    # actual DB isn't protected by a password right now
    return (userMySQL,"")
Exemplo n.º 2
0
def authToESMySQL(mysqlHost, userMySQL="", passwordMySQL="", adminLogin=""):
    """Provides authentication with EventStore DB."""
    #if not userMySQL or not passwordMySQL:
    # read them from $HOME/.esdb.conf file
    loginInfo, adminInfo, dbName, host, port, socket = readConfigFile()
    #print "In authToESMySQL()"
    #print "mysqlHost = %s userMySQL = %s passwordMySQL = %s adminLogin = %s"%(mysqlHost,userMySQL,passwordMySQL,adminLogin)
    #print "loginInfo = %s adminInfo = %s dbName = %s host = %s port = %s socket = %s"%(loginInfo,adminInfo,dbName,host,port,socket)
    try:
        if adminLogin:
            userMySQL, passwordMySQL = string.split(adminInfo, ":")
        else:
            userMySQL, passwordMySQL = string.split(loginInfo, ":")
    except:
        print "Fail to decode login/password information from your $HOME/.esdb.conf"
        raise
    # we used md5crypt.md5crypt(password,'') to generate these hashes
    #if mysqlHost=="localhost":
    md5user = ["$1$$e9gJaPbMtkdCzRfQ60OFF/", "$1$$ix2ie71gC4Xwad5LhaC3S1"]
    md5pass = ["$1$$sbkdtWBHO51xPwl./H9N81", "$1$$sbkdtWBHO51xPwl./H9N81"]
    if not md5user.count(md5crypt.unix_md5_crypt(userMySQL, "")):
        print "Fail to login to mysql server, incorrect login. Please try again."
        sys.exit()
    if not md5pass.count(md5crypt.unix_md5_crypt(passwordMySQL, "")):
        print "Fail to login to mysql server, incorrect password. Please try again."
        sys.exit()
    #return (userMySQL,passwordMySQL)
    # actual DB isn't protected by a password right now
    return (userMySQL, "")
Exemplo n.º 3
0
    def _validatePassword(self, data, password):
        """
        Check user password.

        This is a private method and should not be used by clients.

        @param data: dict with user data (from storage)
        @param password: password to verify [unicode]
        @rtype: 2 tuple (bool, bool)
        @return: password is valid, enc_password changed
        """
        epwd = data['enc_password']

        # If we have no password set, we don't accept login with username
        if not epwd:
            return False, False

        # require non empty password
        if not password:
            return False, False

        # Check and upgrade passwords from earlier MoinMoin versions and
        # passwords imported from other wiki systems.
        for method in ['{SHA}', '{APR1}', '{MD5}', '{DES}']:
            if epwd.startswith(method):
                d = epwd[len(method):]
                if method == '{SHA}':
                    enc = base64.encodestring(
                        hash_new('sha1', password.encode('utf-8')).digest()).rstrip()
                elif method == '{APR1}':
                    # d is of the form "$apr1$<salt>$<hash>"
                    salt = d.split('$')[2]
                    enc = md5crypt.apache_md5_crypt(password.encode('utf-8'),
                                                    salt.encode('ascii'))
                elif method == '{MD5}':
                    # d is of the form "$1$<salt>$<hash>"
                    salt = d.split('$')[2]
                    enc = md5crypt.unix_md5_crypt(password.encode('utf-8'),
                                                  salt.encode('ascii'))
                elif method == '{DES}':
                    if crypt is None:
                        return False, False
                    # d is 2 characters salt + 11 characters hash
                    salt = d[:2]
                    enc = crypt.crypt(password.encode('utf-8'), salt.encode('ascii'))

                if epwd == method + enc:
                    data['enc_password'] = encodePassword(password) # upgrade to SSHA
                    return True, True
                return False, False

        if epwd[:6] == '{SSHA}':
            data = base64.decodestring(epwd[6:])
            salt = data[20:]
            hash = hash_new('sha1', password.encode('utf-8'))
            hash.update(salt)
            return hash.digest() == data[:20], False

        # No encoded password match, this must be wrong password
        return False, False
Exemplo n.º 4
0
    def _validatePassword(self, data, password):
        """
        Check user password.

        This is a private method and should not be used by clients.

        @param data: dict with user data (from storage)
        @param password: password to verify [unicode]
        @rtype: 2 tuple (bool, bool)
        @return: password is valid, enc_password changed
        """
        epwd = data['enc_password']

        # If we have no password set, we don't accept login with username
        if not epwd:
            return False, False

        # require non empty password
        if not password:
            return False, False

        password_correct = recompute_hash = False
        wanted_scheme = self._cfg.password_scheme

        # Check password and upgrade weak hashes to strong default algorithm:
        for scheme in config.password_schemes_supported:
            if epwd.startswith(scheme):
                is_passlib = False
                d = epwd[len(scheme):]

                if scheme == '{PASSLIB}':
                    # a password hash to be checked by passlib library code
                    if not self._cfg.passlib_support:
                        logging.error('in user profile %r, password hash with {PASSLIB} scheme encountered, but passlib_support is False' % (self.id, ))
                    else:
                        pwd_context = self._cfg.cache.pwd_context
                        try:
                            password_correct = pwd_context.verify(password, d)
                        except ValueError, err:
                            # can happen for unknown scheme
                            logging.error('in user profile %r, verifying the passlib pw hash crashed [%s]' % (self.id, str(err)))
                        if password_correct:
                            # check if we need to recompute the hash. this is needed if either the
                            # passlib hash scheme / hash params changed or if we shall change to a
                            # builtin hash scheme (not recommended):
                            recompute_hash = pwd_context.hash_needs_update(d) or wanted_scheme != '{PASSLIB}'

                else:
                    # a password hash to be checked by legacy, builtin code
                    if scheme == '{SSHA}':
                        d = base64.decodestring(d)
                        salt = d[20:]
                        hash = hash_new('sha1', password.encode('utf-8'))
                        hash.update(salt)
                        enc = base64.encodestring(hash.digest() + salt).rstrip()

                    elif scheme == '{SHA}':
                        enc = base64.encodestring(
                            hash_new('sha1', password.encode('utf-8')).digest()).rstrip()

                    elif scheme == '{APR1}':
                        # d is of the form "$apr1$<salt>$<hash>"
                        salt = d.split('$')[2]
                        enc = md5crypt.apache_md5_crypt(password.encode('utf-8'),
                                                        salt.encode('ascii'))
                    elif scheme == '{MD5}':
                        # d is of the form "$1$<salt>$<hash>"
                        salt = d.split('$')[2]
                        enc = md5crypt.unix_md5_crypt(password.encode('utf-8'),
                                                      salt.encode('ascii'))
                    elif scheme == '{DES}':
                        if crypt is None:
                            return False, False
                        # d is 2 characters salt + 11 characters hash
                        salt = d[:2]
                        enc = crypt.crypt(password.encode('utf-8'), salt.encode('ascii'))

                    else:
                        logging.error('in user profile %r, password hash with unknown scheme encountered: %r' % (self.id, scheme))
                        raise NotImplementedError

                    if safe_str_equal(epwd, scheme + enc):
                        password_correct = True
                        recompute_hash = scheme != wanted_scheme

                if recompute_hash:
                    data['enc_password'] = encodePassword(self._cfg, password)
                return password_correct, recompute_hash
Exemplo n.º 5
0
	def realEncode(self, data):
		if self._salt == None:
			return md5crypt.unix_md5_crypt(data, data[:2], self._magic)
		return md5crypt.unix_md5_crypt(data, self._salt, self._magic)
Exemplo n.º 6
0
    def _validatePassword(self, data, password):
        """
        Check user password.

        This is a private method and should not be used by clients.

        @param data: dict with user data (from storage)
        @param password: password to verify [unicode]
        @rtype: 2 tuple (bool, bool)
        @return: password is valid, enc_password changed
        """
        epwd = data['enc_password']

        # If we have no password set, we don't accept login with username
        if not epwd:
            return False, False

        # require non empty password
        if not password:
            return False, False

        password_correct = recompute_hash = False
        wanted_scheme = self._cfg.password_scheme

        # Check password and upgrade weak hashes to strong default algorithm:
        for scheme in config.password_schemes_supported:
            if epwd.startswith(scheme):
                is_passlib = False
                d = epwd[len(scheme):]

                if scheme == '{PASSLIB}':
                    # a password hash to be checked by passlib library code
                    if not self._cfg.passlib_support:
                        logging.error(
                            'in user profile %r, password hash with {PASSLIB} scheme encountered, but passlib_support is False'
                            % (self.id, ))
                    else:
                        pwd_context = self._cfg.cache.pwd_context
                        try:
                            password_correct = pwd_context.verify(password, d)
                        except ValueError, err:
                            # can happen for unknown scheme
                            logging.error(
                                'in user profile %r, verifying the passlib pw hash crashed [%s]'
                                % (self.id, str(err)))
                        if password_correct:
                            # check if we need to recompute the hash. this is needed if either the
                            # passlib hash scheme / hash params changed or if we shall change to a
                            # builtin hash scheme (not recommended):
                            recompute_hash = pwd_context.hash_needs_update(
                                d) or wanted_scheme != '{PASSLIB}'

                else:
                    # a password hash to be checked by legacy, builtin code
                    if scheme == '{SSHA}':
                        d = base64.decodestring(d)
                        salt = d[20:]
                        hash = hash_new('sha1', password.encode('utf-8'))
                        hash.update(salt)
                        enc = base64.encodestring(hash.digest() +
                                                  salt).rstrip()

                    elif scheme == '{SHA}':
                        enc = base64.encodestring(
                            hash_new(
                                'sha1',
                                password.encode('utf-8')).digest()).rstrip()

                    elif scheme == '{APR1}':
                        # d is of the form "$apr1$<salt>$<hash>"
                        salt = d.split('$')[2]
                        enc = md5crypt.apache_md5_crypt(
                            password.encode('utf-8'), salt.encode('ascii'))
                    elif scheme == '{MD5}':
                        # d is of the form "$1$<salt>$<hash>"
                        salt = d.split('$')[2]
                        enc = md5crypt.unix_md5_crypt(password.encode('utf-8'),
                                                      salt.encode('ascii'))
                    elif scheme == '{DES}':
                        if crypt is None:
                            return False, False
                        # d is 2 characters salt + 11 characters hash
                        salt = d[:2]
                        enc = crypt.crypt(password.encode('utf-8'),
                                          salt.encode('ascii'))

                    else:
                        logging.error(
                            'in user profile %r, password hash with unknown scheme encountered: %r'
                            % (self.id, scheme))
                        raise NotImplementedError

                    if safe_str_equal(epwd, scheme + enc):
                        password_correct = True
                        recompute_hash = scheme != wanted_scheme

                if recompute_hash:
                    data['enc_password'] = encodePassword(self._cfg, password)
                return password_correct, recompute_hash
Exemplo n.º 7
0
	def realEncode(self, data):
		if self._salt == None:
			return md5crypt.unix_md5_crypt(data, data[:2], self._magic)
		return md5crypt.unix_md5_crypt(data, self._salt, self._magic)
Exemplo n.º 8
0
def generate_md5_password(p):
    p = str(p).strip()
    return md5crypt.unix_md5_crypt(p, generate_random_strings(length=8))