xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Code Issues Projects Releases Wiki Activity

Fix handling of password through TLS socket

Browse Source
This commit is contained in:
Jarrod Johnson 2020-08-20 08:28:06 -04:00
parent 77adcde52f
commit 5b0389000e
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
confluent_server/confluent/auth.py
View File

@ -222,7 +222,11 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant
eventlet.sleep(0.05)
return None
if (user, tenant) in _passcache:
if hashlib.sha256(passphrase).digest() == _passcache[(user, tenant)]:
if isinstance(passphrase, bytes):
bpassphrase = passphrase
else:
bpassphrase = passphrase.encode('utf8')
if hashlib.sha256(bpassphrase).digest() == _passcache[(user, tenant)]:
return authorize(user, element, tenant, operation=operation)
else:
# In case of someone trying to guess,
@ -287,7 +291,11 @@ def check_user_passphrase(name, passphrase, operation=None, element=None, tenant
# user
usergood = pam.authenticate(user, passphrase, service=_pamservice)
if usergood:
_passcache[(user, tenant)] = hashlib.sha256(passphrase).digest()
if isinstance(passphrase, bytes):
bpassphrase = passphrase
else:
bpassphrase = passphrase.encode('utf8')
_passcache[(user, tenant)] = hashlib.sha256(bpassphrase).digest()
return authorize(user, element, tenant, operation, skipuserobj=False)
eventlet.sleep(0.05) # stall even on test for existence of a username
return None