Revision 3b98303f vncauthproxy/proxy.py

b/vncauthproxy/proxy.py
70 70
import daemon
71 71
import random
72 72
import daemon.runner
73
import hashlib
74
import re
73
import crypt
75 74

  
76 75
from vncauthproxy import rfb
77 76

  
......
345 344
            self.password = req['password']
346 345

  
347 346
            if auth_user not in VncAuthProxy.authdb:
348
                msg = "Authentication failure: user not found"
347
                msg = "vncauthproxy authentication failure: user not found"
349 348
                raise InternalError(msg)
350 349

  
351
            (cipher, authdb_password) = VncAuthProxy.authdb[auth_user]
352
            if cipher == 'HA1':
353
                message = auth_user + ':vncauthproxy:' + auth_password
354
                auth_password = hashlib.md5(message).hexdigest()
350
            (cipher, salt, authdb_hash) = VncAuthProxy.authdb[auth_user]
351
            crypt_result = crypt.crypt(auth_password, '$%s$%s$' %
352
                                                      (cipher, salt))
353
            passhash = crypt_result.lstrip('$').split('$', 2)[-1]
355 354

  
356
            if auth_password != authdb_password:
357
                msg = "Authentication failure: wrong password"
355
            if passhash != authdb_hash:
356
                msg = "vncauthproxy authentication failure: wrong password"
358 357
                raise InternalError(msg)
359 358
        except KeyError:
360 359
            msg = "Malformed request: %s" % buf
......
618 617

  
619 618

  
620 619
def parse_auth_file(auth_file):
621
    supported_ciphers = ('cleartext', 'HA1', None)
622
    regexp = re.compile(r'^\s*(?P<user>\S+)\s+({(?P<cipher>\S+)})?'
623
                        r'(?P<pass>\S+)\s*$')
624

  
625 620
    users = {}
626 621

  
627 622
    if os.path.isfile(auth_file) is False:
......
631 626

  
632 627
    try:
633 628
        with open(auth_file) as f:
634
            lines = [l.strip() for l in f.readlines()]
635

  
636
            for line in lines:
637
                if not line or line.startswith('#'):
638
                    continue
639

  
640
                m = regexp.match(line)
641
                if not m:
642
                    raise InternalError("Invaild entry in auth file: %s"
643
                                        % line)
644

  
645
                user = m.group('user')
646
                cipher = m.group('cipher')
647
                if cipher not in supported_ciphers:
648
                    raise InternalError("Unsupported cipher in auth file: "
649
                                        "%s" % line)
650

  
651
                password = (cipher, m.group('pass'))
652

  
653
                if user in users:
654
                    raise InternalError("Duplicate user entry in auth file")
655

  
656
                users[user] = password
657
    except IOError as err:
658
        logger.error("Error while reading the auth file:")
629
            lines = [l.strip().split(':', 1) for l in f.readlines()]
630
            for (user, passhash) in lines:
631
                users[user] = passhash.lstrip('$').split('$', 2)
632
    except ValueError as err:
659 633
        logger.exception(err)
634
        raise InternalError("Malformed auth file")
660 635

  
661 636
    if not users:
662 637
        logger.warning("No users defined")

Also available in: Unified diff