From 5b0389000ed1968685a3016e17bb2dc7648d8db9 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 20 Aug 2020 08:28:06 -0400 Subject: [PATCH] Fix handling of password through TLS socket --- confluent_server/confluent/auth.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/confluent_server/confluent/auth.py b/confluent_server/confluent/auth.py index 05eeacb6..f9ab65dc 100644 --- a/confluent_server/confluent/auth.py +++ b/confluent_server/confluent/auth.py @@ -222,7 +222,11 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant eventlet.sleep(0.05) return None if (user, tenant) in _passcache: - if hashlib.sha256(passphrase).digest() == _passcache[(user, tenant)]: + if isinstance(passphrase, bytes): + bpassphrase = passphrase + else: + bpassphrase = passphrase.encode('utf8') + if hashlib.sha256(bpassphrase).digest() == _passcache[(user, tenant)]: return authorize(user, element, tenant, operation=operation) else: # In case of someone trying to guess, @@ -287,7 +291,11 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant # user usergood = pam.authenticate(user, passphrase, service=_pamservice) if usergood: - _passcache[(user, tenant)] = hashlib.sha256(passphrase).digest() + if isinstance(passphrase, bytes): + bpassphrase = passphrase + else: + bpassphrase = passphrase.encode('utf8') + _passcache[(user, tenant)] = hashlib.sha256(bpassphrase).digest() return authorize(user, element, tenant, operation, skipuserobj=False) eventlet.sleep(0.05) # stall even on test for existence of a username return None