comparison easyhg.py @ 449:f778dfb6a42f

Hash remote destination key for auth file rather than just b64 encoding it (so you can't see where someone has been by looking at a stale authfile)
author Chris Cannam
date Wed, 29 Jun 2011 13:09:01 +0100
parents 89b6ba707096
children 568abb678073
comparison
equal deleted inserted replaced
448:89b6ba707096 449:f778dfb6a42f
11 # modify it under the terms of the GNU General Public License as 11 # modify it under the terms of the GNU General Public License as
12 # published by the Free Software Foundation; either version 2 of the 12 # published by the Free Software Foundation; either version 2 of the
13 # License, or (at your option) any later version. See the file 13 # License, or (at your option) any later version. See the file
14 # COPYING included with this distribution for more information. 14 # COPYING included with this distribution for more information.
15 15
16 import sys, os, stat, urllib, urllib2, urlparse, platform 16 import sys, os, stat, urllib, urllib2, urlparse, platform, hashlib
17 17
18 from mercurial.i18n import _ 18 from mercurial.i18n import _
19 from mercurial import ui, util, error 19 from mercurial import ui, util, error
20 try: 20 try:
21 from mercurial.url import passwordmgr 21 from mercurial.url import passwordmgr
127 def set_to_config(pcfg, sect, key, data): 127 def set_to_config(pcfg, sect, key, data):
128 if not pcfg.has_section(sect): 128 if not pcfg.has_section(sect):
129 pcfg.add_section(sect) 129 pcfg.add_section(sect)
130 pcfg.set(sect, key, data) 130 pcfg.set(sect, key, data)
131 131
132 def remote_key(uri, user): 132 def remote_key(uri, user, key):
133 # generate a "safe-for-config-file" key representing uri+user 133 # generate a "safe-for-config-file" key representing uri+user
134 # tuple (n.b. trailing = on base64 is not safe) 134 s = '%s@@%s' % (uri, user)
135 return base64.b64encode('%s@@%s' % (uri, user)).replace('=', '_') 135 h = hashlib.sha1()
136 h.update(key)
137 h.update(s)
138 return h.hexdigest()
136 139
137 140
138 def uisetup(ui): 141 def uisetup(ui):
139 if not easyhg_pyqt_ok: 142 if not easyhg_pyqt_ok:
140 raise util.Abort(_('Failed to load PyQt4 module required by easyhg.py')) 143 raise util.Abort(_('Failed to load PyQt4 module required by easyhg.py'))
205 authconfig = ConfigParser.RawConfigParser() 208 authconfig = ConfigParser.RawConfigParser()
206 load_config(authconfig, authfile) 209 load_config(authconfig, authfile)
207 remember = get_boolean_from_config(authconfig, 'preferences', 210 remember = get_boolean_from_config(authconfig, 'preferences',
208 'remember', False) 211 'remember', False)
209 authdata = get_from_config(authconfig, 'auth', 212 authdata = get_from_config(authconfig, 'auth',
210 remote_key(short_uri, user)) 213 remote_key(short_uri, user, authkey))
211 if authdata: 214 if authdata:
212 cachedpwd = decrypt_salted(authdata, authkey) 215 cachedpwd = decrypt_salted(authdata, authkey)
213 passwd_field.setText(cachedpwd) 216 passwd_field.setText(cachedpwd)
214 remember_field = QtGui.QCheckBox() 217 remember_field = QtGui.QCheckBox()
215 remember_field.setChecked(remember) 218 remember_field.setChecked(remember)
246 remember = remember_field.isChecked() 249 remember = remember_field.isChecked()
247 set_to_config(authconfig, 'preferences', 'remember', remember) 250 set_to_config(authconfig, 'preferences', 'remember', remember)
248 if user: 251 if user:
249 if passwd and remember: 252 if passwd and remember:
250 authdata = encrypt_salted(passwd, authkey) 253 authdata = encrypt_salted(passwd, authkey)
251 set_to_config(authconfig, 'auth', remote_key(short_uri, user), authdata) 254 set_to_config(authconfig, 'auth', remote_key(short_uri, user, authkey), authdata)
252 else: 255 else:
253 set_to_config(authconfig, 'auth', remote_key(short_uri, user), '') 256 set_to_config(authconfig, 'auth', remote_key(short_uri, user, authkey), '')
254 save_config(self.ui, authconfig, authfile) 257 save_config(self.ui, authconfig, authfile)
255 258
256 self.add_password(realm, authuri, user, passwd) 259 self.add_password(realm, authuri, user, passwd)
257 return (user, passwd) 260 return (user, passwd)
258 261