Merge pull request #233 from bet-frogger/ssha

auth/htpasswd: add support for salted sha1 passwords
This commit is contained in:
Guillaume Ayoub 2014-11-10 10:37:55 +01:00
commit ed036c8bef
2 changed files with 11 additions and 1 deletions

2
config
View File

@ -83,7 +83,7 @@
#htpasswd_filename = /etc/radicale/users #htpasswd_filename = /etc/radicale/users
# Htpasswd encryption method # Htpasswd encryption method
# Value: plain | sha1 | crypt # Value: plain | sha1 | ssha | crypt
#htpasswd_encryption = crypt #htpasswd_encryption = crypt
# LDAP server URL, with protocol and port # LDAP server URL, with protocol and port

View File

@ -58,6 +58,16 @@ def _sha1(hash_value, password):
sha1.update(password) sha1.update(password)
return sha1.digest() == base64.b64decode(hash_value) return sha1.digest() == base64.b64decode(hash_value)
def _ssha(hash_salt_value, password):
"""Check if ``hash_salt_value`` and ``password`` match using salted sha1 method."""
hash_salt_value = hash_salt_value.replace("{SSHA}", "").encode("ascii").decode('base64')
password = password.encode(config.get("encoding", "stock"))
hash_value = hash_salt_value[:20]
salt_value = hash_salt_value[20:]
sha1 = hashlib.sha1() # pylint: disable=E1101
sha1.update(password)
sha1.update(salt_value)
return sha1.digest() == hash_value
def is_authenticated(user, password): def is_authenticated(user, password):
"""Check if ``user``/``password`` couple is valid.""" """Check if ``user``/``password`` couple is valid."""