2010-01-15 00:15:41 +01:00
|
|
|
# -*- coding: utf-8 -*-
|
2008-12-30 16:25:42 +00:00
|
|
|
#
|
|
|
|
|
# This file is part of Radicale Server - Calendar Server
|
2009-07-27 15:04:54 +00:00
|
|
|
# Copyright © 2008 Nicolas Kandel
|
|
|
|
|
# Copyright © 2008 Pascal Halter
|
2013-04-26 01:28:03 +02:00
|
|
|
# Copyright © 2008-2013 Guillaume Ayoub
|
2008-12-30 16:25:42 +00:00
|
|
|
#
|
|
|
|
|
# This library is free software: you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# This library is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with Radicale. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
2009-07-27 15:04:54 +00:00
|
|
|
"""
|
2012-08-08 18:29:09 +02:00
|
|
|
Htpasswd authentication.
|
2009-07-27 15:04:54 +00:00
|
|
|
|
2010-01-21 18:52:53 +01:00
|
|
|
Load the list of login/password couples according a the configuration file
|
|
|
|
|
created by Apache ``htpasswd`` command. Plain-text, crypt and sha1 are
|
|
|
|
|
supported, but md5 is not (see ``htpasswd`` man page to understand why).
|
|
|
|
|
|
2009-07-27 15:04:54 +00:00
|
|
|
"""
|
|
|
|
|
|
2010-01-21 18:52:53 +01:00
|
|
|
import base64
|
|
|
|
|
import hashlib
|
2014-05-14 01:42:19 +02:00
|
|
|
import os
|
2009-07-27 15:04:54 +00:00
|
|
|
|
2012-08-09 17:31:36 +02:00
|
|
|
from .. import config
|
2008-12-30 16:25:42 +00:00
|
|
|
|
2010-01-21 18:52:53 +01:00
|
|
|
|
2014-05-14 01:42:19 +02:00
|
|
|
FILENAME = os.path.expanduser(config.get("auth", "htpasswd_filename"))
|
2012-08-08 18:29:09 +02:00
|
|
|
ENCRYPTION = config.get("auth", "htpasswd_encryption")
|
2011-04-25 16:47:42 +02:00
|
|
|
|
|
|
|
|
|
2010-02-10 18:57:21 +01:00
|
|
|
def _plain(hash_value, password):
|
|
|
|
|
"""Check if ``hash_value`` and ``password`` match using plain method."""
|
|
|
|
|
return hash_value == password
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _crypt(hash_value, password):
|
|
|
|
|
"""Check if ``hash_value`` and ``password`` match using crypt method."""
|
2010-04-09 22:05:44 +02:00
|
|
|
# The ``crypt`` module is only present on Unix, import if needed
|
|
|
|
|
import crypt
|
2010-02-10 18:57:21 +01:00
|
|
|
return crypt.crypt(password, hash_value) == hash_value
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _sha1(hash_value, password):
|
|
|
|
|
"""Check if ``hash_value`` and ``password`` match using sha1 method."""
|
|
|
|
|
hash_value = hash_value.replace("{SHA}", "").encode("ascii")
|
2011-08-09 11:34:10 +02:00
|
|
|
password = password.encode(config.get("encoding", "stock"))
|
2011-07-26 09:02:21 +02:00
|
|
|
sha1 = hashlib.sha1() # pylint: disable=E1101
|
2010-01-21 18:52:53 +01:00
|
|
|
sha1.update(password)
|
2010-02-10 18:57:21 +01:00
|
|
|
return sha1.digest() == base64.b64decode(hash_value)
|
2010-01-21 18:52:53 +01:00
|
|
|
|
|
|
|
|
|
2012-08-03 13:10:20 +02:00
|
|
|
def is_authenticated(user, password):
|
2010-01-21 18:52:53 +01:00
|
|
|
"""Check if ``user``/``password`` couple is valid."""
|
2010-02-10 18:57:21 +01:00
|
|
|
for line in open(FILENAME).readlines():
|
2010-01-21 18:52:53 +01:00
|
|
|
if line.strip():
|
2010-02-10 18:57:21 +01:00
|
|
|
login, hash_value = line.strip().split(":")
|
2012-08-03 13:10:20 +02:00
|
|
|
if login == user:
|
2011-05-09 13:56:53 +02:00
|
|
|
return globals()["_%s" % ENCRYPTION](hash_value, password)
|
2010-01-21 18:52:53 +01:00
|
|
|
return False
|
