/usr/share/pyshared/repoze/who/plugins/htpasswd.py is in python-repoze.who 1.0.18-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | from zope.interface import implements
from repoze.who.interfaces import IAuthenticator
from repoze.who.utils import resolveDotted
class HTPasswdPlugin(object):
implements(IAuthenticator)
def __init__(self, filename, check):
self.filename = filename
self.check = check
# IAuthenticatorPlugin
def authenticate(self, environ, identity):
try:
login = identity['login']
password = identity['password']
except KeyError:
return None
if hasattr(self.filename, 'seek'):
# assumed to have a readline
self.filename.seek(0)
f = self.filename
else:
try:
f = open(self.filename, 'r')
except IOError:
environ['repoze.who.logger'].warn('could not open htpasswd '
'file %s' % self.filename)
return None
for line in f:
try:
username, hashed = line.rstrip().split(':', 1)
except ValueError:
continue
if username == login:
if self.check(password, hashed):
return username
return None
def __repr__(self):
return '<%s %s>' % (self.__class__.__name__,
id(self)) #pragma NO COVERAGE
def crypt_check(password, hashed):
from crypt import crypt
salt = hashed[:2]
return hashed == crypt(password, salt)
def plain_check(password, hashed):
return hashed == password
def make_plugin(filename=None, check_fn=None):
if filename is None:
raise ValueError('filename must be specified')
if check_fn is None:
raise ValueError('check_fn must be specified')
check = resolveDotted(check_fn)
return HTPasswdPlugin(filename, check)
|