Commit 2327c877 authored by Albertas Agejevas's avatar Albertas Agejevas

Sort out authentication hash str/bytes types.

parent b863acd5
...@@ -48,12 +48,12 @@ from ZEO.hash import sha1 ...@@ -48,12 +48,12 @@ from ZEO.hash import sha1
def get_random_bytes(n=8): def get_random_bytes(n=8):
if os.path.exists("/dev/urandom"): if os.path.exists("/dev/urandom"):
f = open("/dev/urandom", 'rb') f = open("/dev/urandom", 'rb')
s = f.read(n) b = f.read(n)
f.close() f.close()
else: else:
L = [chr(random.randint(0, 255)) for i in range(n)] L = [chr(random.randint(0, 255)) for i in range(n)]
s = "".join(L) b = b"".join(L)
return s return b
def hexdigest(s): def hexdigest(s):
return sha1(s.encode()).hexdigest() return sha1(s.encode()).hexdigest()
...@@ -76,7 +76,8 @@ def session_key(h_up, nonce): ...@@ -76,7 +76,8 @@ def session_key(h_up, nonce):
# HMAC wants a 64-byte key. We don't want to use h_up # HMAC wants a 64-byte key. We don't want to use h_up
# directly because it would never change over time. Instead # directly because it would never change over time. Instead
# use the hash plus part of h_up. # use the hash plus part of h_up.
return sha1("%s:%s" % (h_up, nonce)).digest() + h_up[:44] return (sha1(("%s:%s" % (h_up, nonce)).encode('latin-1')).digest() +
h_up.encode('utf-8')[:44])
class StorageClass(ZEOStorage): class StorageClass(ZEOStorage):
def set_database(self, database): def set_database(self, database):
...@@ -93,7 +94,7 @@ class StorageClass(ZEOStorage): ...@@ -93,7 +94,7 @@ class StorageClass(ZEOStorage):
# RFC 2069 recommends a nonce of the form # RFC 2069 recommends a nonce of the form
# H(client-IP ":" time-stamp ":" private-key) # H(client-IP ":" time-stamp ":" private-key)
dig = sha1() dig = sha1()
dig.update(str(self.connection.addr)) dig.update(str(self.connection.addr).encode('latin-1'))
dig.update(self._get_time()) dig.update(self._get_time())
dig.update(self.noncekey) dig.update(self.noncekey)
return dig.hexdigest() return dig.hexdigest()
......
...@@ -26,7 +26,8 @@ from ZEO.auth import register_module ...@@ -26,7 +26,8 @@ from ZEO.auth import register_module
from ZEO.auth.base import Client, Database from ZEO.auth.base import Client, Database
def session_key(username, realm, password): def session_key(username, realm, password):
return sha1("%s:%s:%s" % (username, realm, password)).hexdigest() key = "%s:%s:%s" % (username, realm, password)
return sha1(key.encode('utf-8')).hexdigest().encode('ascii')
class StorageClass(ZEOStorage): class StorageClass(ZEOStorage):
...@@ -36,7 +37,7 @@ class StorageClass(ZEOStorage): ...@@ -36,7 +37,7 @@ class StorageClass(ZEOStorage):
except LookupError: except LookupError:
return 0 return 0
password_dig = sha1(password).hexdigest() password_dig = sha1(password.encode('utf-8')).hexdigest()
if dbpw == password_dig: if dbpw == password_dig:
self.connection.setSessionKey(session_key(username, self.connection.setSessionKey(session_key(username,
self.database.realm, self.database.realm,
......
...@@ -147,7 +147,7 @@ class SizedMessageAsyncConnection(asyncore.dispatcher): ...@@ -147,7 +147,7 @@ class SizedMessageAsyncConnection(asyncore.dispatcher):
self.__hmac_send = hmac.HMAC(sesskey, digestmod=ZEO.hash) self.__hmac_send = hmac.HMAC(sesskey, digestmod=ZEO.hash)
self.__hmac_recv = hmac.HMAC(sesskey, digestmod=ZEO.hash) self.__hmac_recv = hmac.HMAC(sesskey, digestmod=ZEO.hash)
if False: if False:
yield '' yield b''
self.message_output(hack()) self.message_output(hack())
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment