From 13c61bf9364e59aa63f1fc60b48c37590d006142 Mon Sep 17 00:00:00 2001 From: Marc Kleine-Budde Date: Sun, 9 Nov 2014 01:00:23 +0100 Subject: [PATCH] auth/htpasswd: add support for salted sha1 passwords This patch adds support for salted sha1 passwords. --- config | 2 +- radicale/auth/htpasswd.py | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/config b/config index b6ba51d..a2e36ec 100644 --- a/config +++ b/config @@ -83,7 +83,7 @@ #htpasswd_filename = /etc/radicale/users # Htpasswd encryption method -# Value: plain | sha1 | crypt +# Value: plain | sha1 | ssha | crypt #htpasswd_encryption = crypt # LDAP server URL, with protocol and port diff --git a/radicale/auth/htpasswd.py b/radicale/auth/htpasswd.py index 006bde1..a04a145 100644 --- a/radicale/auth/htpasswd.py +++ b/radicale/auth/htpasswd.py @@ -58,6 +58,16 @@ def _sha1(hash_value, password): sha1.update(password) return sha1.digest() == base64.b64decode(hash_value) +def _ssha(hash_salt_value, password): + """Check if ``hash_salt_value`` and ``password`` match using salted sha1 method.""" + hash_salt_value = hash_salt_value.replace("{SSHA}", "").encode("ascii").decode('base64') + password = password.encode(config.get("encoding", "stock")) + hash_value = hash_salt_value[:20] + salt_value = hash_salt_value[20:] + sha1 = hashlib.sha1() # pylint: disable=E1101 + sha1.update(password) + sha1.update(salt_value) + return sha1.digest() == hash_value def is_authenticated(user, password): """Check if ``user``/``password`` couple is valid."""