From bb3a4c8b367f3b72121f30c063aa56db87709659 Mon Sep 17 00:00:00 2001
From: Michael McGrath <mmcgrath@desktop.mmcgrath.net>
Date: Thu, 28 Feb 2008 14:07:14 -0600
Subject: [PATCH] initial workings of the shadow crypted passwords in the
 database

---
 fas/client/fasClient.py | 9 +++++----
 fas/fas/config/app.cfg  | 1 +
 fas/fas/json_request.py | 2 --
 fas/fas/user.py         | 6 ++++--
 fas/fas2.sql            | 4 ++--
 5 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py
index cae619b..7cfa7da 100755
--- a/fas/client/fasClient.py
+++ b/fas/client/fasClient.py
@@ -18,6 +18,7 @@
 #
 # Red Hat Author(s): Mike McGrath <mmcgrath@redhat.com>
 #
+# TODO: put tmp files in a 700 tmp dir
 
 import sys
 import os
@@ -58,7 +59,7 @@ parser.add_option('-s', '--server',
 class MakeShellAccounts(BaseClient):
     def group_list(self, search='*'):
         params = {'search' : search}
-        data = self.send_request('json/group_list', auth=False, input=params)
+        data = self.send_request('json/group_list', auth=True, input=params)
         return data
 
     def shadow_text(self, people=None):
@@ -136,7 +137,7 @@ class MakeShellAccounts(BaseClient):
         
     def people_list(self, search='*'):
         params = {'search' : search}
-        data = self.send_request('json/people_list', auth=False, input=params)
+        data = self.send_request('json/people_list', auth=True, input=params)
         return data['people']
 
     def make_group_db(self):
@@ -149,7 +150,7 @@ class MakeShellAccounts(BaseClient):
     
     def make_shadow_db(self):
         self.shadow_text()
-        os.system('makedb -o /tmp/passwd.db /tmp/shadow.txt')
+        os.system('makedb -o /tmp/shadow.db /tmp/shadow.txt')
     
     def install_passwd_db(self):
         try:
@@ -172,7 +173,7 @@ class MakeShellAccounts(BaseClient):
 
 if __name__ == '__main__':
     try:
-        fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', 1)
+        fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False)
     except AuthError, e:
         print e
         sys.exit(1)
diff --git a/fas/fas/config/app.cfg b/fas/fas/config/app.cfg
index 5c1d0ed..19c70ff 100644
--- a/fas/fas/config/app.cfg
+++ b/fas/fas/config/app.cfg
@@ -7,6 +7,7 @@
 # The commented out values below are the defaults
 
 admingroup = 'accounts'
+shadowsalt = 'djFfnacd'
 
 # VIEW
 
diff --git a/fas/fas/json_request.py b/fas/fas/json_request.py
index 64b5489..ebd543a 100644
--- a/fas/fas/json_request.py
+++ b/fas/fas/json_request.py
@@ -21,7 +21,6 @@ class JsonRequest(controllers.Controller):
         '''Perhaps show a nice explanatory message about groups here?'''
         return dict(help='This is a json interface')
     
-    @identity.require(turbogears.identity.not_anonymous())
     @expose("json", allow_json=True)
     def group_list(self, search='*'):
         re_search = re.sub(r'\*', r'%', search).lower()
@@ -31,7 +30,6 @@ class JsonRequest(controllers.Controller):
             memberships[group.id] = group.approved_roles
         return dict(groups=groups, memberships=memberships)
     
-    @identity.require(turbogears.identity.not_anonymous())
     @expose("json", allow_json=True)
     def people_list(self, search='*'):
         re_search = re.sub(r'\*', r'%', search).lower()
diff --git a/fas/fas/user.py b/fas/fas/user.py
index 4828ada..7b6c7a7 100644
--- a/fas/fas/user.py
+++ b/fas/fas/user.py
@@ -1,5 +1,5 @@
 import turbogears
-from turbogears import controllers, expose, paginate, identity, redirect, widgets, validate, validators, error_handler
+from turbogears import controllers, expose, paginate, identity, redirect, widgets, validate, validators, error_handler, config
 from turbogears.database import session
 import cherrypy
 
@@ -7,6 +7,7 @@ import os
 import re
 import gpgme
 import StringIO
+import crypt
 
 from fas.model import People
 from fas.model import PersonEmails
@@ -117,6 +118,7 @@ def generatePassword(password=None,length=14,salt=''):
     
 #    ctx = sha.new(password)
 #    ctx.update(salt)
+    secret['hash'] = crypt.crypt(password, "$1$%s" % config.get('shadowsalt'))
 #    secret['hash'] = "{SSHA}%s" % b64encode(ctx.digest() + salt)
     secret['pass'] = password
 
@@ -299,7 +301,7 @@ class User(controllers.Controller):
             return dict()
         newpass = generatePassword(password)
         try:
-            person.password = newpass['pass']
+            person.password = newpass['hash']
             turbogears.flash(_("Your password has been changed."))
         except:
             turbogears.flash(_("Your password could not be changed."))
diff --git a/fas/fas2.sql b/fas/fas2.sql
index 0911c3e..5a27db3 100644
--- a/fas/fas2.sql
+++ b/fas/fas2.sql
@@ -432,8 +432,8 @@ GRANT ALL ON TABLE visit, visit_identity TO GROUP apache;
 -- information so we need to allow select access on all these tables :-(
 GRANT SELECT ON TABLE people, groups, person_roles, person_emails, group_roles, group_emails, configs TO GROUP apache;
 
--- Create default admin user
-INSERT INTO people (username, human_name, password) VALUES ('admin', 'Admin User', 'admin');
+-- Create default admin user - Default Password "admin"
+INSERT INTO people (username, human_name, password) VALUES ('admin', 'Admin User', '$1$djFfnacd$im/L4UiYckFAlw4D5JUau.');
 
 -- Create default groups and populate
 INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('cla_sign', 'Signed CLA Group', (SELECT id from people where username='admin'), 'tracking');