Mercurial > hg > easyhg
comparison easyhg2.py @ 439:51c5332aa957
Salt passwords
| author | Chris Cannam |
|---|---|
| date | Tue, 28 Jun 2011 13:58:07 +0100 |
| parents | a5696a1f2dc5 |
| children | 0d779f3cb4bc |
comparison
equal
deleted
inserted
replaced
| 438:a5696a1f2dc5 | 439:51c5332aa957 |
|---|---|
| 60 except ImportError: | 60 except ImportError: |
| 61 easyhg_authfile_imports_ok = False | 61 easyhg_authfile_imports_ok = False |
| 62 | 62 |
| 63 #!!! should be in a class here | 63 #!!! should be in a class here |
| 64 | 64 |
| 65 def encrypt(text, key): | 65 def encrypt_salted(text, key): |
| 66 text = '%d.%s' % (len(text), text) | 66 salt = os.urandom(8) |
| 67 text = '%d.%s.%s' % (len(text), base64.b64encode(salt), text) | |
| 67 text += (16 - len(text) % 16) * ' ' | 68 text += (16 - len(text) % 16) * ' ' |
| 68 cipher = AES.new(key) | 69 cipher = AES.new(key) |
| 69 return base64.b64encode(cipher.encrypt(text)) | 70 return base64.b64encode(cipher.encrypt(text)) |
| 70 | 71 |
| 71 def decrypt(ctext, key): | 72 def decrypt_salted(ctext, key): |
| 72 cipher = AES.new(key) | 73 cipher = AES.new(key) |
| 73 text = cipher.decrypt(base64.b64decode(ctext)) | 74 text = cipher.decrypt(base64.b64decode(ctext)) |
| 74 (tlen, d, text) = text.partition('.') | 75 (tlen, d, text) = text.partition('.') |
| 76 (salt, d, text) = text.partition('.') | |
| 75 return text[0:int(tlen)] | 77 return text[0:int(tlen)] |
| 76 | 78 |
| 77 def monkeypatch_method(cls): | 79 def monkeypatch_method(cls): |
| 78 def decorator(func): | 80 def decorator(func): |
| 79 setattr(cls, func.__name__, func) | 81 setattr(cls, func.__name__, func) |
| 210 pcfg = ConfigParser.RawConfigParser() | 212 pcfg = ConfigParser.RawConfigParser() |
| 211 load_config(pcfg, pfile) | 213 load_config(pcfg, pfile) |
| 212 remember_default = get_boolean_from_config(pcfg, 'preferences', 'remember', False) | 214 remember_default = get_boolean_from_config(pcfg, 'preferences', 'remember', False) |
| 213 pdata = get_from_config(pcfg, 'auth', remote_key(uri, user)) | 215 pdata = get_from_config(pcfg, 'auth', remote_key(uri, user)) |
| 214 if pdata: | 216 if pdata: |
| 215 cachedpwd = decrypt(pdata, pekey) | 217 cachedpwd = decrypt_salted(pdata, pekey) |
| 216 passfield.setText(cachedpwd) | 218 passfield.setText(cachedpwd) |
| 217 remember = QtGui.QCheckBox() | 219 remember = QtGui.QCheckBox() |
| 218 remember.setChecked(remember_default) | 220 remember.setChecked(remember_default) |
| 219 remember.setText(_('Remember this password until EasyMercurial exits')) | 221 remember.setText(_('Remember this password until EasyMercurial exits')) |
| 220 layout.addWidget(remember, 3, 1) | 222 layout.addWidget(remember, 3, 1) |
| 248 | 250 |
| 249 if use_authfile: | 251 if use_authfile: |
| 250 set_to_config(pcfg, 'preferences', 'remember', remember.isChecked()) | 252 set_to_config(pcfg, 'preferences', 'remember', remember.isChecked()) |
| 251 if user: | 253 if user: |
| 252 if passwd and remember.isChecked(): | 254 if passwd and remember.isChecked(): |
| 253 pdata = encrypt(passwd, pekey) | 255 pdata = encrypt_salted(passwd, pekey) |
| 254 set_to_config(pcfg, 'auth', remote_key(uri, user), pdata) | 256 set_to_config(pcfg, 'auth', remote_key(uri, user), pdata) |
| 255 else: | 257 else: |
| 256 set_to_config(pcfg, 'auth', remote_key(uri, user), '') | 258 set_to_config(pcfg, 'auth', remote_key(uri, user), '') |
| 257 save_config(pcfg, pfile) | 259 save_config(pcfg, pfile) |
| 258 | 260 |