[IMP] auth_crypt add sha256 from enhance_base_crypt_trunk (not enabled by default)
bzr revid: al@openerp.com-20121219113339-vhstwyo51jw0znqw
This commit is contained in:
parent
3f2de50afc
commit
e131d46932
|
@ -9,6 +9,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
import hashlib
|
import hashlib
|
||||||
|
import hmac
|
||||||
import logging
|
import logging
|
||||||
from random import sample
|
from random import sample
|
||||||
from string import ascii_letters, digits
|
from string import ascii_letters, digits
|
||||||
|
@ -19,6 +20,7 @@ from openerp.osv import fields, osv
|
||||||
_logger = logging.getLogger(__name__)
|
_logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
magic_md5 = '$1$'
|
magic_md5 = '$1$'
|
||||||
|
magic_sha256 = '$5$'
|
||||||
|
|
||||||
def gen_salt(length=8, symbols=None):
|
def gen_salt(length=8, symbols=None):
|
||||||
if symbols is None:
|
if symbols is None:
|
||||||
|
@ -103,6 +105,15 @@ def md5crypt( raw_pw, salt, magic=magic_md5 ):
|
||||||
|
|
||||||
return magic + salt + '$' + rearranged
|
return magic + salt + '$' + rearranged
|
||||||
|
|
||||||
|
def sh256crypt(cls, password, salt, magic=magic_sha256):
|
||||||
|
iterations = 1000
|
||||||
|
# see http://en.wikipedia.org/wiki/PBKDF2
|
||||||
|
result = password.encode('utf8')
|
||||||
|
for i in xrange(cls.iterations):
|
||||||
|
result = hmac.HMAC(result, salt, hashlib.sha256).digest() # uses HMAC (RFC 2104) to apply salt
|
||||||
|
result = result.encode('base64') # doesnt seem to be crypt(3) compatible
|
||||||
|
return '%s%s$%s' % (magic_sha256, salt, result)
|
||||||
|
|
||||||
class res_users(osv.osv):
|
class res_users(osv.osv):
|
||||||
_inherit = "res.users"
|
_inherit = "res.users"
|
||||||
|
|
||||||
|
@ -140,11 +151,16 @@ class res_users(osv.osv):
|
||||||
return super(res_users, self).check_credentials(cr, uid, password)
|
return super(res_users, self).check_credentials(cr, uid, password)
|
||||||
except openerp.exceptions.AccessDenied:
|
except openerp.exceptions.AccessDenied:
|
||||||
# check md5crypt
|
# check md5crypt
|
||||||
if stored_password_crypt[:len(magic_md5)] == "$1$":
|
if stored_password_crypt[:len(magic_md5)] == magic_md5:
|
||||||
|
salt = stored_password_crypt[len(magic_md5):11]
|
||||||
|
if stored_password_crypt == md5crypt(password, salt):
|
||||||
|
return
|
||||||
|
elif stored_password_crypt[:len(magic_md5)] == magic_sha256:
|
||||||
salt = stored_password_crypt[len(magic_md5):11]
|
salt = stored_password_crypt[len(magic_md5):11]
|
||||||
if stored_password_crypt == md5crypt(password, salt):
|
if stored_password_crypt == md5crypt(password, salt):
|
||||||
return
|
return
|
||||||
# Reraise password incorrect
|
# Reraise password incorrect
|
||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
||||||
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4:
|
||||||
|
|
Loading…
Reference in New Issue