# HG changeset patch # User Chris Cannam # Date 1309349341 -3600 # Node ID f778dfb6a42fea4d5a89474d627746811ab0a94a # Parent 89b6ba707096746d544063674965b22597b943a3 Hash remote destination key for auth file rather than just b64 encoding it (so you can't see where someone has been by looking at a stale authfile) diff -r 89b6ba707096 -r f778dfb6a42f easyhg.py --- a/easyhg.py Wed Jun 29 12:59:33 2011 +0100 +++ b/easyhg.py Wed Jun 29 13:09:01 2011 +0100 @@ -13,7 +13,7 @@ # License, or (at your option) any later version. See the file # COPYING included with this distribution for more information. -import sys, os, stat, urllib, urllib2, urlparse, platform +import sys, os, stat, urllib, urllib2, urlparse, platform, hashlib from mercurial.i18n import _ from mercurial import ui, util, error @@ -129,10 +129,13 @@ pcfg.add_section(sect) pcfg.set(sect, key, data) -def remote_key(uri, user): +def remote_key(uri, user, key): # generate a "safe-for-config-file" key representing uri+user - # tuple (n.b. trailing = on base64 is not safe) - return base64.b64encode('%s@@%s' % (uri, user)).replace('=', '_') + s = '%s@@%s' % (uri, user) + h = hashlib.sha1() + h.update(key) + h.update(s) + return h.hexdigest() def uisetup(ui): @@ -207,7 +210,7 @@ remember = get_boolean_from_config(authconfig, 'preferences', 'remember', False) authdata = get_from_config(authconfig, 'auth', - remote_key(short_uri, user)) + remote_key(short_uri, user, authkey)) if authdata: cachedpwd = decrypt_salted(authdata, authkey) passwd_field.setText(cachedpwd) @@ -248,9 +251,9 @@ if user: if passwd and remember: authdata = encrypt_salted(passwd, authkey) - set_to_config(authconfig, 'auth', remote_key(short_uri, user), authdata) + set_to_config(authconfig, 'auth', remote_key(short_uri, user, authkey), authdata) else: - set_to_config(authconfig, 'auth', remote_key(short_uri, user), '') + set_to_config(authconfig, 'auth', remote_key(short_uri, user, authkey), '') save_config(self.ui, authconfig, authfile) self.add_password(realm, authuri, user, passwd)