2008-05-29 04:46:07 +00:00
|
|
|
# Notice:
|
|
|
|
# ------
|
|
|
|
#
|
|
|
|
# Implements encrypting functions.
|
|
|
|
#
|
|
|
|
# Copyright (c) 2008, F S 3 Consulting Inc.
|
|
|
|
#
|
|
|
|
# Maintainer:
|
|
|
|
# Alec Joseph Rivera (agi<at>fs3.ph)
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# Warning:
|
|
|
|
# -------
|
|
|
|
#
|
|
|
|
# This program as such is intended to be used by professional programmers
|
|
|
|
# who take the whole responsibility of assessing all potential consequences
|
|
|
|
# resulting from its eventual inadequacies and bugs. End users who are
|
|
|
|
# looking for a ready-to-use solution with commercial guarantees and
|
|
|
|
# support are strongly adviced to contract a Free Software Service Company.
|
|
|
|
#
|
|
|
|
# This program is Free Software; you can redistribute it and/or modify it
|
|
|
|
# under the terms of the GNU General Public License as published by the
|
|
|
|
# Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
# option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful, but
|
|
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
|
|
|
# Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License along
|
|
|
|
# with this program; if not, write to the:
|
|
|
|
#
|
|
|
|
# Free Software Foundation, Inc.
|
|
|
|
# 59 Temple Place - Suite 330
|
|
|
|
# Boston, MA 02111-1307
|
|
|
|
# USA.
|
|
|
|
|
2008-05-28 03:03:38 +00:00
|
|
|
from random import seed, sample
|
2010-12-28 09:48:31 +00:00
|
|
|
from string import ascii_letters, digits
|
2008-05-28 03:03:38 +00:00
|
|
|
from osv import fields,osv
|
|
|
|
import pooler
|
|
|
|
import tools
|
2009-11-25 14:14:35 +00:00
|
|
|
from tools.translate import _
|
2008-05-28 03:03:38 +00:00
|
|
|
from service import security
|
|
|
|
|
|
|
|
magic_md5 = '$1$'
|
|
|
|
|
2010-12-28 09:48:31 +00:00
|
|
|
def gen_salt( length=8, symbols=ascii_letters + digits ):
|
2008-05-28 03:03:38 +00:00
|
|
|
seed()
|
|
|
|
return ''.join( sample( symbols, length ) )
|
|
|
|
|
2008-05-29 04:46:07 +00:00
|
|
|
# The encrypt_md5 is based on Mark Johnson's md5crypt.py, which in turn is
|
|
|
|
# based on FreeBSD src/lib/libcrypt/crypt.c (1.2) by Poul-Henning Kamp.
|
|
|
|
# Mark's port can be found in ActiveState ASPN Python Cookbook. Kudos to
|
|
|
|
# Poul and Mark. -agi
|
|
|
|
#
|
|
|
|
# Original license:
|
|
|
|
#
|
|
|
|
# * "THE BEER-WARE LICENSE" (Revision 42):
|
|
|
|
# *
|
|
|
|
# * <phk@login.dknet.dk> wrote this file. As long as you retain this
|
|
|
|
# * notice you can do whatever you want with this stuff. If we meet some
|
|
|
|
# * day, and you think this stuff is worth it, you can buy me a beer in
|
|
|
|
# * return.
|
|
|
|
# *
|
|
|
|
# * Poul-Henning Kamp
|
|
|
|
|
2010-12-28 09:48:31 +00:00
|
|
|
#TODO: py>=2.6: from hashlib import md5
|
2008-05-28 03:03:38 +00:00
|
|
|
import md5
|
|
|
|
|
|
|
|
def encrypt_md5( raw_pw, salt, magic=magic_md5 ):
|
|
|
|
hash = md5.new( raw_pw + magic + salt )
|
|
|
|
stretch = md5.new( raw_pw + salt + raw_pw).digest()
|
|
|
|
|
|
|
|
for i in range( 0, len( raw_pw ) ):
|
|
|
|
hash.update( stretch[i % 16] )
|
|
|
|
|
|
|
|
i = len( raw_pw )
|
|
|
|
|
|
|
|
while i:
|
|
|
|
if i & 1:
|
|
|
|
hash.update('\x00')
|
|
|
|
else:
|
|
|
|
hash.update( raw_pw[0] )
|
|
|
|
i >>= 1
|
|
|
|
|
|
|
|
saltedmd5 = hash.digest()
|
|
|
|
|
|
|
|
for i in range( 1000 ):
|
|
|
|
hash = md5.new()
|
|
|
|
|
|
|
|
if i & 1:
|
|
|
|
hash.update( raw_pw )
|
|
|
|
else:
|
|
|
|
hash.update( saltedmd5 )
|
|
|
|
|
|
|
|
if i % 3:
|
|
|
|
hash.update( salt )
|
|
|
|
if i % 7:
|
|
|
|
hash.update( raw_pw )
|
|
|
|
if i & 1:
|
|
|
|
hash.update( saltedmd5 )
|
|
|
|
else:
|
|
|
|
hash.update( raw_pw )
|
|
|
|
|
|
|
|
saltedmd5 = hash.digest()
|
|
|
|
|
|
|
|
itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
|
|
|
|
|
|
|
|
rearranged = ''
|
|
|
|
for a, b, c in ((0, 6, 12), (1, 7, 13), (2, 8, 14), (3, 9, 15), (4, 10, 5)):
|
|
|
|
v = ord( saltedmd5[a] ) << 16 | ord( saltedmd5[b] ) << 8 | ord( saltedmd5[c] )
|
|
|
|
|
|
|
|
for i in range(4):
|
|
|
|
rearranged += itoa64[v & 0x3f]
|
|
|
|
v >>= 6
|
|
|
|
|
|
|
|
v = ord( saltedmd5[11] )
|
|
|
|
|
|
|
|
for i in range( 2 ):
|
|
|
|
rearranged += itoa64[v & 0x3f]
|
|
|
|
v >>= 6
|
|
|
|
|
|
|
|
return magic + salt + '$' + rearranged
|
|
|
|
|
|
|
|
_salt_cache = {}
|
|
|
|
|
|
|
|
|
|
|
|
#def check_super(passwd):
|
|
|
|
# salt = _salt_cache[passwd]
|
|
|
|
# if encrypt_md5( passwd, salt ) == tools.config['admin_passwd']:
|
|
|
|
# return True
|
|
|
|
# else:
|
|
|
|
# raise Exception('AccessDenied')
|
|
|
|
|
|
|
|
|
|
|
|
class users(osv.osv):
|
|
|
|
_name="res.users"
|
|
|
|
_inherit="res.users"
|
2010-12-28 09:52:10 +00:00
|
|
|
|
|
|
|
def login(self, db, login, password):
|
2010-12-28 09:52:10 +00:00
|
|
|
try:
|
|
|
|
return self._login(db, login, password)
|
|
|
|
except Exception, e:
|
|
|
|
import logging
|
|
|
|
logging.getLogger('netsvc').exception('Could not authenticate')
|
|
|
|
return Exception('Access Denied')
|
|
|
|
|
|
|
|
def _login(self, db, login, password):
|
|
|
|
if not password:
|
|
|
|
return False
|
|
|
|
if db is False:
|
|
|
|
raise RuntimeError("Cannot authenticate to False db!")
|
2010-12-28 09:52:10 +00:00
|
|
|
|
|
|
|
cr = pooler.get_db(db).cursor()
|
|
|
|
cr.execute( 'SELECT password FROM res_users WHERE login=%s', (login.encode( 'utf-8' ),) )
|
|
|
|
stored_pw = cr.fetchone()
|
|
|
|
|
|
|
|
if stored_pw:
|
|
|
|
stored_pw = stored_pw[0]
|
|
|
|
else:
|
|
|
|
# Return early if no one has a login name like that.
|
|
|
|
return False
|
|
|
|
|
|
|
|
# Calculate a new password ('updated_pw') from 'stored_pw' if the
|
|
|
|
# latter isn't encrypted yet. Use that to update the database entry.
|
|
|
|
# Also update the 'stored_pw' to reflect the change.
|
|
|
|
|
|
|
|
if stored_pw[0:3] != magic_md5:
|
|
|
|
updated_pw = encrypt_md5( stored_pw, gen_salt() )
|
|
|
|
cr.execute( 'UPDATE res_users SET password=%s WHERE login=%s', (updated_pw.encode( 'utf-8' ), login.encode( 'utf-8' ),) )
|
|
|
|
cr.commit()
|
|
|
|
|
|
|
|
cr.execute( 'SELECT password FROM res_users WHERE login=%s', (login.encode( 'utf-8' ),) )
|
|
|
|
stored_pw = cr.fetchone()[0]
|
|
|
|
|
|
|
|
# Calculate an encrypted password from the user-provided
|
|
|
|
# password ('encrypted_pw').
|
|
|
|
|
|
|
|
salt = _salt_cache[password] = stored_pw[3:11]
|
|
|
|
encrypted_pw = encrypt_md5( password, salt )
|
|
|
|
|
|
|
|
# Retrieve a user id from the database, factoring in an encrypted
|
|
|
|
# password.
|
|
|
|
|
|
|
|
cr.execute('select id from res_users where login=%s and password=%s and active', (login.encode('utf-8'), encrypted_pw.encode('utf-8')))
|
|
|
|
res = cr.fetchone()
|
|
|
|
cr.close()
|
|
|
|
|
|
|
|
if res:
|
|
|
|
return res[0]
|
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
|
|
|
def check(self, db, uid, passwd):
|
|
|
|
cached_pass = self._uid_cache.get(db, {}).get(uid)
|
|
|
|
if (cached_pass is not None) and cached_pass == passwd:
|
|
|
|
return True
|
|
|
|
|
|
|
|
cr = pooler.get_db(db).cursor()
|
|
|
|
if passwd not in _salt_cache:
|
|
|
|
cr.execute( 'SELECT login FROM res_users WHERE id=%s', (uid,) )
|
|
|
|
stored_login = cr.fetchone()
|
|
|
|
if stored_login:
|
|
|
|
stored_login = stored_login[0]
|
|
|
|
|
|
|
|
if not self.login(db,stored_login,passwd):
|
|
|
|
raise security.ExceptionNoTb('AccessDenied')
|
|
|
|
salt = _salt_cache[passwd]
|
|
|
|
cr.execute('SELECT COUNT(*) FROM res_users WHERE id=%s AND password=%s', (int(uid), encrypt_md5( passwd, salt )) )
|
|
|
|
res = cr.fetchone()[0]
|
|
|
|
cr.close()
|
|
|
|
if not bool(res):
|
|
|
|
raise security.ExceptionNoTb('AccessDenied')
|
|
|
|
if res:
|
|
|
|
self._uid_cache[uid] = passwd
|
|
|
|
return bool(res)
|
|
|
|
|
|
|
|
|
|
|
|
def access(self, db, uid, passwd, sec_level, ids):
|
|
|
|
cr = pooler.get_db(db).cursor()
|
|
|
|
salt = _salt_cache[passwd]
|
|
|
|
cr.execute('SELECT id FROM res_users WHERE id=%s AND password=%s', (uid, encrypt_md5( passwd, salt )) )
|
|
|
|
res = cr.fetchone()
|
|
|
|
cr.close()
|
|
|
|
if not res:
|
|
|
|
raise security.ExceptionNoTb('Bad username or password')
|
|
|
|
return res[0]
|
2008-05-28 03:03:38 +00:00
|
|
|
|
|
|
|
def set_pw( self, cr, uid, id, name, value, args, context ):
|
2009-11-25 14:14:35 +00:00
|
|
|
if not value:
|
|
|
|
raise osv.except_osv(_('Error'), _("Please specify the password !"))
|
2008-05-28 03:03:38 +00:00
|
|
|
self.write( cr, uid, id, { 'password' : encrypt_md5( value, gen_salt() ) } )
|
|
|
|
del value
|
|
|
|
|
|
|
|
def get_pw( self, cr, uid, ids, name, args, context ):
|
|
|
|
res = {}
|
|
|
|
for id in ids:
|
|
|
|
res[id] = ''
|
|
|
|
return res
|
|
|
|
|
|
|
|
users()
|