From bb3a4c8b367f3b72121f30c063aa56db87709659 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Thu, 28 Feb 2008 14:07:14 -0600 Subject: [PATCH] initial workings of the shadow crypted passwords in the database --- fas/client/fasClient.py | 9 +++++---- fas/fas/config/app.cfg | 1 + fas/fas/json_request.py | 2 -- fas/fas/user.py | 6 ++++-- fas/fas2.sql | 4 ++-- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index cae619b..7cfa7da 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -18,6 +18,7 @@ # # Red Hat Author(s): Mike McGrath # +# TODO: put tmp files in a 700 tmp dir import sys import os @@ -58,7 +59,7 @@ parser.add_option('-s', '--server', class MakeShellAccounts(BaseClient): def group_list(self, search='*'): params = {'search' : search} - data = self.send_request('json/group_list', auth=False, input=params) + data = self.send_request('json/group_list', auth=True, input=params) return data def shadow_text(self, people=None): @@ -136,7 +137,7 @@ class MakeShellAccounts(BaseClient): def people_list(self, search='*'): params = {'search' : search} - data = self.send_request('json/people_list', auth=False, input=params) + data = self.send_request('json/people_list', auth=True, input=params) return data['people'] def make_group_db(self): @@ -149,7 +150,7 @@ class MakeShellAccounts(BaseClient): def make_shadow_db(self): self.shadow_text() - os.system('makedb -o /tmp/passwd.db /tmp/shadow.txt') + os.system('makedb -o /tmp/shadow.db /tmp/shadow.txt') def install_passwd_db(self): try: @@ -172,7 +173,7 @@ class MakeShellAccounts(BaseClient): if __name__ == '__main__': try: - fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', 1) + fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False) except AuthError, e: print e sys.exit(1) diff --git a/fas/fas/config/app.cfg b/fas/fas/config/app.cfg index 5c1d0ed..19c70ff 100644 --- a/fas/fas/config/app.cfg +++ b/fas/fas/config/app.cfg @@ -7,6 +7,7 @@ # The commented out values below are the defaults admingroup = 'accounts' +shadowsalt = 'djFfnacd' # VIEW diff --git a/fas/fas/json_request.py b/fas/fas/json_request.py index 64b5489..ebd543a 100644 --- a/fas/fas/json_request.py +++ b/fas/fas/json_request.py @@ -21,7 +21,6 @@ class JsonRequest(controllers.Controller): '''Perhaps show a nice explanatory message about groups here?''' return dict(help='This is a json interface') - @identity.require(turbogears.identity.not_anonymous()) @expose("json", allow_json=True) def group_list(self, search='*'): re_search = re.sub(r'\*', r'%', search).lower() @@ -31,7 +30,6 @@ class JsonRequest(controllers.Controller): memberships[group.id] = group.approved_roles return dict(groups=groups, memberships=memberships) - @identity.require(turbogears.identity.not_anonymous()) @expose("json", allow_json=True) def people_list(self, search='*'): re_search = re.sub(r'\*', r'%', search).lower() diff --git a/fas/fas/user.py b/fas/fas/user.py index 4828ada..7b6c7a7 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -1,5 +1,5 @@ import turbogears -from turbogears import controllers, expose, paginate, identity, redirect, widgets, validate, validators, error_handler +from turbogears import controllers, expose, paginate, identity, redirect, widgets, validate, validators, error_handler, config from turbogears.database import session import cherrypy @@ -7,6 +7,7 @@ import os import re import gpgme import StringIO +import crypt from fas.model import People from fas.model import PersonEmails @@ -117,6 +118,7 @@ def generatePassword(password=None,length=14,salt=''): # ctx = sha.new(password) # ctx.update(salt) + secret['hash'] = crypt.crypt(password, "$1$%s" % config.get('shadowsalt')) # secret['hash'] = "{SSHA}%s" % b64encode(ctx.digest() + salt) secret['pass'] = password @@ -299,7 +301,7 @@ class User(controllers.Controller): return dict() newpass = generatePassword(password) try: - person.password = newpass['pass'] + person.password = newpass['hash'] turbogears.flash(_("Your password has been changed.")) except: turbogears.flash(_("Your password could not be changed.")) diff --git a/fas/fas2.sql b/fas/fas2.sql index 0911c3e..5a27db3 100644 --- a/fas/fas2.sql +++ b/fas/fas2.sql @@ -432,8 +432,8 @@ GRANT ALL ON TABLE visit, visit_identity TO GROUP apache; -- information so we need to allow select access on all these tables :-( GRANT SELECT ON TABLE people, groups, person_roles, person_emails, group_roles, group_emails, configs TO GROUP apache; --- Create default admin user -INSERT INTO people (username, human_name, password) VALUES ('admin', 'Admin User', 'admin'); +-- Create default admin user - Default Password "admin" +INSERT INTO people (username, human_name, password) VALUES ('admin', 'Admin User', '$1$djFfnacd$im/L4UiYckFAlw4D5JUau.'); -- Create default groups and populate INSERT INTO groups (name, display_name, owner_id, group_type) VALUES ('cla_sign', 'Signed CLA Group', (SELECT id from people where username='admin'), 'tracking');